2017

  • F. Schaub, R. Balebako, L.F. Cranor, "Designing Effective Privacy Notices and Controls", IEEE Internet Computing, 21, 3, May 2017 [doi]

  • A. Oltramari, D. Piraviperumal, F. Schaub, S. Wilson, S. Cherivirala, T.B. Norton, N.C. Russell, P. Story, J. Reidenberg, N. Sadeh., "PrivOnto: A Semantic Framework for the Analysis of Privacy Policies", Semantic Web Journal (SWJ), May 2017

  • S. Zimmeck, Z. Wang, L. Zou, R. Iyengar, B. Liu, F. Schaub, S. Wilson, N. Sadeh, S.M. Bellovin, J.R. Reidenberg, "Automated Analysis of Privacy Requirements for Mobile Apps", NDSS'17: Network and Distributed System Security Symposium, Feb 2017 [pdf]

2016

  • M. Bokaei Hosseini, S. Wadkar, T.D. Breaux, J. Niu, "Lexical Similarity of Information Type Hypernyms, Meronyms and Synonyms in Privacy Policies", AAAI Fall Symposium on Privacy and Language Technologies, Nov 2016 [pdf]

  • F. Liu, S. Wilson, F. Schaub, N. Sadeh, "Analyzing Vocabulary Intersections of Expert Annotations and Topic Models for Data Practices in Privacy Policies", AAAI Fall Symposium on Privacy and Language Technologies, Nov 2016 [pdf]

  • K.M. Sathyendra, F. Schaub, S. Wilson, N. Sadeh, "Automatic Extraction of Opt-Out Choices from Privacy Policies", AAAI Fall Symposium on Privacy and Language Technologies, Nov 2016 [pdf]

  • S. Zimmeck, Z. Wang, L. Zou, R. Iyengar, B. Liu, F. Schaub, S. Wilson, N. Sadeh, S.M. Bellovin, J.R. Reidenberg, "Automated Analysis of Privacy Requirements for Mobile Apps", AAAI Fall Symposium on Privacy and Language Technologies, Nov 2016 [pdf]

  • J. Bhatia, T. D. Breaux, J. R. Reidenberg, T. B. Norton, "A Theory of Vagueness and Privacy Risk Perception", IEEE 24th International Requirements Engineering Conference (RE'16), Sep 2016 [pdf]

  • J. Bhatia, M.C. Evans, S. Wadkar, T.D. Breaux, "Automated Extraction of Regulated Information Types using Hyponymy Relations", Third International Workshop on Artificial Intelligence for Requirements Engineering (AIRE'16), Sep 2016 [pdf]

  • L. F. Cranor, P. G. Leon, B. Ur, "A Large-Scale Evaluation of U.S. Financial Institutions Standardized Privacy Notices", ACM Transactions on the Web (TWEB), Aug 2016 [pdf] [website]

  • S. Wilson, F. Schaub, A. Dara, F. Liu, S. Cherivirala, P.G. Leon, M.S. Andersen, S. Zimmeck, K. Sathyendra, N.C. Russell, T.B. Norton, E. Hovy, J.R. Reidenberg, N. Sadeh, "The Creation and Analysis of a Website Privacy Policy Corpus", ACL '16: Annual Meeting of the Association for Computational Linguistics, Aug 2016 [pdf]

  • F. Schaub, T.D. Breaux, N. Sadeh, "Crowdsourcing Privacy Policy Analysis: Potential, Challenges and Best Practices", it – Information Technology, Jun 2016 [doi]

  • A. Rao, F. Schaub, N. Sadeh, A. Acquisti, R. Kang, "Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online", Symposium on Usable Privacy and Security (SOUPS '16), Denver, CO, Jun 2016 [doi] [pdf]

  • J. Gluck, F. Schaub, A. Friedman, H. Habib, N. Sadeh, L.F. Cranor, Y. Agarwal, "How Short is Too Short? Implications of Length and Framing on the Effectiveness of Privacy Notices", Symposium on Usable Privacy and Security (SOUPS '16), Denver, CO, Jun 2016 [doi] [pdf]

  • B. Liu, M.S. Andersen, F. Schaub, H. Almuhimedi, S. Zhang, N. Sadeh, A. Acquisti, Y. Agarwal, "Follow My Recommendations: A Personalized Assistant for Mobile App Permissions", Symposium on Usable Privacy and Security (SOUPS '16), Denver, CO, Jun 2016 [doi] [pdf]

  • S.K. Cherivirala, F. Schaub, M.S. Andersen, S. Wilson, N. Sadeh, J.R. Reidenberg, "Visualization and Interactive Exploration of Data Practices in Privacy Policies", SOUPS '16 Poster Session, Jun 2016 [pdf]

  • J.R. Reidenberg, N.C. Russell, T.B. Norton, "Rating Indicator Criteria for Privacy Policies", SOUPS 2016 Workshop on Privacy Indicators, Jun 2016 [doi] [pdf]

  • J. Bhatia, T.D. Breaux, F. Schaub, "Mining Privacy Goals from Privacy Policies using Hybridized Task Recomposition", ACM Transactions on Software Engineering and Methodology (TOSEM), 25, 1, May 2016 [doi]

  • S. Wilson, F. Schaub, A. Dara, S.K. Cherivirala, S. Zimmeck, M.S. Andersen, P.G. Leon, E. Hovy, N. Sadeh, "Demystifying Privacy Policies Using Language Technologies: Progress and Challenges", TA-COS ’16: LREC Workshop on Text Analytics for Cybersecurity and Online Safety, May 2016 [pdf]

  • R. Slavin, X. Wang, M.B. Hosseini, W. Hester, R. Krishnan, J. Bhatia, T.D. Breaux, J. Niu, "Toward a Framework for Detecting Privacy Policy Violation in Android Application Code", ACM/IEEE 38th International Software Engineering Conference (ICSE'16), May 2016 [doi]

  • S. Wilson, F. Schaub, R. Ramanath, N. Sadeh, F. Liu, N.A. Smith, F. Liu, "Crowdsourcing Annotations for Websites' Privacy Policies: Can It Really Work?", WWW '16: 25th International World Wide Web Conference, Apr 2016 [pdf] [doi]

  • J.R. Reidenberg, J. Bhatia, T.D. Breaux, T.B. Norton, "Automated Comparisons of Ambiguity in Privacy Policies and the Impact of Regulation", Journal of Legal Studies, 45, 2, part 2, Mar 2016 (forthcoming). [doi]

  • F. Schaub, A. Marella, P. Kalvani, B. Ur, C. Pan, E. Forney, L.F. Cranor, "Watching Them Watching Me: Browser Extensions’ Impact on User Privacy Awareness and Concern", USEC '16: NDSS Workshop on Usable Security, Feb 2016 [pdf]

  • N. Sadeh, "Personalized Privacy Assistants: From Android to the Internet of Things", Presentation at FTC PrivacyCon, Jan 2016 [link]

  • N. Sadeh, A. Acquisti, T.D. Breaux, L.F. Cranor, A.M. McDonald, J. Reidenberg, N.A. Smith, F. Liu, N.C. Russell, F. Schaub, S. Wilson, J.T. Graves, P.G. Leon, R. Ramanath, A. Rao, "Towards Usable Privacy Policies: Semi-automatically Extracting Data Practices From Websites’ Privacy Policies", Presentation at FTC PrivacyCon, Jan 2016

  • A. Rao, F. Schaub, N. Sadeh, A. Acquisti, R. Kang, "Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online", Presentation at FTC PrivacyCon, Jan 2016 [link]

2015

  • R. Balebako, F. Schaub, I. Adjerid, A. Acquisti, L.F. Cranor, "The Impact of Timing on the Salience of Smartphone App Privacy Notices", SPSM '15: 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, Oct 2015 [doi]

  • A. Grannis, "Elements of Effective Notice in the Online Age", 43rd Research Conference on Communications, Information and Internet Policy (TPRC), Sep 2015 (to be published in Fordham Urban Law Journal)

  • T.B. Norton, "Crowdsourcing Privacy Policy Interpretation", 43rd Research Conference on Communications, Information and Internet Policy (TPRC), Sep 2015 Also workshopped at the October 2015 Privacy Law Scholars Conference, Amsterdam. [doi]

  • J.R. Reidenberg, N.C. Russell, A.J. Callen, S. Qasir, T.B. Norton, "Privacy Harms and the Effectiveness of the Notice and Choice Framework", I/S Journal of Law & Policy for the Information Society, vol. 11, issue, 2, pp. 485, Aug 2015 Also presented at TPRC '14, Arlington, VA, September 2014. [pdf]

  • J. Bhatia, T.D. Breaux, "Towards an Information Type Lexicon for Privacy Policies", IEEE 8th International Workshop on Requirements Engineering and Law (RELAW), Aug 2015 Ottawa, Canada [doi] [pdf]

  • T.D. Breaux, D. Smullen, H. Hibshi, "Detecting Repurposing and Over-collection in Multi-Party Privacy Requirements Specifications", IEEE 23rd International Requirements Engineering Conference (RE'15), Ottawa, Canada, Aug 2015 [doi] [pdf]

  • L. F. Cranor, C. Hoke, P. G. Leon and A. Au, "Are They Worth Reading? An In-Depth Analysis of Online Advertising Companies' Privacy Policies", I/S: A Journal of Law and Policy for the Information Society, vol. 11, issue 2, Aug 2015 Also presented at TPRC '14, Arlington, VA, September 2014. [pdf]

  • F. Schaub, R. Balebako, A. Durity, L.F. Cranor, "A Design Space for Effective Privacy Notices", Symposium on Usable Privacy and Security (SOUPS '15), Ottawa, Canada, Jul 2015 [link] [pdf]

  • P.G. Leon, A. Rao, F. Schaub, A. Marsh, L.F. Cranor, N. Sadeh, "Privacy and Behavioral Advertising: Towards Meeting Users' Preferences", PPS '15: Second SOUPS Workshop on Privacy Personas and Segmentation, USENIX, Jul 2015 [pdf]

  • J. Reidenberg, J. Bhatia, T.D. Breaux, "Automated Measurement of Privacy Policy Ambiguity", Working Paper presented at The Eighth Annual Privacy Law Scholars Conference (Berkeley), Jun 2015

  • F. Liu, J. Flanigan, S. Thomson, N. Sadeh, N. A. Smith, "Toward Abstractive Summarization Using Semantic Representations.", Proceedings of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (NAACL 2015), May 2015 [pdf]

  • J.R. Reidenberg, T.D. Breaux, L.F. Cranor, B. French, A. Grannis, J.T. Graves, F. Liu, A.M. McDonald, T.B. Norton, R. Ramanath, N.C. Russell, N. Sadeh, F. Schaub, "Disagreeable Privacy Policies: Mismatches between Meaning and Users’ Understanding.", Berkeley Technology Law Journal, vol. 30, 1, pp.39-88, May 2015 Also presented at TPRC '14, September 2014, Arlington, VA, USA. [link]

  • P.G. Leon, A. Rao, F. Schaub, A. Marsh, L.F. Cranor, N. Sadeh, "Why People are (Un)willing to Share Information with Online Advertisers", Tech. report CMU-ISR-15-106, Carnegie Mellon University, May 2015 [link] [pdf]

  • H. Almuhimedi, F. Schaub, N. Sadeh, I. Adjerid, A. Acquisti, J. Gluck, L.F. Cranor, Y. Agarwal, "Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging", 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15), Apr 2015 [link] [doi]

2014

  • A. Rao, F. Schaub, N. Sadeh, "What do they know about me? Contents and Concerns of Online Behavioral Profiles.", Sixth ASE International Conference on Privacy, Security, Risk and Trust (PASSAT '14), Cambridge, MA, Dec 2014 Also published as Tech. report CMU-CyLab-14-011, July 2014. [link] [pdf]

  • R. Ramanath, F. Schaub, S. Wilson, F. Liu, N. Sadeh, N. A. Smith, "Identifying Relevant Text Fragments to Help Crowdsource Privacy Policy Annotations.", Conference on Human Computation & Crowdsourcing (HCOMP '14), work in progress session, Pittsburgh, PA, Nov 2014 [link]

  • F. Schaub, T. D. Breaux, N. Sadeh, "Crowdsourcing the Extraction of Data Practices from Privacy Policies.", Conference on Human Computation & Crowdsourcing (HCOMP '14), work in progress session, Pittsburgh, PA, Nov 2014 [link]

  • T.D. Breaux, H. Hibshi, A. Rao, "Eddy, A Formal Language for Specifying and Analyzing Data Flow Specifications for Conflicting Privacy Requirements", Requirements Engineering Journal, 19, 3, Sep 2014 [doi]

  • F. Liu, R. Ramanath, N. Sadeh, N. A. Smith, "A Step Towards Usable Privacy Policy: Automatic Alignment of Privacy Statements.", 25th International Conference on Computational Linguistics (COLING '14), Dublin, Ireland, Aug 2014 [link] [pdf]

  • T.D. Breaux, F. Schaub, "Scaling Requirements Extraction to the Crowd: Experiments on Privacy Policies", 22nd IEEE International Requirements Engineering Conference (RE '14), Karlskrona, Sweden, Aug 2014 [doi] [pdf]

  • N. Sadeh, A. Acquisti, T. D. Breaux, L. F. Cranor, A. M. McDonald, J. Reidenberg, N. A. Smith, F. Liu, N. C. Russell, F. Schaub, S. Wilson, J. T. Graves, P. G. Leon, R. Ramanath, A. Rao, "Towards Usable Privacy Policies: Semi-automatically Extracting Data Practices From Websites' Privacy Policies", SOUPS '14 poster session, Palo Alto, CA, Jul 2014 [pdf] [link]

  • A. Marella, C. Pan, Z. Hu, F. Schaub, B. Ur, L. F. Cranor, "Assessing Privacy Awareness from Browser Plugins", SOUPS '14 poster session, Palo Alto, CA, Jul 2014 [pdf]

  • J.Lin, B. Liu, N. Sadeh, J.I. Hong, "Modeling Users’ Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings", 2014 ACM Symposium on Usable Security and Privacy (SOUPS 2014), Palo Alto, CA, Jul 2014 [link]

  • J. Reidenberg, N.C. Russell, A. Callen, S. Qasir, "Privacy Enforcement Actions", Jun 2014 [pdf]

  • R. Ramanath, F. Liu, N. Sadeh, N.A. Smith, "Unsupervised Alignment of Privacy Policies using Hidden Markov Models", Proceedings of the Annual Meeting of the Association for Computational Linguistics (ACL'14), Baltimore, MD, Jun 2014 [doi] [pdf]

  • B. Liu, J. Lin, N. Sadeh, "Reconciling Mobile App Privacy and Usability on Smartphones: Could User Privacy Profiles Help?", Proceedings of the 23rd International World Wide Web Conference (WWW 2014), Seoul, Korea, Apr 2014 [doi]

2013

  • N. Sadeh, A. Acquisti, T.D. Breaux, L.F. Cranor, A.M. McDonald, J. Reidenberg, N.A. Smith, F. Liu, N.C. Russell, F. Schaub, S. Wilson, "The Usable Privacy Policy Project: Combining Crowdsourcing, Machine Learning and Natural Language Processing to Semi-Automatically Answer Those Privacy Questions Users Care About.", Tech. report CMU-ISR-13-119, Dec 2013 [link] [pdf]

Relevant Prior Research

  • Breaux, T. and Rao, A., "Formal Analysis of Privacy Requirements Specifications for Multi-TierApplications", Proc. of the 21st Requirements Engineering Conference (RE’13), Rio de Janeiro, Jul 2013 [doi] [pdf]

  • W. Ammar, S. Wilson, N. Sadeh, N. Smith, "Automatic Categorization of PrivacyPolicies: A Pilot Study", School of Computer Science, Language Technology Institute, Technical Report CMU-LTI-12-019, Dec 2012 [link] [pdf]

  • Lin, J., Amini, S., Hong, J., Sadeh, N., Lindqvist, J., Zhang, J., "Expectation and Purpose: Understanding Users' Mental Models of Mobile App Privacy through Crowdsourcing", Proceedings of the 14th ACM International Conference on Ubiquitous Computing, pp 501-510, Pittsburgh, USA, Sep 2012 [doi] [pdf]

  • Brandimarte, L., Acquisti, A., Loewenstein, G. , "Misplaced Confidences: Privacy and the Control Paradox", Social Psychological and Personality Science, May 2012 [doi] [pdf]

  • M. Benisch, P.G. Kelley, N. Sadeh,and L.F. Cranor, "Capturing Location-Privacy Preferences: Quantifying Accuracy and User-Burden Tradeoffs", Journal of Personal and Ubiquitous Computing. , Volume 15, Issue 7, Oct 2011 [doi] [pdf]

  • Tsai, J., Egelman, S., Cranor, L., Acquisti, A., "The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study", Information Systems Research, 22, 254-268, May 2011 [doi]

  • Smith, N. A., "Linguistic Structure Prediction", May 2011 [doi]

  • Kelley, P. G., Cesca, L.J., Bresee, J., Cranor, L. F. , "Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach", Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, May 2010 [doi] [link]

  • Ravichandran, R., Benisch, M., Kelley, P. G., and Sadeh N., "Capturing Social Networking Privacy Preferences: Can Default Policies Help Alleviate Tradeoffs between Expressiveness and User Burden?", Proc. 2009 Privacy Enhancing Technologies Symposium, Aug 2009 [doi]

  • McDonald, A. M., and Cranor, L. F., "The cost of reading privacy policies", I/S – A Journal of Law and Policy for the Information Society 4(3), May 2008 [pdf]

  • Reidenberg, J. and Cranor, L.F, "Can user agents accurately represent privacy policies?", TPRC 30th Research Conference Paper # 65, May 2002 [doi]

  • Reidenberg, J., "The Use of Technology to Assure Internet Privacy :Adapting Labels and Filters for Data Protection", LEX ELECTRONICA, III:2, May 1997 [link]