Search for: All records

Abstract Student-organized activism and obfuscation respond to intrusive surveillance in digital assessment within higher education. This article explores privacy surveillance disconnects and the emergence of protests against antinormative practices. Employing qualitative and quantitative methods, including content analysis of subreddits focused on higher education, student privacy, and specific university campus communities, the study considers multiple stakeholders’ perspectives. The findings illustrate the creative avenues students have adopted to counter online assessment tools. Emphasizing the significance of privacy and autonomy in higher education, this work sheds light on the challenges faced by students and provides insights into their strategies for addressing privacy concerns. 

Modern enterprises rely on Data Leakage Prevention (DLP) systems to enforce privacy policies that prevent unintentional flow of sensitive information to unauthorized entities. However, these systems operate based on rule sets that are limited to syntactic analysis and therefore completely ignore the semantic relationships between participants involved in the information exchanges. For similar reasons, these systems cannot enforce complex privacy policies that require temporal reasoning about events that have previously occurred. To address these limitations, we advocate a new design methodology for DLP systems centered on the notion of Contextual Integrity (CI).We use the CI framework to abstract real-world communication exchanges into formally defined information flows where privacy policies describe sequences of admissible flows. CI allows us to decouple (1) the syntactic extraction of flows from information exchanges, and (2) the enforcement of privacy policies on these flows. We applied this approach to built VACCINE, a DLP auditing system for emails. VACCINE uses state-of-the-art techniques in natural language processing to extract flows from email text. It also provides a declarative language for describing privacy policies. These policies are automatically compiled to operational rules that the system uses for detecting data leakages. We evaluated VACCINE on the Enron email corpus and show that it improves over the state of the art both in terms of the expressivity of the policies that DLP systems can enforce as well as its precision in detecting data leakages.