We can think of privacy policies as fortresses made out of thick bricks of gobbledygook: impenetrable, sprawling documents that do little beyond legally protect companies.
Nobody reads them. Or, to be more precise, 98% of people don’t read them, according to one study, which led to 98% of volunteers signing away their firstborns and agreeing to have all their personal data handed over to the National Security Agency (NSA), in exchange for signing up to a fictional new social networking site.
And here’s the thing: if you’re one of the ~everybody~ who doesn’t read privacy policies, don’t feel bad: it’s not your fault. Online privacy policies are so cumbersome that it would take the average person about 250 working hours – about 30 full working days – to actually read all the privacy policies of the websites they visit in a year, according to one analysis.
So how do we keep from signing away our unsuspecting tots? Machine learning to the rescue!
A new project launched earlier this month – an artificial intelligence (AI) tool called Polisis – suggests that visualizing the policies would make them easier to understand. The tool uses machine learning to analyze online privacy policies and then creates colorful flow charts that trace what types of information sites collect, what they intend to do with it, and whatever options users have about it.
Polisis paints a pretty, easy to navigate chart of what parties receive the data a given site collects and what options users have about it. But the larger goal is to create an entirely new interface for privacy policies.
Polisis is just the first, generic framework, meant to provide automatic analysis of privacy policies that can scale, to save work for researchers, users and regulators. It isn’t meant to replace privacy policies. Rather, the tool is meant to make them less of a slog to get through.
To train the bot, Harkous and his team captured all the policies from the Google Play Store – about 130,000 of them – and fed them into a machine learning algorithm that could learn to distinguish different parts of the policies.
Harkous soon realized that the chatbot interface was only useful for those with a specific question about a specific company. So he and his team set about creating Polisis, which uses the same underlying system but represents the data visually.
The project – which includes researchers from the US universities of Wisconsin and Michigan as well as EPFL – has also resulted in a chatbot that answers user questions about privacy policies in real-time. That tool is called PriBot.
He told Fast Co Design that out of more than 17,000 privacy policies the system has analyzed so far, the most interesting insights have come from those of Apple and Pokemon Go. Both companies suck up users’ location data, of course: not surprising, given that they both offer location-based services.
But the Polisis visualizations show just how many things the companies use that location data for. Think extremely granular advertising. From Fast Co Design:
You might not realize it, but when you catch a Pokemon in a certain area, the company is likely using your location to sell you things.