Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Explainable AI in Usable Privacy and Security: Challenges and Opportunities

Vincent Freiberger, Arthur Fleig, Erik Buchmann

TL;DR

This paper addresses the explainability and hallucination challenges of using LLMs as judges in usable privacy and security, focusing on PRISMe, an interactive privacy policy assessment tool. It analyzes a prior 22-participant user study to reveal issues around transparency, consistency, faithfulness, and user variation in explanation needs, and discusses mitigation strategies such as structured evaluation criteria, uncertainty estimation, and retrieval-augmented generation (RAG). The authors argue for adaptive, user-profile–driven explanations to improve trust and decision-making, and highlight trade-offs between transparency, privacy, and cognitive load. By framing PRISMe within the HCXAI lens, the work emphasizes the practical importance of human-centered explanations in high-stakes privacy contexts and outlines concrete research directions for robust, explainable privacy tools.

Abstract

Large Language Models (LLMs) are increasingly being used for automated evaluations and explaining them. However, concerns about explanation quality, consistency, and hallucinations remain open research challenges, particularly in high-stakes contexts like privacy and security, where user trust and decision-making are at stake. In this paper, we investigate these issues in the context of PRISMe, an interactive privacy policy assessment tool that leverages LLMs to evaluate and explain website privacy policies. Based on a prior user study with 22 participants, we identify key concerns regarding LLM judgment transparency, consistency, and faithfulness, as well as variations in user preferences for explanation detail and engagement. We discuss potential strategies to mitigate these concerns, including structured evaluation criteria, uncertainty estimation, and retrieval-augmented generation (RAG). We identify a need for adaptive explanation strategies tailored to different user profiles for LLM-as-a-judge. Our goal is to showcase the application area of usable privacy and security to be promising for Human-Centered Explainable AI (HCXAI) to make an impact.

Explainable AI in Usable Privacy and Security: Challenges and Opportunities

TL;DR

This paper addresses the explainability and hallucination challenges of using LLMs as judges in usable privacy and security, focusing on PRISMe, an interactive privacy policy assessment tool. It analyzes a prior 22-participant user study to reveal issues around transparency, consistency, faithfulness, and user variation in explanation needs, and discusses mitigation strategies such as structured evaluation criteria, uncertainty estimation, and retrieval-augmented generation (RAG). The authors argue for adaptive, user-profile–driven explanations to improve trust and decision-making, and highlight trade-offs between transparency, privacy, and cognitive load. By framing PRISMe within the HCXAI lens, the work emphasizes the practical importance of human-centered explanations in high-stakes privacy contexts and outlines concrete research directions for robust, explainable privacy tools.

Abstract

Large Language Models (LLMs) are increasingly being used for automated evaluations and explaining them. However, concerns about explanation quality, consistency, and hallucinations remain open research challenges, particularly in high-stakes contexts like privacy and security, where user trust and decision-making are at stake. In this paper, we investigate these issues in the context of PRISMe, an interactive privacy policy assessment tool that leverages LLMs to evaluate and explain website privacy policies. Based on a prior user study with 22 participants, we identify key concerns regarding LLM judgment transparency, consistency, and faithfulness, as well as variations in user preferences for explanation detail and engagement. We discuss potential strategies to mitigate these concerns, including structured evaluation criteria, uncertainty estimation, and retrieval-augmented generation (RAG). We identify a need for adaptive explanation strategies tailored to different user profiles for LLM-as-a-judge. Our goal is to showcase the application area of usable privacy and security to be promising for Human-Centered Explainable AI (HCXAI) to make an impact.

Paper Structure

This paper contains 13 sections, 1 figure.

Table of Contents

  1. Introduction
  2. Related Work
  3. Use Case: Privacy Risk Information Scanner for Me (PRISMe)
  4. System
  5. User Study
  6. Discussion
  7. Investigating the LLM Explanations and Hallucination Issues
  8. Balancing Transparency, Trust, and Critical Thinking
  9. Balancing Privacy and Explainability
  10. Conclusion
  11. Appendix
  12. Prompting Approach for Initial Assessment Generation
  13. Prompting Approach for Chat Answer Generation

Figures (1)

  • Figure 1: When the user visits a website, our prototype evaluates the privacy policy in the background and displays privacy alerts via colored scrollbars and a point-of-entry smiley icon (top middle). Clicking the smiley opens an Overview Panel (left) summarizing key privacy issues, with navigation to a Dynamic Dashboard and chat interface. The dashboard (bottom middle) provides detailed policy evaluation criteria, which users can chat about (right) by clicking the respective "More" button.