X hits on this document





73 / 100

Several authors have pointed out that information security software often fails not due to technical causes, but because of issues of management and control of the people operating the technology [212, 261]. In his study of Automatic Teller Machines (ATM) failures, Anderson indicated that the three main reasons for failure were program bugs, interception of mail containing ATM cards, and theft and fraud by insiders [25]. Similarly, reports of privacy breaches show that many breaches are attributable to those responsible for safeguarding the data, for example, airlines providing data to third parties [26], and consumer reporting agencies providing personal data to outsiders pretending to be legitimate customers [297].

The privacy breaches mentioned above indicate that helping organizations create and enforce effective privacy policies is a significant research challenge that should also involve researchers both in HCI and CSCW. Corporate caretakers of personal information are becoming increasingly aware of the importance of privacy. Many companies have defined policies and procedures for handling personal information, and a few have gone so far as creating the position of Chief Privacy Officer. Some of these programs have been enacted voluntarily, under pressure by the market to curb privacy breaches. Other organizations have implemented these changes to comply with legislation such as EU Directive 95/46 or HIPAA.

Knowledge in this area is in part hidden behind corporate walls, and the academic community has largely ignored these issues. This lack of attention in academia is worrying, because management of personal information is one of the most challenging aspects of IT security today [182]. Much more work is needed in this domain, and specifically in three areas: 1) defining privacy policies, 2) implementing and enforcing them, and 3) auditing system performance.

With respect to the first issue, we need better tools for defining privacy policies, both at the level of the organization and in relation to its IT systems. Industry standards and procedures could be very helpful to draft policies [155], but require an open dialogue between industry and academia with which many commercial organizations may still be uncomfortable. Once policies are drafted, tools such as IBM’s SPARCLE [176] could be used to convert the policies into machine-readable form, facilitating implementation. One fundamental open question is whether a machine-readable privacy policy language (e.g., P3P) can be comprehensive enough to model all possible requirements and organizational assumptions.

Second, we need more support for implementing and enforcing privacy policies. These challenges rest both with the people and the technology involved in the personal data processing. The technical implementation of privacy policies has been the topic of systems research [30], and some of those ideas have been incorporated into commercial products (e.g., IBM’s Tivoli product line). It is worth noting that the challenge of enforcement is exacerbated as we move towards mobile and ubiquitous computing environments. A single, unaccounted mobile device can create massive problems for an organization that are difficult to remedy. For example, because most laptops are configured to tunnel through corporate firewalls, a company would have to assume that a lost or stolen laptop could be used to breach network security. There have also been many incidents of laptops containing personal data on thousands of people being stolen or lost. Incidents like these dramatically expose organizations’ vulnerability to large-scale

end-user-privacy-in-human-computer-interaction-v57.docPage 73 of 85

Document info
Document views351
Page views351
Page last viewedSun Jan 22 03:53:34 UTC 2017