Norman M. Sadeh

Norman M. Sadeh
Carnegie Mellon University | CMU · School of Computer Science

About

259
Publications
37,899
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
12,022
Citations

Publications

Publications (259)
Preprint
Full-text available
The landscape of privacy laws and regulations around the world is complex and ever-changing. National and super-national laws, agreements, decrees, and other government-issued rules form a patchwork that companies must follow to operate internationally. To examine the status and evolution of this patchwork, we introduce the Government Privacy Instr...
Article
In attempts to "explain" predictions of machine learning models, researchers have proposed hundreds of techniques for attributing predictions to features that are deemed important. While these attributions are often claimed to hold the potential to improve human "understanding" of the models, surprisingly little work explicitly evaluates progress t...
Preprint
Full-text available
Traffic signal control (TSC) is a high-stakes domain that is growing in importance as traffic volume grows globally. An increasing number of works are applying reinforcement learning (RL) to TSC; RL can draw on an abundance of traffic data to improve signalling efficiency. However, RL-based signal controllers have never been deployed. In this work,...
Preprint
Full-text available
We present an empirical study exploring how privacy influences the acceptance of vaccination certificate (VC) deployments across different realistic usage scenarios. The study employed the privacy framework of Contextual Integrity, which has been shown to be particularly effective in capturing people's privacy expectations across different contexts...
Article
Full-text available
Browsing privacy tools can help people protect their digital privacy. However, tools which provide the strongest protections—such as Tor Browser—have struggled to achieve widespread adoption. This may be due to usability challenges, misconceptions, behavioral biases, or mere lack of awareness. In this study, we test the effectiveness of nudging int...
Article
Full-text available
Browser users encounter a broad array of potentially intrusive practices: from behavioral profiling, to crypto-mining, fingerprinting, and more. We study people’s perception, awareness, understanding, and preferences to opt out of those practices. We conducted a mixed-methods study that included qualitative (n=186) and quantitative (n=888) surveys...
Preprint
Full-text available
Vagueness and ambiguity in privacy policies threaten the ability of consumers to make informed choices about how businesses collect, use, and share their personal information. The California Consumer Privacy Act (CCPA) of 2018 was intended to provide Californian consumers with more control by mandating that businesses (1) clearly disclose their dat...
Article
Full-text available
Privacy and security tools can help users protect themselves online. Unfortunately, people are often unaware of such tools, and have potentially harmful misconceptions about the protections provided by the tools they know about. Effectively encouraging the adoption of privacy tools requires insights into people’s tool awareness and understanding. T...
Article
Full-text available
Cameras are everywhere, and are increasingly coupled with video analytics software that can identify our face, track our mood, recognize what we are doing, and more. We present the results of a 10-day in-situ study designed to understand how people feel about these capabilities, looking both at the extent to which they expect to encounter them as p...
Chapter
The European Union’s General Data Protection Regulation (GDPR) has compelled businesses and other organizations to update their privacy policies to state specific information about their data practices. Simultaneously, researchers in natural language processing (NLP) have developed corpora and annotation schemes for extracting salient information f...
Preprint
Semantic Web technologies offer the prospect of significantly reducing the amount of effort required to integrate existing enterprise functionality in support of new composite processes; whether within a given organization or across multiple ones. A significant body of work in this area has aimed to fully automate this process, while assuming that...
Article
Full-text available
In today’s data-centric economy, data flows are increasingly diverse and complex. This is best exemplified by mobile apps, which are given access to an increasing number of sensitive APIs. Mobile operating systems have attempted to balance the introduction of sensitive APIs with a growing collection of permission settings, which users can grant or...
Preprint
Privacy policies are long and complex documents that are difficult for users to read and understand, and yet, they have legal effects on how user data is collected, managed and used. Ideally, we would like to empower users to inform themselves about issues that matter to them, and enable them to selectively explore those issues. We present PrivacyQ...
Poster
Full-text available
In the Internet of Things (IoT), users interact with a growing collection of resources that all rely on the collection and processing of their information. Many of these interactions take place unbeknownst to the user. A user may not notice the camera in front of which she is passing and has no ability to determine whether the camera links to facia...
Article
Full-text available
The app economy is largely reliant on data collection as its primary revenue model. To comply with legal requirements, app developers are often obligated to notify users of their privacy practices in privacy policies. However, prior research has suggested that many developers are not accurately disclosing their apps’ privacy practices. Evaluating d...
Chapter
We present an online survey study examining people’s sleep behaviors as well as their strategies and tools to improve sleep health. Findings show that certain demographic features and sleep behaviors may impact sleep quality, and that current sleep technology is not as effective in promoting sleep health as expected. We discuss the importance of un...
Conference Paper
Full-text available
Many Internet services collect a flurry of data from their users. Privacy policies are intended to describe the ser-vices' privacy practices. However, due to their length and complexity, reading privacy policies is a challenge for end users, government regulators, and companies. Natural language processing holds the promise of helping address this...
Article
Full-text available
Website privacy policies are often long and difficult to understand. While research shows that Internet users care about their privacy, they do not have the time to understand the policies of every website they visit, and most users hardly ever read privacy policies. Some recent efforts have aimed to use a combination of crowdsourcing, machine lear...
Article
As we interact with an increasingly diverse set of sensing technologies, it becomes difficult to keep up with the many different ways in which data about ourselves is collected and used. Study after study has shown that while people generally care about their privacy, they feel they have little awareness of-let alone control over-the collection and...
Article
We show how to build the components of a privacy-aware, live video analytics ecosystem from the bottom up, starting with OpenFace, our new open-source face recognition system that approaches state-of-the-art accuracy. Integrating OpenFace with interframe tracking, we build RTFace, a mechanism for denaturing video streams that selectively blurs face...
Preprint
Full-text available
The EU's General Data Protection Regulation is poised to present major challenges in bridging the gap between law and technology. This paper reports on a workshop on the deployment, content and design of the GDPR that brought together academics, practitioners, civil-society actors, and regulators from the EU and the US. Discussions aimed at advanci...
Chapter
Full-text available
Smartphone app privacy policies are intended to describe smartphone apps’ data collection and use practices. However, not all apps have privacy policies. Without prominent privacy policies, it becomes more difficult for users, regulators, and privacy organizations to evaluate apps’ privacy practices. We answer the question: “Which apps have privacy...
Chapter
The EU’s General Data Protection Regulation is poised to present major challenges in bridging the gap between law and technology. This paper reports on a workshop on the deployment, content and design of the GDPR that brought together academics, practitioners, civil-society actors, and regulators from the EU and the US. Discussions aimed at advanci...
Preprint
Natural language inference (NLI) is the task of determining if a natural language hypothesis can be inferred from a given premise in a justifiable manner. NLI was proposed as a benchmark task for natural language understanding. Existing models perform well at standard datasets for NLI, achieving impressive results across different genres of text. H...
Preprint
Full-text available
We present a novel abstractive summarization framework that draws on the recent development of a treebank for the Abstract Meaning Representation (AMR). In this framework, the source text is parsed to a set of AMR graphs, the graphs are transformed into a summary graph, and then text is generated from the summary graph. We focus on the graph-to-gra...
Article
Advancements in information technology often task users with complex and consequential privacy and security decisions. A growing body of research has investigated individuals’ choices in the presence of privacy and information security trade-offs, the decision making hurdles affecting those choices, and ways to mitigate those hurdles. This article...
Article
Advancements in information technology often task users with complex and consequential privacy and security decisions. A growing body of research has investigated individuals’ choices in the presence of privacy and information security tradeoffs, the decision-making hurdles affecting those choices, and ways to mitigate such hurdles. This article pr...
Conference Paper
Full-text available
Computer vision based technologies have seen widespread adoption over the recent years. This use is not limited to the rapid adoption of facial recognition technology but extends to facial expression recognition, scene recognition and more. These developments raise privacy concerns and call for novel solutions to ensure adequate user awareness, and...
Conference Paper
Full-text available
With the rapid deployment of Internet of Things (IoT) technologies and the variety of ways in which IoT-connected sensors collect and use personal data, there is a need for transparency, control, and new tools to ensure that individual privacy requirements are met. To develop these tools, it is important to better understand how people feel about t...
Conference Paper
Full-text available
We present OpenFace, our new open-source face recognition system that approaches state-of-the-art accuracy. Integrating OpenFace with inter-frame tracking, we build RTFace, a mechanism for denaturing video streams that selectively blurs faces according to specified policies at full frame rates. This enables privacy management for live video analyti...
Conference Paper
Full-text available
The Internet of Things (IoT) is changing the way we interact with our environment in domains as diverse as health, transportation, office buildings and our homes. In smart building environments, information captured about the building and its inhabitants will aid in development of services that improve productivity, comfort, social interactions, sa...
Conference Paper
The Internet of Things (IoT) is changing the way we interact with our environment in domains as diverse as health, transportation, office buildings and our homes. In smart building environments, information captured about the building and its inhabitants will aid in development of services that improve productivity, comfort, social interactions, sa...
Article
ten long privacy policies; and those who do have difficulty understanding them, because they are written in convoluted and ambiguous language. A promising approach to help overcome this situation revolves around semi-automatically annotating policies, using combinations of crowdsourcing, machine learning and natural language processing. In this art...
Article
Privacy policies are supposed to provide transparency about a service's data practices and help consumers make informed choices about which services to entrust with their personal information. In practice, those privacy policies are typically long and complex documents that are largely ignored by consumers. Even for regulators and data protection a...
Conference Paper
Website privacy policies are often long and difficult to understand. While research shows that Internet users care about their privacy, they do not have time to understand the policies of every website they visit, and most users hardly ever read privacy policies. Several recent efforts aim to crowdsource the interpretation of privacy policies and u...
Conference Paper
Full-text available
Online advertisers track Internet users' activities to deliver targeted ads. To study how different factors affect users' attitudes towards this practice, we conducted a between-subjects online study (n=1,882). We elicited participants' comfort with sharing commonly collected types of information in scenarios with varying online advertisers' data p...
Technical Report
Full-text available
Online advertisers track Internet users' activities to deliver relevant ads. To study how different online advertisers' data practices affect users' comfort with sharing their information, we conducted a between-subjects online study with 1,882 participants. We asked participants about their comfort with sharing commonly collected types of informat...
Conference Paper
Full-text available
Smartphone users are often unaware of the data collected by apps running on their devices. We report on a study that evaluates the benefits of giving users an app permission manager and sending them nudges intended to raise their awareness of the data collected by their apps. Our study provides both qualitative and quantitative evidence that these...
Conference Paper
Full-text available
Despite benefits and uses of social networking sites (SNSs) users are not always satisfied with their behaviors on the sites. These desires for behavior change both provide insight into users' perceptions of how SNSs impact their lives (positively or negatively) and can inform tools for helping users achieve desired behavior changes. We use a 604-p...
Conference Paper
Full-text available
Data aggregators collect large amount of information about individual users and create detailed online behavioral profiles of individuals. Behavioral profiles benefit users by improving products and services. However, they have also raised concerns regarding user privacy, transparency of collection practices and accuracy of data in the profiles. To...
Conference Paper
The recent advent of multi-core computing environments increases the heterogeneity of grid resources and the complexity of managing them, making efficient load balancing challenging. In an environment where jobs are submitted regularly into a grid which is already executing several jobs, it becomes important to provide low job turn-around times and...
Conference Paper
Full-text available
To support empirical study of online privacy policies, as well as tools for users with privacy concerns, we consider the problem of aligning sections of a thousand policy documents, based on the issues they address. We apply an unsupervised HMM; in two new (and reusable) evaluations, we find the approach more effective than clustering and topic mod...
Article
We report on our design of Curated City, a website that lets people build their own personal guide to the city's neighborhoods by chronicling their favorite experiences. Although users make their own personal guides, they are immersed in a social curatorial experience where they are influenced directly and indirectly by the guides of others. We use...
Article
Full-text available
Anecdotal evidence and scholarly research have shown that Internet users may regret some of their online disclosures. To help individuals avoid such regrets, we designed two modifications to the Facebook web interface that nudge users to consider the content and audience of their online disclosures more carefully. We implemented and evaluated these...
Conference Paper
As they compete for developers, mobile app ecosystems have been exposing a growing number of APIs through their software development kits. Many of these APIs involve accessing sensitive functionality and/or user data and require approval by users. Android for instance allows developers to select from over 130 possible permissions. Expecting users t...
Article
Are you concerned about the privacy implications of big data; government surveillance; or the ability of social networks, search engines, and online advertisers to amass detailed profiles of individuals? Do you want to use your technical skills to help reverse the trend toward diminishing privacy? Would you like to help find ways to design privacy...
Conference Paper
Location sharing is a popular feature of online social networks, but challenges remain in the effective presentation of privacy choices to users, whose location sharing preferences are complex and diverse. One proposed approach for capturing these nuances builds on the observation that key attributes of users' location sharing preferences can be re...
Article
User review is a crucial component of open mobile app markets such as the Google Play Store. How do we automatically summarize millions of user reviews and make sense out of them? Unfortunately, beyond simple summaries such as histograms of user ratings, there are few analytic tools that can provide insights into user reviews. In this paper, we pro...
Conference Paper
We present the results of an online survey of 1,221 Twitter users, comparing messages individuals regretted either saying during in-person conversations or posting on Twitter. Participants generally reported similar types of regrets in person and on Twitter. In particular, they often regretted messages that were critical of others. However, regrett...
Conference Paper
Smartphones have unprecedented access to sensitive personal information. While users report having privacy concerns, they may not actively consider privacy while downloading apps from smartphone application marketplaces. Currently, Android users have only the Android permissions display, which appears after they have selected an app to download, to...
Patent
Various embodiments are directed to a computer implemented method for updating a policy that is enforced by a computer program. In one embodiment, a computer communicates, to a user, data regarding one or more decisions made by the program over a period of time according to a policy. Each decision is made on the particular policy in force at the ti...
Article
While prior studies have provided us with an initial understanding of people’s location-sharing privacy preferences, they have been limited to Western countries and have not investigated the impact of the granularity of location disclosures on people’s privacy preferences. We report findings of a 3-week comparative study collecting location traces...