Litcius/Paper detail

Ambiguity and Generality in Natural Language Privacy Policies

Mitra Bokaei Hosseini, John Heaps, Rocky Slavin, Jianwei Niu, Travis D. Breaux

202114 citationsDOI

Abstract

Privacy policies are legal documents containing application data practices. These documents are well-established sources of requirements in software engineering. However, privacy policies are written in natural language, thus subject to ambiguity and abstraction. Eliciting requirements from privacy policies is a challenging task as these ambiguities can result in more than one interpretation of a given information type (e.g., ambiguous information type "device information" in the statement "we collect your device information"). To address this challenge, we propose an automated approach to infer semantic relations among information types and construct an ontology to guide requirements authors in the selection of the most appropriate information type terms. Our solution utilizes word embeddings and Convolutional Neural Networks (CNN) to classify information type pairs as either hypernymy, synonymy, or unknown. We evaluate our model on a manually-built ontology, yielding predictions that identify hypernymy relations in information type pairs with 0.904 F-1 score, suggesting a large reduction in effort required for ontology construction.

Topics & Concepts

Computer scienceAmbiguityOntologyNatural languageGeneralityInformation retrievalNatural language processingSemantics (computer science)Statement (logic)Artificial intelligenceInformation privacyComputer securityProgramming languagePsychologyPhilosophyEpistemologyPsychotherapistPolitical scienceLawSoftware Engineering ResearchInformation and Cyber SecurityData Quality and Management
Ambiguity and Generality in Natural Language Privacy Policies | Litcius