Lattice-based Contextual Integrity Analysis
Authors: Stephen Kaplan, Dylan Bulmer, Avery Gosselin, and Sepideh Ghanavati
Abstract
More than four billion users use online social networks (OSNs) and integrate themselves into their ecosystems. Consequently, these users are increasingly tasked with understanding the implications of their consenting to the privacy practices of OSNs via privacy policies. However, privacy policies are often vague and confusing to users, leading to misconceptions and gaps in users' understanding of privacy practices. In this paper, we propose the Lattice-Based Contextual Integrity Analysis (LCIA) framework to help make quantitative determinations about how likely an OSN's privacy policy is to mislead users with regard to its information flow practices, relative to other OSNs. We evaluated LCIA with 13 OSNs' privacy policies and identified that OSNs with more privacy-violating information flow practices are more likely to mislead users through ambiguous statements, thereby exposing them to greater privacy risk.
More information, details, and research outcomes can be found on Stephen Kaplan's website!
Read our paper!
Workshops, Confrences, Symposiums, and Slides
The 8th International Workshop on Evolving Security & Privacy Requirements Engineering
Speaker: Stephen Kaplan
Slides: LCIA ESPRE Presentation.pdf
The 3rd Annual Symposium on Applications of Contextual Integrity
Speaker: Dylan Bulmer