User interfaces for privacy agents

Most people do not often read privacy policies because they tend to be long and difficult to understand. The Platform for Privacy Preferences (P3P) addresses this problem by providing a standard machine-readable format for website privacy policies. P3P user agents can fetch P3P privacy policies automatically, compare them with a user's privacy preferences, and alert and advise the user. Developing user interfaces for P3P user agents is challenging for several reasons: privacy policies are complex, user privacy preferences are often complex and nuanced, users tend to have little experience articulating their privacy preferences, users are generally unfamiliar with much of the terminology used by privacy experts, users often do not understand the privacy-related consequences of their behavior, and users have differing expectations about the type and extent of privacy policy information they would like to see. We developed a P3P user agent called Privacy Bird. Our design was informed by privacy surveys and our previous experience with prototype P3P user agents. We describe our design approach, compare it with the approach used in other P3P use agents, evaluate our design, and make recommendations to designers of other privacy agents.

[1]  Jens Riegelsberger,et al.  Could I have the Menu Please? An Eye Tracking Study of Design Conventions , 2004 .

[2]  F. BRUCE SANFORD,et al.  Information Explosion , 1970, Nature.

[3]  Poh Wah Khong,et al.  Exploring user's emotional relationships with IT products: a structural equation model , 2003, DPPI '03.

[4]  James A. Landay,et al.  Personal privacy through understanding and action: five pitfalls for designers , 2004, Personal and Ubiquitous Computing.

[5]  Batya Friedman,et al.  Cookies and Web browser design: toward realizing informed consent online , 2001, CHI.

[6]  P. Doyle,et al.  Confidentiality, Disclosure and Data Access: Theory and Practical Applications for Statistical Agencies , 2001 .

[7]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[8]  Bradley Malin,et al.  Betrayed By My Shadow: Learning Data Identity via Trail Matching , 2005 .

[9]  James A. Hendler,et al.  The Semantic Web" in Scientific American , 2001 .

[10]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[11]  Joel R. Reidenberg,et al.  Can User Agents Accurately Represent Privacy Policies , 2002 .

[12]  Paul Dourish,et al.  Unpacking "privacy" for a networked world , 2003, CHI '03.

[13]  Lorrie Faith Cranor,et al.  Use of a P3P user agent by early adopters , 2002, WPES '02.

[14]  Mark S. Ackerman,et al.  Privacy in e-commerce: examining user scenarios and privacy preferences , 1999, EC '99.

[15]  Harold C. Releya Technology and privacy: The new landscape , 1998 .

[16]  Lorrie Faith Cranor,et al.  Searching for Privacy: Design and Implementation of a P3P-Enabled Search Engine , 2004, Privacy Enhancing Technologies.

[17]  Peter F. Patel-Schneider,et al.  Enabling context-aware and privacy-conscious user data sharing , 2004, IEEE International Conference on Mobile Data Management, 2004. Proceedings. 2004.

[18]  Wendy E. Mackay,et al.  Triggers and barriers to customizing software , 1991, CHI.

[19]  Anind K. Dey,et al.  Who wants to know what when? privacy preference determinants in ubiquitous computing , 2003, CHI Extended Abstracts.

[20]  P. Agre,et al.  Technology and privacy: The new landscape , 1998 .

[21]  Michael Gurski,et al.  P3P and Privacy: An update for the Privacy Community , 2004 .

[22]  Lorrie Faith Cranor,et al.  The platform for privacy preferences , 1999, CACM.

[23]  Harry Hochheiser The platform for privacy preference as a social protocol: An examination within the U.S. policy context , 2002, TOIT.

[24]  Birgit Pfitzmann,et al.  Privacy in browser-based attribute exchange , 2002, WPES '02.

[25]  Lorrie Faith Cranor,et al.  Automated analysis of P3P-enabled Web sites , 2003, ICEC '03.

[26]  Herbert Burkert,et al.  Privacy-enhancing technologies: typology, critique, vision , 1997 .

[27]  William J. Kirsch,et al.  The protection of privacy and transborder flows of personal data: the work of the Council of Europe, the Organization for Economic Co-operation and Development and the European Economic Community , 1982, Legal Issues of Economic Integration.

[28]  Kim Sheehan,et al.  Toward a Typology of Internet Users and Online Privacy Concerns , 2002, Inf. Soc..

[29]  Alan Borning,et al.  Value Sensitive Design: Theory and Methods , 2002 .

[30]  Jason Catlett Open letter to P3P developers & replies , 2000, CFP '00.

[31]  Kellogg S. Booth,et al.  An evaluation of a multiple interface design solution for bloated software , 2002, CHI.

[32]  Ian Goldberg,et al.  Privacy-Enhancing Technologies for the Internet, II: Five Years Later , 2002, Privacy Enhancing Technologies.

[33]  Adil Alsaid,et al.  Detecting Web Bugs with Bugnosis: Privacy Advocacy through Education , 2002, Privacy Enhancing Technologies.

[34]  Lorrie Faith Cranor,et al.  Influencing software usage , 2000, CFP '00.

[35]  Jeffrey K. MacKie-Mason,et al.  Telephony, the Internet, and the Media , 1998 .

[36]  Fabien L. Gandon,et al.  A Semantic E-Wallet to Reconcile Privacy and Context Awareness , 2003, SEMWEB.

[37]  Anne Adams,et al.  Privacy in Multimedia Communications: Protecting Users, Not Just Data , 2001, BCS HCI/IHM.

[38]  Mark S. Ackerman,et al.  Privacy critics: UI components to safeguard users' privacy , 1999, CHI Extended Abstracts.

[39]  Lorrie Faith Cranor,et al.  Internet privacy , 1999, CACM.

[40]  Victoria Bellotti,et al.  Design for privacy in multimedia computing and communications environments , 1997 .

[41]  Lorrie Faith Cranor,et al.  Web Privacy with P3p , 2002 .

[42]  Bettina Berendt,et al.  E-privacy in 2nd generation E-commerce: privacy preferences versus actual behavior , 2001, EC '01.

[43]  Colin Potts,et al.  Privacy policies as decision-making tools: an evaluation of online privacy notices , 2004, CHI.