Request For Research Presentations For the PrivacyCon Conference
Dear Selection Committee: We are submitting for your consideration for the PrivacyCon 2018 program a manuscript on privacy interventions that was published this summer in ACM Computing Surveys. Our submission pertains to Area 4 of the Conference (Incentives, Market Failures, and Interventions). Specifically, it highlights and evaluates a series of soft paternalistic tools and interventions aimed at helping consumers make online privacy choices: "Nudges for Privacy and Security: Understanding and Assisting Users' Choices Online," A. Acquisti, I. Adjerid, R. Balebako, L. Brandimarte, L. Cranor, S. Komanduri, P. Leon, N. Sadeh, F. Schaub, M. Sleeper, Y. Wang, and S. Wilson. ACM Computing Surveys, 50 (3), 2017. The article captures and extends several years of work -- by our team as well as by other researchers across a variety of fields -- at the overlaps of privacy, decision-making, and policy. The article addresses the following questions: - What are the decision-making hurdles most likely to affect, and impair, privacy (and security) consumers' online choices? - What are examples of third parties (for instance, websites and online service providers) leveraging those very hurdles to induce online users to disclose more personal information? - Can those hurdles be addressed and countered via behavioral interventions? Specifically, can knowledge about human biases and heuristics in privacy (and security) decision making be used to design soft paternalistic interventions (also known as "nudges") that help ameliorate decision-making and help avoid online choices that individuals may later regret? The article (as well as the broader, multi-year research agenda behind it) originates from the recognition that advancements in information technology are increasingly tasking users with complex and consequential privacy and security decisions. A growing body of research has investigated individuals' choices in the presence of privacy and information security trade-offs, highlighting the decision making hurdles affecting those choices and suggesting ways to mitigate those hurdles. Our article provides a multi-disciplinary assessment of the literature in this area. It focuses on research on assisting individuals' privacy and security choices with soft paternalistic interventions that nudge, but do not force, users towards potentially more beneficial choices. Notably, the framing of the article is not normative: the article's goal is not to advocate or promote the use of nudges in privacy as an alternative to policy or regulatory interventions. Instead, the article focuses on examining, critiquing, and vetting the scientific literature in this field, in order to address whether, when, and how soft paternalistic interventions may - or may not - be of help to individuals' privacy decision making. Accordingly, the article concludes with a discussion of both the potential benefits of those interventions and their shortcomings. The article also identifies key ethical, design, and research challenges. Thus, the article contributes both to the scientific literature on privacy and security decision-making, and to policymakers' ability to identify areas of possible intervention for public policy.