alessandro acquisti heinz college & cylab carnegie mellon university trust autumn 2009...
DESCRIPTION
The economics (and behavioral economics) of privacy. Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference. Agenda. From the economics of privacy… … to the behavioral economics of privacy … and soft paternalism: “nudging” privacy. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/1.jpg)
Alessandro AcquistiHeinz College & CyLab
Carnegie Mellon University
TRUST Autumn 2009 Conference
The economics (and behavioral
economics) of privacy
![Page 2: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/2.jpg)
Agenda
1. From the economics of privacy…2. … to the behavioral economics of
privacy3. … and soft paternalism: “nudging”
privacy
![Page 3: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/3.jpg)
The economics of privacy Protection & revelation of personal data
flows involve tangible and intangible trade-offs for the data subject as well as the potential data holder
Some studies Conditioning prices on purchase histories
(Marketing Science 2005)… Impact of breaches on stock market valuation
(ICIS 2006)… Impact of data breach notification laws on
identity theft (WEIS 2008)… Impact of gun owners DB publication on crime
(work in progress)…
![Page 4: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/4.jpg)
However…
Attitudes about privacy (Ostensibly,) top reason for not going online… (Harris
Interactive) Billions in lost e-tail sales… (Jupiter Research) Significant reason for Internet users to avoid
Ecommerce… (P&AB) Actual behavior
Dichotomy between privacy attitudes and privacy behavior Spiekermann et al. 2001, Acquisti & Gross 2006’s Facebook
study
Do people really care for privacy?If they do, can they act on their concerns?
If they don’t (or can’t), should policy-makers do so on their behalf?
![Page 5: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/5.jpg)
A rational model of privacy decision making
Should I mention my sexual kinks on MySpace?
![Page 6: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/6.jpg)
A rational model of privacy decision making
Maybe I’ll find a lover... But what about my future job prospects? And what if my parents happen to log on...
![Page 7: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/7.jpg)
A rational model of privacy decision making
)()()1(
1)1(
1itdiitdi costsuqbenefitsup tt
Privacy
$sWTA
WTP
![Page 8: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/8.jpg)
1. Incomplete information E.g.: download DOB/hometown from social
network >> predict member’s SSN (PNAS 2009)
2. Bounded rationality3. Cognitive/behavioral biases, investigated
by behavioral economics & decision research E.g., optimism bias, hyperbolic discounting,
ambiguity aversion, and so forth
Hence: a behavioral, experimental economics of privacy (and information security)
Hurdles which hamper (privacy) decision making
![Page 9: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/9.jpg)
Some previous and ongoing results (2004-2009) Hyperbolic discounting in privacy valuations (ACM
EC 04)… Over-confidence, optimism bias in online social
networks (WPES 05)… Confidentiality assurances inhibit information
disclosure (JDJM 07)… Individuals more likely to disclose sensitive
information to unprofessional sites than professional sites (JDJM 07)…
Privacy and the illusion of control (ongoing work, with Laura Brandimarte)…
The behavioral economics of privacy
![Page 10: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/10.jpg)
Privacy valuations may be not only context-dependent, but also Malleable to non-normative factors In fact, possibly internally inconsistent
Hence, personal disclosures likely to be influenced by subtle framing, which can Downplay privacy concerns Act like 'alarm bells' – triggering concern for
privacy that is often latent Possible explanation for inconsistencies in
information revelation
Can non-normative factors determine inconsistencies in privacy concerns/valuations?
![Page 11: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/11.jpg)
How framing impacts valuations of personal data Willingness to accept (WTA) money to give
away informationvs.
Willingness to pay (WTP) money to protect information
Hypothesis: People assign different values to their personal
information depending on whether they are focusing on protecting it or revealing it
![Page 12: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/12.jpg)
WTA/WTP in the privacy realm Valuation of private information likely to
change depending on whether trade-off between privacy and money is framed as– A problem of protection (WTP)
▪ Firewalls, anonymous browsing, (signing up for do-not-call list)
– A problem of disclosure (WTA)▪ Grocery loyalty cards, sweepstakes, Internet searches
![Page 13: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/13.jpg)
Experimental design Experimental subjects asked to choose between 2
gift cards We manipulated trade-offs between privacy protection and
value of cards Subjects endowed with either:
$10 Anonymous gift card. “Your name will not be linked to the transactions completed with the card, and its usage will not be tracked by the researchers.”
$12 Trackable gift card. “Your name will be linked to the transactions completed with the card, and its usage will be tracked by the researchers.”
Subjects asked whether they’d like to switch cards From $10 Anonymous to $12 Trackable (WTA) From $12 Trackable to $10 Anonymous (WTP)
![Page 14: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/14.jpg)
Two versions of the experiment
Survey with hypothetical gift card choices Field experiment with actual gift cards
![Page 15: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/15.jpg)
Hypothetical survey
“Imagine you have received a gift card…” “You have the option to exchange your
card for…” 2x2 conditions between-subjects design
Initial endowment (anonymous vs. identified) Value of tracked card ($12 vs. $10, and $14 vs.
$10) Run February 2008 at cafeterias in
hospitals in Pittsburgh area 190 participants
![Page 16: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/16.jpg)
Results
0%10%20%30%40%50%60%70%80%90%
100%
$10 Anonymous $12 Identified
% choosing anonymous card
Pearson chi2(1) = 4.3631; Pr = 0.037
![Page 17: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/17.jpg)
Field experiment with actual gift cards
Field experiment. Participants stopped at mall, asked to participate in (unrelated) study, offered real gift card for participation in study
Mall patrons given choice between: $10 anonymous gift card (card number not
recorded) vs. $12 identified card (card number and name
recorded) 349 participants
![Page 18: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/18.jpg)
Design
2x2 conditions between-subjects design Endowment conditions (2):
• Endowed with $10 anonymous card• Endowed with $12 identified card
Choice conditions (2):• $10 anonymous card listed first• $10 anonymous card listed second
![Page 19: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/19.jpg)
Results
χ2(3) = 30.66, p < 0.0005
52.1
42.2
26.7
9.7
0
10
20
30
40
50
60
Endowed $10 (n=71) Choice $10 vs. $12(n=83)
Choice $12 vs. $10(n=57)
Endowed $12 (n=62)
% c
hoos
ing
anon
ymou
s $1
0 ca
rd
χ2 (3) = 30.61, p < 0.0005
![Page 20: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/20.jpg)
Implications
WTP vs. WTA discrepancy in privacy valuations
Implication: What people say their data is worth depends on how problem is framed
Therefore, what “value” for privacy should be used in public policy?
Analogies to environmental policy
![Page 21: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/21.jpg)
Overall implications of these studies
People’s concerns for privacy (and security) depend, in part, on priming and framing This does not necessarily mean that people don’t care for
privacy, or are “irrational,” or make wrong decisions about privacy
Rather, it implies that reliance on “revealed preferences” argument for privacy may lead to sub-optimal outcomes if privacy valuations are inconsistent… People may make disclosure decisions that they stand to later
regret Risks greatly magnified in online information revelation
Therefore, implications for policy-making & the debate on privacy regulation E.g., Rubin & Lenard [2001] vs. Gellman [2001], or Chicago
School approach vs. privacy advocates
![Page 22: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/22.jpg)
Which leads us to soft paternalism
“Soft” or asymmetric paternalism: design systems so that they enhance (and sometimes influence) individual choice in order to increase individual and societal welfare Sometimes, even design systems to “nudge”
individuals, exploiting the very fallacies and biases research has uncovered, and tweaking with their incentives, without diminish user’s freedom
Nudging privacy: using soft paternalism to address and improve security and privacy decisions through policy and technology design that anticipates and/or exploits behavioral/cognitive biases▪ (IEEE S&P, forthcoming)
![Page 23: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/23.jpg)
Soft vs. strong paternalism vs. usability
Consider online social networks users who post dates of birth online
Imagine that a study shows some risks associated with revealing DOBs (e.g., SSN predictions) Strong paternalistic solution: ban public provision of
dates of birth in online profiles “Usability” solution : design a system to make it
intuitive/ easy to change DOB visibility settings Soft paternalistic solution?
![Page 24: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/24.jpg)
Nudging privacy Saliency of information
Provide context to aid the user’s decision - such as visually representing how many other users (or types of users) may be able to access that information
Default settings By default, DOBs not visible, unless settings are
modified by user Hyperbolic discounting
Predict and show immediately SSN based on information provided
… and so forth
![Page 25: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/25.jpg)
For more info
Google: economics privacy Visit:
http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm
Email: [email protected]
![Page 26: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/26.jpg)
However…
Reasons to believe privacy valuations may not be stable or even consistent Privacy attitudes vs. privacy behavior dichotomy
▪ Spiekermann et al. 2001, Acquisti & Gross 2006 (Facebook study)
Research in behavioral economics and behavioral decision research has highlighted that non-normative factors often affect valuations and decision making in presence of uncertainty , leading to systematic inconsistencies in consumers’ preferences▪ E.g., Simonson & Tversky 1992, Slovic 1995, …
![Page 27: Alessandro Acquisti Heinz College & CyLab Carnegie Mellon University TRUST Autumn 2009 Conference](https://reader035.vdocuments.us/reader035/viewer/2022062323/56816771550346895ddc5d59/html5/thumbnails/27.jpg)
And one big problem with it…
However (one gigantic “however”): Who are we to say what is “best” for the
user?