Tensions in Developing a Secure Collective Information Practice - The Case of Agile Ridesharing

Many current HCI, social networking, ubiquitous computing, and context aware designs, in order for the design to function, have access to, or collect, significant personal information about the user. This raises concerns about privacy and security, in both the research community and main-stream media. From a practical perspective, in the social world, secrecy and security form an ongoing accomplishment rather than something that is set up and left alone. We explore how design can support privacy as practical action, and investigate the notion of collective information-practice of privacy and security concerns of participants of a mobile, social software for ride sharing. This paper contributes an understanding of HCI security and privacy tensions, discovered while "designing in use" using a Reflective, Agile, Iterative Design (RAID) method.

[1]  Virgil D. Gligor,et al.  A New Privacy-Enhanced Matchmaking Protocol , 2013, NDSS.

[2]  Bettina Berendt,et al.  E-privacy in 2nd generation E-commerce: privacy preferences versus actual behavior , 2001, EC '01.

[3]  Cliff Lampe,et al.  A face(book) in the crowd: social Searching vs. social browsing , 2006, CSCW '06.

[4]  Adam Shostack,et al.  The New School of Information Security , 2008 .

[5]  James P. Titus,et al.  Security and Privacy , 1967, 2022 IEEE Future Networks World Forum (FNWF).

[6]  Robert C. Carlson Anatomy of a systems failure: Dial-a-ride in Santa Clara County, California , 1976 .

[7]  Paul Dourish,et al.  Collective Information Practice: Exploring Privacy and Security as Social and Cultural Phenomena , 2006, Hum. Comput. Interact..

[8]  Margot Brereton,et al.  Design from the everyday: continuously evolving, embedded exploratory prototypes , 2010, Conference on Designing Interactive Systems.

[9]  Margot Brereton,et al.  Designing participation in agile ridesharing with mobile social software , 2009, OZCHI '09.

[10]  Stuart E. Schechter,et al.  The Emperor's New Security Indicators , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[11]  AcquistiAlessandro,et al.  Privacy and Rationality in Individual Decision Making , 2005, S&P 2005.

[12]  Sacha Brostoff,et al.  Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[13]  Margot Brereton,et al.  Interaction, privacy and profiling considerations in local mobile social software: a prototype agile ride share system , 2010, OZCHI '10.

[14]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..

[15]  Paul Dourish,et al.  Yesterday’s tomorrows: notes on ubiquitous computing’s dominant vision , 2007, Personal and Ubiquitous Computing.

[16]  Stuart E. Schechter,et al.  The Emperor's New Security Indicators An evaluation of website authentication and the effect of role playing on usability studies † , 2007 .

[17]  S. L. Star,et al.  The Ethnography of Infrastructure , 1999 .

[18]  Kirstie Hawkey,et al.  "I did it because I trusted you" : Challenges with the Study Environment Biasing Participant Behaviours , 2010 .

[19]  Sameer Patil,et al.  Who gets to know what when: configuring privacy permissions in an awareness application , 2005, CHI.

[20]  Margot Brereton,et al.  Designing for participation in local social ridesharing networks: grass roots prototyping of IT systems , 2010, PDC '10.

[21]  DourishPaul,et al.  Yesterday’s tomorrows: notes on ubiquitous computing’s dominant vision , 2007 .

[22]  Alessandro Acquisti,et al.  Privacy and rationality in individual decision making , 2005, IEEE Security & Privacy.

[23]  Yu Zhang,et al.  Adaptive Security Dialogs for Improved Security Behavior of Users , 2009, INTERACT.

[24]  Marco Winckler,et al.  Human-Computer Interaction - INTERACT 2009, 12th IFIP TC 13 International Conference, Uppsala, Sweden, August 24-28, 2009, Proceedings, Part I , 2009, INTERACT.

[25]  Paul Dourish,et al.  Security in the wild: user strategies for managing security as an everyday, practical problem , 2004, Personal and Ubiquitous Computing.