Sanfilippo examines privacy practices of disaster apps

Madelyn Sanfilippo
Madelyn Rose Sanfilippo, Assistant Professor

With Hurricane Sally threatening the Gulf Coast last week, people in its path may have felt reassured by the mobile apps that would provide them with weather alerts or notify first responders in case of an emergency. While the app users may have been willing to share their location with first responders, they might be surprised to learn that their location and other personal information could be shared with a third party or accessed after the hurricane had passed. Assistant Professor Madelyn Sanfilippo and fellow researchers examine the privacy practices of popular disaster apps in the paper, "Disaster Privacy/Privacy Disaster," which was the lead article in a special issue of the Journal of the Association for Information Science and Technology (vol. 71, issue 9)  on information privacy in the digital age.

The research project was inspired by the experiences of Sanfilippo's friends, family, and colleagues who were impacted by hurricanes in 2018.

"I had been working on a number of other projects around mobile app privacy, so when they started to notice strange and invasive things, like notifications about storms when they had disabled them on their phones or personalization of apps for which they had never opted-in to location sharing, they reached out to me," Sanfilippo said. "The most startling concern shared was that location-information they had shared during previous hurricane seasons seemed to have opted them into indefinite tracking. I not only wanted to help them make safe choices and understand what was going on, but also explore broader privacy governance, practices, and apps in the disaster context."

The project focused on fifteen apps that were recommended to users during hurricane season. These included apps developed by government agencies (FEMA), apps developed by trusted organizations that partner with the public sector to provide relief (e.g., American Red Cross), general weather apps, and hurricane-specific apps. According to Sanfilippo, the study specifically revealed multiple governance gaps and loopholes, including a lack of clarity and confusion about what trusted third-party government contractors are expected to do to protect privacy.

“People are often deceived by apps that look like they come from government agencies but in reality come from commercial developers who collect massive amounts of user data, including location, and are not subject to any regulatory oversight, except enforcement by the FTC [Federal Trade Commission] around consumer deception,” she said.

Sanfilippo brought these deceptive practices to the attention of the FTC at PrivacyCon 2020 and to the attention of organizations like the American Red Cross, "who have room to improve but genuinely want to protect disaster victims' privacy within their sociotechnical systems." While the project focused on apps for use during hurricanes, Sanfilippo feels the research has many parallels to other emergency situations like wildfires and pandemics.

“It is really important to interrogate and draw attention to privacy practices and concerns in emergency situations, because these contexts have unique norms, the information communicated is sensitive, and it is imperative that we prioritize appropriate information flow,” she said. "I really hope that my research in this area can help to better protect victims' privacy."

Sanfilippo's research empirically explores governance of sociotechnical systems, as well as outcomes, inequality, and consequences within these systems. She earned her MS and PhD in information science from Indiana University.

Co-authors on the paper include Yan Shvartzshnaider (New York University), Helen Nissenbaum (Cornell University), and Irwin Reyes and Serge Egelman (University of California, Berkeley).

Updated on
Backto the news archive

Related News

Workshop to examine provenance for transparent research

iSchool researchers have co-organized a highly interactive workshop on traceable, transparent, and trustworthy research as part of ProvenanceWeek 2021. The T7 Workshop: Provenance for Transparent Research aims to engage attendees in a focused conversation about how methods for automated provenance capture, storage, query, inference, and visualization can make research more transparent and the trustworthiness of results easier to evaluate, both by other researchers and the public. The free workshop will be held on July 22 from 9:00 a.m.-12:45 p.m. CT.

T7 Workshop logo

Community Data Clinic receives Broadband READY grant

The Community Data Clinic, a mixed methods data studies and interdisciplinary community research lab led by Associate Professor Anita Say Chan, has received a $50,000 grant to address gaps in household access to computing devices, hotspot connectivity, and digital literacy skills in East Central Illinois. The grant is part of the state's Broadband Regional Engagement for Adoption and Digital Equity (READY) program, which is operated through the governor's office and Illinois Department of Commerce and Economic Opportunity. The Community Data Clinic at the University of Illinois is one of only four sites that are partnering with the state on this effort.

Anita Say Chan

Digital exhibit celebrates 75 years of the CCB

In celebration of its 75th anniversary, the Center for Children's Books (CCB) has published a digital exhibit highlighting defining moments from its past.

"The history of the Center for Children's Books provides an excellent window into the history and evaluation of U.S. children's books more broadly—and for a period when both the quality and quantity of youth literature published increased tremendously," said CCB Director and Professor Sara L. Schwebel, who worked with a team of graduate assistants to design and publish the multimedia site.

CCB 75th anniversary timeline

Kilicoglu contributes to more transparent medical research publications

Peer review is a valuable component in the research process, but it also lengthens the time to publish research. The need to rapidly communicate scientific findings has been especially apparent during the COVID-19 pandemic, which has led to an increase in the number of publications disseminated via preprint servers. With the lack of traditional peer review, the quality of these publications can be questionable. Associate Professor Halil Kilicoglu and the Automated Screening Working Group are working to assess COVID-19 preprints for rigor and transparency in their reporting.

Halil Kilicoglu

Worthey awarded grant through new NEH-UK joint digital scholarship program

Glen Worthey, associate director for research support services at the HathiTrust Research Center, is among the first recipients of new grant funding to advance digital scholarship in cultural institutions, through a joint initiative of the National Endowment for the Humanities and the United Kingdom's Arts and Humanities Research Council. Worthey is the project director of "AEOLIAN (Artificial intelligence for cultural organizations)," a collaboration with Loughborough University in the U.K. The project will bring together a team of experts to develop and examine new approaches–particularly artificial intelligence and machine learning–for improving access to and use of digital collections that are currently restricted due to privacy concerns or copyright protection. 

Glen Worthey