Change search
Link to record
Permanent link

Direct link
Fischer-Hübner, SimoneORCID iD iconorcid.org/0000-0002-6938-4466
Alternative names
Publications (10 of 207) Show all publications
Islami, L., Kitkowska, A. & Fischer-Hübner, S. (2024). Inter-regional Lens on the Privacy Preferences of Drivers for ITS and Future VANETs. In: CHI '24: Proceedings of the CHI Conference on Human Factors in Computing Systems. Paper presented at CHI Conference on Human Factors in Computing Systems (CHI ’24), Honolulu, USA, May 11-16, 2024. . Association for Computing Machinery (ACM), Article ID 255.
Open this publication in new window or tab >>Inter-regional Lens on the Privacy Preferences of Drivers for ITS and Future VANETs
2024 (English)In: CHI '24: Proceedings of the CHI Conference on Human Factors in Computing Systems, Association for Computing Machinery (ACM), 2024, article id 255Conference paper, Published paper (Refereed)
Abstract [en]

Intelligent Transportation Systems (ITS) are on the rise, yet the knowledge about privacy preferences by different types of drivers in this context needs to be improved. This paper presents survey-based research (N = 528) focusing on preferences of drivers from South Africa and the Nordic countries for data processing and sharing by ITS, including future vehicular ad hoc networks. Our results indicate regionally framed drivers’ privacy attitudes and behaviours. South African participants have higher privacy concerns and risk perception. However, their preferences to share location data with police, family and friends, emergency services, and insurance companies are higher. Moreover, the region significantly affects preferences for transparency and control and sharing frequency, as well as willingness to pay for privacy, which are higher among the South Africans. We discuss how our results on factors, including region, impacting drivers’ privacy preferences can contribute to the design of usable privacy and identity management for ITS.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2024
Keywords
Intelligent transportation, vehicular communication, privacy preferences, cross-regional comparison, privacy-enhancing technologies (PETs)
National Category
Human Computer Interaction
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-99463 (URN)10.1145/3613904.3641997 (DOI)2-s2.0-85194875475 (Scopus ID)
Conference
CHI Conference on Human Factors in Computing Systems (CHI ’24), Honolulu, USA, May 11-16, 2024. 
Available from: 2024-04-25 Created: 2024-04-25 Last updated: 2024-06-18Bibliographically approved
Sengupta, J., Kosek, M., Fries, J., Fischer-Hübner, S. & Bajpai, V. (2024). On Cross-Layer Interactions of QUIC, Encrypted DNS and HTTP/3: Design, Evaluation and Dataset. IEEE Transactions on Network and Service Management, 1-1
Open this publication in new window or tab >>On Cross-Layer Interactions of QUIC, Encrypted DNS and HTTP/3: Design, Evaluation and Dataset
Show others...
2024 (English)In: IEEE Transactions on Network and Service Management, E-ISSN 1932-4537, p. 1-1Article in journal (Refereed) Epub ahead of print
Abstract [en]

Every Web session involves a DNS resolution. While, in the last decade, we witnessed a promising trend towards an encrypted Web in general, DNS encryption has only recently gained traction with the standardisation of DNS over TLS (DoT) and DNS over HTTPS (DoH). Meanwhile, the rapid rise of QUIC deployment has now opened up an exciting opportunity to utilise the same protocol to not only encrypt Web communications, but also DNS. In this paper, we evaluate this benefit of using QUIC to coalesce name resolution via DNS over QUIC (DoQ), and Web content delivery via HTTP/3 (H3) with 0-RTT. We compare this scenario using several possible combinations where H3 is used in conjunction with DoH and DoQ, as well as the unencrypted DNS over UDP (DoUDP). We observe, that when using H3 1-RTT, page load times with DoH can get inflated by >30% over fixed-line and by >50% over mobile when compared to unencrypted DNS with DoUDP. However, this cost of encryption can be drastically reduced when encrypted connections are coalesced (DoQ + H3 0-RTT), thereby reducing the page load times by 1/3 over fixed-line and 1/2 over mobile, overall making connection coalescing with QUIC the best option for encrypted communication on the Internet. 

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2024
Keywords
Distributed computer systems, Flocculation, HTTP, Internet protocols, Cloud-computing, Cross-layer interaction, Design evaluation, DNS, Domain name system, HTTP/3, IP-network, Privacy, QUIC, Web, Cryptography
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-99569 (URN)10.1109/TNSM.2024.3383787 (DOI)2-s2.0-85189608125 (Scopus ID)
Available from: 2024-05-10 Created: 2024-05-10 Last updated: 2024-07-09Bibliographically approved
Iwaya, L. H., Alaqra, A. S., Hansen, M. & Fischer-Hübner, S. (2024). Privacy impact assessments in the wild: A scoping review. Array, 23, 1-20, Article ID 100356.
Open this publication in new window or tab >>Privacy impact assessments in the wild: A scoping review
2024 (English)In: Array, E-ISSN 2590-0056, Vol. 23, p. 1-20, article id 100356Article in journal (Refereed) Published
Abstract [en]

Privacy Impact Assessments (PIAs) offer a process for assessing the privacy impacts of a project or system. As a privacy engineering strategy, they are one of the main approaches to privacy by design, supporting the early identification of threats and controls. However, there is still a shortage of empirical evidence on their use and proven effectiveness in practice. To better understand the current literature and research, this paper provides a comprehensive Scoping Review (ScR) on the topic of PIAs “in the wild,” following the well-established Preferred Reporting Items for Systematic reviews and Meta-Analyses (PRISMA) guidelines. This ScR includes 45 studies, providing an extensive synthesis of the existing body of knowledge, classifying types of research and publications, appraising the methodological quality of primary research, and summarising the positive and negative aspects of PIAs in practice, as reported by those studies. This ScR also identifies significant research gaps (e.g., evidence gaps from contradictory results and methodological gaps from research design deficiencies), future research pathways, and implications for researchers, practitioners, and policymakers developing and using PIA frameworks. As we conclude, there is still a significant need for more primary research on the topic, both qualitative and quantitative. A critical appraisal of qualitative studies revealed deficiencies in the methodological quality, and only four quantitative studies were identified, suggesting that current primary research remains incipient. Nonetheless, PIAs can be regarded as a prominent sub-area in the broader field of empirical privacy engineering, in which further scientific research to support existing practices is needed.

Place, publisher, year, edition, pages
Elsevier, 2024
Keywords
Privacy, Data protection, Privacy impact assessment, Data protection impact assessment, Privacy by design, Scoping review
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-100977 (URN)10.1016/j.array.2024.100356 (DOI)001270263800001 ()2-s2.0-85198335026 (Scopus ID)
Projects
Digital Health Innovation (DHINO) ProjectDigitalWell Arena Project
Funder
Region Värmland, RUN/220266Vinnova, 2018-03025Knowledge FoundationKnut and Alice Wallenberg Foundation
Available from: 2024-07-15 Created: 2024-07-15 Last updated: 2024-08-06Bibliographically approved
Fischer-Hübner, S. & Karegar, F. (2024). The curious case of usable privacy. challenges, solutions, and prospects.. Springer
Open this publication in new window or tab >>The curious case of usable privacy. challenges, solutions, and prospects.
2024 (English)Book (Other academic)
Abstract [en]

This book journeys through the labyrinth of usable privacy, a place where the interplay of privacy and Human-Computer Interaction (HCI) reveals a myriad of challenges, solutions, and new possibilities. Establishing a solid understanding of usable privacy research, practices, and challenges, the book illuminates for readers the often shadowy corridors of such a multifaceted domain and offers guidelines and solutions to successfully traverse the challenging maze. The book does not simply focus on data protection or legislative frameworks but also on what it takes for privacy to be safeguarded, understood, embraced, and easily practiced by all. It begins with a thorough exploration of the background of privacy tools and technologies, the evolution of privacy rules and regulations, and the backdrop upon which this narrative unfolds. After establishing this context, its next important focus is the current state and future directions of the field, including thefrontiers of usable privacy research in relation to the Internet of Things (IoT), usability of PETs, and usable privacy for UX and software developers. The book also considers the often-overlooked privacy narratives of marginalized communities and delves into the complexities of user-centric privacy. Readers are provided with a blueprint for addressing these hurdles and establishing pathways for a more privacy-conscious world. The text will be of interest to students studying Computer Science, Information Systems, or Law, as well as researchers and practitioners working in the fields of usable privacy, privacy by design, Privacy-Enhancing Technologies (PETs), or HCI. All will benefit from the book's central deliberation of a question that echoes through time and technological advancements: why does usable privacy matter?

Place, publisher, year, edition, pages
Springer, 2024. p. 165
Series
Synthesis Lectures on Information Security, Privacy, and Trust, ISSN 1945-9742, E-ISSN 1945-9750
Keywords
Människa-dator-interaktion, IT-säkerhet, Personlig integritet, Human-computer interaction, LAW / Computer & Internet, Legal aspects of IT, Network security, Privacy & data protection, Privacy, Right of, Computer security
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-102316 (URN)10.1007/978-3-031-54158-2 (DOI)9783031541575 (ISBN)
Available from: 2024-11-29 Created: 2024-11-29 Last updated: 2024-11-29Bibliographically approved
Morel, V. & Fischer-Hübner, S. (2023). Automating privacy decisions -where to draw the line?. In: Proceedings - 8th IEEE European Symposium on Security and Privacy Workshops: . Paper presented at 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Delft, Netherlands, July 3-7, 2023. (pp. 108-116). Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>Automating privacy decisions -where to draw the line?
2023 (English)In: Proceedings - 8th IEEE European Symposium on Security and Privacy Workshops, Institute of Electrical and Electronics Engineers (IEEE), 2023, p. 108-116Conference paper, Published paper (Refereed)
Abstract [en]

Users are often overwhelmed by privacy decisions to manage their personal data, which can happen on the web, in mobile, and in IoT environments. These decisions can take various forms -such as decisions for setting privacy permissions or privacy preferences, decisions responding to consent requests, or to intervene and ’reject’ processing of one’s personal data -, and each can have different legal impacts. In all cases and for all types of decisions, scholars and industry have been proposing tools to better automate the process of privacy decisions at different levels, in order to enhance usability. We provide in this paper an overview of the main challenges raised by the automation of privacy decisions, together with a classification scheme of the existing and envisioned work and proposals addressing automation of privacy decisions. 

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2023
Keywords
Data privacy, Classification scheme, Consent, GDPR, Permission, Privacy decision, Privacy preferences, Automation
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-96506 (URN)10.1109/EuroSPW59978.2023.00017 (DOI)2-s2.0-85168247258 (Scopus ID)
Conference
2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Delft, Netherlands, July 3-7, 2023.
Funder
Knut and Alice Wallenberg Foundation
Available from: 2023-08-29 Created: 2023-08-29 Last updated: 2023-08-29Bibliographically approved
Johansen, J. & Fischer-Hübner, S. (2023). Expert Opinions as a Method of Validating Ideas: Applied to Making GDPR Usable. In: Nina Gerber, Alina Stöver, Karola Marky (Ed.), Human Factors in Privacy Research: Nina Gerber, Alina Stöver, Karola Marky (pp. 137-152). Springer
Open this publication in new window or tab >>Expert Opinions as a Method of Validating Ideas: Applied to Making GDPR Usable
2023 (English)In: Human Factors in Privacy Research: Nina Gerber, Alina Stöver, Karola Marky / [ed] Nina Gerber, Alina Stöver, Karola Marky, Springer, 2023, p. 137-152Chapter in book (Refereed)
Abstract [en]

This chapter presents two contributions; the first is a method and the second is the results of applying this method to usable privacy. First, we introduce a general method for validating ideas based on expert opinions. We adapt techniques that normally are used for validating data and apply them instead to analyze the expert opinions on the ideas under study. Since usually the expert opinions are varied, example-rich, and forward-looking, applying our method of ideas validation has the side effect of also identifying, in the process, open problems where the original studied ideas function as a foundation for further developments. Second, we employ a critical qualitative research, using theory triangulation to analyze the opinions coming from three groups of experts, categorized as “certifications,” “law,” and “usability.” These took part in a study where we thoroughly applied the method that we present here in order to validate five different types of ideas previously published under the collective title “Making GDPR Usable.” We will thus show how to validate ideas that come in the form of: a model, a definition, a prescriptive list, a set of criteria, and a form of rather general research idea as those usually appearing in position papers, namely “the need for evaluations and measuring of usability of privacy.”

Place, publisher, year, edition, pages
Springer, 2023
Keywords
Usable privacy, Expert opinions, Validation, GDPR, Certification, Qualitative research
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-98989 (URN)10.1007/978-3-031-28643-8_7 (DOI)2-s2.0-85195347276 (Scopus ID)978-3-031-28642-1 (ISBN)978-3-031-28643-8 (ISBN)
Available from: 2024-03-22 Created: 2024-03-22 Last updated: 2024-06-26Bibliographically approved
De Cock, M., Zekeriya, E., Fischer-Hübner, S., Jensen, M., Klakow, D. & Teixeira, F. (2023). Privacy enhancing technologies. In: Simone Fischer-Hübner; Dietrich Klakow; Peggy Valcke; Emmanuel Vincent (Ed.), Privacy in Speech and Language Technology: Report from Dagstuhl Seminar 22342 (pp. 90-99). Schloss Dagstuhl, Leibniz-Zentrum für Informatik
Open this publication in new window or tab >>Privacy enhancing technologies
Show others...
2023 (English)In: Privacy in Speech and Language Technology: Report from Dagstuhl Seminar 22342 / [ed] Simone Fischer-Hübner; Dietrich Klakow; Peggy Valcke; Emmanuel Vincent, Schloss Dagstuhl, Leibniz-Zentrum für Informatik , 2023, p. 90-99Chapter in book (Refereed)
Abstract [en]

Privacy-enhancing technologies (PETs) provide technical building blocks for achieving privacyby design and can be defined as technologies that embody fundamental data protection goals[13 ] including the goals of unlinkability, interveneability, transparency and the classical CIA(confidentiality, integrity, availability) security goals by minimizing personal data collectionand use, maximizing data security, and empowering individuals.The privacy by design principle of a positive sum for speech and language technologiesshould enable users to benefit from the rich functions of these technologies while protectingthe users’ privacy at the same time. The fundamental question is how to achieve privacyby design for speech and language technology without hampering the services. To achievethis goal, different PETs exist that can be utilized for this purpose. Below, we first discusswhat type of personal data are accessible via speech and text and should be the target ofprotection by PETs. Then, we provide an overview of PETs that can provide protectionand discuss their limitations and challenges that arise when used for speech and languagetechnologies.

Place, publisher, year, edition, pages
Schloss Dagstuhl, Leibniz-Zentrum für Informatik, 2023
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-94132 (URN)10.4230/DagRep.12.8.60 (DOI)
Available from: 2023-04-03 Created: 2023-04-03 Last updated: 2023-04-03Bibliographically approved
Fischer-Hübner, S., Klakow, D., Valcke, P. & Vincent, E. (Eds.). (2023). Privacy in Speech and Language Technology: Dagstuhl Seminar 22342. Germany: Dagstuhl Publishing
Open this publication in new window or tab >>Privacy in Speech and Language Technology: Dagstuhl Seminar 22342
2023 (English)Collection (editor) (Other academic)
Alternative title[en]
Dagstuhl Reports
Abstract [en]

This report documents the outcomes of Dagstuhl Seminar 22342 “Privacy in Speech and LanguageTechnology”. The seminar brought together 27 attendees from 9 countries (Australia, Belgium,France, Germany, the Netherlands, Norway, Portugal, Sweden, and the USA) and 6 distinctdisciplines (Speech Processing, Natural Language Processing, Privacy Enhancing Technologies,Machine Learning, Human Factors, and Law) in order to achieve a common understanding of theprivacy threats raised by speech and language technology, as well as the existing solutions andthe remaining issues in each discipline, and to draft an interdisciplinary roadmap towards solvingthose issues in the short or medium term.To achieve these goals, the first day and the morning of the second day were devoted to3-minute self-introductions by all participants intertwined with 6 tutorials to introduce theterminology, the problems faced, and the solutions brought in each of the 6 disciplines. We alsomade a list of use cases and identified 6 cross-disciplinary topics to be discussed. The remainingdays involved working groups to discuss these 6 topics, collaborative writing sessions to report onthe findings of the working groups, and wrap-up sessions to discuss these findings with each other.A hike was organized in the afternoon of the third day.The seminar was a success: all participants actively participated in the working groups andthe discussions, and went home with new ideas and new collaborators. This report gathers theabstracts of the 6 tutorials and the reports of the working groups, which we consider as valuablecontributions towards a full-fledged roadmap.

Place, publisher, year, edition, pages
Germany: Dagstuhl Publishing, 2023. p. 42
Keywords
Privacy, Speech and Language Technology, Privacy Enhancing Technologies, Dagstuhl Seminar
National Category
Other Computer and Information Science
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-98990 (URN)10.4230/DagRep.12.8.60 (DOI)
Note

Seminar August 21–26, 2022 – https://www.dagstuhl.de/22342

Available from: 2024-03-22 Created: 2024-03-22 Last updated: 2024-04-29Bibliographically approved
Fischer-Hübner, S., Hansen, M., Hoepman, J.-H. & Jensen, M. (2023). Privacy-Enhancing Technologies and Anonymisation in Light of GDPR and Machine Learning. In: Felix Bieker, Joachim Meyer, Sebastian Pape, Ina Schiering, Andreas Weich (Ed.), Privacy and Identity Management: . Paper presented at IFIP International Summer School on Privacy and Identity Management,[Digital], August 30-September 2, 2022. (pp. 11-20). Springer, 671 IFIP
Open this publication in new window or tab >>Privacy-Enhancing Technologies and Anonymisation in Light of GDPR and Machine Learning
2023 (English)In: Privacy and Identity Management / [ed] Felix Bieker, Joachim Meyer, Sebastian Pape, Ina Schiering, Andreas Weich, Springer, 2023, Vol. 671 IFIP, p. 11-20Conference paper, Published paper (Refereed)
Abstract [en]

The use of Privacy-Enhancing Technologies in the field of data anonymisation and pseudonymisation raises a lot of questions with respect to legal compliance under GDPR and current international data protection legislation. Here, especially the use of innovative technologies based on machine learning may increase or decrease risks to data protection. A workshop held at the IFIP Summer School on Privacy and Identity Management showed the complexity of this field and the need for further interdisciplinary research on the basis of an improved joint understanding of legal and technical concepts. 

Place, publisher, year, edition, pages
Springer, 2023
Series
IFIP Advances in Information and Communication Technology, ISSN 1868-4238, E-ISSN 1868-422X
Keywords
Machine learning, Anonymization, Data anonymization, Innovative technology, Legal compliance, Machine-learning, On-machines, Privacy enhancing technologies, Summer school, Technology-based, Data privacy
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-97456 (URN)10.1007/978-3-031-31971-6_2 (DOI)2-s2.0-85173556437 (Scopus ID)
Conference
IFIP International Summer School on Privacy and Identity Management,[Digital], August 30-September 2, 2022.
Available from: 2023-11-22 Created: 2023-11-22 Last updated: 2023-11-22Bibliographically approved
Alaqra, A. S., Karegar, F. & Fischer-Hübner, S. (2023). Structural and functional explanations for informing lay and expert users: the case of functional encryption. Paper presented at 23rd Privacy Enhancing Technologies Symposium (PETS 2023), July 10–15, 2023. Lausanne, Switzerland and Online.. Proceedings on Privacy Enhancing Technologies, 2023(4), 359-380
Open this publication in new window or tab >>Structural and functional explanations for informing lay and expert users: the case of functional encryption
2023 (English)In: Proceedings on Privacy Enhancing Technologies, E-ISSN 2299-0984, Vol. 2023, no 4, p. 359-380Article in journal (Refereed) Published
Abstract [en]

Usable explanations of privacy-enhancing technologies (PETs) help users make more informed privacy decisions, but the explanations of PETs are generally geared toward individuals with more technical knowledge. To explain functional encryption (FE) to experts and laypersons, we investigate structural and functional explanations and explore users' interests and preferences, as well as how they affect users' comprehension and decisions about sharing data. To this end (with an EU-based population), we conducted four focus groups, in combination with walk-throughs, with 13 participants in the first study, followed by an online survey with 347 experts and 370 laypersons. Both explanations were considered useful in fulfilling the different needs of participants interested in the privacy policy information. Participants, regardless of their expertise, trusted and were more satisfied with the structural explanation. However, functional explanations had a higher contribution to all participants' comprehension. We, therefore, recommend combining both types of explanations for a usable privacy policy.

Place, publisher, year, edition, pages
Privacy Enhancing Technologies Board, 2023
Keywords
functional encryption, functional & structural explanation, transparency, privacy, usability, user comprehension, mental models
National Category
Computer Sciences Information Systems
Research subject
Information Systems; Computer Science
Identifiers
urn:nbn:se:kau:diva-96542 (URN)10.56553/popets-2023-0115 (DOI)
Conference
23rd Privacy Enhancing Technologies Symposium (PETS 2023), July 10–15, 2023. Lausanne, Switzerland and Online.
Available from: 2023-08-31 Created: 2023-08-31 Last updated: 2023-09-04Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-6938-4466

Search in DiVA

Show all publications