The role of policy and stakeholder privacy values in requirements engineering

Diverse uses of information technology (IT) in organizations affect privacy. Developers of electronic commerce, database management, security mechanisms, telecommunication and collaborative systems should be aware of these effects and acknowledge the need for early privacy planning during the requirements definition activity. Public concerns about the collection of personal information by consumer-based Web sites have led most organizations running such sites to establish and publish privacy policies. However, these policies often fail to align with prevalent societal values on one hand and the operational functioning of Web-based applications on the other. Assuming that such misalignments stem from imperfect appreciation of consequences and not an intent to deceive, we discuss concepts, tools and techniques to help requirements engineers and IT policy makers bring policies and system requirements into better alignment. Our objective is to encourage RE researchers and practitioners to adopt a more holistic view of application and system specification, in which a system or application is seen as an engine of policy enforcement and values attainment.

[1]  H. Jeff Smith,et al.  Information Privacy: Measuring Individuals' Concerns About Organizational Practices , 1996, MIS Q..

[2]  Kenneth S. Rubin Object behavior analysis , 1992, CACM.

[3]  John Hampton Dempster Inconsistency Identification and Resolution in Goal-Driven Requirements Analysis. , 2000 .

[4]  Lutz E. Schlange Scenarios: The art of strategic conversation , 1997 .

[5]  Mark L. Johnson Moral Imagination: Implications of Cognitive Science for Ethics , 1993 .

[6]  Charles Richter,et al.  Developing initial OOA models , 1993, Proceedings of 1993 15th International Conference on Software Engineering.

[7]  Ana I. Anton,et al.  Goal identification and refinement in the specification of software-based information systems , 1997 .

[8]  Anthony M. Townsend,et al.  The threat of long-arm jurisdiction to electronic commerce , 1998, CACM.

[9]  Allen Newell,et al.  The psychology of human-computer interaction , 1983 .

[10]  Colette Rolland,et al.  Experience with goal-scenario coupling in requirements engineering , 1999, Proceedings IEEE International Symposium on Requirements Engineering (Cat. No.PR00188).

[11]  Ivar Jacobson,et al.  Object-oriented software engineering - a use case driven approach , 1993, TOOLS.

[12]  Fay Cobb Payton,et al.  Privacy of medical records: IT implications of HIPAA , 2000, CSOC.

[13]  Annie I. Antón,et al.  The use of goals to surface requirements for evolving systems , 1998, Proceedings of the 20th International Conference on Software Engineering.

[14]  Rebecca Wirfs-Brock,et al.  Designing objects and their interactions: a brief look at responsibility-driven design , 1995 .

[15]  J. Alexander,et al.  Images of Organization , 1988 .

[16]  Helen M. Edwards,et al.  Problem frames: analyzing and structuring software development problems , 2002, Softw. Test. Verification Reliab..

[17]  Roel Wieringa,et al.  Deontic logic: a concise overview , 1994 .

[18]  Z Hudson,et al.  Privacy: report on the privacy policies and practices of health web sites. , 2000, Professional ethics report : newsletter of the American Association for the Advancement of Science, Committee on Scientific Freedom & Responsibility, Professional Society Ethics Group.

[19]  S. Vereza Philosophy in the flesh: the embodied mind and its challenge to Western thought , 2001 .

[20]  Peter Schwartz,et al.  The art of the long view , 1991 .

[21]  Aldo Dagnino,et al.  Deriving Goals from a Use-Case Based Requirements Specification , 2001, Requirements Engineering.

[22]  Charles Higgins Kepner,et al.  The Rational Manager: A Systematic Approach to Problem Solving and Decision-Making , 1965 .

[23]  Neil A. M. Maiden,et al.  Bridging the requirements gap: policies, goals and domains , 1993, Proceedings of 1993 IEEE 7th International Workshop on Software Specification and Design.

[24]  Colette Rolland,et al.  Guiding Goal Modeling Using Scenarios , 1998, IEEE Trans. Software Eng..

[25]  Colin Potts Metaphors of intent , 2001, Proceedings Fifth IEEE International Symposium on Requirements Engineering.

[26]  Philippe Massonet,et al.  Goal-directed elaboration of requirements for a meeting scheduler: problems and lessons learnt , 1995, Proceedings of 1995 IEEE International Symposium on Requirements Engineering (RE'95).

[27]  Gill Ringland,et al.  Scenario Planning: Managing for the Future , 1998 .

[28]  Stephen Fickas,et al.  Goal-Directed Requirements Acquisition , 1993, Sci. Comput. Program..

[29]  Nathaniel S. Borenstein Perils and pitfalls of practical cybercommerce , 1996, CACM.

[30]  Michael Jackson,et al.  Four dark corners of requirements engineering , 1997, TSEM.

[31]  Barry Kirwan,et al.  A Guide to Practical Human Reliability Assessment , 1994 .

[32]  Colin Potts,et al.  Using schematic scenarios to understand user needs , 1995, Symposium on Designing Interactive Systems.

[33]  Axel van Lamsweerde,et al.  Integrating obstacles in goal-driven requirements engineering , 1998, Proceedings of the 20th International Conference on Software Engineering.

[34]  Anthony Finkelstein,et al.  Building formal specifications using structured common sense , 1987 .

[35]  John P. McDermott,et al.  Using abuse case models for security requirements analysis , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[36]  Annie I. Antón,et al.  A Representational Framework for Scenarios of System Use , 1998, Requirements Engineering.

[37]  Matthias Jarke,et al.  Scenario Management: An Interdisciplinary Approach , 1998, Requirements Engineering.

[38]  Sharman Lichtenstein,et al.  Developing Internet security policy for organizations , 1997, Proceedings of the Thirtieth Hawaii International Conference on System Sciences.

[39]  Patty Curthoys,et al.  Developing user interfaces: Ensuring usability through product and process , 1997 .

[40]  M. Waltre Scenario Analysis: An Approach t o Organisational Learning , 1996 .

[41]  Annie I. Antón,et al.  Goal Decomposition and Scenario Analysis in Business Process Reengineering , 1994, CAiSE.

[42]  Matthias Jarke,et al.  Scenarios in System Development: Current Practice , 1998, IEEE Softw..

[43]  H. Rex Hartson,et al.  Developing user interfaces: ensuring usability through product & process , 1993 .

[44]  Annie I. Antón,et al.  Strategies for Developing Policies and Requirements for Secure and Private Electronic Commerce , 2001, E-Commerce Security and Privacy.

[45]  David Hume A Treatise of Human Nature: Being an Attempt to introduce the experimental Method of Reasoning into Moral Subjects , 1972 .

[46]  Roger Clarke,et al.  Internet privacy concerns confirm the case for intervention , 1999, CACM.

[47]  Mark S. Ackerman,et al.  Beyond Concern: Understanding Net Users' Attitudes About Online Privacy , 1999, ArXiv.

[48]  William N. Robinson,et al.  Electronic brokering for assisted contracting of software applets , 1997, Proceedings of the Thirtieth Hawaii International Conference on System Sciences.