Designing for informed consent: A multi-domain, interdisciplinary analysis of the technological means to provide informed consent, in order to manage users' privacy and security.

摘要

Continuously interconnected network devices are now a reality for the general public, from networked desktop computers, to mobile phones, to new and upcoming technologies such as RFID and Sensor Networks. In addition to the numerous benefits that these technologies provide, there is concern that computer devices continuously connected to the network could have strong implications for privacy and security. Understanding the effects that new networked technologies have on security and privacy has implications for a variety of domains, and crosses over many disciplines such as Law, Policy, Ubicomp, HCI, and Security.;The main area of concern is where the user interacts with the technologies' user interface. Questions and concerns regarding a user's mental model of a system include the design of the interfaces which consumers use to access personal information, and the interfaces used to inform consumers about their choices and obligations regarding the technology. Breakdowns in communication between technology and consumer are revealed when consumers unintentionally consent to reveal or divulge information which they did not believe the system was capable of obtaining and/or sharing.;The question of designing for informed consent is fundamental to the work performed in this thesis. I seek to understand the effects of various designs on a user's understanding when making informed decisions and using different networked technologies, and also, how that understanding, or lack of, may relate to intended or unintended consequences. Understanding these effects is inherently a multidisciplinary problem, which requires an interdisciplinary approach. To this end, I have employed a variety of methodologies, both qualitative and quantitative, to explore various aspects of this problem in varying technology domains. I look at how four different technologies which were designed for informed consent. I chose desktop technologies, technologies on mobile devices, and RFID technologies that are passive, embedded in our environment, and have no traditional user interface. Additionally, I looked at different types of information that users would want to manage, such as personal data and media (photos), and contextual information (location). I also looked at how users' motivations for using the technology have aligned with the technology's intended purpose, as well as any issues that may arise when conflicts exists.;While these technologies appear to be loosely connected, they all share the problem of informed consent, and all require that users be adequately informed to make decisions regarding private and potentially, sensitive, information. In addition, all of these technologies have had incidents in which users were not adequately informed, and consequently, have experienced embarrassing and potentially dangerous revelations of sensitive and personal information. In KaZaA, I describe how users have inadvertently shared personal tax documents, credit card information, and in some cases, national secrets. In ZoneTag, I describe examples where photos range from the amusing (making fun of someone's wedding picture) to the embarrassing (naked photo of self in the bathtub), and without regard, have been exposed on the internet. In my Spyware studies, I demonstrate how design of EULAs contributes to users' frequent agreement to program behavior, which they regret later. In RFID, I describe the inherent risks of RFID systems and how important it is to provide safeguards that prevent people from revealing too much information about their reading habits and location.;The contributions of my work are: (1) New methodologies and metrics for performing studies on informed consent; (2) A flexible experimental framework for testing informed consent notice designs; (3) A series of first time empirical studies and data gathered across several technology domains; (4) Analysis of qualitative and quantitative data providing new insights and understandings for online informed consent; (5) Influencing policy makers reception to design studies through congressional hearings and workshops.;In conclusion, I find that informed consent is an area of research that cannot be amended simply by using design methodologies. While significant improvements to current designs can be done by applying HCI methodologies, a combination of methods and incentives, from a variety of disciplines, is needed to make sustained long term improvements to informed consent.