NSF awards $1.2M to create a digital assistant to answer people’s privacy questions

Daniel Tkacik

Jul 18, 2019

Do you read through the privacy policies of the online accounts you sign up for? Of course you don’t, because they’re long, hard to read, and it would take you hundreds of hours each year.

App icons from a phone screen, including Twitter and Facebook

Source: Pixabay

But what if you had a digital assistant that could answer the privacy questions you have? One federal funding agency believes that idea has legs.

The National Science Foundation (NSF) has awarded a $1.2 million grant to a team of researchers from Carnegie Mellon University, Fordham University, and Penn State University to develop a tool – a “privacy assistant” – that will allow users to simply ask questions about the privacy issues that matter to them.

“We need a technological solution to empower users to quickly zoom in on the issues that are on their mind, rather than requiring them to read long privacy policies,” says CyLab’s Norman Sadeh, a professor in the Institute for Software Research and the lead principal investigator on the project.

We need a technological solution to empower users.

Norman Sadeh, Professor, Institute for Software Research

The goal is for the privacy assistant to not only automatically read the text of privacy policies, but to also be equipped with general knowledge of common data collection and use practices, legal knowledge, and information extracted from news feeds. When possible, the privacy assistant will also analyze code such as the code of a mobile app to get a deeper look into what that app is collecting about its users and what it does with the data.

“One challenge is that people often lack the necessary background knowledge to articulate their questions,” says Sadeh. “So, we are also aiming to equip our assistants with functionality capable of engaging in increasingly sophisticated dialogues with users to help disambiguate their questions and help the assistant converge on the issue they are actually concerned about.” 

One challenge is that people often lack the necessary background knowledge to articulate their questions.

Norman Sadeh, Professor, Institute for Software Research

Depending on what the assistant is able to find from studying an app’s privacy policy and code, its responses may range from specific (e.g. “This app’s privacy policy states that the app does not share your location with 3rd parties”) to broad (e.g. “While I can’t tell for sure, the app’s code suggests that it might be sharing your location with 3rd parties” or “While I can’t tell for sure whether it shares your location with 3rd parties, under California law, this app would have to explicitly tell you that it does”). 

Additionally, the team hopes to eventually release a version of its technology that is specifically configured to help visually impaired users by relying on speech-based communication.

The project builds on recent advances in natural language processing, machine learning, and code analysis that have come out of  the Usable Privacy Policy Project and the Personalized Privacy Assistant Project.

“We’re really looking to reinvent the concept of notice and choice,” says Sadeh, “…moving from long and hard-to-understand notices to interactive privacy dialogues with users.”

The project is being awarded through NSF’s Secure & Trustworthy Cyberspace program. The other Principal Investigators on the project are Prof. Shomir Wilson at Penn State and Prof. Joel Reidenberg at the Center of Law and Information Policy (CLIP) at Fordham University. The team also includes CLIP executive director, Tom Norton.