Personal privacy through understanding and action: five pitfalls for designers

To participate in meaningful privacy practice in the context of technical systems, people require opportunities to understand the extent of the systems’ alignment with relevant practice and to conduct discernible social action through intuitive or sensible engagement with the system. It is a significant challenge to design for such understanding and action through the feedback and control mechanisms of today’s devices. To help designers meet this challenge, we describe five pitfalls to beware when designing interactive systems—on or off the desktop—with personal privacy implications. These pitfalls are: (1) obscuring potential information flow, (2) obscuring actual information flow, (3) emphasizing configuration over action, (4) lacking coarse-grained control, and (5) inhibiting existing practice. They are based on a review of the literature, on analyses of existing privacy-affecting systems, and on our own experiences in designing a prototypical user interface for managing privacy in ubiquitous computing. We illustrate how some existing research and commercial systems—our prototype included—fall into these pitfalls and how some avoid them. We suggest that privacy-affecting systems that heed these pitfalls can help users appropriate and engage them in alignment with relevant privacy practice.

[1]  E. Goffman The Presentation of Self in Everyday Life , 1959 .

[2]  John Leubsdorf,et al.  Privacy and Freedom , 1968 .

[3]  J. Freedman,et al.  Conceptions of Crowding. (Book Reviews: Crowding and Behavior; The Environment and Social Behavior. Privacy, Personal Space. Territory, Crowding) , 1975 .

[4]  M. Foucault Discipline and Punish, Panopticism , 1977 .

[5]  Colin Potts,et al.  Design of Everyday Things , 1988 .

[6]  M. Weiser The Computer for the Twenty-First Century , 1991 .

[7]  Mark Weiser The computer for the 21st century , 1991 .

[8]  Wendy E. Mackay,et al.  Triggers and barriers to customizing software , 1991, CHI.

[9]  Michael G. Lamming,et al.  Locating Systems at Work: Implications for the Development of Active Badge Applications , 1992, Interact. Comput..

[10]  L. Suchman Do categories have politics? The language/action perspective reconsidered , 1993 .

[11]  L. Suchman Do categories have politics? The language/action perspective reconsidered , 1993 .

[12]  Abigail Sellen,et al.  Design for Privacy in Ubiquitous Computing Environments , 1993, ECSCW.

[13]  Scott E. Hudson,et al.  Techniques for addressing fundamental privacy and disruption tradeoffs in awareness support systems , 1996, CSCW '96.

[14]  Robert Gellman,et al.  Does privacy law work , 1997 .

[15]  P. Agre,et al.  Technology and privacy: The new landscape , 1998 .

[16]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[17]  Mark S. Ackerman,et al.  Beyond Concern: Understanding Net Users' Attitudes About Online Privacy , 1999, ArXiv.

[18]  Leysia Palen,et al.  Social, individual and technological issues for groupware calendar systems , 1999, CHI '99.

[19]  M. Angela Sasse,et al.  Taming the wolf in sheep's clothing: privacy in multimedia communications , 1999, MULTIMEDIA '99.

[20]  Mark S. Ackerman,et al.  The Intellectual Challenge of CSCW: The Gap Between Social Requirements and Technical Feasibility , 2000, Hum. Comput. Interact..

[21]  Bonnie A. Nardi,et al.  Interaction and outeraction: instant messaging in action , 2000, CSCW '00.

[22]  Anne Adams,et al.  Multimedia information changes the whole privacy ballgame , 2000, CFP '00.

[23]  Benjamin M. Compaine,et al.  The Internet upheaval : raising questions, seeking answers in communications policy , 2000 .

[24]  Christopher Edwards,et al.  The effects of filtered video on awareness and privacy , 2000, CSCW '00.

[25]  Daniela Gerd tom Markotten,et al.  Usability meets security - the Identity-Manager as your personal security assistant for the Internet , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[26]  Gregory D. Abowd,et al.  A Conceptual Framework and a Toolkit for Supporting the Rapid Prototyping of Context-Aware Applications , 2001, Hum. Comput. Interact..

[27]  Batya Friedman,et al.  Cookies and Web browser design: toward realizing informed consent online , 2001, CHI.

[28]  Anoop Gupta,et al.  Linking public spaces: technical and social issues , 2001, CHI.

[29]  Jonathan J. Cadiz,et al.  Privacy Interfaces for Collaboration , 2001 .

[30]  Marc Langheinrich,et al.  Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems , 2001, UbiComp.

[31]  James A. Landay,et al.  Approximate Information Flows: Socially-Based Modeling of Privacy in Ubiquitous Computing , 2002, UbiComp.

[32]  Austin Henderson,et al.  Making sense of sensing systems: five questions for designers and researchers , 2002, CHI.

[33]  Batya Friedman,et al.  Informed consent in the Mozilla browser: implementing value-sensitive design , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[34]  danah boyd,et al.  Faceted Id/Entity : managing representation in a digital world , 2002 .

[35]  Marc Langheinrich,et al.  A Privacy Awareness System for Ubiquitous Computing Environments , 2002, UbiComp.

[36]  Gaetano Borriello,et al.  UbiComp 2002: Ubiquitous Computing: 4th International Conference Göteborg, Sweden, September 29 – October 1, 2002 Proceedings , 2002, Lecture Notes in Computer Science.

[37]  Eija Kaasinen,et al.  User needs for location-aware mobile services , 2003, Personal and Ubiquitous Computing.

[38]  Anind K. Dey,et al.  Managing Personal Information Disclosure in Ubiquitous Computing Environments , 2003 .

[39]  Joseph Turow,et al.  Americans Online Privacy: The System Is Broken , 2003 .

[40]  Allison Woodruff,et al.  How push-to-talk makes talk less pushy , 2003, GROUP.

[41]  Anind K. Dey,et al.  Towards a Deconstruction of the Privacy Space , 2003 .

[42]  D. Boyd Reflections on Friendster, Trust and Intimacy , 2003 .

[43]  Nathaniel Good,et al.  Usability and privacy: a study of Kazaa P2P file-sharing , 2003, CHI '03.

[44]  Richard Beckwith,et al.  Designing for Ubiquity: The Perception of Privacy , 2003, IEEE Pervasive Comput..

[45]  Michael S. Taylor,et al.  Genetic Evidence for Local Retention of Pelagic Larvae in a Caribbean Reef Fish , 2003, Science.

[46]  Andreas Krause,et al.  SenSay: a context-aware mobile phone , 2003, Seventh IEEE International Symposium on Wearable Computers, 2003. Proceedings..

[47]  Anind K. Dey,et al.  Who wants to know what when? privacy preference determinants in ubiquitous computing , 2003, CHI Extended Abstracts.

[48]  Paul Dourish,et al.  Unpacking "privacy" for a networked world , 2003, CHI '03.

[49]  Peter F. Patel-Schneider,et al.  Enabling context-aware and privacy-conscious user data sharing , 2004, IEEE International Conference on Mobile Data Management, 2004. Proceedings. 2004.

[50]  Lucy A. Suchman,et al.  Do categories have politics? , 1993, Computer Supported Cooperative Work (CSCW).

[51]  Danah Boyd,et al.  Friendster and publicly articulated social networking , 2004, CHI EA '04.