Information about http://www.danah.org/papers/CSCW2002WorkshopApplication.pdf

Privacy in Digital Environments: Empowering Users …

Tags: berkeley ca, calendar systems, collaborative work environments, communications systems, computing group, digital environments, fair information practice, georgia institute of technology, information practice principles, lederer, lip service, mental models, privacy policies, privacy report, sociable media group, technology university, ubiquitous computing, university of california berkeley, user interface research, zephoria,
Pages: 4
Language: english
Created: Fri May 3 20:05:55 2002

Display cached document

Page 1

Page 2

Page 3

Page 4

Privacy in Digital Environments: Empowering Users
danah boyd1, Carlos Jensen2, Scott Lederer3, David H. Nguyen2
1 2 3
Sociable Media Group College of Computing Group for User Interface Research
MIT Media Lab Georgia Institute of Technology University of California, Berkeley
Cambridge, MA 02139 Atlanta, GA 30332 Berkeley, CA 94720
zephoria@media.mit.edu [carlosj | dnguyen]@cc.gatech.edu lederer@cs.berkeley.edu

ABSTRACT and map poorly to users' mental models. As system
This workshop seeks to address the privacy needs and designers, we have paid little attention to protecting user
concerns of users in the design of digital environments, privacy, and even less to empowering them to take charge
whether they be websites, collaborative calendar systems, of their own privacy.
collaborative work environments, online communities, Some websites displaying privacy policies pay little more
communications systems or ubiquitous computing than lip service to the Fair Information Practice Principles
environments. Each of these settings faces real and pressing laid out by the FTC in its 1998 online privacy report to
challenges when it comes to protecting user privacy. (For congress [8] [9]. Where disclosure of privacy practices
an overview of the problems in different areas see: [15], does occur, these disclosures are often incomplete [2].
[12], [4], [2]). Policies typically address the technologies and concerns
We shall seek answers to the following questions: What that companies want to express, not the set of facts users
can we, as designers, do to increase user awareness of what need to make informed decisions. Users face a limited
our environments are doing [6], and how user information choice: either accept the current policy or leave the web-
is collected and used [7]? How can we empower users to site. Even if users never consult the policy, consent is
manage the ways in which they are represented in the assumed. In fact, the simple act of loading a sites web-page
environments, or to limit their exposure when needed? This implies consent to the site's policy. There is no
challenge spans the breadth of CSCW systems, and beyond. transparency or enforcement. Not only is it difficult for
users to determine how data is being used; they have
virtually no recourse if a privacy violation is detected.
INTRODUCTION These issues must be addressed.
People are deeply concerned about their privacy, and are
quite adept at defining limits and maintaining barriers in the
physical world. Yet, in the digital world we are no longer THEME
good privacy managers. Our motivation and interest does There are three common definitions of privacy:
not disappear in the transition from the physical to the 1) The right to be left alone [18]
digital; the systems we use strip us of the power to become
effective privacy managers. 2) Control of personal information [19]
Often these failures are attributable to us as designers and 3) Encrypted data and communications [11]
developers; our systems do not always provide access to In this workshop, participants will focus on privacy from
information users need to make informed decisions about the following perspectives: the control of personal
their privacy [3]. At other times we overload users with too information and the right to be left alone. Although
much information, making managing their privacy too much encryption is an important mechanism employed to secure
of a burden. Even when the correct information is private information, it will not be the focus of this
presented, users have no leverage; either they accept our workshop as there are entire conferences devoted to it.
terms or stop using our systems. Tools enabling users to
While our focus on privacy does span the breadth of CSCW
control their privacy are often added as an afterthought.
systems, we will provide examples in ubiquitous
When users are allowed to manage their information or
computing, online environments, and collaborative calendar
level of exposure, we often fail to provide the level of detail
systems.
they need. At times, our interfaces are technology driven,
Ubiquitous Computing
Emerging technologies will allow cell phone service
providers to make your location information available to
third parties [17]. How can we design devices and services
that inform the user, in a natural and intuitive way, about
the recipients of this information and the ways it will be without adequate feedback from the environment? Who
used? has access to their calendar? When did they access it?
As a development of e-commerce, companies have been From where? What did they look at? How often do they
tracking individuals for the purpose of marketing. Yet in view this information? What are the social norms for this
light of September 11, this data is being reused in the environment? Even if they are allowed to assess the digital
search for terrorists without the knowledge of the observed environment, how are they going to shape the environment
[15]. Should users have the ability to say when and how to meet their privacy needs and practices?
their data can be used? Our Approach
Widespread inconspicuous sensing and computation may We seek to take a wider view to the challenge ahead,
put people under near-constant observation [12]. The inviting participants from different areas, including social
accumulation and correlation of such data can contribute to scientists, technologists, designers, legal and policy experts.
richly detailed profiles of people's lives. People have Lessig, a legal scholar, offers a framework for thinking
demonstrated concern over the distribution and use of about how privacy and behavior can be regulated: through
observation records generated in closed environments [1]. market forces, through law, through architecture (including
What will people's concerns be about enhanced code), and through social norms [13]. This model affords a
surveillance and tracking on a grand scale? How much convenient and flexible means of framing current and future
control will people have over such observation, and what challenges in digital privacy regulation. It is also important
technical means can we give them to exercise it? to realize that in this model of regulation, factors do not
operate independently; they are interdependent and affect
Online environments each other. Thus, conversations between individuals
Last year, Google made over 20 years of Usenet archives working in all these different domains are fundamentally
available and searchable. On one hand, they should be essential. Our workshop seeks to engage people across
applauded for making public records accessible; on the disciplines in conversation and collaboration, although we
other, the context of the digital `public' in 1981 was very will most likely emphasize the architectural approach.
different than it is today. The advantage of a searchable
database of answers to questions is obvious; but Usenet
GOALS AND ACTIVITIES
archives contain much more than that. With Google's
searchable archives and tools like Microsoft's Netscan [14], Our goals are as follows:
it is quite easy to aggregate data about an individual over � Develop a common vocabulary for addressing privacy
both time and contexts. in digital environments.
What is the effect of searchable aggregated data on an � Develop a common understanding of the expectations
individual's perceived identity? Are persistent cross- of users within the context of various usage scenarios.
contextual communication archives beneficial or harmful to � Establish a set of ethical guidelines for researchers and
individual participation and community development? What developers of digital environments.
happens when this archived data is used to construct
reputation scores [10]? What responsibility do designers � Identify promising approaches to supporting notice
have when creating representations of individuals through and consent in digital environments.
their data?
Without ample cues, understanding who a stranger is online Proposed workshop structure:
is quite challenging. Yet, profiles are not a sufficient
8:30 �9:00 Orientation & Introductions
answer; they fail to convey enough information and what
they do convey is often more problematic than no 9:00�9:45 Keynote Address or General Discussion of
information [5]. How should an individual's identity be Privacy (reflecting the perspectives of all
presented? How should individuals be able to articulate participant positions)
who they are in these digital environments with the level of 10:00�11:00 Privacy Scenario Exercise (small groups)
depth that their physical presentation would allow? Given
11:00-12:00 Privacy Scenario Presentations & Discussion
the persistence of data and the lack of location-based
context, how should users be able to manage the different 12:00�1:30 Lunch
facets of their identity? What types of control should a user 1:30-2:15 Collective Discussion on Ethics
have over personal data and presence information?
2:15-3:30 Small group evaluation of scenarios from
Collaborative Calendar Systems perspective of a specific challenge (e.g.
In current group calendaring systems, users do not have an FIPs, privacy management, etc.)
understanding of the context in which they and their 3:30-4:00 Break
personal information participate in the calendaring system
[15]. How can they assess their privacy needs and practices 4:00-5:00 Presentations & Discussion
The workshop will begin with a general orientation, 1) Frame your area of work (problem area, target
because we expect participants from various disciplines. population, context of work), and list some of the
This will enable us to set a tone and structure for the constraints that you and your target population
workshop. Prior to the workshop, participants will have have to deal with.
submitted position papers. These position papers will be 2) What are the main privacy concerns of your target
provided to all participants before the workshop. population?
Introductions will be brief, as participants are expected to
have read all position statements prior to the workshop 3) What are the privacy issues that you are concerned
with in your work?
The next hour will be a keynote address to the workshop.
From there, we will break off into groups based on common 4) Describe your approach to addressing the
problem areas/approaches. Groups will be asked to discuss problems you have identified?
common problems and issues within the context of their 5) What are your measures of privacy, and/or
approach or area. Each group will then present their exposures and risk?
findings, and time will be allotted to general discussion. 6) Within your field, what do you consider to be the
After lunch, the workshop organizers will facilitate a seminal works related to this issue?
collective discussion on ethics. Our objective is to reach a We expect around fifteen participants, but are willing to
consensus on what the ethical guidelines should be for both accommodate up to twenty people should the quality of
researchers and developers working in this area. In papers warrant expansion. Our main objective is to ensure
particular we wish to focus on identifying rights, both a good breadth as well as depth in terms of the
guarantees, and expectations of users. represented disciplines and approaches. The workshop
We will then break into groups, each discussing a specific seeks to broaden people's horizons and provide an
challenge relevant to the topic. Potential topics include: opportunity to discuss finer points of their work. We want
� Compliance with Fair Information Practices the workshop to create connections across fields so more
interdisciplinary work can take place.
� Challenges of ubiquitous computing
� Promoting self-awareness, how to visualize or ORGANIZERS
convey exposure, risk and history Currently, danah boyd is a graduate student with Dr. Judith
� Privacy management techniques, helping users Donath in the Sociable Media Group at MIT's Media Lab.
manage their digital privacy Her work focuses on developing identity management tools
� Assessing risk and exposure when faced with and interactive personal visualizations to encourage users to
missing or untrusted information reflect on their digital presence. Her previous work at
Brown combined computer graphics, gender theory, and
The groups will then present and discuss their findings. visual perception; she has also worked as a software
Following those presentations, one topic will be selected as engineer, an educator and an ethnographer. Ultimately,
the basis for a more in-depth discussion. danah is interested in using technology to empower
The day will end with a collective effort to identify and individuals. http://www.danah.org/
explicate key findings of the workshop. We look forward to Carlos Jensen is a PhD student in Computer Science at the
presenting these findings in a poster at the conference. We Georgia Institute of Technology. Working with Dr. Colin
hope these findings will serve to inform other software Potts, his work focuses on developing end-user privacy
developers, researchers, designers and policy makers. awareness and management tools for the web. He seeks to
provide solutions that both make privacy management
PARTICIPANTS accessible to users, and work within the current technical
We seek a balanced group, composed of social scientists, framework. He has previously done work on online
technologists, designers, legal and policy experts, and communities, media effects on communication, and online
others with demonstrable interest or experience in privacy- trust. http://www.cc.gatech.edu/~carlosj/
aware or identity-management technologies in existing or Scott Lederer is a PhD student in Computer Science at UC
emerging digital environments. Berkeley, working with Drs. Jennifer Mankoff and Anind
Participants will be selected based on position papers Dey. His current efforts are focused on illuminating a user
submitted prior to the workshop. Proposals should be no conceptual model of privacy in ubiquitous computing,
more than three pages in length, and should address the though his interests also extend to novel interaction
following: techniques and devices. He aims to empower and elevate
human experience in the ubiquitous computing age.
http://www.cs.berkeley.edu/~lederer/
David Nguyen is a PhD student in Computer Science/HCI Kyng and Mathiassen (Eds.), Computers and Design in
at the Georgia Institute of Technology. Working with Dr. Context. MIT Press, Cambridge MA, 1997. 145-170.
Elizabeth Mynatt, David's research focuses on ubiquitous 7. Dourish, P. Culture and Control in a Media Space.
computing environments and privacy. He is working on Proceedings of the European Conference on Computer-
ways to allow users to understand how they participate in Supported Cooperative Work. ECSCW'93, Milano,
these environments, so they can shape the environments to Italy, September 1993, 125-137.
fit the their practices, needs, values, and sensibilities. Prior
to Georgia Tech, David did his undergraduate work at UC 8. Federal Trade Commission. Privacy Online: A Report
San Diego in Cognitive Science and his Master's work at to Congress. June 1998. Available at
the University of Michigan in Computer Science. http://www.ftc.gov/reports/privacy3/
http://www.cc.gatech.edu/~dnguyen/ 9. Federal Trade Commission. Privacy Online: Fair
Information Practices in the Electronic Marketplace. A
RESOURCES Report to Congress, 2000.
Logistical requirements of the workshop include: one or 10. Fiore, A., Teirnan, S.L, and Smith, M. Observed
two data projectors with screens, two or three large Behavior and Perceived Value of Authors in Usenet
whiteboards, and wired or wireless Internet access. Newsgroups: Bridging the Gap. Proceedings of SIGCHI
2002 (Minneapolis MN, April 2002).

REFERENCES 11. Goldberg, Ian, et al. Privacy-enhancing Technologies
1. Adams, A. Multimedia information changes the whole for the Internet. Proceedings of IEEE Spring
privacy ballgame. Proceedings of the Tenth Conference COMPCON, 1997.
on Computers, Freedom and Privacy, April 2000. 12. Langheinrich, M. Privacy by Design - Principles of
2. Ant�n, A.I., Earp, J.B., and Reese, A. Analyzing Web Privacy-Aware Ubiquitous Systems. ACM Ubicomp,
Site Privacy Requirements Using a Privacy Goal Atlanta GA, 2001.
Taxonomy, To appear: 10th Anniversary IEEE Joint 13. Lessig, Lawrence. Code and Other Laws of Cyberspace.
Requirements Engineering Conference (RE'02) Essen, Basic Books, New York, 1999.
Germany, September 9-13, 2002. 14. Microsoft Research. Netscan. Available at
3. Bellotti, V. Design for Privacy in Multimedia http://netscan.research.microsoft.com/
Computing and Communications Environments, In 15. Palen, L. Social, Individual & Technological Issues for
Agre, P., & Rotenberg, M. Eds. Technology and Groupware Calendar Systems. Proceedings of the ACM
Privacy: The New Landscape. MIT Press, Cambridge 1999 Conference on Human Factors in Computing
MA, 1997. Systems (CHI `99).
4. Bellotti, V., and Sellen, A. Design for Privacy in 16. Rosen, Jeffrey. April 14, 2002. New York Times.
Ubiquitous Computing Environments. Proceedings of Silicon Valley's Spy Game.
the 3rd European Conference on Computer Supported http://www.nytimes.com/2002/04/14/magazine/14TECH
Cooperative Work, (ECSCW 93), G. de Michelis, C. NO.html
Simone and K. Schmidt (Eds.), Kluwer, 1993, 77-92.
17. The Internet Engineering Task Force. Geographic
5. boyd, d. Sexing the Internet: Reflections on the role of Location/Privacy (geopriv). Available at
identification in online communities, Sexualities, medias http://www.ietf.org/html.charters/geopriv-charter.html
and technologies: theorizing old and new practices.
University of Surrey, June 21-22, 2001. 7. 18. Warren, S., and Brandeis, L. The Right to Privacy.
Harvard Law Review, 1890.
6. Dourish, P. Accounting for System Behaviour:
Representation, Reflection and Resourceful Action, In 19. Westin, Alan F., 1967. PRIVACY AND FREEDOM.
New York: Atheneum.