Trust and PrivacyTrust and Privacy

AgendaAgenda

Questions?Questions? TrustTrust More project timeMore project time PrivacyPrivacy

Trust is fundamental Trust is fundamental to securityto security Lack of trust results in systems being Lack of trust results in systems being

ill-used or used not at allill-used or used not at all Lack of understanding of trust results Lack of understanding of trust results

in wrong decisions or no decisionsin wrong decisions or no decisions Too much trust can be more Too much trust can be more

dangerous than too littledangerous than too little– E.g. I can open any file attachment E.g. I can open any file attachment

because I run anti-virus softwarebecause I run anti-virus software

What are your What are your strategies?strategies? Scenario: you are buying a product Scenario: you are buying a product

from a new site, what leads you to from a new site, what leads you to trust the site and buy from them?trust the site and buy from them?

Scenario: you are looking up medical Scenario: you are looking up medical information on a new site, what leads information on a new site, what leads you to trust the site?you to trust the site?

Scenario: you consider downloading a Scenario: you consider downloading a new browser plug-in, what leads you to new browser plug-in, what leads you to trust the plug-in and download?trust the plug-in and download?

DefinitionsDefinitions

Book: “Trust concerns a positive Book: “Trust concerns a positive expectation regarding the expectation regarding the behavior of somebody or behavior of somebody or something in a situation that something in a situation that entails risk to the trusting party”entails risk to the trusting party”

Miriam-Webster: “assured Miriam-Webster: “assured reliance on the integrity, ability, reliance on the integrity, ability, or character of a person or thing”or character of a person or thing”

LayersLayers

Dispositional trustDispositional trust– Psychological disposition or personality Psychological disposition or personality

trait to be trusting or nottrait to be trusting or not Learned trustLearned trust

– A person’s general tendency to trust, or A person’s general tendency to trust, or not to trust, as a result of experiencenot to trust, as a result of experience

Situational trustSituational trust– Basic tendencies are adjusted in Basic tendencies are adjusted in

response to situational cuesresponse to situational cues

Processing strategiesProcessing strategies

Heuristic approach making quick Heuristic approach making quick judgments from the obvious judgments from the obvious informationinformation

Systematic approach involving Systematic approach involving detailed analysis of informationdetailed analysis of information

Models summarizationModels summarization

Increases trustIncreases trust– FamiliarityFamiliarity– BenevolenceBenevolence– IntegrityIntegrity– Comprehensive Comprehensive

infoinfo– Shared valueShared value– CredibilityCredibility– Good feedbackGood feedback– ReliabilityReliability– UsabilityUsability

Decreases trustDecreases trust– RiskRisk– Transaction costTransaction cost– UncertaintyUncertainty

Losing trustLosing trust

What are ways to damage trust?What are ways to damage trust? How can you repair damaged How can you repair damaged

trust?trust?

Trust Design Trust Design GuidelinesGuidelines1.1. Ensure good ease of use.Ensure good ease of use.2.2. Use attractive design.Use attractive design.3.3. Create a professional image – Create a professional image –

avoid spelling mistakes and avoid spelling mistakes and other simple errors.other simple errors.

4.4. Don’t mix advertising and Don’t mix advertising and content – avoid sales pitches content – avoid sales pitches and banner advertisements.and banner advertisements.

5.5. Convey a “real-world” look and Convey a “real-world” look and feel – for example, with use of feel – for example, with use of high-quality photographs of real high-quality photographs of real places and people.places and people.

6.6. Maximize the consistency, Maximize the consistency, familiarity, or predictability of an familiarity, or predictability of an interaction both in terms of interaction both in terms of process and visually.process and visually.

7.7. Include seals of approval such as Include seals of approval such as TRUSTe.TRUSTe.

8.8. Provide explanations, justifying Provide explanations, justifying the advice or information given.the advice or information given.

9.9. Include independent peer evaluation Include independent peer evaluation such as references from past and such as references from past and current users and independent message current users and independent message boards.boards.

10.10. Provide clearly stated security and Provide clearly stated security and privacy statements, and also rights to privacy statements, and also rights to compensation and returns.compensation and returns.

11.11. Include alternative views, including good Include alternative views, including good links to independent sites with the same links to independent sites with the same business area.business area.

12.12. Include background information such as Include background information such as indicators of expertise and patterns of indicators of expertise and patterns of past performance.past performance.

13.13. Clearly assign responsibilities (to the Clearly assign responsibilities (to the vendor and the customer).vendor and the customer).

14.14. Ensure that communication remains Ensure that communication remains open and responsive, and offer order open and responsive, and offer order tracking or an alternative means of tracking or an alternative means of getting in touch.getting in touch.

15.15. Offer a personalized service that takes Offer a personalized service that takes account of each client’s needs and account of each client’s needs and preferences and reflects its social preferences and reflects its social identity.identity.

CredibilityCredibility

How is this different than trust?How is this different than trust?

Four Types of CredibilityFour Types of Credibility– Presumed credibility.Presumed credibility.– Reputed credibility.Reputed credibility.– Surface credibility.Surface credibility.– Experienced credibility.Experienced credibility.

Stanford Guidelines for Web Stanford Guidelines for Web CredibilityCredibility

1.1. Make it easy to verify the accuracy of the information on your Make it easy to verify the accuracy of the information on your site.site.

2.2. Show that there's a real organization behind your site.Show that there's a real organization behind your site.

3.3. Highlight the expertise in your organization and in the content Highlight the expertise in your organization and in the content and services you provide.and services you provide.

4.4. Show that honest and trustworthy people stand behind your site.Show that honest and trustworthy people stand behind your site.

5.5. Make it easy to contact you.Make it easy to contact you.

6.6. Design your site so it looks professional (or is appropriate for your Design your site so it looks professional (or is appropriate for your purpose).purpose).

7.7. Make your site easy to use – and useful.Make your site easy to use – and useful.

8.8. Update your site's content often (at least show it's been reviewed Update your site's content often (at least show it's been reviewed recently).recently).

9.9. Use restraint with any promotional content (e.g., ads, offers).Use restraint with any promotional content (e.g., ads, offers).

10.10. Avoid errors of all types, no matter how small they seem.Avoid errors of all types, no matter how small they seem.

Stanford Persuasive Technology Lab http://www.webcredibility.org/guidelines/

Food for thoughtFood for thought

What have you noticed websites What have you noticed websites doing to increase your trust?doing to increase your trust?

Have you grown more or less Have you grown more or less trustworthy over time? General trustworthy over time? General public?public?

Should computers (application Should computers (application designers) trust users?designers) trust users?– Should the system take over and Should the system take over and

prevent bad things from happening? prevent bad things from happening? When?When?

Project feedbackProject feedback

Project proposal due NEXT WEEKProject proposal due NEXT WEEK I need to sign off on all IRB I need to sign off on all IRB

applicationsapplications– Email me (or post online) a draft, I will Email me (or post online) a draft, I will

likely ask for modificationslikely ask for modifications– Bring final printed copy to classBring final printed copy to class

Rule of thumb: someone else should Rule of thumb: someone else should be able to pick up your proposal and be able to pick up your proposal and carry out the studycarry out the study

Include implementation or other Include implementation or other aspects in your proposal if applicableaspects in your proposal if applicable

PrivacyPrivacy

Why do we care?Why do we care?– Is privacy a fundamental right?Is privacy a fundamental right?– Or is it instead instrumental in achieving Or is it instead instrumental in achieving

personal security?personal security?

Holistic property of a systemHolistic property of a system– Difficult to analyze and understand the Difficult to analyze and understand the

impactsimpacts– Ethical, legal, political ramificationsEthical, legal, political ramifications

DefinitionsDefinitions

Protection from unwarranted intrusions Protection from unwarranted intrusions (informational self-determination)(informational self-determination)

Ability to control the terms under which Ability to control the terms under which personal information is acquired and usedpersonal information is acquired and used

““boundary regulation process” of boundary regulation process” of managing disclosure and identitymanaging disclosure and identity

““No definition of privacy is possible No definition of privacy is possible because privacy issues are fundamentally because privacy issues are fundamentally matters of values, interests and power” matters of values, interests and power” – Alan F. Westin, legal and policy scholarAlan F. Westin, legal and policy scholar

Privacy preferencesPrivacy preferences

Westin surveys:Westin surveys:

FundamentalistsFundamentalists PragmatistsPragmatists Unconcerned or marginally Unconcerned or marginally

concernedconcerned

Who are you? What are the Who are you? What are the implications?implications?

Privacy vs. TrustPrivacy vs. Trust

How does this relate to trust?How does this relate to trust?

Are there layers of privacy like Are there layers of privacy like layers of trust?layers of trust?– Dispositional, learned, situationalDispositional, learned, situational

Why is privacy such a Why is privacy such a huge problem?huge problem? Incomplete informationIncomplete information

– How likely are risks? How serious are How likely are risks? How serious are risks?risks?

– What can you do to mitigate risks?What can you do to mitigate risks? Decisions are highly contextual and Decisions are highly contextual and

individualizedindividualized Bounded rationality – simplistic mental Bounded rationality – simplistic mental

modelsmodels Difficulty in assessing tradeoffsDifficulty in assessing tradeoffs

– Assign greater strength to short term than Assign greater strength to short term than long term outcomeslong term outcomes

Issues to considerIssues to consider

Privacy is a secondary taskPrivacy is a secondary task– Users of privacy tools often seek out these tools due to Users of privacy tools often seek out these tools due to

their awareness of or concern about privacytheir awareness of or concern about privacy– Even so, users still want to focus on their primary tasksEven so, users still want to focus on their primary tasks

Users have differing privacy concerns and needsUsers have differing privacy concerns and needs– One-size-fits-all interface may not workOne-size-fits-all interface may not work

Most users are not privacy expertsMost users are not privacy experts– Difficult to explain current privacy state or future privacy Difficult to explain current privacy state or future privacy

implications implications – Difficult to explain privacy options to themDifficult to explain privacy options to them– Difficult to capture privacy needs/preferences Difficult to capture privacy needs/preferences

Many privacy tools reduce application Many privacy tools reduce application performance, functionality, or convenienceperformance, functionality, or convenience

ExoinformationExoinformation

Leaving information behind based Leaving information behind based on our activitieson our activities– Examples?Examples?

Users often unaware of these Users often unaware of these information trails and tidbitsinformation trails and tidbits– If we aren’t aware, how can we give If we aren’t aware, how can we give

consent or make appropriate consent or make appropriate decisions?decisions?

Chapter 20: A Users Centric Privacy Space Framework

Areas with big privacy Areas with big privacy issuesissues eCommerceeCommerce Medical information systemsMedical information systems Social networking and messaging Social networking and messaging

(IM, MySpace, etc.)(IM, MySpace, etc.) Media spacesMedia spaces Tracking & location-enhanced Tracking & location-enhanced

technologiestechnologies

Friend FinderFriend Finder

Location service of buddy listLocation service of buddy list– Loopt: https://loopt.com/loopt/sess/index.aspx– Helio’s Buddy Beacon:

http://www.helio.com/page?p=services#services_gps

What are privacy issues? What are models of interaction? (push vs. pull, etc.)

Design a UI for configuring who sees what and when– What functions or features are needed?– How to convey model of disclosures?– How do users quickly make changes?

How would you evaluate your interface?

Privacy Lost: These Phones Can Find You, NYTimes, Oct. 23, 2007

Final food for thoughtFinal food for thought

Is privacy awareness evolving? Are Is privacy awareness evolving? Are people more aware now? How can we people more aware now? How can we increase their awareness?increase their awareness?

Is awareness enough? Identity theft is a Is awareness enough? Identity theft is a big topic lately – but has it led to any big topic lately – but has it led to any increased usage of privacy and security increased usage of privacy and security software?software?

Why does cyberspace feel lacking in Why does cyberspace feel lacking in social morals and ethics? How can we social morals and ethics? How can we improve?improve?