HCI Issues in Privacy Mark Ackerman Department of Electrical Engineering and Computer Science and School of Information University of Michigan DIMACS July, 2004 Overview of talk 1. HCI 2. What is “privacy”? 3. The “privacy problem” 4. Why is privacy hard? 2 HCI • Human-Computer Interaction User control aka User-centered –Not just about user interfaces –Cognitive versus micro-sociology –Broad view of HCI - Combined social and technical co-design space Empirically driven (both as science and development process) 3 Privacy • What is “privacy” Differing but connected senses in social psychology, micro-sociology, policy literatures – Solitude - Regulation of social interaction (Altman) – A private (versus public) space or activity – Avoiding unwanted personal disclosure or noise – Freedom from surveillence – Control over release and dissemination of personal data - Control over one’s persona (Goffman) 4 Privacy • What is “privacy” Control over one’s personal data –Control over release and dissemination Overlapping with security but different Inherently a tension between person and others Thought to be critical element in using a commercial Web site, adoption of ubicomp 5 The “Privacy Problem” • Privacy is important – Growing problem for users • Consumers see privacy as a big problem – 41% of sampled US consumers very concerned about their privacy [Harris Poll, 2000] – 92% of respondents indicated that even when companies promised to keep personal data private, they would not actually do so [Light 2001] – 57% of sampled US consumers want better legal protection [Harris Poll, 2000] 6 The “Privacy Problem” • But privacy is not a monolithic problem Differing attitudes in different cultures 7 The “Privacy Problem” • But privacy is not a monolithic problem Differing types of privacy concerns (Culnan and Armstrong 1999) –Unauthorized access –Risk of secondary use - Reuse of personal data for unrelated purposes without consent - Sharing with third-parties - Creation of profiles 8 The “Privacy Problem” • But privacy is not a monolithic problem Attitudes are hardly monolithic – 3 basic groups in US (Ackerman, Cranor, Reagle 1999, based on Westin 1991) - Marginally concerned (27%) - Privacy fundamentalists (17%) - Privacy pragmatics (56%) – Spiekermann et al. found similar in Germany – Based on what people both said they would do in an activity and their actual activity 9 The “Privacy Problem” • But privacy is not a monolithic problem Large gap between most people's stated preferences and their actual behavior But most people want a feeling of control – For example, no automatic transfer of data (86% of sample in Ackerman, Cranor and Reagle 1999) 10 Why is privacy a hard problem for HCI? • Social theoretic background Goffman (1961) Release of personal info is highly nuanced Presentation of “face” is critically important to people An everyday activity Garfinkel (1967) People expect to be able to make sense of their environments and their activities 11 Why is privacy a hard problem for HCI? • Social activity is fluid and nuanced Details of interaction matter (Garfinkel 1967, Strauss 1993) People handle this detail with agility (Suchman 1987) What people pay attention differs according to the situation (situated activity, Suchman 1987) 12 Why is privacy a hard problem for HCI? • HCI problem (also CSCW problem) Information space is horrendous At least nine dimensions of analysis (e.g., what, who, intended use, duration of use) And Critically important to people Highly nuanced An everyday activity Social-technical gap (Ackerman 2001) We know what we need to do, but we don’t know how to do it. 13 Why is privacy a hard problem for HCI? • Ubicomp makes user control even harder: An individual will operate within many social and organizational contexts, and surrounding social and organizational environments may make use of many individuals' data. A pervasive software environment, consisting of many systems, may be in a complex relation to “the user.” 14 More info? Mark Ackerman ackerm@umich.edu http://www.eecs.umich.edu/~ackerman 15 Privacy Critics • Privacy critics (Ackerman and Cranor 1996) 16 Privacy Critics 17