| A user study of the expandable grid applied to P3P privacy policy visualization |
| Full text |
 Pdf
(424 KB)
|
Source
|
Conference on Computer and Communications Security
archive
Proceedings of the 7th ACM workshop on Privacy in the electronic society
table of contents
Alexandria, Virginia, USA
SESSION: Usability
table of contents
Pages 45-54
Year of Publication: 2008
ISBN:978-1-60558-289-4
|
|
Authors
|
|
Robert W. Reeder
|
Microsoft, Redmond, WA, USA
|
|
Patrick Gage Kelley
|
Carnegie Mellon University, Pittsburgh, PA, USA
|
|
Aleecia M. McDonald
|
Carnegie Mellon University, Pittsburgh, PA, USA
|
|
Lorrie Faith Cranor
|
Carnegie Mellon University, Pittsburgh, PA, USA
|
|
| Sponsors |
|
| Publisher |
|
| Bibliometrics |
Downloads (6 Weeks): 16, Downloads (12 Months): 109, Citation Count: 2
|
|
|
 ABSTRACT
Displaying website privacy policies to consumers in ways they understand is an important part of gaining consumers' trust and informed consent, yet most website privacy policies today are presented in confusing, legalistic natural language. Moreover, because website privacy policy presentations vary from website to website, policies are difficult to compare and it is difficult for consumers to determine which websites offer the best privacy protections. The Platform for Privacy Preferences P3P) addresses part of the problem with natural language policies by providing a formal, machine-readable language for expressing privacy policies in a manner that is standardized across websites. To address remaining problems, an automated tool must be developed to read P3P policies and display them to users in a comprehensible way. To this end, we have developed a P3P policy presentation tool based on the Expandable Grid, a visualization technique for displaying policies in an interactive matrix. In prior work, the Expandable Grid has been shown to work well for displaying file permissions policies, so it appears to hold promise for presenting online privacy policies as well. To evaluate our Expandable Grid interface, we conducted two user studies, an online study with 520 participants and a laboratory study with 12 participants. The studies compared participants' comprehension of privacy policies presented with the Grid interface with their comprehension of the same policies presented in natural language. To our surprise, comprehension of policies was, for the most part, no better with the Grid interface than with natural language. We describe why the Grid interface did not perform well in our study and discuss implications for when and how the Expandable Grid concept can be usefully applied.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
Annie I. Anton , Julia B. Earp , Qingfeng He , William Stufflebeam , Davide Bolchini , Carlos Jensen, Financial Privacy Policies and the Need for Standardization, IEEE Security and Privacy, v.2 n.2, p.36-45, March 2004
[doi> 10.1109/MSECP.2004.1281243]
|
| |
2
|
M. Brown and R. Muchira. Taxonomy of con icts in network security policies. IEEE Communications, 5(1):62--70, March 2004.
|
| |
3
|
Center for Information Policy Leadership. Ten steps to develop a multilayered privacy policy, 2007. Available at http://www.hunton.com/files/tbl_s47Details%5CFileUpload265%5C1405%5CTen_Steps_whitepaper. pdf. Accessed May 19, 2008.
|
| |
4
|
L. Cranor, B. Dobbs, S. Egelman, G. Hogben, J. Humphrey, M. Schunter, D. A. Stampley, and R. Wenning. The Platform for Privacy Preferences 1.1 (P3P1.1) specification. W3C Recommendation, November 2006. Available at http://www.w3.org/TR/P3P11/. Accessed May 19, 2008.
|
| |
5
|
Lorrie Faith Cranor , Serge Egelman , Steve Sheng , Aleecia M. McDonald , Abdur Chowdhury, P3P deployment on websites, Electronic Commerce Research and Applications, v.7 n.3, p.274-293, November, 2008
[doi> 10.1016/j.elerap.2008.04.003]
|
| |
6
|
L. Cranor, M. Langheinrich, M. Marchiori, M. Presler-Marshall, and J. Reagle. The Platform for Privacy Preferences 1.0 (P3P1.0) specification. W3C Recommendation, April 2002. Available at http://www.w3.org/TR/P3P/. Accessed May 19, 2008.
|
| |
7
|
|
 |
8
|
|
| |
9
|
Federal Trade Commission. Privacy online: A report to congress, June 1998. Available at http://www.ftc.gov/reports/privacy3/priv-23a.pdf. Accessed February 26, 2008.
|
| |
10
|
M. Hochhauser. Lost in the fine print: Readability of financial privacy notices, July 2001. Available at http://www.privacyrights.org/ar/GLB-Reading.htm. Accessed May 19, 2008.
|
| |
11
|
|
| |
12
|
R. Lemos. Msn sites get easy-to-read privacy label. CNET News.com, 2005. Available at http://news.com.com/2100--1038_3--5611894.html. Accessed on May 19, 2008.
|
| |
13
|
|
| |
14
|
Robert W. Reeder , Lujo Bauer , Lorrie Faith Cranor , Michael K. Reiter , Kelli Bacon , Keisha How , Heather Strong, Expandable grids for visualizing and authoring computer security policies, Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems, April 05-10, 2008, Florence, Italy
[doi> 10.1145/1357054.1357285]
|
| |
15
|
Report by Kleimann Communication Group for the FTC. Evolution of a prototype financial privacy notice, 2006. Available at http://www.ftc.gov/privacy/privacyinitiatives/ftcfinalreport060228.pdf. Accessed May 19, 2008.
|
| |
16
|
J. Tsai, S. Egelman, L. Cranor, and A. Acquisti. The effect of online privacy information on purchasing behavior: An experimental study. In The 6th Workshop on the Economics of Information Security (WEIS), 2008. Available at http://weis2007.econinfosec.org/papers/57.pdf. Accessed February 26, 2008.
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
H.5