Chapter 10 - Privacy and Trust Online
Chapter Summary
Sharing information online
- The concept of privacy is complex and it is a difficult phenomenon to define easily.
- Some people carefully curate their online information.
- Many methods of sharing our information online are available to us. Some of these are conscious, as we post messages and send communications. Some aspects of our online information sharing may be unwitting – for example, through embedded information or Internet cookies.
- Our data online also accumulates across various platforms.
- Online profiles might be linked through facial recognition software.
- Information online might also have a degree of permanency that is not considered when it is posted.
- Complaints against agencies who store information have led to clarifications regarding privacy legislation, such as the ‘right to be forgotten’ in Europe.
- Users also may not consider who has access to information that they share online, including third parties such as government agencies, advertisers or malicious hackers, who may access the information despite not being the intended audience.
Deciding what information to share
- Users have been found to be greatly concerned about their privacy.
- There are many factors which may lead them to share private information online.
Cognitive psychology and decision making
- Various models and theories in cognitive psychology can aid our understanding of why people share information online.
- Daniel Kahneman’s (2011) System 1 and System 2 types of thinking may be relevant, with users employing the faster System 1 for decisions which require the greater deliberation of System 2.
- It is also possible that confirmation bias (Einhorn & Hogarth, 1978) might affect decision making about privacy, with users selectively attending to information which suggests that online disclosure is safe.
- Similarly, if a user has experienced or witnessed negative consequences of privacy disclosure, they may be more susceptible to the availability heuristic proposed by Tversky & Kahneman (1973).
- Other theories and models in cognitive psychology may also have applicability to decision making regarding privacy.
Communication privacy management
- Sandra Petronio (2002) developed Communication Privacy Management Theory.
- This suggests that users believe that they own their private information and that they have the right to control the dissemination of this information.
- Communication Privacy Management Theory also suggests that users presume that others who hold this information will follow their rules regarding dissemination, and turbulence will ensue if the information is shared without permission.
Social spheres and space
- In some cases users may be content to share private information with only small groups of close friends.
- In other cases, the user may feel that they can post very private information in a very public setting, provided that they feel they are anonymous.
- Problems may arise if a user wishes to share information that may not be well received by all of their contacts – different social spheres may have different expectations about the user’s behaviour.
- It is also possible that users may feel ‘digital crowding’ where the disclosure inherent in social media results in withdrawal coping methods (Joinson et al., 2011).
Paradoxes, trade-offs and gaps
- Users may sometimes know what the most secure behaviour is, but fail to behave in a way that promotes such security – a phenomenon known as the knowing–doing gap.
- A similar concept is the privacy paradox (Barnes, 2006).
- Users may maintain a balance between privacy settings, selective disclosures and selective inclusion of others to maintain privacy (Ellison et al., 2011).
- Security is a related concept to privacy, and users may choose to engage in behaviours which make their digital lives easier rather than safer. This concept is known as the convenience-security trade-off (Tam et al., 2009).
- Rogers (1975, 1983) proposed Protection Motivation Theory, which includes several factors which might trigger engagement in more secure behaviours. These include how severe the user perceived the threatened event would be, how likely they perceive the event to be, how effective the preventative measure is, what are the potential rewards if the threat is avoided, what are the potential costs of implementing the preventative measure, and if the user believes that they can successfully implement the preventative measures (self-efficacy).
Removing our data online
- It is difficult to remove all data once it has appeared online.
- There are many reasons why a user may wish to remove this data, including avoiding unwanted attention, fear of cyberstalking, or removal of a comment which attracted criticism.
- Untagging may be a method of managing undesirable photographs on social media (Lang & Barton, 2015).
- Bloggers may also engage in ‘scrubbing’ behaviours for a variety of reasons (Child et al., 2011, 2012).
- Similarly, users may delete social networking profiles, termed ‘virtual identity suicide’ by Stieger et al. (2013).
Further Reading
In September 2013 the Pew Research Centre (Internet, Science and Tech) published data regarding anonymity, privacy and security online. A summary of their results and a link to the full report are available here. Broader content on online privacy and safety is also available.
Bruce Schneier’s blog ‘Schneier on Security’ is regularly updated and provides expert insights into a wide range of security issues. Schneier regularly also posts on topics relating to privacy.
The IEEE magazine Security & Privacy includes articles, interviews, tutorials and case studies. In particular, the following paper by Dark (2015) considers cybersecurity and a ‘security mindset’:
- Dark, M. (2015, January/February). Thinking about Cybersecurity. IEEE Security and Privacy, 61–65.
The Journal of Privacy and Confidentiality, affiliated with Carnegie Mellon University, is an online interdisciplinary journal considering aspects of privacy, including online privacy.
Video links
A panel discussion on behavioural economics and privacy nudging organised by EMSOC (User Empowerment in a Social Media Culture). This panel includes notable experts such as Alessandro Acquisti, Lorrie Faith Cranor, Sandra Petronio, Adam Joinson and Eleni Kosta. The panellists discuss how users can be encouraged to protect their privacy online and the decision-making strategies they use when sharing information.
Useful websites
The Princetown University Security and Privacy Research Group’s website includes information relating to their work and researchers in this important field, as well as links to publications by their group.
A similar website is maintained by the University of Washington Security and Privacy Research Lab. Their publications, courses and research activities are described here.
Multiple Choice Questions
Essay Questions
- Explain how at least three cognitive psychology theories or models can aid our understanding of why individuals might engage in risky online privacy management behaviours.
- Evaluate the applicability of Petronio’s Communication Privacy Management Theory to online communication.
- How does the ability to utilise online social spheres lead to an increase in online disclosures?
- Legislation regarding the right to be forgotten online is ineffective unless users are educated about the risks of online information sharing. Discuss.