Section 20.5. Conclusion


20.5. Conclusion

The goal of my work was to define and analyze some privacy-related concepts that others have touched upon but that have never been systematically examined. I have defined what we mean by a privacy solution and used a grounded approach called feature analysis to examine the privacy-related features of solutions. On a grander scale, I have bounded the privacy space and suggested a model for how users can think about the privacy solutions that make up that space, as well as the features of which they themselves consist. More theoretically, this work has led to new terminology, most importantly the idea of exoinformation, which gives us a succinct way to relate the concept of information leakage when we talk about important privacy matters.

RECOMMENDATIONS FOR DEVELOPERS OF PRIVACY SOFTWARE

Privacy is a very hard concept for most users to understand. An important role for those who develop privacy tools is to educate users about privacy.

When designing your software, think about exoinformation and how to prevent it from getting out. Many privacy tools store people's personal information in themmake sure you are not creating a honeypot for someone to exploit!

Awareness features are ubiquitous in the tools I have examined, but more could be done with them. Furnishing users with knowledge is the best defense when it comes to protecting their privacy. Help files are the minimal approach to awareness. Better awareness features can be integrated into the user interface to help users make their own decisions.

Whenever possible, privacy tools should give the user feedback that preventative features are operational. If a feature really works and problems are being averted, there is no way for users to know this unless it is pointed out to them. A simple logging mechanism might be enough to allow users to verify that a privacy tool is functioning properly.

Detection features are no good if they do not lead the user toward an adequate response!

Today's privacy solutions have few response and recovery features. Recovery is a major problem in privacy because once the information is out and has been misused, it's all over. This is what Whitten calls the "barn door" effect.[a] The incident cannot be undone. Unfortunately, even privacy solutions that have some response and recovery tools do not integrate them well with the tool as a whole.

Use the Privacy Space Framework as your guidetools that aid users in all five steps of the privacy process offer the most comprehensive privacy solution to users.


[a] See Chapter 33, this volume.

Can the quest for the optimal privacy package continue? We now have some techniques and terminology to use to get us closer to that goal. Novel user interface mechanisms must evolve to help users recognize and control exoinformation. We may not achieve the fine granularity of control we desire, but at this stage, the simple ability to have on or off enforcement would be a welcome new development.



Security and Usability. Designing Secure Systems that People Can Use
Security and Usability: Designing Secure Systems That People Can Use
ISBN: 0596008279
EAN: 2147483647
Year: 2004
Pages: 295

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net