Is a Universal Translator the Answer for Privacy?

Recognizing that relinquishing privacy rights is a lot more complicated than signing a release form to bungee jump, Carnegie Mellon University is leading a project to help consumers quickly comprehend the "the lengthy, often-confusing and subject-to-change" privacy policies now posted by major websites.

Working with law school researchers at Fordham and Stanford universities, computer scientists and behavioral economists at Carnegie Mellon will teach computer systems how to read and evaluate each website’s privacy policies. Crowdsourcing will then be used to identify and extract those policy features that matter most to people.

Earlier attempts to encourage websites to post privacy policies in machine-readable language or to get website operators to abide by new rules have encountered "significant resistance." That inspired project leaders to develop a translator based on already available, "rarely read, plain English privacy policies."

amazon privacy policyWith crowdsourcing itself unable to keep pace with changing policies, computers will be relied upon to routinely scan policies, even though computers can’t yet understand all the nuances of human language.

"We are going to develop algorithms that can automatically or semi-automatically read a privacy policy well enough to answer a few questions likely to be of interest to many users and also to policymakers," said Noah Smith, associate professor of language technologies and machine learning at Carnegie Mellon, in a statement. "This is an exciting opportunity to apply recent developments in robust natural language processing to an everyday dilemma."

One goal is to develop user interfaces or browser add-ons that can summarize the pertinent privacy characteristics of a website in a way that is easily understood. This might be as simple as a letter grade, a color-coding, or other visualization to quickly indicate how each website privacy policy compares to a peer group.

"This gives, finally, power to customers to make informed decisions regarding what website they feel comfortable tracking them and which ones they don’t," Norman Sadeh, a Carnegie Mellon professor of computer science and leader of the Usable Privacy Policy Project, told the Pittsburgh Post-Gazette.

The 42-month, $3.75 million Usable Privacy Policy Project is sponsored by the National Science Foundation through its Secure and Trustworthy Cyberspace (SaTC) program. It is one of three large Frontier awards the NSF recently announced in support of a more secure information society.

BrainTrust

Discussion Questions

Do you see benefits for consumers and online retailers in a universal privacy policy translator? What do you think of using letter codes or colors to mark the privacy access levels of each website? How else could consumers quickly weigh the privacy tradeoffs of engaging with specific retail websites?

Poll

6 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Ken Lonyai
Ken Lonyai
10 years ago

I think this a great idea and the benefits are clear. However, I am not the average consumer. Both my wife and I have abandoned shopping efforts where an SSL was not working, a site was insecure, or where the merchant had onerous or disagreeable policies. Most people aren’t that way, though.

On average, people give lip service to privacy concerns and then spill their guts all over Facebook or click on anything that catches them in the moment. Of course the typical consumer wants these protections, but often, the lure of a great deal or a quick/easy purchasing opportunity causes them to allay their better judgement and forge ahead anyway. And few people ever read a TOS or Privacy Policy.

I look forward to the results of CMU’s project and hope they create a viable tool, but I don’t think it will significantly impact m/e-commerce.

Lee Peterson
Lee Peterson
10 years ago

We should be paid for the use of our information. That’s the premise of a book by Jaron Lanier called “Who Owns The Future,” which I would recommend. This idea of actually understanding privacy policy is a first step towards that.

At this point in the evolution of online retail and information exchange, it’s a one way street. But hopefully, once we understand what the value is of what we’re giving up, we’ll gather around some fresh thinking like Lanier’s and make it a true mutual exchange.

Cathy Hotka
Cathy Hotka
10 years ago

This is long overdue. Nobody reads EULAs, in part because they know they won’t understand what’s in them. It will be no small feat for CMU to figure this out; what a document says and how it’s acted upon can be completely different. Look at the so-called Patriot Act.

Lee Kent
Lee Kent
10 years ago

I certainly see the benefits in understanding what you are and are not giving in to. The problem I have is this. Why do WE need to teach computers how to understand the nuances of human language?

We live in this computerized world and it is time that these privacy policies et al use standardized lingo, not legalese which no one understands and which allows too many loopholes.

Let’s spend the $3.75 million developing standardization for this area in order to protect our personal assets. Don’t leave it up to chance that the computer interpreted the language correctly and didn’t miss the loopholes. I’m just sayin’….

Ralph Jacobson
Ralph Jacobson
10 years ago

I find it interesting on the use of natural language processing for this purpose, mainly because IBM’s “Watson” computer performs this task fairly well, to say the least.

I think there are some great potential benefits to this capability. I also think that most consumers only worry about privacy when they perceive their privacy is being compromised. This may prove to be a huge issue as more merchants “abuse” their relationships with shoppers.

Craig Sundstrom
Craig Sundstrom
10 years ago

This is nice, I guess, but I think ultimately the solution (to “onerous” policies) will be greater legal intervention. We would never allow, for example, a situation where an employer claims permission for random searches of his employee’s house, regardless of what the employee might have agreed to; not only would the contract be unenforceable, it would probably be the subject of criminal/civil litigation. Obviously the situation with website privacy is not (exactly) the same, but the underlying principle is: society will not long allow even private parties to enter into absurd arrangements, the claim “they agreed to it” not being an excuse.