Privacy in Cyberspace

Members of the Privacy and Cyberspace Laboratory conduct research on cybersecurity from the perspective of social cognition. Student researchers, both graduate students and undergraduates, are integral to this process.

Project Overview

  • Do you provide your birth date or gender on websites when requested?
  • Do you provide your zip code at check-out counters when asked?
  • Did you know that the combination of this information has at least a 65% chance of uniquely identifying you?
  • Information provided across a variety of different websites or other mechanisms of collection can be combined to develop a profile of you. How might this information be used? Do they sell it to another company? Who can gain access to it?

The research in our Privacy in Cyberspace lab addresses a variety of questions related to individuals' disclosure of personal information in a digital age in which people do not know how, where, when, or why their information will be used by unknown others. Our first strategy was to obtain data about the types of information that people think are important to keep private. We then evaluated whether age, gender or ethnicity impacted these attitudes toward information privacy. We are currently investigating the contexts under which people will or will not provide personal information to others.

Our experimental research has also examined strategies that can be used to influence people to disclose information that they claim they prefer to keep private. We focus on the influence of heuristic (vs. controlled) processing in our influence techniques. One such technique uses the norm of reciprocity to obtain individuals' personal information. When people are first provided with the "personal" information of an avatar via a hand-held device, they are more likely to disclose their own private information. A second heuristic technique to elicit private information is to frame a request for information in a "mindless" way. That is, if a request is worded in such a way that an "explanation" is given for requesting the information, even if the request is specious, people are more likely to provide personal information.

Given that our research has shown that we can increase the likelihood of identity exposure through the use of social or cognitive heuristic principles (e.g., the norm of reciprocity; mindlessness), the focus of our current experimental research is to identify ways to reduce the amount of information that people disclose by using computer-mediated warnings. That is, we are working to identify the types of digital warnings that can reduce the likelihood of people disclosing their private information. To do so, we implement strategies to trigger controlled processing of information. Based on the C-HIP (communication-human interaction process) model that indicates how to best design warnings for products (e.g., chemicals, machinery, pharmaceuticals), as well as the health-belief model that delineates how to influence people to engage in less risky health-related behaviors, we have created computer-mediated warnings to reduce personal information disclosure. Using these warnings, we have successfully mitigated some of the effects of the both the reciprocity and mindlessness "attacks on privacy". Current research is focusing on which warnings trigger the most attention, using eye tracking hardware and software.

Dr. Sandra Carpenter (Psychology) has been collaborating on this research with Dr. Feng (Frank) Zhu in the Department of Computer Science at The University of Alabama in Huntsville for several years. Both psychology and computer science undergraduate and graduate students have been involved in data collection and analyses in our active research lab. Drs. Carpenter and Zhu are Investigators on an NSF-sponsored research grant and continue to support graduate students in their programs.