Designing for Privacy in Interactive Systems

Abstract

People are increasingly concerned about online privacy and how computers collect, process, share, and store their personal information. Such concerns are understandable given the growing number of privacy invasions and the pervasiveness of information capture and sharing between IT systems. This situation has led to an increasingly regulated environment, limiting what systems may do, and what safeguards they must offer users. Privacy is an especially important concern in the fields of computer supported collaborative work (CSCW), Ubiquitous Computing, and e-commerce, where the nature of the applications often requires some information collection and sharing.

In order to minimize risks to users it is essential to identify privacy problems early in the design process. Several methods and frameworks for accomplishing this have been proposed in the last decades. These frameworks, though based on hard-earned experience and great insight, have not seen widespread adoption despite the high level of interest in this topic. Part of the reason for this is likely the lack of evaluation and study of these frameworks.

In our research we examine the key design and analysis frameworks and their elements, and compare these to the kinds of problems users face and are concerned with in terms of privacy. Based on this analysis of the relative strengths and weaknesses of existing design frameworks we derive a new design framework; STRAP (STRuctured Analysis of Privacy). In STRAP we combine light-weight goal-oriented analysis with heuristics to provide a simple yet effective design framework. We validate our analysis by demonstrating in a series of design experiments that STRAP is more efficient and effective than any one of the existing design frameworks, and provide quantitative and qualitative evidence of the value of using such frameworks as part of the design process.