Moving Beyond an App-centric Approach to Support Vulnerable Populations' Privacy


February 2, 2024

Online privacy stock photo

Most existing privacy research has taken an app-centric approach, narrowly focused on understanding user concerns, if any, within the privacy risks of an app and alleviating the symptomatic evidence of the ailment, such as data leaked by a specific app. This narrow focus also limits the populations studied, which means vulnerable populations, who are both at higher risk of privacy breaches and more harmed by their consequences, are not aided in mitigating these risks.

In a new grant supported by the National Science Foundation (NSF), GW Principal Investigator (PI) Dr. Lucy Simko, a Research Scientist and Postdoctoral Scholar in the GW Usable Security and Privacy Lab (GWUSEC), and co-PI Dr. Yasemin Acar, a Research Assistant Professor in the Computer Science Department, will work alongside researchers from George Mason University (GMU), University of Maryland (UMD), and the University of Michigan (UM) to go beyond app-centric views to tackle the larger privacy ecosystem and examine vulnerable individuals’ privacy behavior in the healthcare context.

“I’m thrilled to be part of this team working on understanding security and privacy for vulnerable populations and broadening how we support them,” said Simko.

The larger privacy ecosystem is an interlocking web of dataveillance encompassing everything from credit card purchases to location history to communications metadata. It goes beyond the risks of particular apps and aims to mitigate the multiple privacy risks that threaten people, particularly vulnerable individuals. In healthcare, a broad view of privacy is necessary since health privacy encompasses several aspects, including physical, informational, decisional, and associational privacy.

“I feel it’s important to support vulnerable populations’ privacy as they may need privacy the most but have the least of it,” said Acar. “We are very much looking forward to working with this terrific team!”

GMU is the lead university in this study. GMU’s PI is Dr. Nora McDonald, who is advising GW Engineering alumna and new graduate student at GMU, Cora Sula, B.S.’23. Another recent alumna, Rachel Gonzalez Rodriguez, B.S.’23, is also aiding in this project, advised by Simko and Acar as a new graduate student in Computer Science at GW Engineering.

“Security and privacy is an issue that affects everyone, but not all have had a place in research, and GW has found a space to do it,” Gonzalez stated.

Through qualitative research that includes in-depth interviews and systematic analysis, the team will characterize the understanding of risk experienced by vulnerable individuals in the context of their healthcare, taking into account the broader privacy ecosystem, and explore the role of service providers in providing privacy management strategies to them. They will also employ participatory design to work directly with vulnerable populations, service providers, and privacy experts to develop and evaluate a toolkit to support privacy ecosystem management.

Ultimately, this project will develop and evaluate ways vulnerable individuals can better protect themselves and create tools to help healthcare providers support their clients’ privacy, such as a freely available privacy toolkit. The team’s findings will also provide a new frame for privacy and security researchers in studying privacy protection for vulnerable communities.