User interface design for privacy awareness in eHealth technologies

In this paper we investigate privacy issues relating to Human Computer Interfaces for mobile eHealth technologies. We present the Inform-Alert-Mitigate (I-AM) cycle, a novel approach to address privacy concerns that are associated with the use of these technologies. The I-AM approach supports the responsible innovation of new technologies. We demonstrate the effectiveness of I-AM by applying it to examples taken from mobile applications relating to personal health. We discuss three classes of applications: a) fitness trackers b) personal wellbeing applications and c) medical applications, and evaluate the privacy exposure of their users using representative applications from these classes. The paper evaluates the current privacy enhancing features of these applications against the identified risks and demonstrates how the I-AM approach can be applied to yield additional and more effective privacy protection for these technologies.

[1]  Ahmad-Reza Sadeghi,et al.  A Pattern for Secure Graphical User Interface Systems , 2009, 2009 20th International Workshop on Database and Expert Systems Application.

[2]  Shoshana Loeb,et al.  Privacy enhancements for mobile and social uses of consumer electronics , 2010, IEEE Communications Magazine.

[3]  Andrew S. Patrick,et al.  From Privacy Legislation to Interface Design: Implementing Information Privacy in Human-Computer Interactions , 2003, Privacy Enhancing Technologies.

[4]  Ninghui Li,et al.  End-User Privacy in Human–Computer Interaction , 2009 .

[5]  Elisa Bertino,et al.  A roadmap for comprehensive online privacy policy management , 2007, CACM.

[6]  David Eckhoff,et al.  Privacy assessment in vehicular networks using simulation , 2014, Proceedings of the Winter Simulation Conference 2014.

[7]  Lorrie Faith Cranor,et al.  A Conundrum of Permissions: Installing Applications on an Android Smartphone , 2012, Financial Cryptography Workshops.

[8]  Lorrie Faith Cranor,et al.  Privacy as part of the app decision-making process , 2013, CHI.

[9]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[10]  David A. Wagner,et al.  I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns , 2012, SPSM '12.

[11]  Louise Barkhuus The mismeasurement of privacy: using contextual integrity to reconsider privacy in HCI , 2012, CHI.

[12]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[13]  Duska Rosenberg,et al.  Interaction spaces in computer-mediated communication , 2004, AI & SOCIETY.

[14]  Lorrie Faith Cranor,et al.  A Design Space for Effective Privacy Notices , 2015, SOUPS.

[15]  Isabel Wagner Genomic Privacy Metrics: A Systematic Comparison , 2015, 2015 IEEE Security and Privacy Workshops.

[16]  Graham Greenleaf,et al.  Sheherezade and the 101 Data Privacy Laws: Origins, Significance and Global Trajectories , 2013 .

[17]  Norman M. Sadeh,et al.  Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing , 2012, UbiComp.

[18]  Lorrie Faith Cranor,et al.  Timing is everything?: the effects of timing and placement of online privacy indicators , 2009, CHI.

[19]  Jens Grossklags,et al.  Privacy by ReDesign: Alleviating Privacy Concerns for Third-Party Apps , 2012, International Conference on Interaction Sciences.

[20]  Erik Wästlund,et al.  Towards Usable Privacy Policy Display & Management for PrimeLife , 2012, Inf. Manag. Comput. Secur..

[21]  Helen Nissenbaum,et al.  Privacy and contextual integrity: framework and applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[22]  Glenn Faden Multilevel filesystems in solaris trusted extensions , 2007, SACMAT '07.

[23]  Bernd Carsten Stahl,et al.  Responsible research and innovation: The role of privacy in an emerging framework , 2013 .

[24]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[25]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.