Symposium on Applications of Contextual Integrity Report

By TAP Guest Blogger

Posted on October 22, 2018


Share

Last month, the Symposium on Applications of Contextual Integrity offered a forum for examining the theory of contextual integrity as a framework to reason about, design and evaluate, craft regulation for, and generate formal logics for privacy.

 

A report of the program’s discussions has been created and is available: Symposium on Applications of Contextual Integrity Report.

 

Below is the executive summary from the report.

 

This symposium summary was written by Noah Apthorpe.

 

Executive Summary of the Symposium on Applications of Contextual Integrity Report.

 

The Princeton University Center for Information Technology (CITP) and the Cornell Tech Digital Life Initiative (DLI) hosted the Symposium on Applications of Contextual Integrity on September 13-14, 2018. The event brought together faculty, postdoctoral researchers, graduate students, undergraduates, and industry partners to present research using the theory of contextual integrity as a framework to reason about, design and evaluate, craft regulation for, and generate formal logics for privacy.

 

Contextual integrity (CI) was first proposed by Helen Nissenbaum in 2004 as a new framework for reasoning about privacy. CI focuses on societal norms which govern the appropriateness of information flows in defined contexts. Information flows within a context that do not abide by existing norms are perceived as privacy violations. For example, it may appropriate for a smartphone users’ location information to be sent to a website in order to provide recommendations for nearby restaurants. However, the specific details of this context are essential. It may be unacceptable for the same location information to be transferred to the same website for a different purpose, such as advertising.

 

Researchers in disciplines ranging from law to computer science to sociology have adopted and applied the theory of contextual integrity to their work. Presentations at the Symposium included research applying CI to smart homes and IoT, human-computer interaction, system design, discovering users’ privacy opinions, and many social issues involving privacy and technology.

 

CI and Society

These sessions included presentations about seven projects using CI to investigate societal issues. The first presentation proposed combining CI with the Governing Knowledge Commons Framework with examples from examples from online social movements. The second project predicted the privacy behavior of active social media users, finding that communication, literacy, and demographic antecedents have strong effects on privacy self-efficacy. The third project introduced situated information flow theory to describe cases where information flows across contexts. The fourth project proposed a study examining whether compelled surveillance in religious communities has any effect on privacy norms and perceptions. The fifth project used sentiment analysis to evaluate articles published in several countries about the Cambridge Analytica scandal and extract social norms that were violated by Facebook’s actions. The sixth presentation described a method, amenable to crowdsourcing, of annotating privacy policies with CI flow parameters in order to simplify analysis. The seventh presentation investigated how unexpected increases in exposure to nominally public online content triggered norm violations.

 

PrivaCI

Challenge Symposium attendees worked together in the “PrivaCI Challenge” to map CI concepts to real world case studies. Each table of attendees was assigned a case study about online privacy, such as “Saint Louis University will put 2,300 Echo Dots in student residences” with corresponding news articles. The goal was to determine norms relevant to each situation and identify CI information flow parameters (attribute, subject, etc.) involved in each case study. The difficulty of the PrivaCI Challenge revealed a need for additional work bridging CI theory to application, especially as real world scenarios do not always involve clear-cut information flows and may involve value judgements unrelated to information transfer.

 

CI in Smart Homes and IoT

This session explored privacy concerns regarding Internet of Things devices. The first project used CI to frame interviews and surveys to determine how privacy opinions and practices of IoT device owners change over time. The second project discussed designing AI agents to obey social norms. The third project explored how to define, apply, and communicate norms for passively listening IoT devices when existing privacy controls are insufficient.

 

CI in HCI

This session explored the use of CI in human-computer interaction (HCI) research. The first presentation investigated children’s and parents’ understanding and norms about online information sharing. The second project analyzed the importance and influence of implicit and explicit emotions on privacy-related opinions and decision making. The third presentation described a literature review of articles in HCI venues containing the keyphrase “contextual integrity.”

 

CI Based Systems Design

This session focused on using CI to inform the design of privacy preservation systems. The first two studies used CI to evaluate how users make decisions about application permissions. This data informed the design of new privacy settings interfaces that take contextual norms into account. The third study described the development of a data manager that programmatically enforces a data handling policy by intermediating third party application data fetches and adapting to context changes.

 

Discovering Users’ Privacy Expectation

This session focused on methods and challenges of ascertaining people’s privacy preferences. Each of the projects presented in this session involved connected devices. The first used CI to generate interview questions for patients employing IoT devices to assist aging in place. This work suggested that CI could be used as a replacement or supplement to fair information practice principles (FIPPs). The second project used CI to frame interviews of IoT home device users and discover whether the information collection and storage practices of these devices violated user norms. The third project generated questions about CI information flows to query patients’ privacy opinions about tele-monitoring devices in use during and after heart failure treatment.

 

Keynote: Understanding Privacy and Contextual Integrity: A Personal Journey

Anupam Datta (CMU) described several projects relating U.S. legislation and tech company privacy policies to contextual integrity. He and his collaborators translated HIPAA into first-order temporal logic formalized from the descriptive component of CI, discovering limitations in both the specificity of the law and the expressivity of the CI framework. Anupam also applied CI to build automated systems to help engineers bootstrap privacy compliance in big data systems. He raised several interesting questions at the conclusion of the keynote, including how to handle data “types” in CI, what it means to “use” a type of data, and how we should enforce “purpose” restrictions in privacy policies and legislation.

 

Conclusion

The symposium concluded with the hope that contextual integrity will continue to gain support and enthusiasm from researchers, industry actors, and policymakers. Attendees noted that technology companies are paying increased attention to privacy issues, especially in response to the European General Data Privacy Regulation (GDPR). This provides an opportunity for the notion of context espoused by contextual integrity to play a fundamental role in the design of new privacy-preserving features.

 

Takeaways and Future Work

The symposium demonstrated significant excitement for incorporating CI into a variety of technical research areas in need of improved privacy frameworks. However, it also highlighted the diversity of interpretations of CI (e.g. inconsistent sets of information flow parameters), as well as difficulties adapting the strict definitions of CI to real world situations and documents. The symposium also showed that projects involving privacy and any notion of “context” sometimes co-opt the CI label without necessarily incorporating ideas of information flow appropriateness or contextual social norms essential to the framework.

 

These points suggest the need for an updated version of CI, a CI 2.0, that would better define how the core elements of CI should be applied to real-world vagaries. This CI 2.0 could, among other improvements, incorporate cross-context flows, prevent “transmission principle” from becoming a catch-all parameter, and further clarify the ideas of norms, information flows, and contexts. Discussions and development of this CI 2.0 would be appropriate for future symposia, as input from individuals from a variety of backgrounds will needed to ensure that the framework is both theoretically rigorous and practically useful across disciplinary boundaries.

 

Read the full report: Symposium on Applications of Contextual Integrity Report.

 

This symposium summary was written by Noah Apthorpe. Mr. Apthorpe is a Computer Science Ph.D. student at Princeton University.

 

Note: The “Symposium on Applications of Contextual Integrity” was supported by a gift from the Microsoft Foundation. Additionally, the Technology | Academics | Policy (TAP) website is sponsored by Microsoft Corporation. Microsoft respects academic freedom, and is working to enable the dialogue on the most critical technology policy issues being debated. While Microsoft provides administrative and financial support for the site’s platform and content, there is no payment made to scholars for appearing or blogging on the site.

 

 


Share