Personal and Ubiquitous Computing

, Volume 8, Issue 6, pp 440–454 | Cite as

Personal privacy through understanding and action: five pitfalls for designers

  • Scott Lederer
  • Jason I. Hong
  • Anind K. Dey
  • James A. Landay
Original Article

Abstract

To participate in meaningful privacy practice in the context of technical systems, people require opportunities to understand the extent of the systems’ alignment with relevant practice and to conduct discernible social action through intuitive or sensible engagement with the system. It is a significant challenge to design for such understanding and action through the feedback and control mechanisms of today’s devices. To help designers meet this challenge, we describe five pitfalls to beware when designing interactive systems—on or off the desktop—with personal privacy implications. These pitfalls are: (1) obscuring potential information flow, (2) obscuring actual information flow, (3) emphasizing configuration over action, (4) lacking coarse-grained control, and (5) inhibiting existing practice. They are based on a review of the literature, on analyses of existing privacy-affecting systems, and on our own experiences in designing a prototypical user interface for managing privacy in ubiquitous computing. We illustrate how some existing research and commercial systems—our prototype included—fall into these pitfalls and how some avoid them. We suggest that privacy-affecting systems that heed these pitfalls can help users appropriate and engage them in alignment with relevant privacy practice.

Keywords

Privacy Interaction design Design guidelines Ubiquitous computing 

References

  1. 1.
    Bellotti V, Sellen A (1993) Design for privacy in ubiquitous computing environments. In: Proceedings of the 3rd European conference on computer supported cooperative work (ECSCW’93), Milano, Italy, September 1993, pp 77–92Google Scholar
  2. 2.
    Langheinrich M (2001) Privacy by design—principles of privacy-aware ubiquitous systems. In: Proceedings of the 3rd international conference on ubiquitous computing (Ubicomp 2001), Atlanta, Georgia, September/October 2001, pp 273–291Google Scholar
  3. 3.
    Palen L, Dourish P (2003) Unpacking “privacy” for a networked world. In: Proceedings of the CHI 2003 conference on human factors in computing systems, Fort Lauderdale, Florida, April 2003, pp 129–136Google Scholar
  4. 4.
    Jiang X, Hong JI, Landay JA (2002) Approximate information flows: socially-based modeling of privacy in ubiquitous computing. In: Proceedings of the 4th international conference on ubiquitous computing (Ubicomp 2002), Göteborg, Sweden, September/October 2002, pp 176–193Google Scholar
  5. 5.
    Taylor H (2003) Most people are “privacy pragmatists” who, while concerned about privacy, will sometimes trade it off for other benefits. Harris Interactive Survey, Rochester, New YorkGoogle Scholar
  6. 6.
    Cranor L, Reagle J, Ackerman MS (2000) Beyond concern: understanding net users’ attitudes about online privacy. In: Vogelsang I, Compaine BM (eds) The internet upheaval: raising questions, seeking answers in communications policy. MIT Press, Cambridge, Massachusetts, pp 47–70Google Scholar
  7. 7.
    Turow J (2003) Americans and online privacy: the system is broken. Annenberg Public Policy Center, University of Pennsylvania, PhiladelphiaCrossRefPubMedGoogle Scholar
  8. 8.
    Harper RHR, Lamming MG, Newman WH (1992) Locating systems at work: implications for the development of active badge applications. Interact Comput 4(3):343–363CrossRefGoogle Scholar
  9. 9.
    Kaasinen E (2003) User needs for location-aware mobile services. Pers Ubiquit Comput 7(1):70–79CrossRefGoogle Scholar
  10. 10.
    Lederer S, Mankoff J, Dey AK (2003) Who wants to know what when? Privacy preference determinants in ubiquitous computing. In: Extended abstracts of the CHI 2003 conference on human factors in computer systems, Fort Lauderdale, Florida, April 2003, pp 724–725Google Scholar
  11. 11.
    Palen L (1999) Social, individual and technological issues for groupware calendar systems. In: Proceedings of the CHI’99 conference on human factors in computing systems, Pittsburgh, Pennsylvania, May 1999, pp 17–24Google Scholar
  12. 12.
    Adams A (2000) Multimedia information changes the whole privacy ballgame. In: Proceedings of the conference on computers, freedom, and privacy (CFP 2000), Toronto, Canada, April 2000, pp 25–32Google Scholar
  13. 13.
    Beckwith R (2003) Designing for ubiquity: the perception of privacy. IEEE Pervasive 2(2):40–46CrossRefGoogle Scholar
  14. 14.
    Whitten A, Tygar JD (1999) Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: Proceedings of the 8th USENIX security symposium, Washington, DC, August 1999Google Scholar
  15. 15.
    Good NS, Krekelberg A (2003) Usability and privacy: a study of Kazaa P2P file-sharing. In: Proceedings of the CHI 2003 conference on human factors in computing systems, Fort Lauderdale, Florida, April 2003, pp 137–144Google Scholar
  16. 16.
    Lederer S, Mankoff J, Dey AK, Beckmann C (2003) Managing personal information disclosure in ubiquitous computing environments. Technical report CSD-03-1257. University of California, Berkeley, CaliforniaGoogle Scholar
  17. 17.
    Westin A (1995) Privacy in America: an historical and socio-political analysis. In: Proceedings of the national privacy and public policy symposium, Hartford, Connecticut, November 1995Google Scholar
  18. 18.
    Gellman R (1998) Does privacy law work? In: Agre PE, Rotenberg M (eds) Technology and privacy: the new landscape. MIT Press, Cambridge, Massachusetts, pp 193–218Google Scholar
  19. 19.
    Westin A (1967) Privacy and freedom. Atheneum, New YorkGoogle Scholar
  20. 20.
    Altman I (1975) The environment and social behavior: privacy, personal space, territory, and crowding. Brooks/Cole Publishing, Monterey, CaliforniaGoogle Scholar
  21. 21.
    Norman DA (1988) The design of everyday things. Basic Books, New YorkGoogle Scholar
  22. 22.
    Weiser M (1991) The computer for the twenty-first century. Sci Am 265(3):94–104Google Scholar
  23. 23.
    Bellotti V, Back M, Edwards WK, Grinter RE, Henderson A, Lopes C (2002) Making sense of sensing systems: five questions for designers and researchers. In: Proceedings of the CHI 2002 conference on human factors in computing systems, Minneapolis, Minnesota, April 2002, pp 415–422Google Scholar
  24. 24.
    Goffman E (1956) The presentation of self in everyday life. Doubleday, New YorkGoogle Scholar
  25. 25.
    Langheinrich M (2002) A privacy awareness system for ubiquitous computing environments. In: Proceedings of the 4th international conference on ubiquitous computing (Ubicomp 2002), Göteborg, Sweden, September/October 2002, pp 237–245Google Scholar
  26. 26.
    Adams A, Sasse MA (1999) Taming the wolf in sheep’s clothing: privacy in multimedia communications. In: Proceedings of the 7th ACM international conference on multimedia, Orlando, Florida, October/November 1999, pp 101–107Google Scholar
  27. 27.
    boyd d (2002) Faceted id/entity: managing representation in a digital world. MS thesis, Massachusetts Institute of Technology, MassachusettsGoogle Scholar
  28. 28.
    Phillips DJ (2002) Context, identity, and privacy in ubiquitous computing environments. In: Workshop on socially-informed design of privacy-enhancing solutions in the 3rd international conference on ubiquitous computing (Ubicomp 2002), Göteborg, Sweden, September/October 2002Google Scholar
  29. 29.
    Reang P (2002) Dozens of nurses in Castro Valley balk at wearing locators. Mercury News, San Jose, 6 September 2002Google Scholar
  30. 30.
    Baertlein L (2004) California lawmaker’s moves to block Google’s gmail. Reuters, 12 April 2004Google Scholar
  31. 31.
    Millett LI, Friedman B, Felten E (2001) Cookies and Web browser design: toward realizing informed consent online. In: Proceedings of the CHI 2001 conference on human factors in computing systems, Seattle, Washington, April 2001, pp 46–52Google Scholar
  32. 32.
    Friedman B, Howe DC, Felten EW (2002) Informed consent in the Mozilla browser: implementing value-sensitive design. In: Proceedings of the 35th annual Hawaii international conference on system sciences (HICSS-35 2002), Hawaii, January 2002Google Scholar
  33. 33.
    Mackay WE (1991) Triggers and barriers to customizing software. In: Proceedings of the CHI’91 conference on human factors in computing systems, New Orleans, Louisiana, April/May 1991, pp 153–160Google Scholar
  34. 34.
    Jendricke U, Gerd tom Markotten D (2000) Usability meets security—the identity-manager as your personal security assistant for the internet. In: Proceedings of the 16th annual computer security applications conference (ACSAC 2000). New Orleans, Louisiana, December 2000, pp 344–355Google Scholar
  35. 35.
    Hull R, Kumar B, Lieuwen D, Patel-Schneider P, Sahuguet A, Varadarajan S, Vyas A (2004) Enabling context-aware and privacy-conscious user data sharing. In: Proceedings of the IEEE international conference on mobile data management (MDM 2004), Berkeley, California, January 2004Google Scholar
  36. 36.
    Dey AK, Salber D, Abowd GD (2001) A conceptual framework and a toolkit for supporting the rapid prototyping of context-aware applications. Hum Comput Interact 16(2–4):97–166CrossRefGoogle Scholar
  37. 37.
    Foucault M (1977) Discipline and punish. Vintage Books, New YorkGoogle Scholar
  38. 38.
    Cadiz J, Gupta A (2001) Privacy interfaces for collaboration. Technical report MSR-TR-2001-82, Microsoft Corporation, Redmond, WashingtonGoogle Scholar
  39. 39.
    Jancke G, Venolia GD, Grudin J, Cadiz JJ, Gupta A (2001) Linking public spaces: technical and social issues. In: Proceedings of the CHI 2001 conference on human factors in computing systems, Seattle, Washington, April 2001, pp 530–537Google Scholar
  40. 40.
    Nardi BA, Whittaker S, Bradner E (2000) Interaction and outeraction: instant messaging in action. In: Proceedings of the conference on computer supported cooperative work (CSCW 2000), Philadelphia, Pennsylvania, December 2000, pp 79–88Google Scholar
  41. 41.
    Woodruff A, Aoki PM (2003) How push-to-talk makes talk less pushy. In: Proceedings of the international conference on supporting group work (GROUP 2003), Sanibel Island, Florida, November 2003, pp 170–179Google Scholar
  42. 42.
    Suchman L (1997) Do categories have politics? The language/action perspective reconsidered. In: Friedman B (ed) Human values and the design of computer technology. Center for the study of language and information, Stanford, California, pp 91–106Google Scholar
  43. 43.
    Ackerman MS (2000) The intellectual challenge of CSCW: the gap between social requirements and technical feasibility. Hum Comput Interact 15(2/3):181–203Google Scholar
  44. 44.
    Green N, Lachoee H, Wakeford N (2001) Rethinking queer communications: mobile phones and beyond. In: Proceedings of the sexualities, medias and technologies conference: theorizing old and new practices, Surrey, UK, June 2001Google Scholar
  45. 45.
    boyd d (2004) Friendster and publicly articulated social networks. In: Extended abstracts of the CHI 2004 conference on human factors in computing systems, Vienna, Austria, April 2004Google Scholar
  46. 46.
    Siewiorek D, Smailagic A, Furukawa J, Krause A, Moraveji N, Reiger K, Shaffer J, Wong F (2003) SenSay: a context-aware mobile phone. In: Proceedings of the IEEE international symposium on wearable computers, White Plains, New York, October 2003Google Scholar
  47. 47.
    Boyle M, Edwards C, Greenberg S (2000) The effects of filtered video on awareness and privacy. In: Proceedings of the conference on computer supported cooperative work (CSCW 2000), Philadelphia, Pennsylvania, December 2000, pp 1–10Google Scholar
  48. 48.
    Hudson SE, Smith I (1996) Techniques for addressing fundamental privacy and disruption tradeoffs in awareness support systems. In: Proceedings of the conference on computer supported cooperative work (CSCW’96), Boston, Massachusetts, November 1996, pp 248–257Google Scholar

Copyright information

© Springer-Verlag London Limited 2004

Authors and Affiliations

  • Scott Lederer
    • 1
  • Jason I. Hong
    • 1
  • Anind K. Dey
    • 1
    • 2
  • James A. Landay
    • 3
    • 4
  1. 1.Group for User Interface Research, Computer Science DivisionUniversity of CaliforniaBerkeleyUSA
  2. 2.Intel ResearchBerkeleyUSA
  3. 3.DUB Group, Department of Computer Science and EngineeringUniversity of WashingtonSeattleUSA
  4. 4.Intel ResearchSeattleUSA

Personalised recommendations