Xinyao Ma, Ambarish Aniruddha Gurjar, Anesu Christopher Chaora, Tatiana R Ringenberg, L. Jean Camp (Luddy School of Informatics, Computing, and Engineering, Indiana University Bloomington)

This study delves into the crucial role of developers in identifying privacy sensitive information in code. The context informs the research of diverse global data protection regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). It specifically investigates programmers’ ability to discern the sensitivity level of data processing in code, a task of growing importance given the increasing legislative demands for data privacy.

We conducted an online card-sorting experiment to explore how the participating programmers across a range of expertise perceive the sensitivity of variable names in code snippets. Our study evaluates the accuracy, feasibility, and reliability of our participating programmers in determining what constitutes a ’sensitive’ variable. We further evaluate if there is a consensus among programmers, how their level of security knowledge influences any consensus, and whether any consensus or impact of expertise is consistent across different categories of variables. Our findings reveal a lack of consistency among participants regarding the sensitivity of processing different types of data, as indicated by snippets of code with distinct variable names. There remains a significant divergence in opinions, particularly among those with more technical expertise. As technical expertise increases, consensus decreases across the various categories of sensitive data. This study not only sheds light on the current state of programmers’ privacy awareness but also motivates the need for developing better industry practices and tools for automatically identifying sensitive data in code.

View More Papers

WIP: Delegation Related Privacy Issues in Matter

Ze Jin, Yiwei Fang, Haoqiang Wang (Chinese Academy of Sciences, University of Chinese Academy of Sciences, Indiana University Bloomington), Kexin Chen, Qixu Liu (Chinese Academy of Sciences, University of Chinese Academy of Sciences), Luyi Xing (Indiana University Bloomington)

Read More

Exploring The Design Space of Sharing and Privacy Mechanisms...

Abdulmajeed Alqhatani, Heather R. Lipford (University of North Carolina at Charlotte)

Read More

Requirements and Concepts for TT&C Link Key Management

Christoph Bader (Airbus Defence & Space GmbH)

Read More

AdvCAPTCHA: Creating Usable and Secure Audio CAPTCHA with Adversarial...

Hao-Ping (Hank) Lee (Carnegie Mellon University), Wei-Lun Kao (National Taiwan University), Hung-Jui Wang (National Taiwan University), Ruei-Che Chang (University of Michigan), Yi-Hao Peng (Carnegie Mellon University), Fu-Yin Cherng (National Chung Cheng University), Shang-Tse Chen (National Taiwan University)

Read More