2024

  • Abhilasha Ravichander, Ian Yang, Rex Chen, Shomir Wilson, Thomas Norton, and Norman Sadeh, "Incorporating Taxonomic Reasoning and Regulatory Knowledge into Automated Privacy Question Answering", Twenty-Fifth International Web Information Systems Engineering Conference, Dec 2024 [pdf]

  • Ananya Balaji, Lea Duesterwald, Ian Yang, Aman Priyanshu, Costanza Alfieri, and Norman Sadeh, "Generating Effective Answers to People’s Everyday Cybersecurity Questions: An Initial Study", Twenty-Fifth International Web Information Systems Engineering Conference, Dec 2024 [pdf]

  • Yuanyuan Feng, Abhilasha Ravichander, Yaxing Yao, Shikun Zhang, Rex Chen, Shomir Wilson, and Norman Sadeh, "Understanding How to Inform Blind and Low-Vision Users about Data Privacy through Privacy Question Answering Assistants", USENIX Security Symposium, Aug 2024 [pdf]

  • Shikun Zhang, Lily Klucinec, Kyerra Norton, Norman Sadeh, and Lorrie Faith Cranor, "Exploring Expandable-Grid Designs to Make iOS App Privacy Labels More Usable", Twentieth Symposium on Usable Privacy and Security, Aug 2024 [pdf]

  • Sonu Gupta, Geetika Gopi, Harish Balaji, Ellen Poplavska, Nora O'Toole, Siddhant Arora, Thomas Norton, Norman Sadeh, and Shomir Wilson, "Creation and Analysis of an International Corpus of Privacy Laws", Joint International Conference on Computational Linguistics, Language Resources and Evaluation (LREC-COLING 2024), May 2024 [pdf]

2023

  • Akshath Jain, David Rodriguez, Jose M. del Alamo, and Norman Sadeh, "ATLAS: Automatically Detecting Discrepancies Between Privacy Policies and Privacy Labels", International Workshop on Privacy Engineering (IWPE 2023), Jul 2023 [pdf]

  • David Rodriguez, Akshath Jain, Jose M. del Alamo, and Norman Sadeh, "Comparing Privacy Label Disclosures of Apps Published in both the App Store and Google Play Stores", International Workshop on Privacy Engineering (IWPE 2023), Jul 2023 [pdf]

  • Shikun Zhang and Norman Sadeh, "Do Privacy Labels Answer Users' Privacy Questions?", Workshop on Usable Security and Privacy (USEC 2023), Feb 2023 [pdf]

2022

  • Shikun Zhang, Yuanyuan Feng, Yaxing Yao, Lorrie Faith Cranor, Norman Sadeh, "How Usable Are iOS Privacy Labels?", Privacy Enhancing Technologies Symposium (PETS 2022), Jul 2022 [pdf]

  • Siddhant Arora, Henry Hosseini, Christine Utz, Vinayshekhar Bannihatti Kumar, Tristan Dhellemmes, Abhilasha Ravichander, Peter Story, Jasmine Mangat, Rex Chen, Martin Degeling, Tom Norton, Thomas Hupperich, Shomir Wilson, and Norman Sadeh, "A Tale of Two Regulatory Regimes: Creation and Analysis of a Bilingual Privacy Policy Corpus", LREC'22, Jun 2022 [pdf]

  • Jack Gardner, Yuanyuan Feng, Kayla Reiman, Zhi Lin, Akshath Jain and Norman Sadeh, "Helping Mobile Application Developers Create Accurate Privacy Labels", IWPE'22, May 2022 [pdf]

2021

  • Rex Chen, Fei Fang, Thomas Norton, Aleecia M. McDonald, Norman Sadeh, "Fighting the Fog: Evaluating the Clarity of Privacy Disclosures in the Age of CCPA", WPES'21, Sep 2021 [pdf]

  • Abhilasha Ravichander, Alan W Black, Thomas Norton, Shomir Wilson, Norman Sadeh, "Breaking Down Walls of Text: How Can NLP Benefit Consumer Privacy?", ACL '21: Annual Meeting of the Association for Computational Linguistics, Aug 2021 [pdf]

  • Yuanyuan Feng, Yaxing Yao, Norman Sadeh, "A Design Space for Privacy Choices: Towards Meaningful Privacy Control in the Internet of Things", CHI ’21, May 2021 [pdf]

  • Hana Habib, Yixin Zou, Yaxing Yao, Alessandro Acquisti, Lorrie Faith Cranor, Joel Reidenberg, Norman Sadeh, and Florian Schaub, "Toggles, Dollar Signs, and Triangles: How to (In)Effectively Convey Privacy Choices with Icons and Link Texts", CHI ’21, May 2021 [pdf]

2020

  • Ellen Poplavska, Thomas B. Norton, Shomir Wilson, and Norman Sadeh, "From Prescription to Description: Mapping the GDPR to a Privacy Policy Corpus Annotation Scheme", In Proceedings of the 33rd International Conference on Legal Knowledge and Information Systems (JURIX), Dec 2020 [pdf]

  • Peter Story, Daniel Smullen, Yaxing Yao, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub, "Awareness, Adoption, and Misconceptions of Web Privacy Tools", Privacy Enhancing Technologies Symposium (PETS 2021), Nov 2020 [pdf]

  • Peter Story, Daniel Smullen, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, Florian Schaub, "From Intent to Action: Nudging Users Towards Secure Mobile Payments", Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020), Aug 2020 [pdf]

  • Hana Habib, Sarah Pearman, Jiamin Wang, Yixin Zou, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, Florian Schaub, "“It’s a scavenger hunt”: Usability of Websites’ Opt-Out and Data Deletion Choices", CHI ’20, Apr 2020 [pdf]

  • Vinayshekhar Bannihatti Kumar, Roger Iyengar, Namita Nisal, Yuanyuan Feng, Hana Habib, Peter Story, Sushain Cherivirala, Margaret Hagan, Lorrie Faith Cranor, Shomir Wilson, Florian Schaub, Norman Sadeh, "Finding a Choice in a Haystack: Automatic Extraction of Opt-Out Statements from Privacy Policy Text", WWW ’20, Apr 2020 [pdf]

2019

  • Abhilasha Ravichander, Alan W Black, Shomir Wilson, Thomas Norton and Norman Sadeh, "Question Answering for Privacy Policies: Combining Computational and Legal Perspectives", 2019 Conference on Empirical Methods in Natural Language Processing (EMNLP 2019), Nov 2019 Hong Kong, China [pdf]

  • Reidenberg, Joel R. and Russell, N. Cameron and Herta, Vlad and Sierra-Rocafort, William and Norton, Thomas, "Trustworthy Privacy Indicators: Grades, Labels, Certifications and Dashboards", Washington University Law Review, 96, 6, Nov 2019 [link]

  • Hana Habib, Yixin Zou, Aditi Jannu, Neha Sridhar, Chelse Swoopes, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, Florian Schaub, "An Empirical Analysis of Data Deletion and Opt-Out Choices on 150 Websites", Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019), Aug 2019 [link]

  • Sebastian Zimmeck, Peter Story, Daniel Smullen, Abhilasha Ravichander, Ziqi Wang, Joel Reidenberg, N. Cameron Russell, and Norman Sadeh, "MAPS: Scaling Privacy Compliance Analysis to a Million Apps", Privacy Enhancing Technologies Symposium (PETS 2019), 3, Jul 2019 [pdf]

  • Peter Story, Sebastian Zimmeck, Abhilasha Ravichander, Daniel Smullen, Ziqi Wang, Joel Reidenberg, N. Cameron Russell, and Norman Sadeh, "Natural Language Processing for Mobile App Privacy Compliance", AAAI Spring Symposium on Privacy Enhancing AI and Language Technologies (PAL 2019), Mar 2019 [pdf]

  • Vinayshekhar Bannihatti Kumar, Abhilasha Ravichander, Peter Story, and Norman Sadeh, "Quantifying the Effect of In-Domain Distributed Word Representations: A Study of Privacy Policies", AAAI Spring Symposium on Privacy Enhancing AI and Language Technologies (PAL 2019), Mar 2019 [pdf]

  • Abhilasha Ravichander, Alan Black, Eduard Hovy, Joel Reidenberg, N. Cameron Russell, and Norman Sadeh, "Challenges in Automated Question Answering for Privacy Policies", AAAI Spring Symposium on Privacy Enhancing AI and Language Technologies (PAL 2019), Mar 2019 [pdf]

  • N. Cameron Russell, Florian Schaub, Allison McDonald, William Sierra-Rocafort, "APIs and Your Privacy", Jan 2019 [pdf]

2018

  • Shomir Wilson, Florian Schaub, Frederick Liu, Kanthashree Mysore Sathyendra, Daniel Smullen, Sebastian Zimmeck, Rohan Ramanath, Peter Story, Fei Liu, Norman Sadeh, Noah A. Smith, "Analyzing Privacy Policies at Scale: From Crowdsourcing to Automated Annotations", ACM Transactions on the Web, 13, 1, Dec 2018 [pdf]

  • Jaspreet Bhatia, Travis Breaux, "Empirical Measurement of Perceived Privacy Risk", ACM Transactions on Human Computer Interaction (TOCHI), Dec 2018

  • Abhijith Athreya Mysore Gopinath, Shomir Wilson, and Norman Sadeh, "Supervised and Unsupervised Methods for Robust Separation of Section Titles and Prose Text in Web Documents", Conference on Empirical Methods in Natural Language Processing (EMNLP), Brussels, Belgium, Nov 2018 [pdf] [website]

  • J. Bhatia and T. D. Breaux, "Semantic Incompleteness in Privacy Policy Goals", IEEE 26th International Requirements Engineering Conference (RE), Banff, AB, Canada, Aug 2018 [pdf]

  • Hamza Harkous, Kassem Fawaz, Rémi Lebret, Florian Schaub, Kang G. Shin, Karl Aberer, "Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning", USENIX Security Symposium 2018, Aug 2018

  • Peter Story, Sebastian Zimmeck, Norman Sadeh, "Which Apps have Privacy Policies?", Annual Privacy Forum, Jun 2018 [pdf]

  • Frederick Liu, Shomir Wilson, Peter Story, Sebastian Zimmeck and Norman Sadeh, "Towards Automatic Classification of Privacy Policy Text", Carnegie Mellon University Technical Report CMU‐ISR‐17‐118R and CMU‐LTI‐17‐010, Institute for Software Research and Language Technologies Institute, School of Computer Science, Jun 2018 [pdf]

  • H. Habib, Y. Zou, C. Swoopes, A. Jannu, L.F. Cranor, F. Schaub, "An Empirical Analysis of Online Consent and Opt-Out Experience", PLSC ’18: Privacy Law Scholars Conference, May 2018

  • H. Habib, Y. Zou, A. Jannu, C. Swoopes, A. Acquisti, L.F. Cranor, N. Sadeh, F. Schaub, "An Empirical Analysis of Website Data Deletion and Opt-Out Choices", CHI 2018 Workshop on General Data Protection Regulation: An Opportunity for the HCI Community?, Apr 2018 [pdf]

  • Peter Story, Sebastian Zimmeck, Norman Sadeh, "Which Apps have Privacy Policies?", Carnegie Mellon University Technical Report CMU-ISR-18-100R, Institute for Software Research, School of Computer Science, Feb 2018 [pdf]

  • Peter Story, Sebastian Zimmeck, Norman Sadeh, "Which Apps have Privacy Policies?", FTC PrivacyCon, Feb 2018 Poster [pdf]

  • A. Oltramari, D. Piraviperumal, F. Schaub, S. Wilson, S. Cherivirala, T.B. Norton, N.C. Russell, P. Story, J. Reidenberg, N. Sadeh., "PrivOnto: A Semantic Framework for the Analysis of Privacy Policies", Semantic Web, 9, 2, Jan 2018 [link]

2017

  • Kanthashree Mysore Sathyendra, Abhilasha Ravichander, Peter Garth Story, Alan W Black, Norman Sadeh, "Helping Users Understand Privacy Notices with Automated Question Answering Functionality: An Exploratory Study", Carnegie Mellon University Technical Report CMU-ISR-17-114R and CMU-LTI-17-005, Institute for Software Research and Language Technologies Institute, School of Computer Science, Dec 2017 [pdf]

  • A. Acquisti, M. Sleeper, Y. Wang, S. Wilson, I. Adjerid, R. Balebako, L. Brandimarte, L. F. Cranor, S. Komanduri, P. G. Leon, N. Sadeh, and F. Schaub, "Nudges for Privacy and Security", ACM Computing Surveys (CSUR), 50, 3, Oct 2017 [link]

  • Kanthashree Mysore Sathyendra, Shomir Wilson, Florian Schaub, Sebastian Zimmeck, and Norman Sadeh, "Identifying the Provision of Choices in Privacy Policy Text", Conference on Empirical Methods in Natural Language Processing (EMNLP), Copenhagen, Denmark, Sep 2017 [pdf]

  • N. Nisal, S.K. Cherivirala, K.M. Sathyendra, M. Hagan, F. Schaub, S. Wilson, L.F. Cranor, N. Sadeh, "Increasing the Salience of Data Use Opt-Outs Online", SOUPS ’17: Symposium on Usable Privacy and Security, USENIX, Jul 2017 Poster [pdf]

  • S. Zimmeck, Z. Wang, L. Zou, R. Iyengar, B. Liu, F. Schaub, S. Wilson, N. Sadeh, S.M. Bellovin, J.R. Reidenberg, "Mobile App Privacy Compliance: Automated Technology to Help Regulators, App Stores and Developers", SOUPS ’17: Symposium on Usable Privacy and Security, USENIX, Jul 2017 Poster [pdf]

  • Jaspreet Bhatia, Travis D. Breaux, "A Data Purpose Case Study of Privacy Policies", 25th IEEE International Requirements Engineering Conference, RE:Next! Track, Lisbon, Portugal, Jun 2017

  • M. C. Evans, J. Bhatia, S. Wadkar, T. D. Breaux, "An Evaluation of Constituency-based Hyponymy Extraction from Privacy Policies", 25th IEEE International Requirements Engineering Conference (RE'17), Lisbon, Portugal, Jun 2017

  • H. Harkous, K. Fawaz, R. Lebret, F. Schaub, K.G. Shin, K. Aberer, "Pribot: A Chatbot for Privacy Policies", SwissText ’17: 2nd Swiss Text Analytics Conference, Jun 2017 Demo [slides] [video]

  • F. Schaub, R. Balebako, L.F. Cranor, "Designing Effective Privacy Notices and Controls", IEEE Internet Computing, 21, 3, May 2017 [doi]

  • S. Zimmeck, Z. Wang, L. Zou, R. Iyengar, B. Liu, F. Schaub, S. Wilson, N. Sadeh, S.M. Bellovin, J.R. Reidenberg, "Automated Analysis of Privacy Requirements for Mobile Apps", NDSS'17: Network and Distributed System Security Symposium, Feb 2017 [pdf]

2016

  • M. Bokaei Hosseini, S. Wadkar, T.D. Breaux, J. Niu, "Lexical Similarity of Information Type Hypernyms, Meronyms and Synonyms in Privacy Policies", AAAI Fall Symposium on Privacy and Language Technologies, Nov 2016 [pdf]

  • F. Liu, S. Wilson, F. Schaub, N. Sadeh, "Analyzing Vocabulary Intersections of Expert Annotations and Topic Models for Data Practices in Privacy Policies", AAAI Fall Symposium on Privacy and Language Technologies, Nov 2016 [pdf]

  • K.M. Sathyendra, F. Schaub, S. Wilson, N. Sadeh, "Automatic Extraction of Opt-Out Choices from Privacy Policies", AAAI Fall Symposium on Privacy and Language Technologies, Nov 2016 [pdf]

  • S. Zimmeck, Z. Wang, L. Zou, R. Iyengar, B. Liu, F. Schaub, S. Wilson, N. Sadeh, S.M. Bellovin, J.R. Reidenberg, "Automated Analysis of Privacy Requirements for Mobile Apps", AAAI Fall Symposium on Privacy and Language Technologies, Nov 2016 [pdf]

  • J. Bhatia, T. D. Breaux, J. R. Reidenberg, T. B. Norton, "A Theory of Vagueness and Privacy Risk Perception", IEEE 24th International Requirements Engineering Conference (RE'16), Sep 2016 [pdf]

  • J. Bhatia, M.C. Evans, S. Wadkar, T.D. Breaux, "Automated Extraction of Regulated Information Types using Hyponymy Relations", Third International Workshop on Artificial Intelligence for Requirements Engineering (AIRE'16), Sep 2016 [pdf]

  • L. F. Cranor, P. G. Leon, B. Ur, "A Large-Scale Evaluation of U.S. Financial Institutions Standardized Privacy Notices", ACM Transactions on the Web (TWEB), Aug 2016 [pdf] [website]

  • S. Wilson, F. Schaub, A. Dara, F. Liu, S. Cherivirala, P.G. Leon, M.S. Andersen, S. Zimmeck, K. Sathyendra, N.C. Russell, T.B. Norton, E. Hovy, J.R. Reidenberg, N. Sadeh, "The Creation and Analysis of a Website Privacy Policy Corpus", ACL '16: Annual Meeting of the Association for Computational Linguistics, Aug 2016 [pdf]

  • F. Schaub, T.D. Breaux, N. Sadeh, "Crowdsourcing Privacy Policy Analysis: Potential, Challenges and Best Practices", it – Information Technology, Jun 2016 [doi]

  • A. Rao, F. Schaub, N. Sadeh, A. Acquisti, R. Kang, "Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online", Symposium on Usable Privacy and Security (SOUPS '16), Denver, CO, Jun 2016 [doi] [pdf]

  • J. Gluck, F. Schaub, A. Friedman, H. Habib, N. Sadeh, L.F. Cranor, Y. Agarwal, "How Short is Too Short? Implications of Length and Framing on the Effectiveness of Privacy Notices", Symposium on Usable Privacy and Security (SOUPS '16), Denver, CO, Jun 2016 [doi] [pdf]

  • B. Liu, M.S. Andersen, F. Schaub, H. Almuhimedi, S. Zhang, N. Sadeh, A. Acquisti, Y. Agarwal, "Follow My Recommendations: A Personalized Assistant for Mobile App Permissions", Symposium on Usable Privacy and Security (SOUPS '16), Denver, CO, Jun 2016 [doi] [pdf]

  • S.K. Cherivirala, F. Schaub, M.S. Andersen, S. Wilson, N. Sadeh, J.R. Reidenberg, "Visualization and Interactive Exploration of Data Practices in Privacy Policies", SOUPS '16 Poster Session, Jun 2016 [pdf]

  • J.R. Reidenberg, N.C. Russell, T.B. Norton, "Rating Indicator Criteria for Privacy Policies", SOUPS 2016 Workshop on Privacy Indicators, Jun 2016 [doi] [pdf]

  • J. Bhatia, T.D. Breaux, F. Schaub, "Mining Privacy Goals from Privacy Policies using Hybridized Task Recomposition", ACM Transactions on Software Engineering and Methodology (TOSEM), 25, 1, May 2016 [doi]

  • S. Wilson, F. Schaub, A. Dara, S.K. Cherivirala, S. Zimmeck, M.S. Andersen, P.G. Leon, E. Hovy, N. Sadeh, "Demystifying Privacy Policies Using Language Technologies: Progress and Challenges", TA-COS ’16: LREC Workshop on Text Analytics for Cybersecurity and Online Safety, May 2016 [pdf]

  • R. Slavin, X. Wang, M.B. Hosseini, W. Hester, R. Krishnan, J. Bhatia, T.D. Breaux, J. Niu, "Toward a Framework for Detecting Privacy Policy Violation in Android Application Code", ACM/IEEE 38th International Software Engineering Conference (ICSE'16), May 2016 [doi]

  • S. Wilson, F. Schaub, R. Ramanath, N. Sadeh, F. Liu, N.A. Smith, F. Liu, "Crowdsourcing Annotations for Websites' Privacy Policies: Can It Really Work?", WWW '16: 25th International World Wide Web Conference, Apr 2016 Best Paper Finalist [pdf] [doi] [corrigendum]

  • J.R. Reidenberg, J. Bhatia, T.D. Breaux, T.B. Norton, "Automated Comparisons of Ambiguity in Privacy Policies and the Impact of Regulation", Journal of Legal Studies, 45, 2, part 2, Mar 2016 (forthcoming). [doi]

  • F. Schaub, A. Marella, P. Kalvani, B. Ur, C. Pan, E. Forney, L.F. Cranor, "Watching Them Watching Me: Browser Extensions’ Impact on User Privacy Awareness and Concern", USEC '16: NDSS Workshop on Usable Security, Feb 2016 [pdf]

  • N. Sadeh, "Personalized Privacy Assistants: From Android to the Internet of Things", Presentation at FTC PrivacyCon, Jan 2016 [link]

  • N. Sadeh, A. Acquisti, T.D. Breaux, L.F. Cranor, A.M. McDonald, J. Reidenberg, N.A. Smith, F. Liu, N.C. Russell, F. Schaub, S. Wilson, J.T. Graves, P.G. Leon, R. Ramanath, A. Rao, "Towards Usable Privacy Policies: Semi-automatically Extracting Data Practices From Websites’ Privacy Policies", Presentation at FTC PrivacyCon, Jan 2016

  • A. Rao, F. Schaub, N. Sadeh, A. Acquisti, R. Kang, "Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online", Presentation at FTC PrivacyCon, Jan 2016 [link]

2015

  • R. Balebako, F. Schaub, I. Adjerid, A. Acquisti, L.F. Cranor, "The Impact of Timing on the Salience of Smartphone App Privacy Notices", SPSM '15: 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, Oct 2015 [doi]

  • A. Grannis, "Elements of Effective Notice in the Online Age", 43rd Research Conference on Communications, Information and Internet Policy (TPRC), Sep 2015 (to be published in Fordham Urban Law Journal)

  • T.B. Norton, "Crowdsourcing Privacy Policy Interpretation", 43rd Research Conference on Communications, Information and Internet Policy (TPRC), Sep 2015 Also workshopped at the October 2015 Privacy Law Scholars Conference, Amsterdam. [doi]

  • J.R. Reidenberg, N.C. Russell, A.J. Callen, S. Qasir, T.B. Norton, "Privacy Harms and the Effectiveness of the Notice and Choice Framework", I/S Journal of Law & Policy for the Information Society, vol. 11, issue, 2, pp. 485, Aug 2015 Also presented at TPRC '14, Arlington, VA, September 2014. [pdf]

  • J. Bhatia, T.D. Breaux, "Towards an Information Type Lexicon for Privacy Policies", IEEE 8th International Workshop on Requirements Engineering and Law (RELAW), Aug 2015 Ottawa, Canada [doi] [pdf]

  • T.D. Breaux, D. Smullen, H. Hibshi, "Detecting Repurposing and Over-collection in Multi-Party Privacy Requirements Specifications", IEEE 23rd International Requirements Engineering Conference (RE'15), Ottawa, Canada, Aug 2015 [doi] [pdf]

  • L. F. Cranor, C. Hoke, P. G. Leon and A. Au, "Are They Worth Reading? An In-Depth Analysis of Online Advertising Companies' Privacy Policies", I/S: A Journal of Law and Policy for the Information Society, vol. 11, issue 2, Aug 2015 Also presented at TPRC '14, Arlington, VA, September 2014. [pdf]

  • F. Schaub, R. Balebako, A. Durity, L.F. Cranor, "A Design Space for Effective Privacy Notices", Symposium on Usable Privacy and Security (SOUPS '15), Ottawa, Canada, Jul 2015 [link] [pdf]

  • P.G. Leon, A. Rao, F. Schaub, A. Marsh, L.F. Cranor, N. Sadeh, "Privacy and Behavioral Advertising: Towards Meeting Users' Preferences", PPS '15: Second SOUPS Workshop on Privacy Personas and Segmentation, USENIX, Jul 2015 [pdf]

  • J. Reidenberg, J. Bhatia, T.D. Breaux, "Automated Measurement of Privacy Policy Ambiguity", Working Paper presented at The Eighth Annual Privacy Law Scholars Conference (Berkeley), Jun 2015

  • F. Liu, J. Flanigan, S. Thomson, N. Sadeh, N. A. Smith, "Toward Abstractive Summarization Using Semantic Representations.", Proceedings of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (NAACL 2015), May 2015 [pdf]

  • J.R. Reidenberg, T.D. Breaux, L.F. Cranor, B. French, A. Grannis, J.T. Graves, F. Liu, A.M. McDonald, T.B. Norton, R. Ramanath, N.C. Russell, N. Sadeh, F. Schaub, "Disagreeable Privacy Policies: Mismatches between Meaning and Users’ Understanding.", Berkeley Technology Law Journal, vol. 30, 1, pp.39-88, May 2015 Also presented at TPRC '14, September 2014, Arlington, VA, USA. [link]

  • P.G. Leon, A. Rao, F. Schaub, A. Marsh, L.F. Cranor, N. Sadeh, "Why People are (Un)willing to Share Information with Online Advertisers", Tech. report CMU-ISR-15-106, Carnegie Mellon University, May 2015 [link] [pdf]

  • H. Almuhimedi, F. Schaub, N. Sadeh, I. Adjerid, A. Acquisti, J. Gluck, L.F. Cranor, Y. Agarwal, "Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging", 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15), Apr 2015 [link] [doi]

2014

  • A. Rao, F. Schaub, N. Sadeh, "What do they know about me? Contents and Concerns of Online Behavioral Profiles.", Sixth ASE International Conference on Privacy, Security, Risk and Trust (PASSAT '14), Cambridge, MA, Dec 2014 Also published as Tech. report CMU-CyLab-14-011, July 2014. [link] [pdf]

  • R. Ramanath, F. Schaub, S. Wilson, F. Liu, N. Sadeh, N. A. Smith, "Identifying Relevant Text Fragments to Help Crowdsource Privacy Policy Annotations.", Conference on Human Computation & Crowdsourcing (HCOMP '14), work in progress session, Pittsburgh, PA, Nov 2014 [link]

  • F. Schaub, T. D. Breaux, N. Sadeh, "Crowdsourcing the Extraction of Data Practices from Privacy Policies.", Conference on Human Computation & Crowdsourcing (HCOMP '14), work in progress session, Pittsburgh, PA, Nov 2014 [link]

  • T.D. Breaux, H. Hibshi, A. Rao, "Eddy, A Formal Language for Specifying and Analyzing Data Flow Specifications for Conflicting Privacy Requirements", Requirements Engineering Journal, 19, 3, Sep 2014 [doi]

  • F. Liu, R. Ramanath, N. Sadeh, N. A. Smith, "A Step Towards Usable Privacy Policy: Automatic Alignment of Privacy Statements.", 25th International Conference on Computational Linguistics (COLING '14), Dublin, Ireland, Aug 2014 [pdf]

  • T.D. Breaux, F. Schaub, "Scaling Requirements Extraction to the Crowd: Experiments on Privacy Policies", 22nd IEEE International Requirements Engineering Conference (RE '14), Karlskrona, Sweden, Aug 2014 [doi] [pdf]

  • N. Sadeh, A. Acquisti, T. D. Breaux, L. F. Cranor, A. M. McDonald, J. Reidenberg, N. A. Smith, F. Liu, N. C. Russell, F. Schaub, S. Wilson, J. T. Graves, P. G. Leon, R. Ramanath, A. Rao, "Towards Usable Privacy Policies: Semi-automatically Extracting Data Practices From Websites' Privacy Policies", SOUPS '14 poster session, Palo Alto, CA, Jul 2014 [pdf] [link]

  • A. Marella, C. Pan, Z. Hu, F. Schaub, B. Ur, L. F. Cranor, "Assessing Privacy Awareness from Browser Plugins", SOUPS '14 poster session, Palo Alto, CA, Jul 2014 [pdf]

  • J.Lin, B. Liu, N. Sadeh, J.I. Hong, "Modeling Users’ Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings", 2014 ACM Symposium on Usable Security and Privacy (SOUPS 2014), Palo Alto, CA, Jul 2014 [link]

  • J. Reidenberg, N.C. Russell, A. Callen, S. Qasir, "Privacy Enforcement Actions", Jun 2014 [pdf]

  • R. Ramanath, F. Liu, N. Sadeh, N.A. Smith, "Unsupervised Alignment of Privacy Policies using Hidden Markov Models", Proceedings of the Annual Meeting of the Association for Computational Linguistics (ACL'14), Baltimore, MD, Jun 2014 [doi] [pdf]

  • B. Liu, J. Lin, N. Sadeh, "Reconciling Mobile App Privacy and Usability on Smartphones: Could User Privacy Profiles Help?", Proceedings of the 23rd International World Wide Web Conference (WWW 2014), Seoul, Korea, Apr 2014 [doi]

2013

  • N. Sadeh, A. Acquisti, T.D. Breaux, L.F. Cranor, A.M. McDonald, J. Reidenberg, N.A. Smith, F. Liu, N.C. Russell, F. Schaub, S. Wilson, "The Usable Privacy Policy Project: Combining Crowdsourcing, Machine Learning and Natural Language Processing to Semi-Automatically Answer Those Privacy Questions Users Care About.", Tech. report CMU-ISR-13-119, Dec 2013 [link] [pdf]

Relevant Prior Research

  • Breaux, T. and Rao, A., "Formal Analysis of Privacy Requirements Specifications for Multi-TierApplications", Proc. of the 21st Requirements Engineering Conference (RE’13), Rio de Janeiro, Jul 2013 [doi] [pdf]

  • W. Ammar, S. Wilson, N. Sadeh, N. Smith, "Automatic Categorization of PrivacyPolicies: A Pilot Study", School of Computer Science, Language Technology Institute, Technical Report CMU-LTI-12-019, Dec 2012 [link] [pdf]

  • Lin, J., Amini, S., Hong, J., Sadeh, N., Lindqvist, J., Zhang, J., "Expectation and Purpose: Understanding Users' Mental Models of Mobile App Privacy through Crowdsourcing", Proceedings of the 14th ACM International Conference on Ubiquitous Computing, pp 501-510, Pittsburgh, USA, Sep 2012 [doi] [pdf]

  • Brandimarte, L., Acquisti, A., Loewenstein, G. , "Misplaced Confidences: Privacy and the Control Paradox", Social Psychological and Personality Science, May 2012 [doi] [pdf]

  • M. Benisch, P.G. Kelley, N. Sadeh,and L.F. Cranor, "Capturing Location-Privacy Preferences: Quantifying Accuracy and User-Burden Tradeoffs", Journal of Personal and Ubiquitous Computing. , Volume 15, Issue 7, Oct 2011 [doi] [pdf]

  • Tsai, J., Egelman, S., Cranor, L., Acquisti, A., "The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study", Information Systems Research, 22, 254-268, May 2011 [doi]

  • Smith, N. A., "Linguistic Structure Prediction", May 2011 [doi]

  • Kelley, P. G., Cesca, L.J., Bresee, J., Cranor, L. F. , "Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach", Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, May 2010 [doi] [link]

  • Ravichandran, R., Benisch, M., Kelley, P. G., and Sadeh N., "Capturing Social Networking Privacy Preferences: Can Default Policies Help Alleviate Tradeoffs between Expressiveness and User Burden?", Proc. 2009 Privacy Enhancing Technologies Symposium, Aug 2009 [doi]

  • McDonald, A. M., and Cranor, L. F., "The cost of reading privacy policies", I/S – A Journal of Law and Policy for the Information Society 4(3), May 2008 [pdf]

  • Reidenberg, J. and Cranor, L.F, "Can user agents accurately represent privacy policies?", TPRC 30th Research Conference Paper # 65, May 2002 [doi]

  • Reidenberg, J., "The Use of Technology to Assure Internet Privacy :Adapting Labels and Filters for Data Protection", LEX ELECTRONICA, III:2, May 1997 [link]