Six Ways to Enact Privacy by Design: Cognitive Heuristics That Predict Users' Online Information Disclosure

Six Ways to Enact Privacy by Design: Cognitive Heuristics That Predict Users' Online Information Disclosure

Six Ways to enact Privacy by Design: Cognitive Heuristics that predict Users’ Online Information Disclosure S. Shyam Sundar Andrew Gambino Abstract Media Effects Research Laboratory Media Effects Research Laboratory The primary barrier preventing the implementation of College of Communications College of Communications Privacy by Design is a lack of understanding of user Pennsylvania State University Pennsylvania State University psychology pertaining to privacy-related decision- University Park, PA 16802, USA University Park, PA 16802, USA making in everyday online and mobile contexts. [email protected] [email protected] Through focus groups and a representative survey of US adults, we discovered six rules of thumb (or Jinyoung Kim Mary Beth Rosson “cognitive heuristics”) employed by online users while Media Effects Research Laboratory Center for Human–Computer making decisions about disclosing or withholding College of Communications Interaction information. We describe these cognitive heuristics and Pennsylvania State University College of Information Sciences propose that they be leveraged by the design University Park, PA 16802, USA and Technology community, by brainstorming design heuristics, in [email protected] Pennsylvania State University, order to promote secure and trustworthy computing. University Park, PA 16802, USA [email protected] Author Keywords Privacy by design; privacy heuristics; information Permission to make digital or hard copies of all or part of this work for privacy; personal information disclosure personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights ACM Classification Keywords for components of this work owned by others than the author(s) must be H.5.2. [Information interfaces and presentation]: User honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior Interfaces; J.4. Social and Behavioral Sciences specific permission and/or a fee. Request permissions [email protected]. Introduction CHI 2016, May 7 - 12, 2016, San Jose, CA. Copyright is held by the Approaching privacy from a “design thinking” owner/author(s). Publication rights licensed to ACM. perspective [1] holds the promise of a preventive approach to addressing privacy concerns, by avoiding will inform us of common privacy pitfalls that can be data breaches and minimizing privacy risks through obviated by good design. As we have argued before combined technical, design, and governance efforts [9]. [11], user decision-making regarding privacy is seldom According to Ann Cavoukian [2], the Ontario effortful, but often based on mental rules of thumb, information and privacy commissioner who first coined called “cognitive heuristics.” Considering the cognitively the term “privacy by design” (PbD), the strongest demanding nature of many online transactions, protection of privacy might be achieved by following especially in the mobile context, careful evaluations of the seven foundational design principles, such as system security are typically inhibited by users’ time building data protection system into all interfaces as a constraints, lack of technological efficacy [4], and default and being transparent in presenting privacy- information overload [10]. Moreover, the complexity of related policies and procedures [1]. privacy settings may hinder our adherence to the privacy protection ideals that we self-report in surveys. As Spiekermann [9] notes, PbD has been regarded as a Therefore, our central contention is that online user panacea for alleviating privacy-related concerns, with behaviors do not always result from effortful thinking, designers seeking to simply add a few more security but may occur due to expedient decision-making in the features to information systems. However, developing a heat of the moment. However, this decision-making is “fault-proof” system that converts the PbD principles not random, but based on predictable responses to into real-world design elements has proven quite specific cues on the interface [12]. challenging for engineers as well as designers [13]. In fact, the majority of system developers and designers Over 30 years of research in social cognition has shown who attended the latest workshop (sponsored by The that humans are “cognitive misers” [14] who make Computing Community Consortium, 2015) were of the decisions that maximize efficiency at the cost of consensus that it is difficult to put PbD into practice. thoroughness. They do so based on cues that trigger They acknowledged that they lacked adequate design- cognitive heuristics (i.e., mental rules of thumb) to related heuristics to follow when developing various desired outcomes by reducing the need for careful online/mobile products. Although there exist many analysis of each transaction. So, what are the key heuristics for evaluating the usability of interfaces, cognitive heuristics that drive privacy-related including Nielsen [6]’s heuristic-based evaluation behaviors? The Modality-Agency-Interactivity- check-list, we do not yet have a stable set of heuristics Navigability (MAIN) Model [12] formally identifies that can operationalize the seven principles of PbD. several different heuristics (i.e., rules of thumb) triggered by technological affordances, which lead to Our position is that, in order to arrive at reliable design judgments of source and content credibility. These heuristics, we need a better understanding of user affordances manifest themselves on the interface as psychology as it pertains to online privacy and security. visually salient cues. Extended to the domain of online A greater focus on users’ criteria for online disclosure information disclosure, a variety of privacy and security as well as withholding of information is necessary. This heuristics can be triggered by various ‘cues’ on the interface, which will affect users’ perception of the sizes ranged from 2 to 9) taking part in the interviews. interface as well as their information disclosure Three groups consisted of university students; five behavior. For example, when a website solicits personal consisted of diverse groups of individuals recruited information, users are likely to be more forthcoming if through an ad in a local newspaper. the site belongs to a trusted authority, such as one’s own bank, a government agency (irs.gov), or well- If indeed heuristics predict disclosure decisions, then known brand (Amazon.com). They will reveal the respondents’ level of agreement with a given information without carefully reading the content of the cognitive heuristic would predict their disclosure site or pausing to think about the consequences of their intention in a scenario featuring a cue that is Figure 1: Authority Cue on a revelation of personal information. This is because they hypothesized to trigger that heuristic. Support for this Banking Website are implicitly applying the “authority” heuristic (an hypothesis would not only serve to capture the authority can be trusted with personal information). operation of heuristics in users’ privacy decision- making, but also guide designers to build more secure Methods and trustworthy computing systems by focusing on Based on this theoretical premise, we report a battery interface cues that trigger the desired heuristic under a of data-driven research findings that reveal such given situation. It will also identify the most prominent privacy-related rules of thumbs (i.e., cognitive heuristics that underlie online information disclosure. heuristics) which may be affecting online and mobile users’ privacy-related decision-making. For this position Findings paper, we have chosen six such rules or cognitive In both studies, the most dominant cues are those heuristics that we hope will lend themselves to design pertaining to social status or authority. They are heuristics for practical use in PbD. These are derived important for assessing credibility of interfaces. For from two studies—a large-scale national survey (n = example, the presence of an authoritative source in the 786) and focus-group interviews (n = 41). We vicinity (e.g., logo of FDIC, or a trusted brand name) conducted a survey of a national representative sample may assure users about the safety of the site, because (n = 786) in the United States, measuring respondents’ users instinctively apply the authority heuristic level of agreement with six different heuristics (popular name, brand, or organization can guarantee pertaining to privacy, stated as general rules of thumb. the security of a website). In the survey study, a Users’ agreement with each heuristic was measured screenshot of a security seal (i.e., TRUSTe) on an after users had provided us their disclosure intentions online banking website was shown [see Figure 1], in a series of scenarios representing common online which implied online transactions within the site was Figure 2: Transparency Cue in and mobile contexts, including social networks, online secured by an authority. Users’ intention to provide Private Statement of a Mobile shopping, online community, and mobile chatting. Each their personal information (e.g., phone number, mailing Application of these scenarios had a cue capable of triggering a address) to the site was measured by a single item heuristic. For the interview study, eight focus group (i.e., “How likely are you to provide your personal

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    8 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us