Privee: An Architecture for Automatically Analyzing Web Privacy Policies

23rd USENIX Security Symposium, 1, 2014

17 Pages Posted: 14 Oct 2014

See all articles by Sebastian Zimmeck

Sebastian Zimmeck

Wesleyan University

Steven M. Bellovin

Columbia University - Department of Computer Science

Date Written: August 20, 2014

Abstract

Privacy policies on websites are based on the notice-and-choice principle. They notify Web users of their privacy choices. However, many users do not read privacy policies or have difficulties understanding them. In order to increase privacy transparency we propose Privee — a software architecture for analyzing essential policy terms based on crowdsourcing and automatic classification techniques. We implement Privee in a proof of concept browser extension that retrieves policy analysis results from an online privacy policy repository or, if no such results are available, performs automatic classifications. While our classifiers achieve an overall F-1 score of 90%, our experimental results suggest that classifier performance is inherently limited as it correlates to the same variable to which human interpretations correlate — the ambiguity of natural language. This finding might be interpreted to call the notice-and-choice principle into question altogether. However, as our results further suggest that policy ambiguity decreases over time, we believe that the principle is workable. Consequently, we see Privee as a promising avenue for facilitating the notice-and-choice principle by accurately notifying Web users of privacy practices and increasing privacy transparency on the Web.

Suggested Citation

Zimmeck, Sebastian and Bellovin, Steven M., Privee: An Architecture for Automatically Analyzing Web Privacy Policies (August 20, 2014). 23rd USENIX Security Symposium, 1, 2014. Available at SSRN: https://ssrn.com/abstract=2509627

Sebastian Zimmeck (Contact Author)

Wesleyan University ( email )

Middletown, CT 06459
United States

Steven M. Bellovin

Columbia University - Department of Computer Science ( email )

New York, NY 10027
United States

Register to save articles to
your library

Register

Paper statistics

Downloads
29
Abstract Views
181
PlumX Metrics