research-article

Us and them: a study of privacy requirements across north america, asia, and europe

Authors:

Swapneel Sheth,

Walid MaalejAuthors Info & Claims

ICSE 2014: Proceedings of the 36th International Conference on Software Engineering

Pages 859 - 870

https://doi.org/10.1145/2568225.2568244

Published: 31 May 2014 Publication History

Abstract

Data privacy when using online systems like Facebook and Amazon has become an increasingly popular topic in the last few years. However, only a little is known about how users and developers perceive privacy and which concrete measures would mitigate their privacy concerns. To investigate privacy requirements, we conducted an online survey with closed and open questions and collected 408 valid responses. Our results show that users often reduce privacy to security, with data sharing and data breaches being their biggest concerns. Users are more concerned about the content of their documents and their personal data such as location than about their interaction data. Unlike users, developers clearly prefer technical measures like data anonymization and think that privacy laws and policies are less effective. We also observed interesting differences between people from different geographies. For example, people from Europe are more concerned about data breaches than people from North America. People from Asia/Pacific and Europe believe that content and metadata are more critical for privacy than people from North America. Our results contribute to developing a user-driven privacy framework that is based on empirical evidence in addition to the legal, technical, and commercial perspectives.

References

[1]

A. Acquisti, L. John, and G. Loewenstein. What is privacy worth? In Workshop on Information Systems and Economics (WISE), 2009.

[2]

D. Agrawal and C. C. Aggarwal. On the design and quantification of privacy preserving data mining algorithms. In PODS ’01: Proceedings of the twentieth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, pages 247–255, New York, NY, USA, 2001. ACM.

Digital Library

[3]

T. Anderson and H. Kanuka. E-research: Methods, strategies, and issues. 2003.

[4]

J. Angwin and J. Valentino-Devries. FTC Backs Do-Not-Track System for Web. http://online.wsj.com/article/ SB10001424052748704594804575648670826747094. html, December 2010.

[5]

L. Backstrom, C. Dwork, and J. Kleinberg. Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography. In WWW ’07: Proceedings of the 16th international conference on World Wide Web, pages 181–190, New York, NY, USA, 2007. ACM.

Digital Library

[6]

L. B. Baker and J. Finkle. Sony PlayStation suffers massive data breach. http://www.reuters.com/article/2011/04/26/ussony-stoldendata-idUSTRE73P6WB20110426, April 2011.

[7]

M. Barbaro, T. Zeller, and S. Hansell. A face is exposed for AOL searcher no. 4417749. http://www.nytimes.com/2006/08/09/technology/ 09aol.html?_r=1, August 2006.

[8]

S. Bhagat, G. Cormode, B. Krishnamurthy, and D. Srivastava. Privacy in dynamic social networks. In Proceedings of the 19th international conference on World wide web, WWW ’10, pages 1059–1060, New York, NY, USA, 2010. ACM.

Digital Library

[9]

T. D. Breaux and A. I. Anton. Analyzing regulatory rules for privacy and security requirements. IEEE Transactions on Software Engineering, 34(1):5–20, 2008.

Digital Library

[10]

T. D. Breaux and A. Rao. Formal analysis of privacy requirements specifications for multi-tier applications. In RE’13: Proceedings of the 21st IEEE International Requirements Engineering Conference (RE’13), Washington, DC, USA, July 2013. IEEE Society Press.

[11]

R. P. L. Buse and T. Zimmermann. Information Needs for Software Development Analytics. In Proceedings of the 2012 International Conference on Software Engineering, ICSE 2012, pages 987–996, Piscataway, NJ, USA, 2012. IEEE Press.

Digital Library

[12]

M. Castro, M. Costa, and J.-P. Martin. Better bug reporting with better privacy. In Proceedings of the 13th international conference on Architectural support for programming languages and operating systems, ASPLOS XIII, pages 319–328, New York, NY, USA, 2008. ACM.

Digital Library

[13]

J. Clause and A. Orso. Camouflage: automated anonymization of field data. In Proceeding of the 33rd international conference on Software engineering, ICSE ’11, pages 21–30, New York, NY, USA, 2011. ACM.

Digital Library

[14]

J. Cohen. Most Americans back NSA tracking phone records, prioritize probes over privacy. http://www.washingtonpost.com/politics/mostamericans-support-nsa-tracking-phone-recordsprioritize-investigations-overprivacy/2013/06/10/51e721d6-d204-11e2-9f1a- 1a7cdee20287_story.html, June 2013.

[15]

L. F. Cranor and N. Sadeh. A shortage of privacy engineers. Security & Privacy, IEEE, 11(2):77––79, 2013.

Digital Library

[16]

S. Erlanger. Outrage in Europe Grows Over Spying Disclosures. http://www.nytimes.com/2013/07/02/ world/europe/france-and-germany-piqued-overspying-scandal.html, July 2013.

[17]

A. Evfimievski, J. Gehrke, and R. Srikant. Limiting privacy breaches in privacy preserving data mining. In PODS ’03: Proceedings of the twenty-second ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, pages 211–222, New York, NY, USA, 2003. ACM.

Digital Library

[18]

L. Fang and K. LeFevre. Privacy wizards for social networking sites. In Proceedings of the 19th international conference on World wide web, WWW ’10, pages 351–360, New York, NY, USA, 2010. ACM.

Digital Library

[19]

D. Fletcher. How Facebook Is Redefining Privacy. http://www.time.com/time/business/article/0, 8599,1990582.html, May 2010.

[20]

M. Grechanik, C. Csallner, C. Fu, and Q. Xie. Is data privacy always good for software testing? Software Reliability Engineering, International Symposium on, 0:368–377, 2010.

Digital Library

[21]

S. Grobart. The Facebook Scare That Wasn’t. http://gadgetwise.blogs.nytimes.com/2011/08/10/ the-facebook-scare-that-wasnt/, August 2011.

[22]

J. Jacoby and M. S. Matell. Three-point likert scales are good enough. Journal of Marketing Research, 8(4):pp. 495–500, 1971.

[23]

N. Lathia, S. Hailes, and L. Capra. Private distributed collaborative filtering using estimated concordance measures. In RecSys ’07: Proceedings of the 2007 ACM conference on Recommender systems, pages 1–8, New York, NY, USA, 2007. ACM.

Digital Library

[24]

Y. Liu, K. P. Gummadi, B. Krishnamurthy, and A. Mislove. Analyzing facebook privacy settings: user expectations vs. reality. In Proc. of the 2011 SIGCOMM Conf. on Internet measurement conf., pages 61–70, 2011.

Digital Library

[25]

W. Maalej, T. Fritz, and R. Robbes. Collecting and processing interaction data for recommendation systems. In M. Robillard, M. Maalej, R. Walker, and T. Zimmerman, editors, Recommendation Systems in Software Engineering, pages 173–197. Springer, 2014.

[26]

W. Maalej and D. Pagano. On the socialness of software. In Proceedings of the International Software on Social Computing and its Applications. IEEE Computer Society, 2011.

Digital Library

[27]

M. Madejski, M. Johnson, and S. M. Bellovin. A study of privacy settings errors in an online social network. Pervasive Computing and Comm. Workshops, IEEE Intl. Conf. on, 0:340–345, 2012.

[28]

C. Mancini, Y. Rogers, K. Thomas, A. N. Joinson, B. A. Price, A. K. Bandara, L. Jedrzejczyk, and B. Nuseibeh. In the best families: Tracking and relationships. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI ’11, pages 2419–2428, New York, NY, USA, 2011. ACM.

Digital Library

[29]

C. C. Miller. Privacy Oﬃcials Worldwide Press Google About Glass. http: //bits.blogs.nytimes.com/2013/06/19/privacyofficials-worldwide-press-google-about-glass/, June 2013.

[30]

I. Mironov, O. Pandey, O. Reingold, and S. Vadhan. Computational differential privacy. In Advances in Cryptology-CRYPTO 2009, pages 126–142. Springer, 2009.

Digital Library

[31]

H. Muccini, A. Di Francesco, and P. Esposito. Software testing of mobile applications: Challenges and future research directions. In Automation of Software Test (AST), 2012 7th International Workshop on, pages 29–35, June 2012.

Digital Library

[32]

A. Narayanan and V. Shmatikov. How to break anonymity of the netflix prize dataset. CoRR, abs/cs/0610105, 2006.

[33]

I. Omoronyia, L. Cavallaro, M. Salehie, L. Pasquale, and B. Nuseibeh. Engineering adaptive privacy: On the role of privacy awareness requirements. In Proceedings of the 2013 International Conference on Software Engineering, ICSE ’13, pages 632–641, Piscataway, NJ, USA, 2013. IEEE Press.

Digital Library

[34]

T. Paul, M. Stopczynski, D. Puscher, M. Volkamer, and T. Strufe. C4ps: colors for privacy settings. In Proceedings of the 21st international conference companion on World Wide Web, WWW ’12 Companion, pages 585–586, New York, NY, USA, 2012. ACM.

Digital Library

[35]

H. Polat and W. Du. Privacy-preserving collaborative filtering using randomized perturbation techniques. In Data Mining, 2003. ICDM 2003. Third IEEE International Conference on, pages 625–628, Nov. 2003.

Digital Library

[36]

N. Popper and S. Sengupta. U.S. Says Ring Stole 160 Million Credit Card Numbers. http://dealbook.nytimes.com/2013/07/25/arrestsplanned-in-hacking-of-financial-companies/, July 2013.

[37]

R. L. Rosnow and R. Rosenthal. Beginning behavioral research: A conceptual primer. Prentice-Hall, Inc, 1996.

[38]

D. J. Solove. A Taxonomy of Privacy. University of Pennsylvania Law Review, pages 477–564, 2006.

[39]

M. Spitz. Germans Loved Obama. Now We Don’t Trust Him. http://www.nytimes.com/2013/06/30/opinion/ sunday/germans-loved-obama-now-we-dont-trusthim.html, June 2013.

[40]

R. C. Sprinthall and S. T. Fisk. Basic statistical analysis. Prentice Hall Englewood Cliffs, NJ, 1990.

[41]

A. C. Squicciarini, M. Shehab, and F. Paci. Collective privacy management in social networks. In Proceedings of the 18th international conference on World wide web, WWW ’09, pages 521–530, New York, NY, USA, 2009. ACM.

Digital Library

[42]

F. Stutzman, R. Gross, and A. Acquisti. Silent listeners: The evolution of privacy and disclosure on facebook. Journal of Privacy and Confidentiality, 4(2):2, 2013.

[43]

L. Sweeney. k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst., 10(5):557–570, 2002.

Digital Library

[44]

K. Taneja, M. Grechanik, R. Ghani, and T. Xie. Testing software in age of data privacy: a balancing act. In Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering, SIGSOFT/FSE ’11, pages 201–211, New York, NY, USA, 2011. ACM.

Digital Library

[45]

C. Task and C. Clifton. A guide to differential privacy theory in social network analysis. In Proceedings of the 2012 International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2012), pages 411–417. IEEE Computer Society, 2012.

Digital Library

[46]

V. Toubiana, V. Verdot, B. Christophe, and M. Boussard. Photo-tape: user privacy preferences in photo tagging. In Proceedings of the 21st international conference companion on World Wide Web, WWW ’12 Companion, pages 617–618, New York, NY, USA, 2012. ACM.

Digital Library

[47]

T. T. Tun, A. Bandara, B. Price, Y. Yu, C. Haley, I. Omoronyia, and B. Nuseibeh. Privacy arguments: Analysing selective disclosure requirements for mobile applications. In Requirements Engineering Conference (RE), 2012 20th IEEE International, pages 131–140, Sept 2012.

Digital Library

[48]

T. L. Tuten, D. J. Urban, and M. Bosnjak. Internet surveys and data quality: A review. Online social sciences, page 7, 2000.

[49]

V. S. Verykios, E. Bertino, I. N. Fovino, L. P. Provenza, Y. Saygin, and Y. Theodoridis. State-of-the-art in privacy preserving data mining. SIGMOD Rec., 33(1):50–57, 2004.

Digital Library

[50]

S. D. Warren and L. D. Brandeis. The Right to Privacy. Harvard law review, pages 193–220, 1890.

[51]

G. Wondracek, T. Holz, E. Kirda, and C. Kruegel. A practical attack to de-anonymize social network users. In Security and Privacy (SP), 2010 IEEE Symposium on, pages 223–238, 2010.

Digital Library

[52]

Y. Zhu, L. Xiong, and C. Verdery. Anonymizing user profiles for personalized web search. In Proceedings of the 19th international conference on World wide web, WWW ’10, pages 1225–1226, New York, NY, USA, 2010. ACM.

Digital Library

Cited By

Aljeraisy ARana OPerera C(2024)Empowering IoT Developers with Privacy-Preserving End-User Development ToolsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36785888:3(1-47)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3678588
Li TArya AJin H(2024)Redesigning Privacy with User Feedback: The Case of Zoom Attendee Attention TrackingProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642594(1-14)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642594
Birrell ERodolitz JDing ALee JMcReynolds EHutson JLerner A(2024)SoK: Technical Implementation and Human Impact of Internet Privacy Regulations2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00206(673-696)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00206
Show More Cited By

Index Terms

Us and them: a study of privacy requirements across north america, asia, and europe
1. Social and professional topics
  1. Computing / technology policy
2. Software and its engineering
  1. Software creation and management
    1. Designing software
      1. Requirements analysis

Recommendations

The Case for Privacy Awareness Requirements

Privacy awareness is a core determinant of the success or failure of privacy infrastructures: if systems and users are not aware of potential privacy concerns, they cannot effectively discover, use or judge the effectiveness of privacy management ...
Privacy requirements in identity management solutions
Proceedings of the 2007 conference on Human interface: Part II

In this paper we highlight the need for privacy of user data used in digital identity management systems. We investigate the issues from the individual, business, and government perspectives. We provide surveys related to the growing problem of identity ...
A Comparative Study of Privacy Mechanisms and a Novel Privacy Mechanism [Short Paper]
Information and Communications Security
Abstract
Privacy of PII(Personally Identifiable Information) on the Internet is a major concern of a netizen. On the Internet different service providers are supposed to publish their own privacy policies but understanding of these policies is a major ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ICSE 2014: Proceedings of the 36th International Conference on Software Engineering

May 2014

1139 pages

ISBN:9781450327565

DOI:10.1145/2568225

General Chair:
Pankaj Jalote
IIIT-Delhi, India
,
Program Chairs:
Lionel Briand
University of Luxembourg, Luxembourg
,
André van der Hoek
University of California, Irvine, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

In-Cooperation

TCSE: IEEE Computer Society's Tech. Council on Software Engin.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 May 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICSE '14

Sponsor:

SIGSOFT

ICSE '14: 36th International Conference on Software Engineering

May 31 - June 7, 2014

Hyderabad, India

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

43
Total Citations
View Citations
896
Total Downloads

Downloads (Last 12 months)66
Downloads (Last 6 weeks)5

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Aljeraisy ARana OPerera C(2024)Empowering IoT Developers with Privacy-Preserving End-User Development ToolsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36785888:3(1-47)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3678588
Li TArya AJin H(2024)Redesigning Privacy with User Feedback: The Case of Zoom Attendee Attention TrackingProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642594(1-14)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642594
Birrell ERodolitz JDing ALee JMcReynolds EHutson JLerner A(2024)SoK: Technical Implementation and Human Impact of Internet Privacy Regulations2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00206(673-696)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00206
Abomhara MNweke LYayilgan SComparin DTeyras Kde Labriolle S(2024)Enhancing privacy protections in national identification systems: an examination of stakeholders’ knowledge, attitudes, and practices of privacy by designInternational Journal of Information Security10.1007/s10207-024-00905-0Online publication date: 3-Sep-2024
https://doi.org/10.1007/s10207-024-00905-0
Liao SCheng LCai HGuo LHu HMeng WJensen CCremers CKirda E(2023)SkillScanner: Detecting Policy-Violating Voice Applications Through Static Analysis at the Development PhaseProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616650(2321-2335)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616650
Kühtreiber PPak VReinhardt D(2023)“A method like this would be overkill”: Developers’ Perceived Issues with Privacy-preserving Computation Methods2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom60117.2023.00145(1041-1048)Online publication date: 1-Nov-2023
https://doi.org/10.1109/TrustCom60117.2023.00145
Keküllüoğlu DAcar Y(2023)"We are a startup to the core": A qualitative interview study on the security and privacy development practices in Turkish software startups2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179339(2015-2031)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179339
Spoletini P(2023)Towards Quantum Requirements Engineering2023 IEEE 31st International Requirements Engineering Conference Workshops (REW)10.1109/REW57809.2023.00072(371-374)Online publication date: Sep-2023
https://doi.org/10.1109/REW57809.2023.00072
Peixoto MFerreira DCavalcanti MSilva CVilela JAraújo JGorschek T(2023)The perspective of Brazilian software developers on data privacyJournal of Systems and Software10.1016/j.jss.2022.111523195(111523)Online publication date: Jan-2023
https://doi.org/10.1016/j.jss.2022.111523
Sangaroonsilp PDam HChoetkiertikul MRagkhitwetsagul CGhose A(2023)A taxonomy for mining and classifying privacy requirements in issue reportsInformation and Software Technology10.1016/j.infsof.2023.107162157:COnline publication date: 1-May-2023
https://dl.acm.org/doi/10.1016/j.infsof.2023.107162
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents