From privacy methods to a privacy toolbox: Evaluation shows that heuristics are complementary

ACM Transactions on Computer-Human Interaction

Volumn 15, Issue 2, 2008, Pages

  Iachello, Giovanni ^a   Abowd, Gregory D ^a  

^a GEORGIA INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

Design methods; Privacy; Proportionality; Requirements analysis; Risk analysis; Social issues; Ubiquitous computing

Indexed keywords

BALANCE (WEIGHTING); COMPREHENSIVE DESIGNS; DATA PROTECTION; DESIGN METHODS; HCI PRACTITIONERS; IT APPLICATIONS;

ELECTRIC CURRENTS; PROCESS DESIGN; PROCESS ENGINEERING;

HEURISTIC METHODS;

EID: 47249131693     PISSN: 10730516     EISSN: 15577325     Source Type: Journal    
DOI: 10.1145/1375761.1375763     Document Type: Article

References (59)

1. ACKERMAN, M. S. AND MAINWARING, S. D. 2005. Privacy issues and human-computer interaction. In Security and Usability: Designing Secure Systems That People Can Use, S. Garfinkel and L. Cranor, Eds. O'Reilly, Sebastopol, CA, 381-400.
2. ACKERMAN, M. S., STARR, B., HINDUS, D., AND MAINWARING, S. D. 1997. Hanging on the 'wire: A field study of an audio-only media space. ACM Trans. Comput.-Hum. Interact. 4, 1.
3. AHMED, S., WALLACE,K.,ANDBLESSING,L. 2003. Understanding the differences between how novice and experienced designers aapproach design tasks. Resear. Engin. Design 14, 1, 1-11.
4. ALEXANDER, C. 1977. A Pattern Language: Towns, Buildings, Construction. Oxford University Press.
5. ALTMAN, I. 1975. The Environment and Social Behavior - Privacy, Personal Space, Territory, Crowding. Brooks/Cole Publishing Company, Monterey, CA.
6. ALTMAN, I. 1977. Privacy regulation: Culturally universal or culturally specific?. J. Soc. Iss. 33, 3, 66-84.
7. ASSOCIATION FOR COMPUTING MACHINERY. ACM code of ethics. http://www.acm.org/serving/ ethics.html.
8. BASKERVILLE, R. 1993. Information systems security design methods: Implications for information systems development. ACM Comput. Surv. 25, 4, 375-414.
9. BELLOTTI, V. AND SELLEN, A. 1993. Design for privacy in ubiquitous computing environments. In Proceedings of the 3rd European Conference on Computer Supported Cooperative Work (ECSCW'93). Kluwer Academic Publishers.
10. BERLEUR, J. AND BRUNNSTEIN, K., Eds. 1996. Ethics of Computing: Codes, Spaces for Discussion and Law. Chapman & Hall, London, UK.
11. BOEHM, B. W., BOSE, P., HOROWITZ, E., AND LEE, M. J. 1994. Software requirements as negotiated win conditions. In Proceedings of the 1st International Conference on Requirements Engineering. IEEE Press, 74-83.
12. CHUNG, E., HONG, J., LIN, J., PRABAKER, M., LANDAY, J., AND LIU, A. 2004. Development and evaluation of emerging design patterns for ubiquitous computing. In Proceedings of the Conference on Designing Interactive Systems. ACM Press, 233-242.
13. COMPUTER SCIENCE AND TECHNOLOGY BOARD. 1990. Scaling up: A research agenda for software engineering. Com. ACM 33, 3, 281-293.
14. COUNCIL OF EUROPE 1950. The European Convention on Human Rights. Rome, Italy.
15. DEITZ, P. AND YERAZUNIS, W. 2001. Real-time audio buffering for telephone applications. In Proceedings of the Annual ACM Symposium on User Interface Software and Technology. ACM Press, 193-194.
16. DOURISH, P. AND ANDERSON, K. 2005. Privacy, Security ... and Risk and Danger and Secrecy and Trust and Morality and Identity and Power: Understanding Collective Information Practices. Tech. rep. UCI-ISR-05-1. Institute for Software Research, University of California at Irvine.
17. ETZIONI, A. 1999. The Limits of Privacy. Basic Books, NY.
18. EU DIRECTIVE. 1995. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data. Official Journal of the European Communities L281, 31-50.
19. EUROPEAN COMMISSION ARTICLE 29 WORKING PARTY. 2004. Opinion 4/2004 on the Processing of Personal Data by Means of Video Surveillance. 11750/02/EN WP 89.
20. FALLMAN, D. 2003. Design-oriented human-computer interaction. In Proceedings of the Conference on Human Factors in Computing Systems (CHI'03). ACM Press, 225-232.
21. FRIEDMAN, B. 1996. Value-sensitive design. Interac.: New Visions Hum.-Comput. Interact. 3, 6, 17-23.
22. GARFINKEL,S. 2002. Adopting fair information practicestolow cost RFID systems. In Proceedings of the Ubiquitous Computing Privacy Workshop.
23. GEMMELL, J., WILLIAMS, L., WOOD, K., LUEDER, R., AND BELL, G. 2004. Passive capture and ensuing issues for a personal lifetime store. In Proceedings of the ACM Workshop on Continous Archival and Retrieval of Personal Experiences (CARPE'04). ACM Press, 48-55.
24. GREENE, T. C. 2005. Lexis Nexis data breach far worse than reported. The Register, 4/13/05.
25. HAYES, G. R., PATEL, S. N., TRUONG, K. N., IACHELLO, G., KIENTZ, J. A., FARMER, R., AND ABOWD, G. D. 2004. The personal audio loop: Designing a ubiquitous audio-based memory aid. In Proceedings of Mobile HCI. Lecture Notes in Computer Science, vol. 3160, Springer Verlag, 168-179.
26. HILTY, L. M., SOM, C., AND KÖHLER, A. 2004. Assessing the human, social and environmental risks of pervasive computing. Hum. Ecolog. Risk Assess. 10, 853-874.
27. HINDUS, D. AND SCHMANDT, C. 1992. Ubiquitous audio: Capturing spontaneous collaboration. In Proceedings of the ACM Conference on Computer-Supported Cooperative Work (CSCW'92). ACM Press, 210-217.
28. HIPAA. 1999. United States Health Insurance Portability and Accountability Act. 42 USC 1179.
29. HONG, J., NG, J. D., LEDERER, S., AND LANDAY, J. A. 2004. Privacy risk models for designing privacy-sensitive ubiquitous computing systems. In Proceedings of the Symposium on Designing Interactive Systems (DIS'04). ACM Press, 91-100.
30. IACHELLO, G. 2006. Privacy and proportionality. PhD Dissertation. College of Computing, Georgia Institute of Technology, Atlanta, GA. http://etd.gatech.edu.
31. IACHELLO, G. AND ABOWD, G. D. 2005a. An evaluation of the comprehensibility and usability of a design method for ubiquitous computing applications. GVU Tech. rep. GIT-GVU-05-32, Georgia Institute of Technology, Atlanta, GA.
32. IACHELLO, G. AND ABOWD, G. D. 2005b. Privacy and proportionality: Adapting legal evaluation techniques to inform designin ubiquitous computing. In Proceedings of the Conference on Human Factors in Computer System (CHI'05). ACM Press, 91-100.
33. IACHELLO, G., SMITH, I., CONSOLVO, S., CHEN, M., AND ABOWD, G. D. 2005. Developing privacy guidelines for social location disclosure applications and services. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS). ACM Press, 65-76.
34. IACHELLO, G., TRUONG, K. N., ABOWD, G. D., HAYES, G. R., AND STEVENS, M. 2006. Experience prototyping and sampling to evaluate ubicomp privacy in the real world. In Proceedings of the Conference on Human Factors in Computer System (CHI'06). ACM Press.
35. INTERNATIONAL ORGANIZATION FOR STANDARDIZATION/INTERNATIONAL ELECTROTECHNICAL COMMISSION 2000a. IS 15408: Common Criteria for Information Technology Security Evaluation.
36. INTERNATIONAL ORGANIZATION FOR STANDARDIZATION/INTERNATIONAL ELECTROTECHNICAL COMMISSION 2000b. IS 17799:2000 Information Technology - Code of Practice for Information Security Management.
37. JENSEN, C. 2005. Designing for privacy in interactive systems. PhD. Dissertation. Georgia Institute of Technology, College of Computing, Atlanta, GA. http://etd.gatech.edu.
38. JENSEN, C., TULLIO, J., POTTS, C., AND MYNATT, E. D. 2005. Strap: A structured analysis framework for privacy. GVU Tech. rep. 05-02. Georgia Institute of Technology, Atlanta, GA.
39. JUNESTRAND, S., KEIJER, U., AND TOLLMAR, K. 2001. Private and public digital domestic spaces. Int. J. Hum.-Comput. Studi. 54, 5, 753-778.
40. 2 Survey Results. Auburn University, Auburn, AL.
41. LANGHEINRICH, M. 2001. Privacy bydesign - Principlesof privacy-aware ubiquitous systems. Lecture Notes in Computer Science, vol. 2201, Springer Verlag, 273-291.
42. MACLEAN, A., YOUNG, R. M., AND MORAN, T. P. 1989. Design rationale: The argument behind the artifact. In Proceedings of the Conference on Human Factors in Computing Systems (CHI'89). ACM Press, 247-252.
43. NIELSEN, J. 1993. Usability Engineering. Academic Press, Boston, MA.
44. NIELSEN, J. AND MACK, R. L., Eds. 1994. Usability Inspection Methods. John Wiley & Sons, New York, NY.
45. NORMAN, D. 1990. The Design of Everyday Things. Currency Press.
46. ORGANIZATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT 1980. Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.
47. PALEN, L. AND DOURISH, P. 2003. Unpacking "privacy" for a networked world. CHI Lett. 5, 1, 129-136.
48. PATRICK, A. S. AND KENNY, S. 2003. From privacy legislation to interface design: Implementing information privacy in human-computer interactions. Lecture Notes in Computer Science, vol. 2760. Springer Verlag, 107-124.
49. PRIVACY & AMERICAN BUSINESS 2003. Consumer privacy attitudes: A major shift since 2000 and why. Privacy Amer. Bus. News. 10, 6.
50. RANNENBERG, K. 1993. Recent development in information technology security evaluation - the need for evaluation criteria for multilateral security. In Proceedings of the Conference on Security and Control of Information Technology in Society - Proceedings of the IFIP TC9/WG 9.6 Working Conference. North-Holland, Amsterdam, 113-128.
51. REGLI, W. C., HU, X., ATWOOD, M., AND SUN, W. 2000. A survey of design rationale systems: Approaches, representation capture and retrieval. Eng. Comput. 16, 209-235.
52. SCALET, S. D. 2005. The five most shocking things about the choice point debacle. CSO Mag. 5/01/05.
53. SMITH, A. D. AND OFFODILE, F. 2002. Information management of automatic data capture: An overview of technical developments. Inform. Manag. Comput. Secur. 10, 3, 109-118.
54. SONG, X. AND OSTERWEIL, L. J. 1992. Toward objective, systematic design-method comparisons. IEEE Softw. 9, 3, 43-53.
55. SUTCLIFFE, A. 2000. On the effective use and reuse of HCI knowledge. In Human-Computer Interaction in the New Millennium. J. M. Carroll, Ed. ACM Press, 3-29.
56. TREASURY BOARD OF THE GOVERNMENT OF CANADA. 2002. Privacy impact assessment policy. http://www.tbs-sct.gc. ca/pubs_pol/ciopubs/pia-pefr/siglist_e.asp. Last accessed: 8/1/2006.
57. UNITED STATES DEPARTMENT OF HEALTH EDUCATION AND WELFARE. 1973. Records, computers and the rights of Citizens, Report of the Secretary's Advisory Committee on Automated Personal Data Systems.
58. VEMURI, S., SCHMANDT, C., BENDER, W., TELLEX, S., AND LASSEY, B. 2004. An audio-based personal memory aid. Lecture Notes in Computer Science, vol. 3205, Springer Verlag, 400-417.
59. VENKATESH, V., MORRIS, M. G., DAVIS, G. B., AND DAVIS, F. D. 2003. User acceptance of information technology: Toward a unified view. MIS Quarterly 27, 3, 425-478.