Jason Hong

Hong Shen, Ángel Alexander Cabrera, Adam Perer et al. · cmu

This position paper offers a framework to think about how to better involve human influence in algorithmic decision-making of contentious public policy issues. Drawing from insights in communication literature, we introduce a "public(s)-in-the-loop" approach and enumerates three features that are central to this approach: publics as plural political entities, collective decision-making through deliberation, and the construction of publics. It explores how these features might advance our understanding of stakeholder participation in AI design in contentious public policy domains such as recidivism prediction. Finally, it sketches out part of a research agenda for the HCI community to support this work.

Megan Li, Wendy Bickersteth, Ningjing Tang et al.

Due to its general-purpose nature, Generative AI is applied in an ever-growing set of domains and tasks, leading to an expanding set of risks of harm impacting people, communities, society, and the environment. These risks may arise due to failures during the design and development of the technology, as well as during its release, deployment, or downstream usages and appropriations of its outputs. In this paper, building on prior taxonomies of AI risks, harms, and failures, we construct a taxonomy specifically for Generative AI failures and map them to the harms they precipitate. Through a systematic analysis of 499 publicly reported incidents, we describe what harms are reported, how they arose, and who they impact. We report the prevalence of each type of harm, underlying failure mode, and harmed stakeholder, as well as their common co-occurrences. We find that most reported incidents are caused by use-related issues but bring harm to parties beyond the end user(s) of the Generative AI system at fault, and that the landscape of Generative AI harms is distinct from that of traditional AI. Our work offers actionable insights to policymakers, developers, and Generative AI users. In particular, we call for the prioritization of non-technical risk and harm mitigation strategies, including public disclosures and education and careful regulatory stances.

Haojian Jin, Vita Chen, Ritwik Rajendra et al.

Email is one of the most successful computer applications yet devised. Communication features in email, however, have remained relatively static in years. We investigate one way of expanding email functionality without modifying the existing email infrastructure. We introduce email late bound content, a simple and generalizable technique that defers message content binding through image lazy-loading. Parts of an email are converted into external images embedded in HTML code snippets, making it so that email clients will defer the image download (i.e. content binding) until the moment users open the email. This late bound content allows email senders and third party services to update delivered emails. To illustrate the utilities of late bound content, we present four new example features and discuss the tradeoffs of email content late binding.

Yuanchun Li, Ziyue Yang, Yao Guo et al.

Personalized services are in need of a rich and powerful personal knowledge base, i.e. a knowledge base containing information about the user. This paper proposes an approach to extracting personal knowledge from smartphone push notifications, which are used by mobile systems and apps to inform users of a rich range of information. Our solution is based on the insight that most notifications are formatted using templates, while knowledge entities can be usually found within the parameters to the templates. As defining all the notification templates and their semantic rules are impractical due to the huge number of notification templates used by potentially millions of apps, we propose an automated approach for personal knowledge extraction from push notifications. We first discover notification templates through pattern mining, then use machine learning to understand the template semantics. Based on the templates and their semantics, we are able to translate notification text into knowledge facts automatically. Users' privacy is preserved as we only need to upload the templates to the server for model training, which do not contain any personal information. According to our experiments with about 120 million push notifications from 100,000 smartphone users, our system is able to extract personal knowledge accurately and efficiently.

Gaurav Srivastava, Kunal Bhuwalka, Swarup Kumar Sahoo et al.

Many smartphone apps transmit personally identifiable information (PII), often without the users knowledge. To address this issue, we present PrivacyProxy, a system that monitors outbound network traffic and generates app-specific signatures to represent sensitive data being shared. PrivacyProxy uses a crowd-based approach to detect likely PII in an adaptive and scalable manner by anonymously combining signatures from different users of the same app. Furthermore, we do not observe users network traffic and instead rely on hashed signatures. We present the design and implementation of PrivacyProxy and evaluate it with a lab study, a field deployment, a user survey, and a comparison against prior work. Our field study shows PrivacyProxy can automatically detect PII with an F1 score of 0.885. PrivacyProxy also achieves an F1 score of 0.759 in our controlled experiment for the 500 most popular apps. The F1 score also improves to 0.866 with additional training data for 40 apps that initially had the most false positives. We also show performance overhead of using PrivacyProxy is between 8.6% to 14.2%, slightly more than using a standard unmodified VPN, and most users report no perceptible impact on battery life or the network.