Searching for Privacy

Search engines play an important role in helping users find desired content. With the increasing deployment of computer-readable privacy policies encoded using the standard W3C Platform for Privacy Preferences (P3P) format, search engines also have the potential to help users identify web sites that will respect their privacy needs. We have developed a search service called Privacy Finder (http://search.privacybird.com/) that annotates search results with information about web site privacy policies. We are currently working on expanding the Privacy Finder functionality and improving its user interface. We are also using Privacy Finder to conduct a census of P3P-enabled web sites and a set of empirical studies on how privacy information impacts online purchasing decisions.

We conducted a study of the quantity and quality of P3P-encoded privacy policies associated with top-20 search results from three popular search engines. Using a list of “typical” search terms taken from AOL users’ queries, we examined the trends in privacy policies that are returned from queries to the three search engines. We then compared these results to results compiled after using “e-commerce search terms” from Google’s Froogle service. We examined the top 20 search results returned by each search engine for each of the search terms and found at least one result with a P3P policy for 83% of the typical search terms. Overall we found that these typical search terms yielded P3P adoption rates of 10%. This contrasts with adoption rates of 21% percent when searching for e-commerce terms.

We are conducting a series of studies to investigate whether the availability of comparison information about the privacy practices of online merchants affects users’ behavior. In our first study we asked users to purchase one nonprivacy- sensitive item and then one privacy-sensitive item using Privacy Finder, and observed whether the privacy information provided by our search engine impacted users’ purchasing decisions (participants’ costs were reimbursed). A control group was asked to make the same purchases using a search engine that produced the same results as Privacy Finder, but did not display privacy information. We found that while Privacy Finder had some influence on non-privacy-sensitive purchase decisions, it had a more significant impact on privacy-sensitive purchases. The results suggest that when privacy policy comparison information is readily available, individuals may be willing to seek out more privacy friendly web sites and perhaps even pay a premium for privacy depending on the nature of the items to be purchased.

Speaker Details

Dr. Lorrie Faith Cranor is an Associate Research Professor in the School of Computer Science at Carnegie Mellon University where she is director of the CMU Usable Privacy and Security Laboratory (CUPS). She came to CMU in December 2003 after seven years at AT&T Labs-Research. Dr. Cranor has played a key role in building the usable privacy and security research community. She co-edited the seminal book Security and Usability (O’Reilly 2005), and founded the Symposium On Usable Privacy and Security (SOUPS). She also directs an NSF-funded project that is studying the human aspects of phishing attacks and other semantic attacks. Dr. Cranor’s research has also focused on a variety of areas where technology and policy issues interact, including online privacy, electronic voting, and spam. She is chair of the Platform for Privacy Preferences Project (P3P) Specification Working Group at the World Wide Web Consortium and author of the book Web Privacy with P3P (O’Reilly 2002). She serves on the Microsoft Trustworthy Computing Academic Advisory Board. In 2003 she was named one of the top 100 innovators 35 or younger by Technology Review magazine. She received a Microsoft Research Trustworthy Computing Curriculum Award and an IBM Privacy Faculty Award.

Date:
Speakers:
Lorrie Faith Cranor
Affiliation:
Carnegie Mellon University