Harnessing Soft Logic to Represent the Privacy Paradox

Abstract

The digital era introduces a significant issue concerning the preservation of individuals’ privacy. Each individual has two autonomous traits, privacy concern which indicates how anxious that person is about preserving privacy, and privacy behavior which refers to the actual actions the individual takes to preserve privacy. The significant gap between these two traits is called the privacy paradox. While the existence and the extensive distribution of the privacy paradox is widely-considered in both academic and public discussion, no convincing explanation of the phenomenon has been provided. In this study we harness a new mathematical approach, “soft logic,” to better represent the reality of the privacy paradox. Soft numbers extend zero from a singularity to an infinite one-dimensional axis, thus enabling the representation of contradictory situations that exist simultaneously, i.e., a paradox. We develop a mathematical model for representing the privacy paradox with soft numbers, and demonstrate its application empirically. This new theory has the potential to address domains that mix soft human reality with robust technological reality.

1. Introduction

We currently live in the “digital era” or “age of information,” in which a significant portion of our activities, perhaps a majority of them, have transitioned onto digital platforms [1]. This transition is increasing incessantly, as the use of digital platforms, mainly the Internet, continues to expand [2,3]. However, while digital means are highly beneficial for their users, they also introduce significant risks of privacy loss. For example, sensitive personal information is often disclosed when using e-commerce [4], using of Internet of Things (IoT) applications may expose habits and daily routines [5,6], and eHealth wearable technologies may also leak sensitive information [7,8]. The right to privacy is considered essential for a liberal society, and is described as a basic human right [9,10]. Privacy protection is regulated by governments, e.g., the EU’s (European Union) General Data Protection Regulation (GDPR) [11], and the USA Health Insurance Portability and Accountability Act (HIPAA) [12].

The growing use of digital platforms intensifies privacy awareness among users [13], and shapes their decisions [14]. This phenomenon is driven by the natural existence of privacy concern [15]. “Privacy concern” (or “privacy attitude”) may be defined as “concern about the safeguarding and usage of personal data provided to an entity (such as a firm)” or “anxiety or sensitivity related to the loss of personal intimacy” [16]. Privacy concerns appear in the vast majority of digital fields, e.g., when shopping online [17], using electronic medical records in the healthcare sector [18], using online social networks like Facebook [19], searching the Internet using search engines like Google [20], and using mobile applications [21]. The last example, use of mobile application, has attracted extensive public attention lately because of attempts to curtail the COVID-19 pandemic by using Bluetooth and GPS location spotting for surveillance of the public [22].

Privacy concerns, in turn, influence users’ actions, resulting in their privacy behavior, which may be defined as the way privacy protection or risk of privacy violations alter users’ behavior [23]. As with privacy concern, privacy behavior is relevant to the vast majority of digital platforms. For example, setting privacy preferences of Facebook or other social networks [24], customers’ trust in an eCommerce platform that results in their consent to complete a transaction [4], the consideration of privacy concerns when installing (or not) some mobile applications [25], the amount of personal information disclosed on the Internet [26], and the willingness to purchase an IoT device [27].

Privacy behavior then, is, or should be, a consequence of privacy concern, and one might expect that a user’s privacy behavior would reflect their privacy concern. In fact, however, this is not necessarily so; this is the phenomenon widely-known as the “privacy paradox.” This term was first coined in 2001 by Barry Brown, a Hewlett-Packard employee, regarding customers’ use of supermarket loyalty cards in ways that contradict their privacy concern [28]. In general, “privacy paradox” refers to contradictions between privacy behavior and privacy concern, or the ways in which privacy behavior deviates from privacy concern. Susan Barnes [29] claimed, “In America, we live in a paradoxical world of privacy. On one hand, teenagers reveal their intimate thoughts and behaviors online and, on the other hand, government agencies and marketers are collecting personal data about us.” Another example for the privacy paradox is that consumers freely provide personal data despite their complaints and concerns regarding their ability to control their personal information in the digital marketplace [30]. With respect to the general population, it was found that most users of online platforms rarely make efforts to protect their data, despite considering privacy an important issue; sometimes, they even give information away voluntarily [31]. In the digital era, information sharing has become a prevalent activity, and surveys show low correlation between individuals’ self-stated privacy concerns and their number of data-sharing authorizations [32]. Mobile Health (mHealth) applications that use mobile devices to support the practice of medicine and public health is another domain in which the privacy paradox is observed. There is conflict between growing privacy concerns and the inherent need of mHealth application to collect personal data [33]. The privacy paradox phenomenon is also evident with smart wearables, considering the tension between the benefits of this technology and their cost in privacy loss [34]. In general, ignoring the privacy paradox may be an indicator of neglecting the human factor, specifically cognition in digital systems environment. When a system is fully automated, cognition usual does not play a role. However, when a human user is involved, for example when manually configuring privacy preferences, cognition may affect decision making, and therefore must be considered within the model [35].

Many attempts have been made to explain the privacy paradox. For example, by applying the privacy calculus theory, which argues that users make decisions on privacy issues by weighing the benefits vs. the risk of disclosing personal or sensitive information [36]. However, most users overweigh benefits rather than risks, sometimes even if they have experienced an invasion of privacy [37]. Some researches argue that users’ decisions are an outcome of both rational and emotional mental perceptions created during the process [38], while other explanations are based on structuration theory [39] which claims, for example, that individual deciding about location-sharing are not acting as free agents, but rather are influenced by contextual factors [40]. A one leading explanation relates to ability of the user to understand the complicated technological environment and the consequences of his actions [41]. This capability, known as the user’s “technological literacy,” might be is expected to prevent the privacy paradox. However, it was found out that even when technological literacy is present, the privacy paradox still exists [42].

Originally, literacy was defined as the ability to read and write [43]. Technological literacy is the “ability to use, manage, understand, and assess technology” [44]. The variation in technological literacy across the population correlates with diversity, e.g., a younger population usually handles technological issues better than an older population [45]. The lack of technological literacy is a hurdle hampering users ability to make privacy decisions efficiently, according to his or her preferences [46]. Thus, acquiring technological literacy is necessary for protecting privacy. For example, Desimpelaere et al. [47] showed that training children in privacy literacy improves their privacy protection. Technological literacy (or computer literacy) may even be used as a predictor of user behavior regarding privacy and security [48]. Thus, technological literacy has a direct impact on the privacy paradox, e.g., it was shown that the privacy paradox effect is lower among students studying information science students than among students in other fields [49]. Users who are unfamiliar with technical terms, adopt opinions based on instantaneous reactions, and lack thoughtfulness [50]. In fact, the level of the technological literacy plays a major role in setting whether privacy related decisions are taken “blindly” or “consciously” [51].

As the word “paradox” suggests, the privacy paradox reflects the existence of several contradictory states within the same person simultaneously. Considering the factors that influence the privacy paradox–privacy concern, privacy behavior, and technological literacy–creates a need for a mathematical model adequate for representing a paradox. This study offers a novel representation of the privacy paradox based on soft logic. The mathematical theory of soft logic is based on extending the current singular number zero to form a continuous axis, i.e., there are infinite zero values. The development of soft logic was motivated by the need to work with paradoxical states, and therefore might be fruitful when for studying the privacy paradox. The model is formalized below, and empirically demonstrated on a sample population.

2. Literature Review

There are theories that explain and even model the privacy paradox, e.g., using a construal level theory [52]. Another approach relates the privacy paradox to parallelism, and argues that it may be “explained by the lack of explicit conceptualization and operationalization at multiple levels” [53]. An attempt has even been made to prove and explain the privacy paradox, for example, in a seller scenario [54]. Some individual traits are frequently related to the privacy paradox, e.g., trust [55] or impulsivity, which was found to explain more of the variance in information disclosure than the “Big Five factors,” namely openness, conscientiousness, extraversion, agreeableness, and neuroticism [56]. Li et al. [57] argue that “online consumers are more likely to disclose personal information when they have positive cognitive appraisals,” which may explain the privacy paradox in some scenarios. Risk aversion, a well-known player in decision making processes, is introduced as a possible factor causing people to deviate from the rational calculus for decisions, thus contributing to the privacy paradox [58]. Other factors stem from the platform architecture rather than individual traits, e.g., the way personalized advertisements effect people’s perceptions of benefits and costs [59]. Razzano [60] approaches the privacy paradox from a collective rights perspective, conceptualizing it in terms of public rather than individual dimensions. Ichihashi [61] claimed, “consumers become ‘addicted’ to the platform, whereby they lose privacy and receive low payoffs, but continue to choose high activity levels”.

The two-factor theory (or Herzberg’s motivation-hygiene theory) argues that positive aspects of satisfaction (“enablers”), and negative aspects of dissatisfaction (“inhibitors”), may coexist independently [62]. This theory was harnessed to interpret the privacy paradox regarding the IoT (Internet of Things) technology [63]. The lemming effect was suggested as a cause for what seems to be an arbitrary behavior that leads to the privacy paradox in information security [64]. The vast majority of approaches are consistent with the idea that an inherent, internal contradiction is present, and cannot be explained by a classical logic or rationalism.

The privacy paradox is basically a qualitive factor, but is often treated quantitively, e.g., when trying to optimize data acquisition [65]. However, in the prevailing research literature, it is usually peripheral components that are quantified, e.g., laziness is introduced as a possible cause for the privacy paradox [66], as is fatigue [67]. Hou and Qingyan [68] accommodated perceived benefit and perceived risk in a model that analyzes utility maximization, and proved the existence of the privacy paradox. The privacy paradox may also be measured using statistical tools. For example, Norton (Symantec Corporation), a provider of cybersecurity software, argues that among Americans, 72% feel most of their online activities are tracked, 79% showed concerns regarding the use of data collected by companies, and 81% consider this data with a higher potential risk than benefits, yet “people aren’t necessarily prioritizing their privacy online” [69]. While these measures provide more evidence for the existence of the privacy paradox, they do not evaluate it specifically, and cannot represent its distribution among individuals.

Gimpel, et al. [70] introduced a metric for measuring the privacy paradox, and specified seven requirements: quantifiability, precision, comparability (use of standard units), obtainability, interpretability (easiness of interpretation by users), usefulness, economy (efficiency with regard to costs and benefit). While this development addresses the core issue of the current study, the metric presented ignores the distinction between the components of paradoxical (antinomy) and non-paradoxical (or veridical paradox) situations. Concerning the seven requirements, we disagree only with the interpretability requirement, because this issue is inherently complicated, and privacy paradox metrics are intended primarily for system architects and regulators, not end-users.

We adopt soft logic theory to represent the privacy paradox. The development of soft logic was largely inspired by the research of Marcelo Dascal who wrote about and described the work of the great mathematician and philosopher Gottfried Wilhelm Leibniz [71]. Leibniz aspired to discover and develop a new mathematical language that would provide a softer logic, and thereby overcome the limitations of the true/false dichotomy, which is a central concept in classical logic. According to Dascal, language is a tool for thought, but also influences thinking. On many occasions, Leibniz argued that classical logic, which contains only the two states, true and false (conveniently represented by “1” and “0” in computational systems) is insufficient for grasping the full meaning of human reasoning and conscious. However, he did not develop this idea any further, and established only the fundamentals of this theory. Leibniz, one of the founding fathers of calculus as a branch of mathematics referred to infinitesimals as ideal numbers that might be infinitely small [72]. William Clifford [73] concretized this concept by developing dual numbers, with the form: $a+b\epsilon$, where $a$, $b$ are real numbers and ${\epsilon }^2=0$. The mathematician Felix Klein developed a geometric-algebraic model that he called “blow-up,” by exploding the point of origin of a coordinate (e.g., Cartesian) system [74] and adding all of the possible revolutions around the point of origin, thereby creating a circle around the point of origin, which is connected with lines to each point on the circle. Rotating the circle by $180$ degrees turns it back on itself but in the opposite direction. When this procedure is applied in a three-dimensional space, reversing the direction by 180 degrees creates the Möbius strip twist. This blow-up concept was adopted in the soft logic field, by extending the zero point to an axis.

3. The Concept of Soft Logic

3.1. Soft Logic Basics

Soft logic is a new mathematical concept developed to enable the representation of paradoxical situations, i.e., contradictory states that exist at the same time. While traditional (binary or classical) logic is based on two states, true and false that cannot coexist, real life is more colorful than this black and white scenario [75]. Soft logic may be a member of the paraconsistent logic family, which relates to a dialethic paradoxes when a state is both true and false at the same time [76]. The Möbius strip, depicted in Figure 1, exemplifies one of these paradoxes [77]. From any local point of view, the strip has two sides, but from a global perspective, it has only one side. Therefore, it raises an unanswered question (from a human perspective); does it have one side or two? Thus it introduces a paradoxical situation. This inconclusive situation leads to developing an alternative approach, which maintains that both contradicting states coexist.

Shifting from abstract examples to the real world, the current era is dynamic and characterized by a duality. People face parallel experiences, the real world and the digital world [78]. The fusion of these two worlds creates a new dimension of existence. To understand and describe this situation accurately, a new mathematical concept is required. Soft logic addresses this requirement by introducing a new type of numbers, which have been named “soft numbers”, which aim to represent such situations [79]. In other words, soft logic is useful in representing inherent uncertainty. The concept of soft logic relies on a blow-up of the zero number, an approach that distinguish between multiples of this number [80]. In soft logic, the zero is no longer a singular point, but an axis with infinite number of points, forming the zero axis. As explained above, the roots of the soft logic are found in the thinking of Leibniz (who aspired to overcome the true and false dichotomy) and Klein (who developed the “blow up” concept), and were further developed by the Digital Living 2030 project, which is a collaboration between Tel Aviv University and Stanford University. The project was motivated by a desire to create a mathematical bridge between the real world and the digital world. Based on the concept of the zero-axis, we define a new type of number called soft number, which contains two distinct components: (a) The $\overline{1}$ component (on the one-axis, with old, classic numbers) that may, for example, represent the real objective world; and (b) The $\overline{0}$ component (the new zero-axis) that may, for example, represents subjective human interpretation. Before formalizing soft numbers, their axioms are introduced.

Soft logic theory may sometimes be confused with other “soft” theories like fuzzy logic. Both fuzzy logic and soft logic break the dichotomy of true and false logic, allowing the use of a real number instead of a discrete 2-value binary one. However, the two theories address totally different realities: Fuzzy logic theory relates to cases in which we can assume a hidden, singular situation, but due to uncertainty cannot define them with a singular value. It is closely related to the probabilistic mathematics. The membership function of an element of a fuzzy set is extended from obtaining the value $0$ or $1$ to the entire range of numbers in the segment $\left[0,1\right]$. In this sense, fuzzy set/logic allows multiplications of the number 1 with some real number between 0 and 1. On the other hand, soft logic do not assume the existence of singularity, and allow multiple contradicting situation to be exist at the same time. As a rule of thumb, it may be said that we will consider the use of fuzzy logic when we lack some information, and soft logic when we face a paradox. Fuzzy logic is a member of the soft computing family, a term that was coined by Lotfi A. Zadeh. While there is no exact definition to soft computing, we do think that soft logic can be a member of this family as well.

3.2. Axioms of Soft Numbers

According to classical mathematics, the expression $0/0$ is undefined, although in fact any real number could represent this expression, since $a·0=0$ for all real numbers $a\in ℝ$, therefore, $a=0/0$). This insight opens a new range and fertile ground for investigation. To address this, we assume the existence of a continuum of distinct multiples $a\overline{0}$, where a is any real number and $\overline{0}$ is an object called a “soft zero”. The multiples $a\overline{0}$, which are the multiplications of $\overline{0}$, are also called “soft zeros.” We denote the real number $1$ by $\overline{1}$, and all other real numbers are conceived as its multiples. We also define the term absolute zero as: $0=0\overline{0}$. Now, let a, b be any real numbers and $a\overline{0}, b\overline{0}$ two corresponding soft zeros as defined above. The axioms of soft logic are:

Axiom 1 (Distinction).

If$a\ne b$then$a\overline{0}\ne b\overline{0}.$

In soft logic, we extend the zero from a singular point to a line (axis). This creates a distinction between different multiples of $\overline{0}$. This axiom calls for an order definition: If $a<b$ then $a\overline{0}<b\overline{0}$. The soft zeros which are multiplication of $\overline{0}$ have natural order according to the order of the multiplication factor.

Axiom 2 (Addition).

$a\overline{0}+b\overline{0}=\left(a+b\right)\overline{0}.$

Under the assumption that the multiples of $\overline{0}$ are located on a straight line, we can define the addition of multiples of $\overline{0}$ as the addition of their corresponding real multipliers. The $\overline{1}$ axis behaves regularly: $a\overline{1}+b\overline{1 }=\left(a+b\right)\overline{1}$.

Axiom 3 (Nullity).

$a\overline{0}\ast b\overline{0}=0$.

Numbers on the zero axis “collapse” under multiplication. Addition has significance and meaning, but multiplication does makes no distinction whatsoever.

Axiom 4 (Bridging).

$a\overline{0}\perp b\overline{1}$, $c\overline{1}\perp d\overline{0}$.

There exists a relation between the real number and the soft zero, which is called a “bridge”, and is notated mathematically with the sign $\perp$. The existence of the bridge enables the creation of the soft number.

Axiom 5 (Non-commutativity).

$a\overline{0}\perp b\overline{1} \ne b\overline{1}\perp a\overline{0}$

Bridging is directionally oriented; therefore, the order of the bridging operation is significant (unless, $a=0$ or $b=0$, which in this case the sides are equal) and the result is not commutative. Note that even $a\overline{0}\perp a\overline{1} \ne a\overline{1}\perp a\overline{0}$.

3.3. Formal Definition of a Soft Number

A soft number is a construction of the following form:

$$a·\overline{0}\dot{+}b·\overline{1}$$

(1)

In Equation (1): $a,b$ are any real numbers. The new operator $\dot{+}$ is a type of addition that considers the two-appearance left and right of a bridge number ($\overline{0} \perp b\overline{1}$ and $b\overline{1}\perp a\overline{0})$. The $\overline{1}$ symbol may be omitted from the soft number representation, therefore, $a\overline{0}\dot{+}b\overline{1} \equiv a\overline{0}\dot{+}b$. A soft number can be visualized in a specific coordinate system. For example, the Möbius strip is described when the zero axis is parallel to the real axis. Now, let $SN$ denotes the set of all soft numbers so that:

$$SN=\left\{a\overline{0}\dot{+}b :a,b\in ℝ\right\}$$

(2)

It is noteworthy that, according to the non-commutativity axiom, any soft number in the set $SN$ has a mirror image number created by reversing its bridging order, i.e., $a\overline{0}\perp b$ is mirrored by $b\perp$ $a\overline{0}$ and vice versa. The two mirrored numbers have different meanings.

3.4. Basic Arithmetic of Soft Numbers

The addition operator of two soft numbers is defined by the following rule:

$$\left(a\overline{0}\dotplus b\right)+\left(c\overline{0}\dotplus d\right)=\left(a+c\right)\overline{0}\dotplus \left(b+d\right)$$

(3)

According to this definition, the set $SN$ is a group under addition $\left(SN,+\right)$, when the + sign represents the addition operation for this group.

The multiplication of two soft numbers is defined by the following rule:

$$\left(a\overline{0}\dotplus b\right)\times \left(c\overline{0}\dotplus d\right)=\left(ad+bc\right)\overline{0}\dotplus \left(bd\right)$$

(4)

This operation is commutative and satisfies the laws of associativity and distribution. With these two operations, $+$ and $\times$, soft numbers create the ring $\left(SN,+,\times \right)$, in which the $+$ and $\times$ signs represent the addition and multiplication operators of the ring.

The inverse of a soft number exists when $b\ne 0$, and is defined as:

$${\left(a\overline{0}\dot{+}b\right)}^{-1}=\left(-\frac{a}{b^2}\overline{0}\dot{+}\frac{1}{b}\right)$$

(5)

Therefore, $\left(SN,+,\times \right)$ is almost a field, an algebraic structure with two operations, addition and multiplication that satisfy certain rules (“almost”, because the inverse is undefined only when $b=0$).

3.5. Advanced Mathematical Operations of Soft Numbers

The $n$-th power of a soft number is:

$${\left(a\overline{0}\dot{+}b\right)}^n=na{b}^{n-1}\overline{0}\dot{+}{b}^n$$

(6)

where $n$ is any natural number ($n\in {\mathbb{N}}^{+} , {\mathbb{N}}^{+}=\left\{0,1,2,3,\dots \right\})$.

The square root of a soft number only exists when $b>0$, and has two values:

$$\sqrt{ a\overline{0}\dot{+}b}=\left(+\frac{a}{2\sqrt{b}}\overline{0}\right)\dot{+} \left(+\sqrt{b}\right) , \left(-\frac{a}{2\sqrt{b}}\overline{0}\right)\dot{+} \left(-\sqrt{b}\right)$$

(7)

The $n$-th root of a soft number satisfies the following statements:

for $b\ne 0$ and an odd $n$:

$$\sqrt[n]{a\overline{0}\dot{+}b}=\left(+\frac{a}{n·b^{\left(\frac{n-1}{n}\right)}}\right)\dot{+}\left(+\sqrt[n]{b}\right)$$

(8)

for $b>0$ and an even $n$:

$$\sqrt[n]{a\overline{0}\dot{+}b}=\left(+\frac{a}{n·b^{\left(\frac{n-1}{n}\right)}}\overline{0}\right)\dot{+}\left(+\sqrt[n]{b}\right), \left(-\frac{a}{n·b^{\left(\frac{n-1}{n}\right)}}\overline{0}\right)\dot{+}\left(-\sqrt[n]{b}\right)$$

(9)

The projection of soft numbers to calculus is expressed in the following equation:

$${\left(a\overline{0}\dot{+}x\right)}^n=\left(n·a·x^{n-1}\right)\overline{0}\dot{+}{x}^n={\left(a{x}^n\right)}^{\prime }\overline{0}\dot{+}{x}^n$$

(10)

To generalize the basic calculus equation, if $P\left(x\right)$ is a real polynomial function, then any soft number $a\overline{0 }\dot{+}x$ satisfies:

$$P \left(a\overline{0}\dot{+}x\right)=a{P}^{\prime }\left(x\right)\overline{0}\dot{+}P\left(x\right)$$

(11)

4. Representing the Privacy Paradox Using Soft Logic

4.1. The Privacy Paradox Space

The privacy paradox, currently viewed as a combination of an antinomy and a veridical paradox but not a falsidical paradox, is intuitively suitable for representation by soft logic theory. Before achieving this goal, we describe the privacy-paradox space that defines the situations in which the paradox exists, and its magnitude.

Thema: A privacy-paradox space of an individual acting in an online environment is spanned by three factors:

• Privacy Concern: The magnitude of the user’s care/anxiety/awareness of privacy, e.g., users of e-commerce transactions who claim that they will not disclose personal information, even for a significant discount.
• Privacy Behavior: The amount of privacy preservation actually reflected in user’s behavior, e.g., a user of e-commerce transactions discloses personal information, and the seller gains user’s trust even when a minor discount is offered.
• Technological Literacy: The ability of the user to manage technology efficiently, in this case to control online activities, e.g., understanding the privacy-setting mechanism on Facebook, and the consequences of each action.

It should be noted that all three factors can be measured and expressed on a tangible, quantitative scale. In this study, we will use a discrete scale for practical reasons, although the averaging operator applied to the population yields a continuous scale. A significant gap between privacy concerns and privacy behavior introduces an inconstancy. This phenomenon becomes a real paradox (antinomy) when technological literacy is high, hence the inconstancy cannot be rationally explained. For the sake of convenience, we will refer to the real paradox as a “paradoxical situation,” and the other states as “non-paradoxical situations.” The space spanned by the aforementioned factors can be described by a three-dimensional model, as depicted in Figure 2.

To explain the privacy-paradox space, we identify the vertices of the cube: (A) High privacy behavior but low privacy concern and high literacy. This situation is paradoxical (because the high literacy should lineup with the behavior and the concern), but is uncommon and do not represent the classic privacy paradox; (B) Low privacy behavior and low privacy concern, with high literacy. There is no paradox regardless of the literacy level; (C) High privacy behavior but low privacy concern and low literacy. This situation is not paradoxical, or introduces an imaginary paradox (because low literacy explains the deviation); (D) Low privacy behavior and low privacy concern, with low literacy. There is no paradox regardless of the literacy level; (E) Low privacy behavior but high privacy concern and low literacy. This situation is not paradoxical, or introduces an imaginary paradox (because low literacy explains the deviation); (F) High privacy behavior and high privacy concern, with low literacy. There is no paradox regardless of the literacy level; (G) Low privacy behavior, high privacy concern and high literacy. This is the classic privacy paradox in which privacy behavior deviates downward from privacy concern despite a high literacy level. Therefore, the deviation cannot be explained; (H) High privacy behavior and high privacy concern, with high literacy. There is no paradox regardless of the literacy level. The privacy paradox of an individual is expressed in the privacy-paradox space. Soft logic math is beneficial in the two ranges that introduce a true paradox (the spaces that are close to either point A and/or point G). These ranges are described in psychology by the “double bind theory” [81]. A collection of individuals forms a distribution which is the privacy-paradox sphere.

4.2. Applying Soft Logic to the Privacy Paradox

To represent the privacy paradox with the mathematics of soft logic, let $C$ be privacy Concern, let $B$ be privacy Behavior, and let $L$ be technological Literacy, such that $L\in \left[0,1\right]$, when $L=0$ indicates no literacy at all and $L=1$ indicates maximal literacy. The expression $1-L$ indicates the lack of a literacy level.

Let $\Delta =\left|C-B\right|$, a factor that measures the gap between privacy behavior and privacy concern. The value $\Delta \cong 0$ represents adequate behavior, i.e., when privacy concern is consistent with privacy behavior, and there is no significant gap between them. This value is expected when $0\ll L$ (significant literacy), otherwise we face a paradox. The value $0\ll \Delta$ is expected (or may be explained) only when $L\to 0$ (minimal literacy). The absolution of the difference $C-B$ causes the loss of some information, whether the individual has a frivolous pattern ($B<C$), or a paranoid pattern ($C<B$).

We now introduce two representations for placing an individual in the privacy paradox space:

Representation A:

$${\psi }_1=\left\{\left|C-B\right|·L\right\}·\overline{0}+C·\overline{1}=\left\{\Delta ·L\right\}·\overline{0}+C·\overline{1}$$

(12)

In this representation as defined by Equation (12), ${\psi }_1$ (The letter ψ was selected for two reasons: (a) It is often used to represent the word “psychology” or study of psychology; and (b) It has the shape of a trident, i.e., a central line with deviations in two directions.) stands for an individual state where:

• The $C$ is the baseline and expresses as the rational component of the number.
• The unexplained deviation from privacy concern ($\left|C-B\right|·L$) is the “soft” component of the number.

These two components may also be thought of as expectancy and standard deviation.

In a world where the privacy paradox does not exist, the “soft” component of ${\psi }_1$ is redundant, and ${\psi }_1$ is actually rational. In this world, $\Delta =f\left(L\right)$ where $f^{\prime }<0$. However, in the real world, because $\Delta \neg \square f\left(L\right)$ ($\Delta$ is not necessarily a function of $L$), the paradox does exist.

Representation B:

$${\psi }_2=\left\{\left|C-B\right|·L\right\}·\overline{0}+\left\{\left|C-B\right|·\left(1-L\right)\right\}·\overline{1}=\left\{\Delta L\right\}·\overline{0}+\left\{\Delta ·\left(1-L\right)\right\}·\overline{1}$$

(13)

In this representation, as defined by Equation (13), ${\psi }_2$ stands for an individual deviation level:

• The unexplained deviation from privacy concern ($\left\{\left|C-B\right|·L\right\}$) is the “soft” component of the number.
• The explained deviation from privacy concern ($\left|C-B\right|·\left(1-L\right)$) is the rational component of the number.

4.3. Privacy Paradox: Distribution of Soft Numbers

For the purpose of developing this section, let us assume that $C$, $B$ and $L$ are normally distributed ($C~N\left(0,1) ; B~N\left(0,1\right) ; L~N(0,1\right)$ ). When the three parameters indeed distribute normally, this system can be modeled by normalizing their values to a standard normal distribution $C~N\left(0,1) ; B~N\left(0,1\right) ; L~N(0,1\right)$.

We are interested in the distribution of ${\psi }_1=\left\{\left|C-B\right|·L\right\}·\overline{0}+C·\overline{1}=\left\{\Delta ·L\right\}·\overline{0}+C·\overline{1}$, and specifically the distribution of $\left|C-B\right|·L$.

The sum of two normally distributed random variables also distribute normally as follows: if $X~N\left({\mu }_x,{\sigma }_x^2\right)$ and $Y~N\left({\mu }_y,{\sigma }_y^2\right)$ then $Z=X+Y~N\left({\mu }_x+{\mu }_y,{\sigma }_x^2+{\sigma }_y^2\right)$.

Therefore,

$$\left(\mathrm{C}-B\right)~N\left(0,2\right)$$

(14)

Considering the random variable of the product $D=\left|C-B\right|L$, we address absolution by adding the assisting random variable $\epsilon$, which can have the values $+1$ or $-1$ with equal probability (of $0.5$). The random variable $W$ is defined as:

$$W=\left(C-B\right)L·\epsilon$$

(15)

and, it is clear that:

$$W~\left(C-B\right)L$$

(16)

Therefore:

$$\left|C-B\right|L~\left(C-B\right)L$$

(17)

Let us define:

$$\mathrm{S}=\frac{\left(C-B\right)}{\sqrt{2}}~\mathrm{N}\left(0,1\right) \mathrm{and} \mathrm{E}=\mathrm{SL}$$

(18)

The product of two independent normal variables follows a modified Bessel function, and the density function is given by:

$$P_z\left(E\right)=\frac{K_0\left(\left|E\right|\right)}{\pi }$$

(19)

where $K_0$ is the Bessel function:

$$K_0\left(x\right)=\underset{0}{\overset{\infty }{{\displaystyle \int }}}{e}^{-xcosh\left(t\right)}dt$$

(20)

Therefore, the distribution is given by:

$$\mathrm{P}\left( \left|C-B\right|L<\mathrm{x}\right)=P\left(\frac{\left|C-D\right|}{\sqrt{2}}L<\frac{x}{\sqrt{2}}\right)=P_z\left(\frac{x}{\sqrt{2}}\right)=\frac{K_0\left(\frac{x}{\sqrt{2}}\right)}{\pi }=\frac{1}{\pi }\underset{0}{\overset{\infty }{{\displaystyle \int }}}{e}^{-\frac{x}{\sqrt{2}}cosh\left(t\right)}dt$$

(21)

5. Empirical Study

The empirical study aimed to demonstrate how the methodology for using soft logic to represent the privacy paradox can be implemented.

5.1. Design

To conduct the empirical study, we developed a questionnaire designed to collect information from an individual on the three major factors: privacy concerns ($C$), privacy behavior ($B$), and technological literacy ($L$). The empirical study paired privacy concerns and privacy behavior in seven scenarios:

• Using secure web sites when purchasing goods with an e-commerce transaction. A screenshot depicting this scenario was shown to the participants.
• Publishing a post on Facebook online social network about a car accident that an individual experienced.
• Consent to provide personal information in response to a national survey. A screenshot depicting this scenario was shown to the participants.
• An offer to receive a significant discount on purchasing electronics in return for providing the email address. A screenshot depicting this scenario was shown to the participants.
• Browsing a web site by clicking a URL that was provided as a winning message of free cinema tickets.
• The importance of keeping the antivirus updated and genuine.
• Reading the privacy notice when installing a new application on a smartphone.

Scenario (a) above is depicted in Figure 3. In the screen shown on the left, the participants are introduced with an e-commerce purchasing scenario on a non-secured site to evaluate privacy behavior; the screen on the right side, questions participants regarding their attitude on this issue, evaluating privacy concern. As explained below, all of these pairs of questions were shuffled randomly to minimize the possible linking by the participants.

For each of the above scenarios, a pair of questions was introduced, one to evaluate the individual’s actual action in this scenario ($B$), and the other to evaluate her/his attitude towards the scenario ($C$). Both $B$ and C were ranked on a scale of 1 to 5. The answers were normalized for all scenarios, so that 1 represents minimal value and 5 represents maximal value. To achieve this, the scale was reversed for some questions (depending on the context), e.g., in scenario (b) about publishing a post on a car accident, selecting the “public” publishing option represents a minimal value of 1, and the answer not to publish at all represents a maximal value of 5.

Let $i$ be the user index (given $n$ participants, $i\in \left\{1..n\right\}$), and let $s$ be the user scenario number ($s\in \left\{\mathrm{1..7}\right\}$), the variable $A{C}_i^s$ indicates the answer of participant $i$ to scenario $c$ regarding of the privacy concern question ($A{C}_i^s\in \left\{\mathrm{0..5}\right\}$), and the variable $A{B}_i^s$ indicates the answer of participant $i$ to scenario $c$ regarding for the privacy behavior question ($A{B}_i^s\in \left\{\mathrm{0..5}\right\}$). Since the questions are paired by content, the $\Delta =\left|C-B\right|$ for participant $i$ is given by: ${\Delta }_i=\frac{{{\displaystyle \sum }}_{s\in S}\left|A{C}_i^s-A{B}_i^s\right|}{\left|S\right|}=\overline{\left\{\left|A{C}_l^s-A{B}_l^s\right| :l\in S\right\}}$. To minimize the linking of two paired questions by the user, the questions in this section of the questionnaire were shuffled randomly.

A separate section of the questionnaire included five questions for evaluating the technological literacy of the participants. Each of these questions can be answered correctly (indicated by 1) incorrectly (indicated by 0). Let $j$ indicate the question number ($j\in \left\{\mathrm{1..5}\right\}$), and let $A{L}_i^j$ be the answer of participant $i$ to question $j$ ($A{L}_i^j\in \left\{0,1\right\}$), so that the overall technological literacy of user $i$ is given by: ${\mathrm{L}}_i={\displaystyle \sum }_{j\in J}A{L}_i^j$ (${\mathrm{L}}_i\in \left\{1..\left|J\right|\right\} \Rightarrow {\mathrm{L}}_i\in \left\{\mathrm{0..5}\right\}$).

The four-part questionnaire opened with (1) general information about this study (without revealing the motivation of estimating the gap $\Delta =\left|C-B\right|$). The conditions for participation were presented and consent was required to continue. This was followed by (2) demographic questions; (3) seven pairs of questions regarding the scenarios (shuffled randomly); and (4) five questions regarding the technological literacy. Participation was anonymous, and the participants were required to be at least 18 years old. The research was approved by the institutional ethics committee.

5.2. Participants

The participants were recruited using the crowdsourcing platform Amazon Mechanical Turk (MTurk). MTurk has proven to be suitable for studies of this type [82]. The MTurk qualification mechanism was applied to guarantee that each participant would be assigned to one experiment only, and thereby preventing a carryover effect. The compensation includes a fee of $0.2 for carrying out the Human Intelligence Task (HIT) on MTurk, an accepted and fair combination for this task [83]. The questionnaire was created using the Qualtrics online survey platform.

The study included $n=132$ valid participants (12 responses were disqualified for various reasons). Of the participants, 38% were female and 62% were male; 13% were 18–25 years old, 26% were 26–30 years old, 36% were 31–40 years old, 16% were 41–50 years old, and 9% were older than 50; 70% had a bachelor’s degree, 10% had a high school diploma, and 17% had a master’s degree. The vast majority of the participants (83%) were employees, 14% were self-employed, and 4% were unemployed or currently looking for work.

5.3. Results

The overall privacy concern ($C$) was relatively high ($\mu =4.1 , \sigma =0.6)$, privacy behavior ($B$) was medium ($\mu =3.0 , \sigma =0.6)$, and the technological literacy ($L$) was average ($\mu =2.9 , \sigma =1.4)$. The distributions of these three factors are depicted in Figure 4 a, b, and c respectively. As a preliminary result, the visual differences between the privacy concern (Figure 4a) and the privacy behavior (Figure 4b) demonstrate that the gap is significantly positive ($|\Delta |>0$). Potentially, if literacy is significant, the privacy paradox does indeed exist.

The spread of the results in the privacy-paradox space is depicted in Figure 5. The X axis (horizontal and stretched from right to left) describes privacy concern, the Y axis (the other horizontal axis) describes privacy behavior, and the Z axis (vertical) describes technological literacy. Each vertex in the three-dimensional space describes a single participant point, and the surfaces were drawn to assist with orientation in the three-dimensional space (otherwise it is difficult to locate each point at an exact $\mathrm{x},\mathrm{y},\mathrm{z}$ location). The bottom diagonal green line represents a perfect balance between privacy concern and privacy behavior ($\Delta =0$), i.e., all the points which are above this line are not paradoxical at all. The more remote a point is from the green line horizontally, the higher the potential paradox is (the distance from the line $d$ is given by: $d=\left|\frac{C-B}{\sqrt{2}}\right|$). However, if a point is low on the Z axis (technological literacy), the paradox can be explained, and therefore it is not a paradox. It can be clearly seen that many points do represent a significant privacy paradox.

5.4. Representation with Soft Logic

Each participant’s result generates a single soft number with representation A (${\psi }_1$) or representation B (${\psi }_2$). To balance both components of ${\psi }_1$, the raw results of $C$, $B$, and $L$ were normalized to the range $\left(\mathrm{0..1}\right)$ by dividing each by the maximal range (which was 5 in this study). For example, the theoretical result of $C=2.5 , B=3.5 , L=3$ yields:

$${\psi }_1=\left\{\left|\frac{2.5}{5}-\frac{3.5}{5}\right|·\frac{3}{5}\right\}·\overline{0}+\frac{2.5}{5}·\overline{1}=0.12·\overline{0}+0.5·\overline{1}$$

and:

$${\psi }_2=\left\{\left|\frac{2.5}{5}-\frac{3.5}{5}\right|·\frac{3}{5}\right\}·\overline{0}+\{\left|\frac{2.5}{5}-\frac{3.5}{5}\right|·(1-\frac{3}{5})\} ·\overline{1}=0.12·\overline{0}+0.08·\overline{1}$$

To show the spread of the results, ${\psi }_1$ and ${\psi }_2$ are displayed on two-dimensional graphs shown in Figure 6a and Figure 6b respectively. In Figure 6a (representation A denoted by ${\psi }_1$), the X-axis describes concern (C) which is the base line, and expresses the $\overline{1}$ component of the soft number, while the Y-axis describes the paradoxical part ($\Delta ·\mathrm{L}$) which expresses the $\overline{0}$ component of the soft number. In Figure 6b (representation B denoted by ${\psi }_2$), the X-axis describes the non-paradoxical element ($\Delta ·\left(1-\mathrm{L}\right)$) which is the $\overline{1}$ component of the soft number, while the Y-axis describes the paradoxical part ($\Delta ·\mathrm{L}$) which expresses the $\overline{0}$ component of the soft number.

6. Discussion

The existence of a significant gap between the privacy concerns and privacy behavior of an individual is known as the privacy paradox. While this phenomenon is prevalent, researchers have only explained it with speculation [84]. A gap between privacy concern and privacy behavior can reconciled when the individual has low technological literacy, and could introduce a true paradoxical situation when technological literacy is high. Therefore, privacy concern, privacy behavior and technological literacy may be correlated to the privacy paradox. For example, it has been argued, “Internet technical literacy negatively related to the Internet privacy concerns” [85]. Both situations, the veridical paradox and the true paradox (antinomy in classical logic or a dialetheia in a paraconsistent logic) requires attention, because the users are not acting in accordance with their true privacy preferences. The privacy paradox may be considered part of the attempts to integrate the human factors into digital systems. Previous steps towards achieving this goal include, for example, considering user behavior in a financial information system [86], but this study is focused on paradoxical situations which are difficult to model.

In this study, we offer a mathematical formalization of the privacy-paradox space which unifies both the non-paradoxical (falsidical paradox) and the paradoxical states in general, and specifically addresses the paradox. To achieve this, we applied a new mathematical theory: soft logic. The concept of soft logic tolerates the simultaneous existence of paradoxical situations; for example, it can represent a scenario when a singular point in space and time has two different temperature values. Naturally, this situation is impossible, at least in classical physics, however, the current case deals with cognition, in which paradoxical situations may be observed, as described above. We formulated and represented the privacy paradox using the language of soft logic in two different ways. Finally, we conducted an empirical study that included $n=132$ valid participants, and demonstrated how the privacy paradox space (of a group of individuals) can be represented and handled mathematically by using soft logic. This methodology may pave the way for developing algorithms that can enhance privacy. For example, when low technological literacy exists, i.e., in low paradox situations, literacy education is required. On the other hand, when high technological literacy exists, i.e., in significantly paradoxical situations, the solution may require other means. From the applicative point of view, this methodology can make a significant contribution to privacy-enhancing technology (PET) [87]. The soft logic approach defines paradoxical situations well, in situation where few opposites exist in the same time and place (a single individual in our case), and also enables carrying out mathematical operations on the discrete values. The availability of these operators is important; e.g., the absolute value of subtracting two values in the privacy-paradox space should describe the gap between two individuals. Without the zero axis, the paradox cannot be represented adequately, especially the holistic realty of joining the paradoxical and non-paradoxical components.

Paradoxes have become more prevalent and more powerful in the digital era, possibly due to the complexity of the environment. For example, the paradox of the parts and the whole [88], the efficiency paradox [89], and the paradox of complexity [90]. As privacy is a key issue in public discussion, the privacy paradox is certainly a prominent paradox, if not the most prominent one. The failure to provide a convincing explanation for the privacy paradox, suggests that two contradicting situations exist simultaneously, a situation that cannot be well-represented using the mathematical tools of classical logic. Therefore, current reality calls for a new theory to better address this issue. This study developed and empirically demonstrated the methodology of adopting soft logic for understand the privacy paradox. Since the privacy paradox is by its nature a classic paradox, we assume that the theory can be extended to many other paradoxical situations, in some cases with only minor adjustment. The idea of dualism is not new, for example, Immanuel Kant introduced understanding and sensibility as a pair and coined the terms “noumenon” for the object that exists independently of human sense, and “phenomenon” for the observable object [91]. The noumenal world is known to be exist but unknown to us because it is not sensible, an idea that is identified with Kant’s concept of the “thing-in-itself.”

While the paradoxical domain is one possible dimension for extending the theory, another dimension would be the type of the problem to be solved. For example, it has been shown how soft logic can be applied to decision trees dealing for a reality that combines a cognitive process with a more robust (e.g., machine-based) process [92]. Taking a wider view, the human and the machine worlds collide in the digital era, and soft logic representation might be a holistic way to represent this unnatural fusion.

While soft logic representation theory is elegant and promising, its effectiveness for developing applications to protect and refine privacy has still to be proved empirically. This could be achieved in a further study focused on specific domains or components of a system, for example setting defaults for applications such that they are optimized for the majority of the population [93]. Moreover, the proposed mathematics may require further development, especially to accommodate a wide variety of distributions, because the problem is stochastic by its nature. The empirical demonstration presented here might be slightly biased by sophisticated participants who could have noticed that the same issue (privacy concern and privacy behavior) appeared repeatedly in the questionnaire. A further study that analyzes real behavior in non-simulated activities could reduce this bias. Another issue with this study is the absolution of the gap between privacy-concern values and privacy-behavior values. As mentioned, while this absolution introduces a more elegant and unified model, it may also cause a loss of some information. This information encapsulates the essence of the problem: whether the user is exaggerating his or her anxiety about privacy, resulting in an unnecessary reduction of its benefits, or rather is underestimating privacy protection, causing undesired privacy loss. This simplification of the model might be addressed in a future study by extending the mathematical model to also include negative values in the gap. Lastly, the empirical part of this study is bounded to a demonstration of a soft logic representation of a real dataset. However, a more applicable study could implement this methodology in an application. For example, when installing a new smartphone application, the model can be assimilated in the configuration session, so that the selected choices and option reflect the user’s true preferences more adequately.

Bringing together human preferences and sensitivities concerning privacy (which is a fuzzy domain) and the technological environment (which is a robust domain) requires an effective bridge. The theory of soft logic provides this bridge, thereby contributing to the construction of new foundations for solving problems in this field. The evolution of technology and humanity may correspond to the evolution of the zero number. This historical journey started with ignoring zero as a number, then defining a singular zero that addresses well-defined mathematical domains such as Newtonian physics, and now zero is being extended to become an axis that addresses the fusion of humanity and technology.

7. Conclusions

While paradoxical situations are often unavoidable, especially when soft human factors like cognition are an inherent part of the model, they can be represented mathematically by using soft logic. This result is the most important contribution of this research, and may be helpful, for example, when developing applications in these environments. The functionally and usability of the soft logic representation are expected due to their success enabling mathematical manipulations, and therefore algorithms, without the need to describe and construct the causality of the paradox.