תעשייה וניהול 2015

Optimizing Data Disclosure Settings by Reducing the Configuration Space

Ron Hirschprung Hadas Schwartz-Chassidim Frank Bolton Eran Toch Oded Mimon
Department of Industrial Engineering and Management, Tel Aviv University

Contemporary information systems provide significant benefits to their users by collecting and analyzing personal data. However, data collection raises privacy challenges due to unwarranted exposure of sensitive information or usage of the data in unexpected ways. Thus, many information systems introduce a tradeoff between benefits and loss of privacy. To manage this tradeoff, many information systems employ privacy settings that allow users to control which information is shared with the system, which information is collected, and how the information will be used by the system. For example, Facebook enables its users to determine who can view published information. However, as data sharing controls are inherently complex and domain-specific, configuration is known to be difficult task, burdensome to the user, and in many cases does not easily reflect the user’s preferences.

In our current research, we developed and applied configuration reduction algorithms to evaluate and to optimize data sharing interfaces. In the first work we present, we used configuration reduction to investigate how default privacy options can best serve the users of Facebook, the largest online social network. We evaluated the default privacy options by measuring how well they cover users’ choices (users have at least one satisfying configuration), and offer a methodology to optimize those defaults. We present results from an empirical study that includes 266 users with 21,950 posts, and demonstrate how the coverage of Facebook’s default options can be improved by 8 to 12 percent, as depicted in Figure 1:

Figure 1: Coverage rates of Facebook defaults. The x-axis stands for the number of default configurations while the y-axis stands for the proportion of the population that is covered by the configuration. The line depicts the coverage achieved by implementing our methodology, while the rhomboid depicts the coverage achieved by Facebook defaults.

 

In the second work, we aimed to establish an optimization method for data disclosure configuration defaults, based on users’ cost of privacy. While the benefits of using an information system are usually measureable, the cost of privacy is less tangible and difficult to measure. We propose a methodology (named COPE - Cost of Privacy Estimator), based on a responsive game, to estimate the cost of privacy, and a validation process to establish the result. We conducted an empirical experiment with 195 participants, and showed that our method reflects user’s preferences and prospects regarding their privacy. We demonstrate how accommodating the cost of privacy in the optimization model enables flexibility in the utility function, and leads to defaults that optimize average social welfare, coverage and fairness. This methodology is a powerful tool in the hand of a system designer or a data protection regulator that guards users’ interests.









Powered by Eventact EMS