智能手机安全
this is a paper from CMU, and introduced a method for smartphone privacy1 IntroductionDr. Alan Westin conducted over 30 privacy-related surveys between 1978 and 2004 [21]. Thesesurveys cover general privacy, consumer privacy, medical privacy, and other privacy-relatedareas. For most of these surveys Westin created a"Privacy Index "to summarize his results and toshow trends in privacy concerns. Unfortunately, the details of how Westin calculated theseprivacy indexes have not been reported except in the original survey reports. These reports wereoriginally distributed in paper form, and the early ones are no longer readily available. Some ofthe more recent survey reports are currently available for purchase from Privacy AmericanBusiness. We were able to obtain paper copies of five of these survey reports [10],[12],[13]]115,[17 and were able to find a sixth report online L4]. We were also able to obtain theexecutive summary of eight additional reports online [],[6],[7 .[11 ,[14],[16],[18],[19]Table I provides the information regarding reports discussed in this paperTable 1: Details of the studies discussed in this paperYear Name of studyReport Summary Source typefound1990 Equifax Executive SummarySummaOnlineHarris-Equifax Consumer Privacy ReportHard copy1991 Survey1992 Equifax Executive SummarySummaryOnline1993 Health Information Privacy SurveyReportHard copy1994 Equifax-Harris Consumer Privacy Reportard copySurvey19951995 Equifax Harris Consumer SummaryOnlinePrivacy Survey1996 Equifax-Harris Consumer Privacy ReportHard copySurvey1997Thresultsof Commerce, SummaryOnlineCommunication, and Privacy onlinefor Privacy American Business1998 E-Commerce Privacy: What Net ReportHard copyUsers Want1998 The Privacy Concerns and Consumer SummaryOnlineChoice1999 DoubleClick, Inc. and Privacy SummaryOnlinePrivacy&AmericanBusinessReportOrderformhttp://www.pandab.org/rptorderForm.pdfvisitedon10Aug04.American business1999 Freebies and Privacy: What Net UsersSunnaIOnlineThink2001 Privacy On Off the Internet: WhatReportHard copyConsumers want2003 Most PeoplAre“ Privacy SummaryOnlinePragmatists" Who. While Concernedabout Privacy, Will Sometimes Tradeit Off for other benefitsWestin's surveys measure attitudes and concerns about privacy and provide data on howthese attitudes and concerns change over time. Westin has surveyed the general level of privacyconcern of the public and has also studied the attitudes about specific privacy-related topics, forexample, confidence in organizations that handle personal information, acceptance of a nationalidentification system, and use of medical records for research. He has also investigated changes inprivacy attitudes after September 11, 2001 [4]. Some of Westin's surveys were commissioned bycompanies or organizations that were interested in privacy issues relevant to their particular lineof business. In each survey report, Westin provides insights designed to help organizationsrespond to privacy concerns with appropriate policies, products, and services. All of these surveyswere conducted via telephone and surveyed randomly-selected statistical samples of the UnitedStates adult population. Because they are random-sample surveys and are statisticallyrepresentative, they serve as useful benchmarks for comparisons with surveys conducted in othercountries or surveys conducted with convenience samplesWestin created several privacy indexes to summarize his survey results and show privacytrends over time. While creating the indexes, Westin classified the public into three categoriesWestin has interchangeably used the following categories to refer to the groups of people that hecreated:(1)High and Fundamentalist, 2)Medium and Pragmatist, (3) Low and Unconcerned.Of the 14 survey reports(complete or summaries) that we examined, six specified the values forall the three categories while one report provided the value for the High category only. The rest ofthe reports did not discuss about the privacy indexesWc also found other studies where the researchers have directly or indirectly comparedthe indexes described by Westin to the results obtained by them in their own studies [1], [2]Many privacy researchers around the globe are interested in using these privacy indexes asbenchmarks to which they can compare their own survey results and also use these indexes toclassify people in other countries. In this paper, we report the methodology used by Westin tolculate the privacy indexes and draw some conclusions about which indexes can be used toinfer privacy trendsThe remainder of this paper is organized as follows: In the following section, we presentWestin's methodology for creating privacy indexes. We include the text of the questions fromwhich the privacy indexes were obtained. In the discussion scction, we present some conclusionsabout these privacy indexes and present some criticism that has been raised about these survey2 To be consistent with the reports written by Westin, we have also used the terms as presented in Westin'sreportsWhen reproducing survey questions in this report, we have omitted those parts of the question that are notrelevant to the privacy indexes under discussion. We have included the actual question and questionnumbers from the original surveys, displaying them in bold, italic font2. Creation of Privacy indexesIn this section, we present the methodology used by Westin for creating the indexes for each ofthe reports that we obtained. We present the methodology in chronological order of the study. weprovide the actual questions from the reports, options provided to the samples, results for thesespecific questions and definitions given by Westin for the categories of peop2.I. Harris- Equifax Consumer Privacy Survey -1990 and 1991The earliest privacy index we studied was Westin's Greneral Privacy Concern Index, developedas part of the 1990 study. In order to gain a better understanding of privacy concerns, Westin useda series of four questions to divide respondents into three groups, representing levels of privacyconcern. As reported in Westin's 1991 survey report [10], respondents were asked1. Whether they are very concerned about threats to their personal privacy today2. Whether they agree strongly that business organizations seek excessively personalinformation from consumers3. Whether they agree strongly that the Federal government since Watergate is still invadingthe citizen, s privacy4. Whether they agree that consumers have lost all control over circulation of theirinformationThe answers to these questions were used to assign each respondent to a privacy concern group asfollowsHigh3 or 4 privacy-concerned answersModerate2 privacy-concerned answersOw1 or no privacy-concerned answersWestin then examined respondents responses to all the other privacy-related questions in the1990 study and found that the general privacy concern index was a good predictor for relatinggeneral concern level and privacy concern levelUsing the classification mentioned above, Westin divided the respondents into the followingcategoriesthat ask for their personal information, worried about the accuracy of computerized ionsThe privacy Fundamentalists: Fundamentalists are generally distrustful of organizationsinformation and additional uses made of it, and are in favor of new laws and regulatoryactions to spell out privacy rights and provide enforceable remedies. They generallychoose privacy controls over consumer-service benefits when these compete with eachother. About 25% of the public are privacy FundamentalistsThe Pragmatic: They weigh the benefits to them of various consumer opportunities andservices, protections of public safety or enforcement of personal morality against thedegree of intrusiveness of personal information sought and the increase in governmentpower involved. they look to see what practical procedures for accuracy, challenge andcorrection of errors the business organization or government agency follows whenconsumer or citizen evaluations are involved They believe that business organizations orgovernment should earn the public s trust rather than assume automatically that theyhave it. And, where consumer matters are involved they want the opportunity to decidecompilations of mailing lists. About 57% of public fall into this categop ation aswhether to opt out of even non-evaluative uses of their personal information as inThe Unconcerned: The Unconcerned are generally trustful of organizations collectingtheir personal information, comfortable with existing organizational procedures and usesare ready to forego privacy claims to secure consumer-service benefits or public-ordervalues and not in favor of the enactment of new privacy laws or regulations about 18% ofpublic fall into this categoryWe were unable to obtain the complete report of the 1990 study. The privacy index that we have providedhere for the year 1990 is from the 1991 report [10]5In the 1991 study, Westin created the" Consumer Privacy Concern Index. He used questionsabout business use of personal information as the basis for creation of the index. He used theresponse of the following question to create the index [1o4 a. Do you agree or disagree with the following statement(READ EACH ITEM)? Do you agreedisagree very strongly or somewhat strangly1. Consumers have lost all control over how personal information about them is circulatedand used by companiesAgree very strongly(37)°Agree somewhat strongly(34Disagree somewhat strongly3(20Disagree very strongly4Neither/ Not sure42. My privacy rights as a consumer in credit reporting are adequately protected today by lawand business practicesAgree very strongly0)Agree somewhat strongly2Disagree somewhat strongly29Disagree very strongly420)Neither not sureFor creating the index, Westin considered the privacy-oriented position to be"" for thefirst question (4 a 1)and for the second question (4 a 2), he regarded the privacy-orientedposition to be "disagree. The 1991 report describes how these responses were used to create theConsumer Privacy cox[10]:If a person did not take the privacy-oriented position on either of the two statements, wescored them as a Low in Consumer Privacy Concern. If they took one of the two proprivacy views, we considered them to have moderate concern and if they took thestrongest privacy-oriented position on both of the statements, we considered them to haveHigh concern We tested the power of the index by looking whether those who scoredhighest on this index were the most privacy-oriented in answering most of the otherattitude and policy questions on the 1991 survey, whether those scoring lowest on theindex were the least concerned with privacy on those questions, and moderates were inthe middleWestin in the 1991 report provided the comparison of the index values for 1990 and 1991 studies[10]:Consumer privacy concerns for 1991 and 1990 is as follows19901991High concern46%41%Moderate concern36%39%Low concern17%20%2.2. Harris-Equifax Health Information Privacy Survey -1993Westin created the "Medical Privacy Concern Index and Computer Fear Index"as part of his1993 survey. Westin used"Medical Sensitivity Index"(described below) and an additional two5 The numbers in parenthesis are the exact values from the reports° Westin has used"agre”' to be sum of“ agree very strongly”'and" agree somewhat;” this was not clearlymentioned in the reports. Similar aspects were seen in few other reports also [15],[17]questions to create the Medical Privacy Concern Index. The additional two questions to create theindex were 12A 2 (Have/do) you or(has/does)a member of your immediate family(READ ITEM), or not?1. Ever used the services of a psychologist, psychiatrist, or other mental-health professionalYesNoNot sureD1. Do you believe that(REAd EACH ITEM) has ever disclosed your personal medical informationin a way that you felt was improper, or not?Health insurance companies(15-82-3)8A clinic or hospital that treated you or a family member ( 11-87-2)Public health agencies(10-86-4Your employer or a family members employer(9-89-1a doctor who has treated you or a family member (7-92-1)a pharmacy or druggist who filled a prescriptionfor you or a family member(3-95-1)The Medical Sensitivity Index was based on two questions measuring computer fear and twoquestions measuring concern over the circulation of medical information among variousorganizations. The two questions measuring concern for circulation of medical information wereC2. Please tell me for each of the following statements whether you agree strongly, agreesomewhat, disagree somewhat, or disagree strongly?It concems me that my medical information is being seen today by many organizationsbeyond those that i go to for health care servicesAgree strongly(32)Agree somewhat29Disagree somewhatDisagree stronglyNot sure4L4. Under national health-care reform, each person might be assigned an identification number forhealth insurance purposes. How concerned would you be to have such a health informationnumber assigned to you- very concerned, somewhat concerned, not very concerned or notconcerned at all?Very concerned28Somewhat concerned29Not very concernedNot concerned at allNot sureThe two questions measuring computer fear wereK1. How concerned are you that many health care providers you use today employ computers insome of their operations, such as patient billing and accounting, laboratory work, and keepingsome medical records -are you concerned some what concerned not too concerned notned at allVery concerned(8)Somewhat concerned21Not too cond(31)During this year Westin also conducted the study among leaders of organizations, but these values are notdiscussed in this report. In this report, we provide the values for the Total Public"as mentioned inWestin's repoThe values are presented in the order of"Yes,”No”and“ Not sure.Not concerned at al(40)★★)9and monitor operations Some of these uses will involve individual medical records. In generalL1. Under national health care reform, computers are expected to be used extensively to managwould such use of computers worry you -a great deal, a little or not at all?a great dealA littleNot at all(29Not sureResponses to questions C2, Kl, Ll, and L4 were first combined to form a Medical SensitivityIndex. If a respondent answered 3 or 4 questions with the strongest privacy position, he or shewas placed in the High category; if a respondent answered 1 or 2 questions with the strongestprivacy position, he or she was placed in the Medium category. Respondents with no strongprivacy answers were placed in the Low category of Medical Sensitivity Index. Dividing thepublic into these three groups produced the following distribution13%Medium45%LOW42%Westin specified that Medical Sensitivity Index proved to be strongly correlated with privacyorientations of a large majority of the respondents. Respondents scoring highest in the MedicalSensitivity Index took the most privacy-oriented position on the majority of the questionsrespondents with Medium Medical Sensitivity Index occupy middle positions; and respondentswith Low Medical Sensitivity Index were the least privacy oriented. Using the results from theabove questions A2 and DI, along with the medical Sensitivity Index, Westin created the medicalPrivacy Concern Index. Westin found 48% of the public fell into the category of High MedicalPrivacy Concern Index. Westin in his report (referring to the results for the above questions)mentioned [12]Each of these measures as we have already discussed produced strong correlationbetween these respondents and strong privacy-oriented positions on a majority of the 39question data set. After eliminating duplications among the three sets of respondents, wefound 48%of public -representing 89 million Americans-fall into the High MedicalCooncernAs mentioned earlier, in the 1993 study, Westin also created the Computer Fear Index. He askedthe following questions for creating the indexX3. Do you agree strongly, agree somewhat, disagree somewhat or disagree strongly?1. If privacy is to be preserved, the use of computers must be sharply restricted in the futureAgree stronglyAgree somewhat(31Disagree somewhatDisagree strongly(10)Not sure(2The value for this option was less than 0.5%, so no specific values were provided in Westin's reportValues provided with(**) hereafter in this report specifies percentages less than 0.5%%. We also suspectthat all the values presented in the westin's reports were rounded off to the nearest integer valuesK1. How concerned are you that many health care providers you use today employ computers insome of their operations, such as patient billing and accounting, laboratory work, and keepingsome medical records -are you very concerned somewhat concerned not too concerned, notconcerned at all?Very concerned(8%Somewhat concerned (21%)Not too concerned at all(31%Not concerned at all(40%)Not sure18%of public are very concerned that their health care provides are using computerL1. Under national health care reform, computers are expected to be used extensively to manageand monitor operations. Some of these uses will involve individual medical records. In generalwould such use of computers worry your -a great deal, a little or not at all?a great deal(23A little47)Not at all(29)Not sureWestin used the above questions(X3. 1, Kl, Li) to create the Computer Fear Index. Westinproposed [12]People with 2 or 3 of above answers were rated as high in computer fear; 1 answer asmedium and no answer as Low. The public divided into three groupings as followsHigh Computer Fear22%Medium Computer Fear32Low Computer Fear47%23. Equifax-Harris Consumer Privacy Report-1994In the 1994 study [13], westin created the"Distrust Index". Westin used the following questionsthe indexH1. For each of the following statements, please tell me whether you tend to agree or disagree? Doyou agree strongly, agree somewhat, disagree somewhat or disagree strongly?Technology has almost gotten out of control23-28-25-21-1)11Government can generally be trusted to look after our interests(5-15-28-52The way one votes has no effect on what the government does( 24 -22-26-27-1)In general business helps us more than harm us( 34-42 -14-8-1)Westin specified [13]To create the Distrust Index, we examined each respondent's answers to the fourquestions. If a respondent gave 3-4 distrustful answers(e. g, agrees that voting has noeffect; disagrees that government can generally be trusted; disagrees that business helpmore than harms; and agrees that technology is almost out of control), we classify thatrespondent as High in distrust; two distrustful answers are scored as Medium distrust; oneas low distrust: and no distrustful answers are called no distrustThe values for the classification wereHere Westin mentions the privacy orientation as the answers to the questions asked to the respondentsValues specified are in the order of“ Agree strongly,”“ Agree somewhat”“ Disagree somewhat;”Disagree strongly”and“ Not sure.12 Here Westin refers to the four parts of the question mentioned above in HIHigh Distrust31%Medium distrust38%Low Distrust0No Distrust5%Westin showed a direct correlation between the respondents distrust level and respondentsposition for a majority of the privacy issues. Westin showed this correlation in the 1990, 1993 and1994 studies. In one of his remarks regarding this correlation, Westin argued the following [13]The degree of pro-privacy orientation on each issue goes up in a step-by-step rise as thelevel of distrust increases. For example, 51% of public is very concemed about threats topersonal privacy, but 61% of those High in distrust are very concerned; 53% of those withMedium distrust; 42%of those Low in distrust; and only 24%of respondents who are NotDistrustful say they are very concerned about threats to their personal privacy today2.4. Equifax-Harris Consumer Privacy Report-1996In the 1996 study [15], Westin created the "Privacy Concern Index. The following questionswere used for creating the indexA1. How would you rate each of the following consumer issues in terms of their importance to you?Is this very important to you, somewhat important, not very, or not at all important?5. Protecting the privacy of consumer intormationVery ImportaSomewhat important23)Not very importantNot at all importantDont know(@@Refused(@@)A 2a. Have you personally ever been the victim of what you felt was an improper invasion ofprivacy, or not?Yes. has been victim(24)No, have not been victim (@Dont know(@@)Refused(@@)A 3. The present system in the U.S. for protecting the confidentiality of consumer information usedby business combines THREE main controls; voluntary privacy practices adopted by companiesindividual lawsuits and court decisions, and federal and state laws in specific industriesSome experts feel that congress should create a permanent federal govenment PrivacyCommission, as some European countries have done. This Commission would examine newtechnology development and could issue and enforce privacy regulations governing ALL businessin the∪.S.Other experts believe the present system is flexible enough to apply those consumer privacy rightsthat the American public wants to have protected, and that creating a federal commission givesmuch authority to the federal governmentWhich of these choices do you think is best for the U.S.?Creating a federal government Privacy Commission(28Using the present system to protect consumer privacy rights (67)Neither13(***)together they were specified to be 10%(@@) hereafter in this report specifies when the values were not addressed in Westin's reports
用户评论