The Need for Inherently Privacy-Preserving Vision in Trustworthy Autonomous Systems

Vision is a popular and effective sensor for robotics from which we can derive rich information about the environment: the geometry and semantics of the scene, as well as the age, gender, identity, activity and even emotional state of humans within that scene. This raises important questions about the reach, lifespan, and potential misuse of this information. This paper is a call to action to consider privacy in the context of robotic vision. We propose a specific form privacy preservation in which no images are captured or could be reconstructed by an attacker even with full remote access. We present a set of principles by which such systems can be designed, and through a case study in localisation demonstrate in simulation a specific implementation that delivers an important robotic capability in an inherently privacy-preserving manner. This is a first step, and we hope to inspire future works that expand the range of applications open to sighted robotic systems.Comment: 7 pages, 6 figure

Human-centered Information Security and Privacy: Investigating How and Why Social and Emotional Factors Affect the Protection of Information Assets

Information systems (IS) are becoming increasingly integrated into the fabric of our everyday lives, for example, through cloud-based collaboration platforms, smart wearables, and social media. As a result, nearly every aspect of personal, social, and professional life relies on the constant exchange of information between users and online service providers. However, as users and organizations entrust more and more of their personal and sensitive information to IS, the challenges of ensuring information security and privacy become increasingly pressing, particularly given the rise of cybercrime and microtargeting capabilities. While the protection of information assets is a shared responsibility between technology providers, legislation, organizations, and individuals, previous research has emphasized the pivotal role of the user as the last line of defense. Whereas prior works on human-centered information security and privacy have primarily studied the human aspect from a cognitive perspective, it is important to acknowledge that security and privacy phenomena are deeply embedded within users’ social, emotional, and technological environment. Therefore, individual decision-making and organizational phenomena related to security and privacy need to be examined through a socio-emotional lens. As such, this thesis sets out to investigate how and why socio-emotional factors influence information security and privacy, while simultaneously providing a deeper understanding of how these insights can be utilized to design effective security and privacy-enhancing tools and interventions. This thesis includes five studies that have been published in peer-reviewed IS outlets. The first strand of this thesis investigates individual decision-making related to information security and privacy. Daily information disclosure decisions, such as providing login credentials to a phishing website or giving apps access to one’s address book, crucially affect information security and privacy. In an effort to support users in their decision-making, research and practice have begun to develop tools and interventions that promote secure and privacy-aware behavior. However, our knowledge on the design and effectiveness of such tools and interventions is scattered across a diverse research landscape. Therefore, the first study of this thesis (article A) sets out to systematize this knowledge. Through a literature review, the study presents a taxonomy of user-oriented information security interventions and highlights crucial shortcomings of current approaches, such as a lack of tools and interventions that provide users with long-term guidance and an imbalance regarding cyber attack vectors. Importantly, the study confirms that prior works in this field tend to limit their scope to a cognitive processing perspective, neglecting the influence of social and emotional factors. The second study (article B) examines how users make decisions on disclosing their peers’ personal information, a phenomenon referred to as privacy interdependence. Previous research has shown that users tend to have a limited understanding of the social ramifications of their decisions to share information, that is, the impact of their disclosure decisions on others’ privacy. The study is based on a theoretical framework that suggests that for a user, recognizing and respecting others’ privacy rights is heavily influenced by the perceived salience of others within their own socio-technical environment. The study introduces an intervention aimed at increasing the salience of others’ personal data during the decision-making process, resulting in a significant decrease of interdependent privacy infringements. These findings indicate that current interfaces do not allow users to make informed decisions about their peers’ privacy – a problem that is highly relevant for policymakers and regulators. Shifting the focus towards an organizational context of individual security decision-making, the third study (article C) investigates employees’ underlying motives for reporting cyber threats. With the aim to maximize employees’ adoption of reporting tools, the study examines the effect of two tool design features on users’ utilitarian and hedonic motivation to report information security incidents. The findings suggest that reporting tools that elicit a sense of warm glow, that is, a boost of self-esteem and personal satisfaction after performing an altruistic act, result in higher tool adoption compared to those that address solely users’ utilitarian motivation. This unlocks a new perspective on organizational information security as a whole and showcases new ways in which organizations can engage users in promoting information security. The second strand of this thesis focuses on the context of organizational information security. Beyond individual decision-making, organizations face the challenge of maintaining an information security culture, including, for example, employees’ awareness of security risks, top management commitment, and interdepartmental collaboration with regard to security issues. The fourth study (article D) presents a measurement instrument to assess employees’ security awareness. Complementary to the predominant method of self-reported surveys, the study introduces an index based on employees’ susceptibility to simulated social engineering attacks. As such, it presents a novel way to measure security awareness that closes the intention-behavior gap and enables information security officers to nonintrusively monitor human vulnerabilities in real-time. Furthermore, the findings indicate that security education, training and awareness (SETA) programs not only increase employees’ awareness of information security risks, but also improve their actual security behavior. Finally, the fifth study (article E) investigates the influence of external socio-emotional disruption on information security culture. Against the backdrop of the COVID-19 pandemic, the longitudinal study reveals novel inhibitors and facilitators of information security culture that emerged in the face of global socially and emotionally disruptive change over the course of 2020. Specifically, the study demonstrates that such disruptive events can influence information security culture negatively, or – counterintuitively – positively, depending on prerequisites such as digital maturity and economic stability. Overall, this thesis highlights the importance of considering socio-emotional factors in protecting information assets by providing a more comprehensive understanding of why and how such factors affect human behavior related to information security and privacy. By doing so, this thesis answers calls for research that urge scholars to consider security and privacy issues in a larger social and emotional context. The studies in this thesis contribute to IS research on information security and privacy by (1) uncovering social and emotional motives as hitherto largely neglected drivers of users decision-making, (2) demonstrating how tools and interventions can leverage these motives to improve users’ protection of information assets, and (3) revealing the importance of external socio-emotional factors as a thus far under-investigated influence on organizational information security. In practice, this thesis offers actionable recommendations for designers building tools and interventions to support decision-making with regard to information security and privacy. Likewise, it provides important insights to information security officers on how to build a strong and resilient information security culture, and guides policymakers in accounting for socially embedded privacy phenomena

Disclosing Medical Mistakes: A Communication Management Plan for Physicians

Introduction: There is a growing consensus that disclosure of medical mistakes is ethically and legally appropriate, but such disclosures are made difficult by medical traditions of concern about medical malpractice suits and by physicians’ own emotional reactions. Because the physician may have compelling reasons both to keep the information private and to disclose it to the patient or family, these situations can be conceptualized as privacy dilemmas. These dilemmas may create barriers to effectively addressing the mistake and its consequences. Although a number of interventions exist to address privacy dilemmas that physicians face, current evidence suggests that physicians tend to be slow to adopt the practice of disclosing medical mistakes. Methods: This discussion proposes a theoretically based, streamlined, two-step plan that physicians can use as an initial guide for conversations with patients about medical mistakes. The mistake disclosure management plan uses the communication privacy management theory. Results: The steps are 1) physician preparation, such as talking about the physician’s emotions and seeking information about the mistake, and 2) use of mistake disclosure strategies that protect the physician-patient relationship. These include the optimal timing, context of disclosure delivery, content of mistake messages, sequencing, and apology. A case study highlighted the disclosure process. Conclusion: This Mistake Disclosure Management Plan may help physicians in the early stages after mistake discovery to prepare for the initial disclosure of a medical mistakes. The next step is testing implementation of the procedures suggested

Emotions in context: examining pervasive affective sensing systems, applications, and analyses

Pervasive sensing has opened up new opportunities for measuring our feelings and understanding our behavior by monitoring our affective states while mobile. This review paper surveys pervasive affect sensing by examining and considering three major elements of affective pervasive systems, namely; “sensing”, “analysis”, and “application”. Sensing investigates the different sensing modalities that are used in existing real-time affective applications, Analysis explores different approaches to emotion recognition and visualization based on different types of collected data, and Application investigates different leading areas of affective applications. For each of the three aspects, the paper includes an extensive survey of the literature and finally outlines some of challenges and future research opportunities of affective sensing in the context of pervasive computing

Deepfakes: False Pornography Is Here and the Law Cannot Protect You

It is now possible for anyone with rudimentary computer skills to create a pornographic deepfake portraying an individual engaging in a sex act that never actually occurred. These realistic videos, called “deepfakes,” use artificial intelligence software to impose a person’s face onto another person’s body. While pornographic deepfakes were first created to produce videos of celebrities, they are now being generated to feature other nonconsenting individuals—like a friend or a classmate. This Article argues that several tort doctrines and recent non-consensual pornography laws are unable to handle published deepfakes of non-celebrities. Instead, a federal criminal statute prohibiting these publications is necessary to deter this activity

Children, family and the state : revisiting public and private realms

The state is often viewed as part of the impersonal public sphere in opposition to the private family as a locus of warmth and intimacy. In recent years this modernist dichotomy has been challenged by theoretical and institutional trends which have altered the relationship between state and family. This paper explores changes to both elements of the dichotomy that challenge this relationship: a more fragmented family structure and more individualised and networked support for children. It will also examine two new elements that further disrupt any clear mapping between state/family and public/private dichotomies: the third party role of the child in family/state affairs and children's application of virtual technology that locates the private within new cultural and social spaces. The paper concludes by examining the rise of the 'individual child' hitherto hidden within the family/state dichotomy and the implications this has for intergenerational relations at personal and institutional levels

The Fourth Amendment in the Twenty-First Century: Technology, Privacy, and Human Emotions

Police and local political officials in Tampa FL argued that the FaceIt system promotes safety, but privacy advocates objected to the city\u27s recording or utilizing facial images without the victims\u27 consent, some staging protests against the FaceIt system. Privacy objects seem to be far more widely shared than this small protest might suggest