Sh@re: Negotiated audit in social networks

• Published in: 2009 IEEE International Conference on Systems, Man and Cybernetics pp. 74 - 79
• Main Authors: Gutierrez, A., Godiyal, A., Stockton, M., LeMay, M., Gunter, C.A., Campbell, R.H.
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.10.2009
• Subjects: Access control; Data privacy; Facebook; Negotiated Audit; Privacy; Prototypes; Social Networks
• ISBN: 9781424427932; 1424427932
• ISSN: 1062-922X; 2577-1655
• DOI: 10.1109/ICSMC.2009.5346318

With the growth in the popularity of social networking sites like Facebook and MySpace, there is an increasing concern about privacy of content posted by users. Many users enter personal details about themselves but have poor understanding of theats such as identity theft and stalking. There is a need to educate and assist users in understanding how their personal data is exposed to other users. In this paper, we introduce the concept of negotiated audit which gives users of social networks valuable feedback about how their data is being used. Our design has three levels of auditing for both sharing and browsing data: no audit, complete audit and anonymous audit. Users can classify their data as requiring some level of auditing and can also set their browsing preference to one of the auditing levels. Users can only see some data if their browsing preference is compatible with the data's audit level thus giving rise to negotiation of how much users are willing to reveal about their activities and how much data they will be able to access. We provide a mathematical model and describe a simple social networking prototype called Sh@re that implements negotiated audit.