Societal Computing Thesis Defense

  • Remote Access - Zoom
  • Virtual Presentation - ET
  • Ph.D. Candidate
  • Ph.D. Program in Societal Computing
  • Institute for Sofware Research, Carnegie Mellon University
Thesis Orals

Exploring the adoption of privacy protective behaviors

Adoption of protective tools and technologies for digital privacy and security continues to be limited, despite reports indicating widespread privacy concerns in the population. This apparent gap between concerns and behaviors, known as the "privacy paradox,'' has drawn the attention of many scholars. At the same time, anecdotal evidence suggests that some portion of the population may display a different in fact, inverse type of behavior: expressing that privacy is not important to them while engaging in privacy-protective behaviors. I call this phenomenon the "reverse privacy paradox'' (RPP). To investigate the engagement with privacy-protective behaviors, I present two case studies on the adoption (or non-adoption) of privacy-protective behaviors and explore the reverse privacy paradox. Based on my findings I provide evidence to support the claim that current approaches used to understand privacy perspectives and behavior engagement are insufficient.

The first part of this thesis presents two case studies of protective behavior adoption, one captured through observed behavior (two-factor authentication adoption at Carnegie Mellon University) and one through self-reported intentions (adoption of a personalized privacy assistant for the Internet of Things). These studies illustrate the influence of many of the variables from behavior engagement and technology adoption models, such as how easy a system is to use, the benefits to be derived from using it, and social influence. However, while I found that efficacy a variable included in models of technology adoption plays a role in participants' decision to engage in protective behaviors, my findings show that the behaviors' efficacy, as measured by participants' perspective on the impact of engaging in a particular behavior, was more prominent in their decision to adopt such behavior than their perception of self-efficacy.

The second part of this thesis focuses on understanding the engagement in protective behaviors for those that do not express positive perspectives towards privacy. To do so, I first developed statements to collect people's privacy perspectives through an investigation on what current (and new) statements used in privacy scales measure, finding that existing statements do not always capture the construct they claim to capture but that there seem to be linguistic patterns that can be used to improve on this. I also curated an expansive list of privacy-protective behaviors based on behaviors triggered by privacy concerning situations reported by participants across a variety of contexts. Finally, by investigating observed discrepancies in stated perspectives and behaviors I have identified that the RPP happened, in some form, in 71% of our sample and that the most common reasons for its occurrence are: having engaged in the behavior for a reason different than privacy, not being concerned as they do not see the risk as significant, and for only being concerned in specific contexts. This phenomenon highlights that, in the context of privacy perspectives and behaviors, the lack of an understanding of the participants' motivation for engaging in a behavior or for expressing a perspective may lead to misleading results about the link between perspectives and behaviors. Finally, I conclude this thesis by discussing the implications of these findings to the privacy community and highlight future areas of exploration that could lead to a more appropriate theory of behavior engagement within the context of privacy.

Thesis Committee:
Lorrie Faith Cranor(Co-Chair)
Alessandro Acquisti (Co-Chair)
Laura Dabbish
Heng Xu (American University)

Additional Information

Zoom Participation.  See announcement.

For More Information, Please Contact: