当前位置:
X-MOL 学术
›
J. Assoc. Inf. Sci. Technol.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Disaster privacy/privacy disaster
Journal of the Association for Information Science and Technology ( IF 3.5 ) Pub Date : 2020-03-13 , DOI: 10.1002/asi.24353 Madelyn R. Sanfilippo 1 , Yan Shvartzshnaider 1, 2 , Irwin Reyes 3 , Helen Nissenbaum 4, 5 , Serge Egelman 6
Journal of the Association for Information Science and Technology ( IF 3.5 ) Pub Date : 2020-03-13 , DOI: 10.1002/asi.24353 Madelyn R. Sanfilippo 1 , Yan Shvartzshnaider 1, 2 , Irwin Reyes 3 , Helen Nissenbaum 4, 5 , Serge Egelman 6
Affiliation
Privacy expectations during disasters differ significantly from non-emergency situations. Recent scandals, such as inappropriate disclosures from FEMA to contractors, illustrate that tradeoffs between emergencies and privacy must be made carefully. Increased use of social technologies to facilitate communication and support first responders provide more opportunities for privacy infringements, despite increased regulation of disaster information flows to government agencies and with trusted partners of the government. This paper specifically explores the actual practices followed by popular disaster apps. Our empirical study compares content analysis of privacy policies and government agency policies, structured by the contextual integrity (CI) framework, with static and dynamic app analysis documenting the personal data they send. We identify substantive gaps between regulation and guidance, privacy policies, and information flows generated by apps/platforms, resulting from ambiguities and exploitation of exemptions. Results also indicate gaps between governance and practice, including: (1) many apps ignore transmission principles self-defined in policy; (2) while some policies state they “might” access location data under certain conditions, those conditions are not met as 12 apps included in our study capture location immediately upon download; and (3) not all third parties data recipients are identified in policy, including instances that violate expectations of trusted third parties. We visually map disaster information flows during disasters and around third party and government apps within the disaster response domain, and emphasize information exchanges between specific actors and the differences between actual flows of personal information and regulatory and policy specifications.
中文翻译:
灾难隐私/隐私灾难
灾难期间的隐私期望与非紧急情况大不相同。最近的丑闻,例如 FEMA 向承包商的不当披露,表明必须谨慎地在紧急情况和隐私之间进行权衡。尽管对流向政府机构和政府可信赖合作伙伴的灾害信息流的监管有所加强,但更多地使用社会技术来促进沟通和支持急救人员为侵犯隐私的行为提供了更多机会。本文专门探讨了流行的灾难应用程序所遵循的实际做法。我们的实证研究比较了由上下文完整性 (CI) 框架构建的隐私政策和政府机构政策的内容分析,以及记录他们发送的个人数据的静态和动态应用程序分析。我们发现监管和指南、隐私政策和应用程序/平台产生的信息流之间存在实质性差距,这些差距是由模糊性和豁免利用造成的。结果还表明治理与实践之间存在差距,包括:(1)许多应用程序忽略了政策中自定义的传输原则;(2) 虽然有些政策规定他们在某些条件下“可能”访问位置数据,但我们的研究中包含的 12 个应用程序在下载后立即捕获位置,因此不满足这些条件;(3) 政策中并未确定所有第三方数据接收方,包括违反受信任第三方期望的情况。我们直观地绘制了灾难期间的灾难信息流以及灾难响应领域内的第三方和政府应用程序,
更新日期:2020-03-13
中文翻译:
灾难隐私/隐私灾难
灾难期间的隐私期望与非紧急情况大不相同。最近的丑闻,例如 FEMA 向承包商的不当披露,表明必须谨慎地在紧急情况和隐私之间进行权衡。尽管对流向政府机构和政府可信赖合作伙伴的灾害信息流的监管有所加强,但更多地使用社会技术来促进沟通和支持急救人员为侵犯隐私的行为提供了更多机会。本文专门探讨了流行的灾难应用程序所遵循的实际做法。我们的实证研究比较了由上下文完整性 (CI) 框架构建的隐私政策和政府机构政策的内容分析,以及记录他们发送的个人数据的静态和动态应用程序分析。我们发现监管和指南、隐私政策和应用程序/平台产生的信息流之间存在实质性差距,这些差距是由模糊性和豁免利用造成的。结果还表明治理与实践之间存在差距,包括:(1)许多应用程序忽略了政策中自定义的传输原则;(2) 虽然有些政策规定他们在某些条件下“可能”访问位置数据,但我们的研究中包含的 12 个应用程序在下载后立即捕获位置,因此不满足这些条件;(3) 政策中并未确定所有第三方数据接收方,包括违反受信任第三方期望的情况。我们直观地绘制了灾难期间的灾难信息流以及灾难响应领域内的第三方和政府应用程序,
京公网安备 11010802027423号