Archives

Nathan Good and Nick Doty, If privacy is the answer, who are the users?

By privacylaw | Posted on

Nathan Good and Nick Doty, If privacy is the answer, who are the users?

PLSC 2013

Workshop draft abstract:

When designers create a product or design, they first seek to understand who will use the product and what their needs are.  Without this understanding, it is difficult for designers to use their tools effectively.  When designing with privacy in mind, designers face particularly challenging questions.  What are users’ privacy goals?  How can designers describe them?  How can they incorporate them in actual products or designs? And who are they designing the privacy protections for? Are they to address policy concerns, or are they to address latent consumer concerns?

Today we have many companies who have created products to address audiences privacy concerns, as well as a history of larger companies reacting to privacy concerns and implementing privacy and usability designs into their products.  Despite this, there is still a pressing concern that the additional privacy measures are inadequate for users and are doing little to address consumers concerns about privacy.

There is also a great deal of interest on the policy side about creating privacy safeguards for consumers, as well as companies and government agencies that are enacting new privacy standards. Protecting the backend of computer systems is one approach (data encryption, etc), while usability design has been cited as an area of increasing interest in protecting the “front end” of systems and facilitating choice and transparency for consumers. For usability designers, addressing the question of audience and goals gives them concrete steps to use to implement products, as well as help delineate what is outside of the scope of designers concerns and possibly addressed through policy and other means.  As a result, user goals and stated policy goals with respect to privacy are sometimes in conflict. Consequently, usability professionals in practice are confronted with a unique set of challenges when attempting to design with privacy in mind. Cookie management, for example, is an area that is difficult to design for, as there exists a wide gap in consumers basic understanding and concerns and the evolving policy demands for consumer control. This paper argues that a clearer understanding of audience would help delineate what is the role of the designer and what is the role of policy and backend protections.

This paper examines existing and evolving design practices and products that are designed to protect a user’s privacy as well as products that have privacy implications. This paper categorizes the use cases and privacy concerns, and attempts to derive a delineation of where design has succeed and can succeed, and where it struggles. Additionally, it examines the limits of use cases with respect to privacy, and suggests alternatives and new directions for policy makers and designers with respect to designing consumer facing solutions for privacy concerns.

Nick Doty and Deirdre K. Mulligan, Standardizing Do Not Track: How Participants See the Process

By privacylaw | Posted on

Nick Doty and Deirdre K. Mulligan, Standardizing Do Not Track: How Participants See the Process

PLSC 2013

Workshop draft abstract:

Who really participates in the DNT standardization process? What kinds of positions are represented and what kinds of people are actively involved? How do those participants see the process? And what defines the process? (Beyond the World Wide Web Consortium’s Tracking Protection Working Group, discussions at various levels of formality take place in a number of distinct fora.) As part of a larger project exploring how engineers and standards development participants make decisions that affect privacy, we discussion initial results from interviews, textual analysis and participant observation.

While the concerns regarding procedural and substantive fairness we highlighted previously are themselves raised by participants and observers in the process, we also identify concerns around trust and communication. Finally, participants’ statements support a particular theory of values in design, with its own challenges and opportunities for privacy-by-design.

Nick Doty & Deirdre Mulligan, The technical standard-setting process and regulating Internet privacy: a case study of Do Not Track

By privacylaw | Posted on

Nick Doty & Deirdre Mulligan, The technical standard-setting process and regulating Internet privacy: a case study of Do Not Track

Comment by: Jon Peha

PLSC 2012

Workshop draft abstract:

Regulating Internet privacy involves understanding rapidly-changing technology and reflecting the diverse policy concerns of stakeholders from around the world. Technical standard-setting bodies provide the promise of software engineering expertise and a stable consensus process created for interoperability. But does the process reflect the breadth and depth of participation necessary for self- and co-regulation of online privacy? What makes a standard-setting or regulatory process sufficiently “open” for the democratic goals we have for determining public policy?

Drawing from literature in organizational theory, studies of standards development organizations and cases of environmental conflict resolution, this paper explores the applicability of consensus-based standard-setting processes to Internet policy issues. We use our experience with the ongoing standardization of Do Not Track at the World Wide Web Consortium (W3C) to evaluate the effectiveness of the W3C process in addressing a current, controversial online privacy concern. We also develop success criteria with which the privacy professional and regulatory community can judge future “techno-policy standards”.

While the development of techno-policy standards within consortia like the W3C and the Internet Engineering Task Force shows promise for technocratic and democratic regulation, success depends on particular properties of the participation model, the involvement of policymakers and even the technical architecture.