Applications of Contextual Integrity – Report from the 4th Symposium

Contextual integrity (CI) was first proposed by Helen Nissenbaum in 2004 as a new framework for reasoning about privacy. Rather than defining privacy as control over information, CI takes into account the context of how the information is acquired and used. “CI’s bedrock claim is that protecting privacy means protecting appropriate informational flows.” (quote from the Privaci: Privacy through Contextual Integrity website.)

Below is the executive summary from the report on The 4th Symposium on Applications of Contextual Integrity.

The report’s executive summary was written by Madiha Zahrah Choksi.

Executive Summary

Cornell Tech’s Digital Life Initiative hosted the Fourth Annual Symposium on Applications of Contextual Integrity (CI) on September 22-23, 2022 in New York, New York. The CI Symposium showcases novel research and fosters generative interaction and community building among diverse communities of researchers using the theory of privacy as CI. Growing in participation and reach annually, the 4th annual symposium was the largest to date and connected domestic and international researchers from the fields of computer and information science, communication, education, engineering, law, philosophy, political science, and public health.

In brief, CI defines privacy as appropriate information flow based on contextual information norms. Under this framework, norms are clearly defined by the information’s subject, sender, recipient, type, and transmission principles. Moving away from privacy as control over information, the CI framework determines the appropriateness of information flows that align with societal values and ethics across various contexts. In an era of innovative and ubiquitous technologies, the application of CI is a critical part of evaluating and interpreting privacy risks.

Researchers, scholars, and practitioners at the Symposium presented and workshopped original research that applies CI analytically, computationally, or operationally. The two-day in-person Symposium featured nine sessions and twenty-seven author-led talks. In an effort to foster discussion, each session was carefully constructed with an assigned expert session lead to synthesize findings, guide questions and elicit feedback. Over the two-day symposium, sessions organically cross-pollinated, drawing on and referring to earlier sessions and presentations:

CI Theory, Applications, and Case Studies: Presentations in this session workshopped new and compelling ways of applying CI by identifying emerging contextual norms from under-observed privacy case studies. From wastewater surveillance to property, researchers investigated how the CI framework can be used to both authenticate or problematize norms and information flow across diverse fields, use cases, and technologies. Rigorous discussions and debates from this session questioned how CI might define data flows in an era of automated vehicles where the senders and receivers of data might be conflated. Or, how CI might work with existing laws and theories, such as those innate to property law, to communicate more effectively to non-scientific audiences.

CI, Natural Language Processing, and Privacy Policies: At present, privacy policies are written for compliance. In other words, privacy policies map effectively onto legal structures in an effort to avoid liability while disempowering the end users they are meant to inform. Presentations in this session posited that privacy policy writing lacks clear guidelines and specificity. In an absence of structure, CI provides a constructive framework that shifts the goals of privacy policies from legal compliance to defining norms and information flows embedded in ethics. Work presented in this session focused on underscoring emerging areas such as GPT-3, the long-standing issue of defining ontologies, and balancing ethics.

CI and Ed-Tech, Internet of Things (IoT), and Virtual Reality (VR): CI provides a framework for rigorously analyzing privacy risks in novel emerging technology use cases. Presentations in the ed-tech session focused on the privacy of student data and privacy education. Similarly, the IoT and VR sessions discussed how CI can be used to identify privacy flaws in data flows across applications that heavily rely on third-party libraries and frameworks. Generative discussions focused on how automating the extraction of CI parameters from privacy policies and other privacy documents would pave the way for defining specifications that can be used to automatically check the validity of the information flows in apps, websites, and other software products. A number of challenges were also articulated, including the lack of established datasets that could be used as training data for NLP models tasked with identifying the CI parameters and getting developers, organizations, and regulators to adopt and use the formal specifications provided by CI.

Contextual Informational Norms: Case studies are an effective tool for exploring and articulating emerging contextual norms. In this session, researchers studied diverse questions related to health and safety, for example, how CI could be applied to assess and enhance digital health tools for asylum seekers. Researchers explored this question by undertaking CI-supported analysis of data collected on digital health sites targeting at-risk migrants. Through a rigorous CI-based analysis of collected data, researchers ultimately generated a safe and privacy-preserving website to help migrants access critical information. Another case study on Covid-19 Vaccine Certificates found CI an effective framework for assessing polarizing issues. Researchers demonstrated how CI’s ability to provide multifactorial insights can guide richer and more complex research on the issues facing society in the current fight against COVID-19.

CI, DP, and Other Privacy Methods:

CI and Differential Privacy (DP) have had a rich history of collaboration. In this session, researchers focused on presenting formal methods for operationalizing the two theories, assessing their efficiency, and applying them to emerging areas such as synthetic data.

In one presentation, authors proposed a new formalization of CI based on a prior review of CI’s use in computer science combined with the US Census’s adoption of DP towards the goal of fine-tuning DP parameters. Returning to robust discussions on information norms, flows, and parameters, authors and discussants debated the notion of partial information flow. Along these lines, a lengthy discussion emphasized the absence of a clear method to analyze parameters relevant to DP such as population size or heterogeneity in people’s interests as some norms are currently in flux, while others are ever-evolving. Discussants concluded that emerging technologies are challenging expectations of information flows.

Final Remarks and Future Work:

The Fourth Annual Symposium provided an open, collaborative, and energizing space for experimenting with applications of CI. The Symposium concluded with a robust discussion on the steps that should follow privacy norm discovery and outlining future work towards an updated framework. Some participants contended that decisions about normative expressions should be guided by end users, while other participants insisted that the next crucial steps are to instill expressive norms into policy and regulatory frameworks. The Symposium made natural strides toward strategizing the updated framework by evaluating and debating emerging norms, information flows, and contexts. The group concluded with valuable feedback and ideas for future community-building opportunities, session topics, and spotlighting emerging and future technologies that will benefit from theoretical and practical applications of CI. Undoubtedly, the CI community continues to grow, and the dedication and motivation for continued work on applications of CI span across diverse disciplinary backgrounds and communities.

This executive summary from the report on The 4th Symposium on Applications of Contextual Integrity was written by Madiha Zahrah Choksi, DLI Doctoral Fellow and PhD student, Computing and Information Science at Cornell University.

Note: The “4th Annual Symposium on Applications of Contextual Integrity” was supported by a gift from the Microsoft Corporation. Additionally, the Technology | Academics | Policy (TAP) website is sponsored by the Microsoft Corporation. Microsoft respects academic freedom, and is working to enable the dialogue on the most critical technology policy issues being debated. While Microsoft provides administrative and financial support for the TAP website’s platform and content, there is no payment made to scholars for appearing or blogging on the site.