Adoption of our recommended logo and text for CCPA's opt-out, following work where our group considered and systematically evaluated a number possible designs. This research will also be presented at CHI'2021 in May.

Hana Habib, Yixin Zou, Yaxing Yao, Alessandro Acquisti, Lorrie Cranor, Joel Reidenberg, Norman Sadeh, Florian Schaub, "Toggles, dollar signs, and triangles: How to (in) effectively convey privacy choices with icons and link texts" to appear in Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems.

‍

The launch of our IoT Privacy Infrastructure and our IoT Assistant App is garnering media coverage. Here are a few recent articles:

CNET article "This app lets you see IoT devices around you and what data they’re taking"

Gizmodo article, "This App Tells You When Nearby Smart Devices Are Snooping on You" where a journalist plays with our IoT Assistant app in Manhattan.

Other articles in Engadget, BoingBoing, Vice, etc.

The California Office of the Attorney General (“Cal AG”) just announced they would rely on icons and text we designed and evaluated for the new California Consumer Privacy Act (CCPA). Here’s the CyLab’s press release summarizing the work we conducted to inform and refine the design. And here’s the official March 2021 press release from the Cal AG acknowledging our contribution.

Just released new version of our IoT Privacy Infrastructure and IoT Assistant app. The infrastructure enables people to publicize the presence of IoT data collection processes at different locations and the IoT Assistant app enables people to discover them. Check it out!

November 2020 The Decision Sciences Institute announced that our 1998 article on Modeling Supply Chain Dynamics: A Multiagent Approach is one of the 15 most cited papers in the 50 year history of its Decision Sciences Journal. This was joint work with my former PhD student Jay Swaminathan and my colleague Steve Smith At the time, people were relying on monolithic models that failed to capture the effects of information exchange policies or the competitive nature of the market places in which supply chain entities operate. The icons and accompanying text can be downloaded from the Cal AGs site.

November 2020: Just announced two new options in our privacy engineering program Both options are designed for working professionals interested in getting privacy engineering training without having to leave their existing jobs.

Here's the CyLab press release

Presenting our work on the Design of a Privacy Infrastructure for the Internet of Things at 2020 USENIX Privacy Engineering Practice and Respect Conference (PEPR’20).

August 2020 Peter Story presents our work on From Intent to Actions: Nudging Users Towards Secure Mobile Payments at the 2020 Symposium on Usable Privacy and Security.

July 2020“ Daniel Smullen presents our work on The Best of Both Worlds: Mitigating Accuracy and User Burden in Capturing People’s Mobile App Privacy Preferences the 20th Privacy Enhancing Technologies Symposium. Here’s the CyLab press release

Our group presents three articles at the annual Federal Trade Commission’s Privacy Con conference

• -Zhang, Feng, Das, Bauer, Cranor and Sadeh, Understanding People’s Privacy Attitudes Towards Video Analytics

• Habib, Zou, Jannu, Sridhar, Swoopes, Acquisti, Cranor, Sadeh, Schaub, An Empirical Analysis of Data Deletion and Opt-Out Choices on 150 Websites

• Habib, Pearman, Wang, Zou, Acquisti, Cranor, Sadeh, Schaub, ‘It’s a Scavenger Hunt’: Usability of Websites’ Opt-Out and Data Deletion Choices

Here's a CyLab press release.

Our paper on “Evaluating How Global Privacy Principles Answer Consumers’ Questions About Mobile App Privacy“ (Joel R. Reidenberg, Norman Sadeh, Thomas Norton, and Abhilasha Ravichander) will be discussed by Kevin Moriarty (FTC) at the 2020 Privacy Law Scholar Conference

Apple iOS14 introduces mobile app privacy nutrition labels similar to those proposed in the CHI’2013 “Privacy as Part of the App Decision Making Process” paper I co-authored with Patrick Gage Kelley and Lorrie Cranor – Apple informed us a little before the announcement…

-Habib, Zou, Jannu, Sridhar, Swoopes, Acquisti, Cranor, Sadeh, Schaub, An Empirical Analysis of Data Deletion and Opt-Out Choices on 150 Websites

Habib, Pearman, Wang, Zou, Acquisti, Cranor, Sadeh, Schaub, ‘It’s a Scavenger Hunt’: Usability of Websites’ Opt-Out and Data Deletion Choices

Online Privacy+Security Forum panel on IoT Privacy in the Age of CCPA and GDPR with Achim Klabunde (Advisor to the European Data Protection Supervisor) and Gabriela Zanfir-Fortuna (Senior Policy Counsel, Future of Privacy Forum)

Vinay Kumar and Roger Iyengar remotely present our paper on , Finding a Choice in a Haystack: Automatic Extraction of Opt-Out Statements from Privacy Policy Text at the 2020 Web Conference. Concurrently, we are releasing our "Opt-Out Easy" browser extension, which enables people to quickly access opt-out links otherwise buried deep in the text of privacy policies. We rely on machine learning to automatically identify and classify opt-out choices with precision and recall above 90%. The extension is available in the Chrome Store and the Firefox Store. Here's a CyLab press release on this work ("What If Opting Out of Data Collection Were Easy?"). Detailed instructions on how to install and use the extension are available here.

Here's the paper citation:

Vinayshekhar Bannihatti Kumar, Roger Iyengar, Namita Nisal, Yuanyuan Feng, Hana Habib, Peter Story, Sushain Cherivirala, Margaret Hagan, Lorrie Faith Cranor, Shomir Wilson, Florian Schaub, Norman Sadeh, "Finding a Choice in a Haystack: Automatic Extraction of Opt-Out Statements from Privacy Policy Text", WWW ’20, Apr 2020 [pdf]

‍

Zhang, Feng, Das, Bauer, Cranor and Sadeh, Understanding People’s Privacy Attitudes Towards Video Analytics

We are launching a Privacy Infrastructure for the Internet of Things.

The Infrastructure includes a portal, where owners of IoT devices and systems as well as volunteer contributors can publicize the presence of IoT resources, the data they collect and more generally their data practices, including any privacy choices they make available to people. The infrastructure also features an IoT Assistant mobile app (available in both the iOS store and Google Play Store), which people can use to discover nearly IoT resources, their data practices as well as any available privacy options (e.g., opt-in, opt-out, deletion, access, etc.). Check out short videos about the IoT Privacy Infrastructure and our IoT Assistant app.

Check out also the CyLab press release on the infrastructure and the project's website, where you can access research articles and additional videos.

Our Societal Computing PhD program releases new faculty highlight videos

January 28, 2020: Come and join us as we celebrate Privacy Day at CMU

July 2019: PoPETS 2019 article detailing how we analyzed over 1 million Android apps for potential privacy compliance issues presented in Stockholm. See also CyLab press release discussing our MAPS mobile app privacy compliance tool.

June 2019: Honored to receive $100k award from Mozilla for our work on personalized privacy assistants.

(Image Credit: Wallpaper Access)

May 2019: What if Computers Understood Privacy Policies? A Look at Advances in Natural Language Processing through the Lens of Privacy

May 2019: Presenting our Privacy Infrastructure for IoT and our work on Personalized Privacy Assistant at IAPP Global Privacy Summit in DC.

April 2019: Quoted in recent Gizmodo piece on privacy risks associated with the widespread adoption of smart speakers