TO SHARE OR NOT TO SHARE Perspectives on

  • Slides: 32
Download presentation
TO SHARE OR NOT TO SHARE Perspectives on trust and privacy Dr. Anne Adams

TO SHARE OR NOT TO SHARE Perspectives on trust and privacy Dr. Anne Adams Institute of Educational Technology Practice-based Professional Learning CETL

Overview • Background (privacy & trust) • Studies – context and location • Sharing

Overview • Background (privacy & trust) • Studies – context and location • Sharing model • E-learning studies – empowering or a threat? • Access, awareness & acceptability framework Practice-based Professional Learning CETL

Privacy & Trust ‘Trust is like a vase… once it is broken, though you

Privacy & Trust ‘Trust is like a vase… once it is broken, though you can fix it, the vase will never be the same again’ Anon ‘When it comes to privacy and accountability, people always demand the former for themselves and the latter from everyone else. ’ David Brin

Background • Privacy as data / information issues • Solution – anonymity that raises

Background • Privacy as data / information issues • Solution – anonymity that raises more problems • e. g. 2 nd life still invasive? Firefox ‘privacy mode’ / ‘porn mode’ • Privacy & Trust for an individual • Personal levels for trust & need for privacy • Solution: privacy / trust scales that no-one uses • Privacy & Trust are not ‘BINARY CONCEPTS’ • Trust: Socially Driven (Co. P / reputation management) • PROBLEM : Missing issues of CONTEXT

Background - Context • Cultural Context – Japanese: removable walls / talking toilets –

Background - Context • Cultural Context – Japanese: removable walls / talking toilets – Americans: freedom of information / stalking rights – UK: CCTV overload / identity card blocks • Social Context –‘presentation of self’ (Goffman, 1969; Giddens, 1984; Schoeman, 1992) – ‘Social grouping’ trust, security & privacy • Physical & Temporal Context – Space, place & time (Harrison & Dourish, 1996, Jones et al, 2003)

Studies (context & Location)

Studies (context & Location)

Security Domain • Organisational Security Context & the ‘enemy within’ • 139 participants (International

Security Domain • Organisational Security Context & the ‘enemy within’ • 139 participants (International Survey / in-depth interviews) • Security understood within context – Users don’t understand threat & organisational security – Physical & Online cues: In confidence, highly sensitive • Behaviours adjusted to physical security Adams & Sasse (’ 99) CACM, (‘ 05) Security & Usability Adams & Blandford (’ 03) Security & Online learning (’ 05) IJHCS. EPSRC / ESRC funded

Authentication A B Perceived D Perceived Security I D Information D importance Password disclosure

Authentication A B Perceived D Perceived Security I D Information D importance Password disclosure Adams & Sasse (’ 99) CACM, (‘ 05) Security & Usability Security Perceived threats I EPSRC / ESRC funded

Co-located Trust, Sharing & Identity In response to: • visual social cues and •

Co-located Trust, Sharing & Identity In response to: • visual social cues and • awareness • Supporting information roles in learning interactions

A&E White-boards – Collaboration & unconscious social cues – Interaction roles (e. g. pen

A&E White-boards – Collaboration & unconscious social cues – Interaction roles (e. g. pen holders) & acceptable sharing Penholder Whiteboar d Interactio ns Long looks Glances 28% 26% Other Staff Whiteboar d Interactio ns 48% Total of overall observatio ns 38% 51% 39% Broome & Adams (’ 05) BCS HC, (’ 06) IMM

Mobile technology • Portability advantages for clinicians • Crossing boundaries • Owned by individuals

Mobile technology • Portability advantages for clinicians • Crossing boundaries • Owned by individuals • Impacts on privacy & trust

QTek project • Sharing practices developed • Blurring - social / personal tasks &

QTek project • Sharing practices developed • Blurring - social / personal tasks & information “On a train journey the Qtek blue tooth connection was left enabled (as many people do) so that an unidentified individual was aware of him, electronically contacted him – which was seen as an invasion of his privacy”. “When synchronising PC & Qtek calendars, personal dates and information (from the Qtek) automatically updated the PC calendar which was accessible to others. This was seen as increasing the risk of a potential invasion of privacy” Pettit & Kukulska-Hulme PBPL project Adams et al (’ 07) CTSS

Location & authentication • Online Banking (Survey / In-depth interviews) • Traditional passwords –

Location & authentication • Online Banking (Survey / In-depth interviews) • Traditional passwords – poor perceived security control • Security box & situational awareness • Increased perceived control and trust Nilson, Adams & Herd (’ 05) ACM Chi

Common Room CCTV • Over 200 departmental members • Email debate Log-analysis; 47 Questionnaire

Common Room CCTV • Over 200 departmental members • Email debate Log-analysis; 47 Questionnaire responses; Cluster analysis & Grounded Theory Analysis • Private / Public space debate • Poor awareness of which context in ESRC / BT funded

“Getting Mad” Q: - What do you believe to be the usefulness of this

“Getting Mad” Q: - What do you believe to be the usefulness of this type of video information capture: - “only for nosy computer scientists wishing to assess the usefulness of their technology. ” “serves only to help peeping toms (*** maybe? ) get off!” “THIS IS A MASSIVE INVASION OF PRIVACY” “Maybe we should emulate the legal situation in France where unsolicited use of a person’s image is a criminal offence” Adams & Sasse (’ 99) Interact, (’ 01) HCI ESRC / BT funded

Privacy Invasion Cycle • Issue title Tr an s m is si on R

Privacy Invasion Cycle • Issue title Tr an s m is si on R ec or d E dit • Outsiders • Summarized description % response Users Outsiders changing session dynamics 25% Remote Viewers Misinterpreting sessions due to a lack of context 12. 5% Non. Participants Non-participants viewed (sleeping, leaving) 12. 5% Emotive Sessions 1 Emotional sessions being broadcast 10% Record and reviewing without time-reference 10 % Emotive Sessions 2 Emotive session recording 12. 5% Out of Context 2 Out of context editing 67% Emotive Sessions 3 Emotive session editing potentially misrepresenting 25% Out of Context 1 IR IS Contexts Trust Privacy secure (based on assumptions) IU Technology makes assumptions inaccurate Emotive Increased perceived privacyof recording § Awareness Rejection invasions § Editing and Context lost (e. g. Decreased organisational trust temporal, situational) Adams & Sasse, (’ 99) ACM Multimedia, Chi, (‘ 01) HCI Adams, ACM CFP (00) ESRC / BT funded

Sharing Model Information Sensitivity (IS) Context Judgement User Trust Information Receiver (IR) Information Usage

Sharing Model Information Sensitivity (IS) Context Judgement User Trust Information Receiver (IR) Information Usage § Time Stamping (IU) § Watermarking / Watercasting Adams & Sasse, (’ 99) ACM Multimedia, Chi, (‘ 01) HCI Adams, ACM CFP (00) Cost / Benefit ESRC / BT funded

Studies (empower or threat)

Studies (empower or threat)

Healthcare Studies • Healthcare studies over 6 years: 4 Hospitals, 3 PCTs, 3 patient

Healthcare Studies • Healthcare studies over 6 years: 4 Hospitals, 3 PCTs, 3 patient information studies • > 250 clinicians (e. g. Surgeons, Consultants, Doctors, Nurses, AHP, managers) & patients • Qualitative and Quantitative data sources • Grounded Theory analysis Adams et al (’ 03) HIJ (’ 05) TOCHI, Adams & Blandford (’ 02) IJODL, (’ 05) HIJ EPSRC / ESRC / NHS funded

Technology as boundary objects (Access) • Elearning in the work-place: Democratisation of information through

Technology as boundary objects (Access) • Elearning in the work-place: Democratisation of information through technology access. “We should be given the opportunity to learn as much as we can, be as much, be as effective as we can be for the sake of the patients” (Student Nurse) EPSRC / ESRC / NHS funded

Hospital spaces & technology use Neurologist patient interaction pattern: consultant // patient Piece of

Hospital spaces & technology use Neurologist patient interaction pattern: consultant // patient Piece of paper from the diary Paper-based diary Computer Desk Computer Window Nurse A Desk Patient Consultant Patient Window Nurse B Nurse A Desks Wi nd ow Computer Examination bed Patient Consultant Window Patient interactions Examination bed Clinician interactions Adams & Blandford, HCI’ 08 EPSRC / ESRC / NHS funded

Interaction patterns Co. P 1: Library based interaction patterns Co. P 2: Location (wards)

Interaction patterns Co. P 1: Library based interaction patterns Co. P 2: Location (wards) based interaction patterns Co. P 3: Team based interaction patterns Wards Library Digital library Computer Digital library Librarian Non- library user Digital library Librarian interactions Digital library interactions Conceptual team boundary Adams et al, TOCHI’ 05 EPSRC / ESRC / NHS funded

Technology poorly placed and distrust “Why can’t we have Whatever they are hiding from

Technology poorly placed and distrust “Why can’t we have Whatever they are hiding from us” (Student Nurse) EPSRC / ESRC / NHS funded

Privacy & Security Perspectives (Awareness) • Hospitals initial awareness of patient privacy issues poor.

Privacy & Security Perspectives (Awareness) • Hospitals initial awareness of patient privacy issues poor. • Hospital ‘privacy officer’ employed • Instigation of privacy mechanisms • Comparative study between – inner city Vs provincial hospitals EPSRC / ESRC / NHS funded

Organisational Awareness Adams & Blandford (’ 05) Health informatics Journal EPSRC / ESRC /

Organisational Awareness Adams & Blandford (’ 05) Health informatics Journal EPSRC / ESRC / NHS funded

Hospital domain • Awareness of patient privacy issues poor. • Privacy / security issues

Hospital domain • Awareness of patient privacy issues poor. • Privacy / security issues identified – provincial hospital (1): 85% (security = protective) – Inner city hospital (2): 48% (security = restrictive) Adams & Sasse (’ 99) CACM, Adams & Blandford (’ 05) International Journal of HC Studies EPSRC / ESRC / NHS funded

E-learning tool security (Acceptability) Freedom of Expression Vs Protection. Ø Identity formation & sharing

E-learning tool security (Acceptability) Freedom of Expression Vs Protection. Ø Identity formation & sharing ØRisks through poor control, hackers, inappropriate usage. Ø Risks to personal freedom through security, control, tracking, auditing What to share or not to share?

Virtual Reality Learning Environment – UCL / BT “In certain environments you’re relatively anonymous

Virtual Reality Learning Environment – UCL / BT “In certain environments you’re relatively anonymous so you can give your real opinions rather than saying what you think you ought to. say. ” (focus group respondent) • Social Norms inhibit interactions (‘Should I Interrupt’? ) • Anonymity can increase ‘fears’ & potential privacy issues ESRC / BT funded

Prison e-learning • E-learning and identity Ørehabilitation, identity changing - Freedom of information •

Prison e-learning • E-learning and identity Ørehabilitation, identity changing - Freedom of information • Clash between empowerment & control ØSecurity & technology risks ØFear and resentment ØPoor awareness (e. g. web, open source and graphics calculator) • Privacy / Trust – empowerment & control

E-learning issues • Awareness Resource, situational, work practices, time-limitations, Others & their practices •

E-learning issues • Awareness Resource, situational, work practices, time-limitations, Others & their practices • Acceptability Trust, quality, ownership, privacy, aesthetics, engaging • Access Approach, Enter, Find, Use (e. g. usability, security, learning design)

Summary • Context (cultural / social / situational & temporal) • Trust & Privacy

Summary • Context (cultural / social / situational & temporal) • Trust & Privacy trade-offs: – Awareness of context issues – Access control for information sharing – Acceptability of community judgements (e. g regarding social structures, norms etc)

ANY QUESTIONS?

ANY QUESTIONS?