Scaling Contextual Privacy to MDM Environments

Principal Investigator(s): 
Serge Egelman

It has long been understood that privacy and usability are often in tension: the privacy controls that are often mandated by workplace environments are difficult to use, which results in either low rates of compliance, negative impacts on job performance (e.g., being unable to perform various tasks due to access control restrictions), or inadvertent disclosure of sensitive information (i.e., privacy breaches). In trying to reconcile these goals, ICSI researchers performed research to develop a system that better regulates access to sensitive information on mobile devices, while also being less obtrusive to end-users. They implemented a prototype of this system on Android and performed several peer-reviewed published studies demonstrating its potential.

Building on these results (from the Mobile Contextual Privacy project and other recent studies), the researchers have determined two concurrent directions for moving this technology forward into the marketplace, as part of a BYOD privacy solution. They plan to integrate their privacy decision-making system into an existing MDM system to demonstrate its utility, then perform additional research to develop and validate privacy design patterns, so that the research results can be applied more generally to other systems.

Funding provided by DHS/AFRL