User interfaces for privacy agents

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

User interfaces for privacy agents

Full text

Pdf (1.82 MB)

Source

ACM Transactions on Computer-Human Interaction (TOCHI) archive
Volume 13 , Issue 2 (June 2006) table of contents

Pages: 135 - 178

Year of Publication: 2006

ISSN:1073-0516

Authors

Lorrie Faith Cranor	Carnegie Mellon University, Pittsburgh, PA
Praveen Guduru	AT&T Labs, Middletown, NJ
Manjula Arjula	AT&T Labs, Middletown, NJ

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 47, Downloads (12 Months): 378, Citation Count: 10

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1165734.1165735 What is a DOI?

ABSTRACT

Most people do not often read privacy policies because they tend to be long and difficult to understand. The Platform for Privacy Preferences (P3P) addresses this problem by providing a standard machine-readable format for website privacy policies. P3P user agents can fetch P3P privacy policies automatically, compare them with a user's privacy preferences, and alert and advise the user. Developing user interfaces for P3P user agents is challenging for several reasons: privacy policies are complex, user privacy preferences are often complex and nuanced, users tend to have little experience articulating their privacy preferences, users are generally unfamiliar with much of the terminology used by privacy experts, users often do not understand the privacy-related consequences of their behavior, and users have differing expectations about the type and extent of privacy policy information they would like to see. We developed a P3P user agent called Privacy Bird. Our design was informed by privacy surveys and our previous experience with prototype P3P user agents. We describe our design approach, compare it with the approach used in other P3P use agents, evaluate our design, and make recommendations to designers of other privacy agents.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Mark S. Ackerman , Lorrie Faith Cranor , Joseph Reagle, Privacy in e-commerce: examining user scenarios and privacy preferences, Proceedings of the 1st ACM conference on Electronic commerce, p.1-8, November 03-05, 1999, Denver, Colorado, United States [doi>10.1145/336992.336995]
	2	Mark S. Ackerman , Lorrie Cranor, Privacy critics: UI components to safeguard users' privacy, CHI '99 extended abstracts on Human factors in computing systems, May 15-20, 1999, Pittsburgh, Pennsylvania [doi>10.1145/632716.632875]
	3	Adams, A. and Sasse, M. A. 2001. Privacy in multimedia communications: Protecting users, not just data. In People and Computers XV--Interaction Without Frontiers. Joint Proceedings of HCI2001 and ICM2001, A. Blandford, J. Vanderdonkt, and P. Gray, Eds. Springer-Verlag. 49--64.
	4	Philip E. Agre, Introduction, Technology and privacy: the new landscape, MIT Press, Cambridge, MA, 1997
	5	Alsaid, A. and Martin, D. 2002. Detecting Web bugs with bugnosis: Privacy advocacy through education. In Proceedings of the 2002 Workshop on Privacy Enhancing Technologies (PET '02). http://www.cs.uml.edu/~dm/pubs/bugnosis-pet2002.ps.
	6	Victoria Bellotti, Design for privacy in multimedia computing and communications environments, Technology and privacy: the new landscape, MIT Press, Cambridge, MA, 1997
	7	Berners-Lee, T., Hendler, J., and Lassila, O. May 2001. The Semantic Web. Scientific American.
	8	Herbert Burkert, Privacy-enhancing technologies: typology, critique, vision, Technology and privacy: the new landscape, MIT Press, Cambridge, MA, 1997
	9	Simon Byers , Lorrie Faith Cranor , David Kormann, Automated analysis of P3P-enabled Web sites, Proceedings of the 5th international conference on Electronic commerce, p.326-338, September 30-October 03, 2003, Pittsburgh, Pennsylvania [doi>10.1145/948005.948048]
	10	Byers S, Cranor, L., Kormann, D., and McDaniel P. 2004. Searching for privacy: Design and implementation of a P3P-enabled search engine. In Proceedings of the 2004 Workshop on Privacy Enhancing Technologies (PET '04). Toronto, Canada, (May).
	11	Jason Catlett, Open letter to P3P developers & replies, Proceedings of the tenth conference on Computers, freedom and privacy: challenging the assumptions, p.157-164, April 04-07, 2000, Toronto, Ontario, Canada [doi>10.1145/332186.332276]
	12	Lorrie Faith Cranor, Internet privacy, Communications of the ACM, v.42 n.2, p.28-38, Feb. 1999 [doi>10.1145/293411.293440]
	13	Lorrie Faith Cranor , Lawrence Lessig, Web Privacy with P3p, O'Reilly & Associates, Inc., Sebastopol, CA, 2002
	14	Lorrie Faith Cranor , Manjula Arjula , Praveen Guduru, Use of a P3P user agent by early adopters, Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, p.1-10, November 21-21, 2002, Washington, DC [doi>10.1145/644527.644528]
	15	Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., and Reagle, J. 2002b. The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. World Wide Web Consortium Recommendation (April). http://www.w3.org/TR/P3P/.
	16	Cranor, L., Langheinrich, M., and Marchiori, M. 2002c. A P3P Preference Exchange Language 1.0 (APPEL1.0). World Wide Web Consortium Working Draft (April). http://www.w3.org/TR/WD-P3P-Preferences.
	17	Cranor, L. and Reagle, J. 1998. Designing a social protocol: Lessons learned from the platform for privacy preferences project. In Telephony, the Internet, and the Media, J. K. MacKie-Mason and D. Waterman, Eds. Lawrence Erlbaum Associates, Mahwah, NJ. http://www.w3.org/People/Reagle/articles/tprc97/tprc-f2m3.html.
	18	Cranor, L. and Reidenberg, J. 2002. Can user agents accurately represent privacy notices? TPRC 2002. http://articles.ssrn.com/sol3/articles.cfm?abstractid=328860.
	19	Cranor, L. and Wenning, R. 2002. Why P3P is a good tool for consumers and companies. GigaLaw.com. http://www.gigalaw.com/articles/2002/cranor-2002-04.html.
	20	Lorrie Faith Cranor , Rebecca N. Wright, Influencing software usage, Proceedings of the tenth conference on Computers, freedom and privacy: challenging the assumptions, p.45-55, April 04-07, 2000, Toronto, Ontario, Canada [doi>10.1145/332186.332210]
	21	Dourish, P. 2004. Security as experience and practice: Supporting everyday security. The Workshop on Usable Privacy and Security Software, Rutgers, NJ. (July). http://www.ics.uci.edu/~jpd/talks/wupss-security.pdf.
	22	Esposito, D. 1999. Helper objects: The browser the way you want it. MSDN Library (Jan.). http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebgen/html/bho.asp.
	23	Friedman, B., Kahn, P., and Borning, A. 2002. Value sensitive design: Theory and methods, UW CSE Tech. rep. 02-12-01, http://www.ischool.washington.edu/vsd/vsd-theory-methods-tr.pdf.
	24	Gandon, F. L. and Sadeh, N. M. 2003. A semantic e-wallet to reconcile privacy and context-awareness. In Proceedings of the 2nd International Semantic Web Conference (ISWC03).
	25	Georgia Tech Graphics. 1998. Visualization and usability center. GVU's 10th WWW User Survey. Available at http://www.gvu.gatech.edu/user_surveys.
	26	Goldberg, I. 2002. Privacy-enhancing technologies for the Internet II: Five years later. In PET 2002 Workshop on Privacy-Enhancing Technologies. Lecture Notes in Computer Science. Springer-Verlag, Berlin, Germany.
	27	Goldfeder, A. and Leibfried, L. 2001. Privacy in Internet Explorer 6. MSDN Library. (Oct.). http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpriv/html/ie6privacyfeature.asp.
	28	Harris, L. and Associates and Westin, A. F. 1991. Harris-Equifax Consumer Privacy Survey 1991. Equifax Inc., Atlanta GA.
	29	Harris, L. and Associates and Westin, A. F. 1998. E-commerce and Privacy: What Net Users Want. Privacy and American Business, Hackensack NJ.
	30	Hochhauser, M. 2003. Why Patients Won't Understand Their HIPAA Notices. Privacy Rights Clearinghouse. http;//www.privacyrights.org/ar/HIPAA-Readability.htm.
	31	Harry Hochheiser, The platform for privacy preference as a social protocol: An examination within the U.S. policy context, ACM Transactions on Internet Technology (TOIT), v.2 n.4, p.276-306, November 2002 [doi>10.1145/604596.604598]
	32	Hull, R., Kumar, B., Lieuwen, D., Patel-Schneider, P., Sahuguet, A., Varadarajan, S., and Vyas, A. 2003. Enabling context-aware and privacy-conscious user data sharing. In Proceedings of the 2004 IEEE International Conference on Mobile Data Management, 187--198.
	33	Carlos Jensen , Colin Potts, Privacy policies as decision-making tools: an evaluation of online privacy notices, Proceedings of the SIGCHI conference on Human factors in computing systems, p.471-478, April 24-29, 2004, Vienna, Austria [doi>10.1145/985692.985752]
	34	Poh Wah Khong , Jing Pu Song, Exploring user's emotional relationships with IT products: a structural equation model, Proceedings of the 2003 international conference on Designing pleasurable products and interfaces, June 23-26, 2003, Pittsburgh, PA, USA [doi>10.1145/782896.782908]
	35	Scott Lederer , I. Hong , K. Dey , A. Landay, Personal privacy through understanding and action: five pitfalls for designers, Personal and Ubiquitous Computing, v.8 n.6, p.440-454, November 2004 [doi>10.1007/s00779-004-0304-9]
	36	Scott Lederer , Jennifer Mankoff , Anind K. Dey, Who wants to know what when? privacy preference determinants in ubiquitous computing, CHI '03 extended abstracts on Human factors in computing systems, April 05-10, 2003, Ft. Lauderdale, Florida, USA [doi>10.1145/765891.765952]
	37	Wendy E. Mackay, Triggers and barriers to customizing software, Proceedings of the SIGCHI conference on Human factors in computing systems: Reaching through technology, p.153-160, April 27-May 02, 1991, New Orleans, Louisiana, United States [doi>10.1145/108844.108867]
	38	Malin, B. 2005. Betrayed by my shadow: Learning data identity via trail matching. J. Privacy Tech. 20050609001.
	39	McCarthy, J. D., Sasse, A. M., and Riegelsberger, J. 2003. Could I have the menu please? An eyetracking study of design conventions. In Proceedings of HCI '03. Bath, UK (Sept.).
	40	Joanna McGrenere , Ronald M. Baecker , Kellogg S. Booth, An evaluation of a multiple interface design solution for bloated software, Proceedings of the SIGCHI conference on Human factors in computing systems: Changing our world, changing ourselves, April 20-25, 2002, Minneapolis, Minnesota, USA [doi>10.1145/503376.503406]
	41	Lynette I. Millett , Batya Friedman , Edward Felten, Cookies and Web browser design: toward realizing informed consent online, Proceedings of the SIGCHI conference on Human factors in computing systems, p.46-52, March 2001, Seattle, Washington, United States [doi>10.1145/365024.365034]
	42	MSDN Library. 2002. How to create a customized privacy import file. http://msdn.microsoft.com/library/default.asp?url=/workshop/security/privacy/overview/privacyimportxml.asp.
	43	Mulligan, D., Cavoukian, A., Schwartz, A., and Gurski, M. 2000. P3P and privacy: An update for the privacy community. http://www.cdt.org/privacy/pet/p3pprivacy.shtml.
	44	Organization for Economic Co-operation and Development. 1980. Recommendation of the council concerning guide-lines governing the protection of privacy and transborder flows of personal data. Adopted by the Council Sept. 1980.
	45	Leysia Palen , Paul Dourish, Unpacking "privacy" for a networked world, Proceedings of the SIGCHI conference on Human factors in computing systems, April 05-10, 2003, Ft. Lauderdale, Florida, USA [doi>10.1145/642611.642635]
	46	Birgit Pfitzmann , Michael Waidner, Privacy in browser-based attribute exchange, Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, p.52-62, November 21-21, 2002, Washington, DC [doi>10.1145/644527.644533]
	47	Harris Interactive. 2001. Privacy Leadership Initiative. Privacy Notices Research Final Results. Conducted by Harris Intereactive (Dec.). http://www.ftc.gov/bcp/workshops/glb/supporting/harris%20results.pdf.
	48	Rodger, W. 2003. Privacy isn't public knowledge: Online policies spread confusion with legal jargon, USA Today (May 1, 2003, 3D). Available at http://www.usatoday.com/life/cyber/tech/cth818.htm.
	49	Sheehan, K. B. 2002. Toward a typology of internet users and online privacy concerns. Inform. Society, 18, 21--32.
	50	Sarah Spiekermann , Jens Grossklags , Bettina Berendt, E-privacy in 2nd generation E-commerce: privacy preferences versus actual behavior, Proceedings of the 3rd ACM conference on Electronic Commerce, p.38-47, October 14-17, 2001, Tampa, Florida, USA [doi>10.1145/501158.501163]
	51	Sweeney, L. 2001. Information explosion. In Confidentiality, Disclosure, and Data Access: Theory and Practical Applications for Statistical Agencies, L. Zayatz, P. Doyle, J. Theeuwes, and J. Lane, Eds, Urban Institute, Washington, DC. http://privacy.cs.cmu.edu/people/sweeney/explosion.html.
	52	Wenning, R., ed. 2006. The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. W3C Working Draft 5 Feb. http://www.w3.org/TR/2006/WD-P3P11-20060210/.
	53	Whitten, A. and Tygar, J. D. 1999. Why Johnny can't encrypt. In Proceedings of the 8th USENIX Secrutiy Symposium.
	54	World Wide Web Consortium. 1997. FTC Comment: Script of W3C P3 Prototype (June). http://www.w3.org/Talks/970612-ftc/ftc-sub.html.

CITED BY 10

	Giovanni Iachello , Jason Hong, End-user privacy in human-computer interaction, Foundations and Trends in Human-Computer Interaction, v.1 n.1, p.1-137, January 2007
	Lorrie Faith Cranor , Serge Egelman , Steve Sheng , Aleecia M. McDonald , Abdur Chowdhury, P3P deployment on websites, Electronic Commerce Research and Applications, v.7 n.3, p.274-293, November, 2008
	Takao Kojima , Yukio Itakura, Proposal of privacy policy matching engine, Proceedings of the 4th ACM workshop on Digital identity management, October 31-31, 2008, Alexandria, Virginia, USA
	Robert W. Reeder , Patrick Gage Kelley , Aleecia M. McDonald , Lorrie Faith Cranor, A user study of the expandable grid applied to P3P privacy policy visualization, Proceedings of the 7th ACM workshop on Privacy in the electronic society, October 27-27, 2008, Alexandria, Virginia, USA
	Ian K. Reay , Patricia Beatty , Scott Dick , James Miller, A Survey and Analysis of the P3P Protocol's Agents, Adoption, Maintenance, and Future, IEEE Transactions on Dependable and Secure Computing, v.4 n.2, p.151-164, April 2007
	Patricia Beatty , Ian Reay , Scott Dick , James Miller, P3P Adoption on E-Commerce Web sites: A Survey and Analysis, IEEE Internet Computing, v.11 n.2, p.65-71, March 2007
	Laura Falk , Atul Prakash , Kevin Borders, Analyzing websites for user-visible security design flaws, Proceedings of the 4th symposium on Usable privacy and security, July 23-25, 2008, Pittsburgh, Pennsylvania
	I. Reay , S. Dick , J. Miller, An analysis of privacy signals on the World Wide Web: Past, present and future, Information Sciences: an International Journal, v.179 n.8, p.1102-1115, March, 2009
	Ian Reay , Scott Dick , James Miller, A large-scale empirical study of P3P privacy policies: Stated actions vs. legal obligations, ACM Transactions on the Web (TWEB), v.3 n.2, p.1-34, April 2009
	Serge Egelman , Janice Tsai , Lorrie Faith Cranor , Alessandro Acquisti, Timing is everything?: the effects of timing and placement of online privacy indicators, Proceedings of the 27th international conference on Human factors in computing systems, April 04-09, 2009, Boston, MA, USA