Sanfilippo examines privacy practices of disaster apps

Madelyn Sanfilippo
Madelyn Rose Sanfilippo, Assistant Professor

With Hurricane Sally threatening the Gulf Coast last week, people in its path may have felt reassured by the mobile apps that would provide them with weather alerts or notify first responders in case of an emergency. While the app users may have been willing to share their location with first responders, they might be surprised to learn that their location and other personal information could be shared with a third party or accessed after the hurricane had passed. Assistant Professor Madelyn Sanfilippo and fellow researchers examine the privacy practices of popular disaster apps in the paper, "Disaster Privacy/Privacy Disaster," which was the lead article in a special issue of the Journal of the Association for Information Science and Technology (vol. 71, issue 9)  on information privacy in the digital age.

The research project was inspired by the experiences of Sanfilippo's friends, family, and colleagues who were impacted by hurricanes in 2018.

"I had been working on a number of other projects around mobile app privacy, so when they started to notice strange and invasive things, like notifications about storms when they had disabled them on their phones or personalization of apps for which they had never opted-in to location sharing, they reached out to me," Sanfilippo said. "The most startling concern shared was that location-information they had shared during previous hurricane seasons seemed to have opted them into indefinite tracking. I not only wanted to help them make safe choices and understand what was going on, but also explore broader privacy governance, practices, and apps in the disaster context."

The project focused on fifteen apps that were recommended to users during hurricane season. These included apps developed by government agencies (FEMA), apps developed by trusted organizations that partner with the public sector to provide relief (e.g., American Red Cross), general weather apps, and hurricane-specific apps. According to Sanfilippo, the study specifically revealed multiple governance gaps and loopholes, including a lack of clarity and confusion about what trusted third-party government contractors are expected to do to protect privacy.

“People are often deceived by apps that look like they come from government agencies but in reality come from commercial developers who collect massive amounts of user data, including location, and are not subject to any regulatory oversight, except enforcement by the FTC [Federal Trade Commission] around consumer deception,” she said.

Sanfilippo brought these deceptive practices to the attention of the FTC at PrivacyCon 2020 and to the attention of organizations like the American Red Cross, "who have room to improve but genuinely want to protect disaster victims' privacy within their sociotechnical systems." While the project focused on apps for use during hurricanes, Sanfilippo feels the research has many parallels to other emergency situations like wildfires and pandemics.

“It is really important to interrogate and draw attention to privacy practices and concerns in emergency situations, because these contexts have unique norms, the information communicated is sensitive, and it is imperative that we prioritize appropriate information flow,” she said. "I really hope that my research in this area can help to better protect victims' privacy."

Sanfilippo's research empirically explores governance of sociotechnical systems, as well as outcomes, inequality, and consequences within these systems. She earned her MS and PhD in information science from Indiana University.

Co-authors on the paper include Yan Shvartzshnaider (New York University), Helen Nissenbaum (Cornell University), and Irwin Reyes and Serge Egelman (University of California, Berkeley).

Updated on
Backto the news archive

Related News

iSchool well represented at ASIS&T 2020

iSchool faculty and students will participate in the 83rd Annual Meeting of the Association for Information Science and Technology (ASIS&T), which will be held virtually from October 22-November 1. The theme of this year's conference is "Information for a Sustainable World: Addressing Society's Grand Challenges." The meeting is the premier international conference dedicated to the study of information, people, and technology in contemporary society.

NSF announces $3 million award to expand FABRIC cyberinfrastructure globally

A new $3 million grant from the National Science Foundation (NSF) will expand FABRIC, a project to build the nation's largest cyberinfrastructure testbed, to four preeminent scientific institutions in Asia and Europe. The expansion represents an ambitious effort to accelerate scientific discovery by creating the networks needed to move vast amounts of data across oceans and time zones seamlessly and securely.

Science is fast outgrowing the capabilities of today's Internet infrastructure. To fully capitalize on big data, artificial intelligence, advanced computation and the Internet of Things requires robust, interconnected computers, storage, networks and software. Uneven progress in science cyberinfrastructure has led to bottlenecks that stymie collaboration and slow the process of discovery.

Ocepek and Lee receive ASIS&T best poster award

A poster coauthored by Assistant Professor Melissa Ocepek, PhD student Lo Lee, and Stephann Makri, senior lecturer at City, University of London, has been selected to receive the SIG USE Best Information Behavior Conference Poster Award at the Association for Information Science and Technology (ASIS&T) Annual Meeting, which will be held virtually from October 22-November 1. The award recognizes the best poster within the scope of information behavior, "broadly defined to include how people construct, need, seek, manage, give, and use information in different contexts."

Melissa Ocepek

Chan to present research at CSCW 2020

Anita Say Chan, associate professor in the iSchool and the Department of Media and Cinema Studies, will present her research at the 23rd ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW 2020), to be held virtually on October 17-21. CSCW is the premier venue for experts from industry and academia to explore the technical, social, material, and theoretical challenges of designing technology to support collaborative work and life activities.

Anita Say Chan

Samuel presents at FabLearn 2020

Doctoral candidate Noah Samuel presented research on makerspace education at FabLearn 2020, which was held virtually from October 9-11. FabLearn brings together researchers, educators, and policymakers to discuss the maker culture and share best practices in digital fabrication in education, hands-on learning, and instructional tools. The theme of this year's conference was "Making as Resistance and Resilience."

Noah Samuel