Lattice-based Contextual Integrity Analysis

Authors: Stephen Kaplan, Dylan Bulmer, Avery Gosselin, and Sepideh Ghanavati

Abstract

More than four billion users use online social networks (OSNs) and integrate themselves into their ecosystems. Consequently, these users are increasingly tasked with understanding the implications of their consenting to the privacy practices of OSNs via privacy policies. However, privacy policies are often vague and confusing to users, leading to misconceptions and gaps in users' understanding of privacy practices. In this paper, we propose the Lattice-Based Contextual Integrity Analysis (LCIA) framework to help make quantitative determinations about how likely an OSN's privacy policy is to mislead users with regard to its information flow practices, relative to other OSNs. We evaluated LCIA with 13 OSNs' privacy policies and identified that OSNs with more privacy-violating information flow practices are more likely to mislead users through ambiguous statements, thereby exposing them to greater privacy risk.

More information, details, and research outcomes can be found on Stephen Kaplan's website!

Read our paper!

S. Kaplan, D. Bulmer, A. Gosselin, S. Ghanavati, Lattice-based Contextual Integrity Analysis of Social Network Privacy Policies, the 8th International Workshop on Evolving Security & Privacy Requirements Engineering (ESPRE) at RE 2021.

DOI: 10.1109/REW53955.2021.00070

Workshops, Confrences, Symposiums, and Slides

The 8th International Workshop on Evolving Security & Privacy Requirements Engineering

Speaker: Stephen Kaplan

Slides: LCIA ESPRE Presentation.pdf

The 3rd Annual Symposium on Applications of Contextual Integrity

Speaker: Dylan Bulmer

Slides: LCIA CI Symposium Presentation.pdf