Privacy Dynamics: Learning from The Wisdom of Groups

Lead Research Organisation: The Open University
Department Name: Faculty of Sci, Tech, Eng & Maths (STEM)

Abstract

We propose to study privacy management by investigating how individuals learn and benefit from their membership of social or functional groups, and how such learning can be automated and incorporated into modern mobile and ubiquitous technologies that increasingly pervade society. We will focus on the privacy concerns of individuals in the context of their use of pervasive technologies, such as Smartphones and personal sensors which share data in the Cloud.

We aim to contribute to research in three areas:

(1) software engineering of adaptive systems that guide their users to manage their privacy;

(2) development of machine learning techniques to alleviate the cognitive and physical load of eliciting and personalising users' privacy requirements; and

(3) empirical investigation of the privacy behaviour of, and in, groups, in the context of both collaboration and conflict.

The ability to control and maintain privacy is central to the preservation of identity. In recent years, social psychologists have made a core distinction between personal identity (which refers to what makes us unique, as individuals, compared to other individuals) and social identity (which refers to our sense of ourselves as members of a social group and the meaning that group has for us). In the latter case, our sense of who we are can be derived from our membership of social groups. Identity is not fixed, but is rather the outcome of a dynamic process. We can move from a personal to a social identity (and back again) depending on the context. We can move between different social identities (for example, as a male, a father, a worker, a football fan, English, British, etc). Identity matters because it provides a prism through which we perceive the world, experience events, decide how to act, and understand our relationships to other people. It tells who is and who is not of us, who is for us and who is against us. Understanding the identity process is therefore key to assessing the impact that privacy and security policies have on people's behaviours. This is essential in order to be able to deliver systems that can express and analyse users' privacy requirements and, at runtime, self-adapt and guide users as they move from context to context.

Broadly speaking, our proposed project asks the following two questions and attempts to answer them from both a social psychology and a computing perspective:

Can privacy be a distributed quality (across 'the group')?
If so, under what conditions might this be the case?

Can the group protect the privacy of the individual?
If so, how does the group manage the privacy-related behaviour of its members?

The research challenges for the project are to devise non-intrusive yet rigorous ways in which to study privacy, both using pervasive technologies (such as life-logging cameras and biometric sensors) and in order to deliver more effective privacy management. At the heart of the project is a hypothesis that individuals are able to better manage their privacy by adopting or learning from the 'wisdom of groups' - we use this term as an acknowledgement of the crowd sourcing movement, also adapted by others in the catchphrase 'wisdom of friends'. Our novelty is in extending this idea to exploit the wisdom of particular subsets of people - groups whose positions and knowledge are more nuanced than a crowd. Our technical challenge is to investigate what we call the privacy dynamics of individuals as they relate to their membership of social, professional or other groups, to develop computational (machine learning) techniques that support such dynamics, and then to deliver privacy management capabilities interactively, autonomously, and adaptively as individuals' contexts change.

Planned Impact

The proposed research aims to have impact in four distinct areas:

(1) practitioners and professional services: by involving industry partners in an iterative user-centred design and evaluation processes during the course of the project, we will enable professional software engineers to include privacy considerations in their development practices. Additionally, the project will deliver a research-based automated adaptive privacy engineering environment and software architecture geared towards designers of ubiquitous computing systems.

(2) society and culture: we will engaging communities of end-users of the mobile privacy management technologies by involving them in our field studies and publicising our results through a variety of public-facing media. This will have the impact raise awareness of privacy issues relating to next-generation technologies in society at large, and lead to better adoption of these technologies.

(3) public policy: we will build on past work (e.g. our contribution to ENISA's lifelogging privacy report) to contribute to European initiatives to increase policy-makers' understanding of privacy issues relating to ubiquitous computing technologies. We will also continue our engagement with relevant European agencies and Information Commissioners to promote best practice and influence policy.

(4) economic: working with the respective university's technology transfer offices, we will develop a commercialisation strategy aimed at creating a viable route to market for the framework and mechanisms and offer consultancy services based on its capabilities.

We will design and deliver a demonstration of the privacy engineering tools at conferences such as ACM SIGCHI, ICSE and intermediary organisations such as the British Computer Society RE Specialist Group. Our experience has shown that much of this research is particularly accessible and relevant to the wider scientific community as well as the general public. The skills of the Media and Public Relations teams at all three institutions will be used to enable the research investigators to make research results accessible to the wider public through major newspapers, magazines, Internet publishing and broadcast media.

We will set up a project committee consisting of the applicants, university technology transfer officers, and senior members of industrial partners to maintain a register of impact pathways, opportunities and risks to decide the most important forms of dissemination to maximise impact.

Additionally, any peer-reviewed publications arising from this grant will be registered on the Open University's open access institutional repository - Open Research Online (ORO) at http://oro.open.ac.uk. ORO is now one of the largest repositories in the UK. The site receives an average of 40,000 visitors per month from over 200 different countries and territories and has received over 2.2 million visitors since 2006. It enables access to research outputs via common search engines including Google, by using the OAI (Open Archives Initiative) Protocol for Metadata Harvesting.

Publications

10 25 50
 
Description Social identity can be used support privacy management. Wearable/haptic devices can be used to support privacy management in non-intrusive ways. Machine learning can be used to derive privacy policies and generate sharing advice.
Exploitation Route We have developed a plugin for FaceBook that enhances its privacy/sharing capabilities that may be useful for may social networks. We have developed a cyber physical prototype ("privacy band") for managing privacy non-intrusively. We are exploring its commercialisation..
Sectors Digital/Communication/Information Technologies (including Software)

Education

Healthcare

Security and Diplomacy

URL http://www.privacydynamics.net
 
Description Although the focus of the grant was on privacy, the resulting prototypes and applications led to further research on supporting older adults in their homes - in privacy preserving ways. This was done through a followup EPSRC funded project (STRETCH), and then in a UKRI Covid-related project (called SERVICE) which investigated and developed technologies to support loneliness and isolation of older adults in their homes, and the role of privacy aware technologies in this context. In particular, one of the project co-I's, professor Blaine Price (OU) working with Milton Keynes University Hospital developed a "PainPad" - a new and efficient way for patients to conduct more frequent and accurate pain readings. The Painpad team were named winners of the Changemaker/Lightbulb Award at the MK STEM awards which took place on 29 February 2024. The PainPad has proved to be a successful and accessible tool to support the improvement of patient care.
First Year Of Impact 2019
Sector Digital/Communication/Information Technologies (including Software),Education,Healthcare,Leisure Activities, including Sports, Recreation and Tourism,Security and Diplomacy
Impact Types Societal

Economic

Policy & public services

 
Description SAUSE
Amount £1,330,879 (GBP)
Funding ID EP/R013144/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 03/2018 
End 03/2023
 
Description STRETCH
Amount £1,049,532 (GBP)
Funding ID EP/P01013X/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 03/2017 
End 03/2020
 
Description Royal Society Summer Science Exhibition Panel 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Public/other audiences
Results and Impact As part of the 2014 Royal Society Summer Science Exhibition , the Royal Society ran a public panel on Saturday 5th July 2014 on "Privacy with technology: where do we go from here?" chaired by Prof Jon Crowcroft FRS, and including panellists Ross Anderson FRS, Bashar Nuseibeh MRIA and Stephen Murdoch. The even was for a public general audience.
Year(s) Of Engagement Activity 2014