Andrew S. Patrick

From Privacy Legislation to Interface Design: Implementing Information Privacy in Human-Computer Interactions

Internet users are becoming more concerned about their privacy. In addition, various governments (most notably in Europe) are adopting strong privacy protection legislation. The result is that system developers and service operators must determine how to comply with legal requirements and satisfy users. The human factors requirements for effective privacy interface design can be grouped into four categories: (1) comprehension, (2) consciousness, (3) control, and (4) consent. A technique called ”Privacy Interface Analysis” is introduced to show how interface design solutions can be used when developing a privacy-enhanced application or service. To illustrate the technique, an application adopted by the Privacy Incorporated Software Agents consortium (PISA) is analyzed in which users will launch autonomous software agents on the Internet to search for jobs.

Passwords: If We're So Smart, Why Are We Still Using Them?

While a lot has changed in Internet security in the last 10 years, a lot has stayed the same --- such as the use of alphanumeric passwords. Passwords remain the dominant means of authentication on the Internet, even in the face of significant problems related to password forgetting and theft. In fact, despite large numbers of proposed alternatives, we must remember more passwords than ever before. Why is this? Will alphanumeric passwords still be ubiquitous in 2019, or will adoption of alternative proposals be commonplace? What must happen in order to move beyond passwords? This note pursues these questions, following a panel discussion at Financial Cryptography and Data Security 2009.

HCI and security systems

This workshop will seek to understand the roles and demands placed on users of security systems, and explore design solutions that can assist in making security systems usable and effective. In addition to examining end-users, this workshop will also examine the issues faced by security system developers and operators. The goal of the workshop is to build a network of interested people, share research activities and results, discuss high priority areas for research and development, and explore opportunities for collaboration.

Exploring User Reactions to New Browser Cues for Extended Validation Certificates

With the introduction of Extended Validation SSL certificates in Internet Explorer 7.0, web browsers are introducing new indicators to convey status information about different types of certificates. We carried out a user study which compared a proposed new interface in the Mozilla Firefox browser with an alternative interface of our own design to investigate how users react to these new indicators. Our study included eye tracking data which provided empirical evidence with respect to which parts of the browser interface users tended to look at during the study and which areas went unnoticed. Our results show that, while the new interface features in the unmodified Firefox browser went unnoticed by all users in our study, the modified design was noticed by over half of the participants, and most users show a willingness to adopt these features once made aware of their functionality.

Perception and acceptance of fingerprint biometric technology

The acceptance of biometric security services appears to be affected by several factors, one of which may be the context in which it is used. In this study, 24 participants were asked to roleplay the use of a fingerprint biometric identification system when making purchases at an online bookstore. The results show differences in opinions about the biometric system when the perceived benefits for the users were manipulated. Participants were more comfortable using biometrics, and considered them more beneficial, when they were used to secure personal information for personal purchases, in contrast to securing personal information for corporate purchases. The results suggest that application contexts with obvious, apparent benefits to the user tend to lead to greater perceptions of usability and higher acceptance rates than contexts where there are only system or corporate benefits...

Usability and Acceptability of Biometric Security Systems

Biometrics are receiving a lot of attention because of the potential to increase the accuracy and reliability of identification and authentication functions. A lot of research has been done to assess the performance of biometric systems, with an emphasis on false acceptances and rejections. Much less research has been done on the usability and acceptability of biometric security systems. A number of factors are increasing the usability of biometric devices. The sensors are getting smaller, cheaper, more reliable, and designed with better ergonomic characteristics. The biometric algorithms are also getting better, and many systems include features to train the users and provide feedback during use. In addition, biometric devices are being integrated into associated security systems, such as access control and encryption services, to provide a seamless environment.

Automated social network analysis for collaborative work

Inter-networked computers enable virtual collaborative work. In the course of interacting with one another, individuals send and receive messages and files of various sorts. This may be done within specialized collaborative work environments, or by simply employing a combination of different communication tools and applications. In the course of doing their work, collaborators perform different actions that create and/or otherwise manipulate digital artifacts that are related to different aspects of their collaboration. Social network analysis is used to develop a fuller understanding of interactions between people. We describe a software prototype of a tool that automatically measures and analyzes aspects of collaboration developing visualizations of likely social interactions. In this paper we describe the system, some early results, and several different possible applications of the technology.

COMODA: a conversation model for database access

Abstract As electronic database technology becomes less expensive, people will want to access information without undergoing special training. These people could use their native language if databases could be accessed through natural language conversations. The approach of the current research is that in order for the computer to be controlled by natural language, the computer does not have to understand it, only respond correctly. The conversation model for database access (COMODA) describes information retrieval as a dialogue. The dialogue is modelled by a series of states, where each state has an utterance that provides some information. The states are linked by transitions that are followed if a parse template matches the input sentence. Provisions are made for backtracking to earlier states, and for changes in topic. A small database of general information about one division of the Federal Government was implemented on an IBM-PC using these principles. When ten untrained people were allowed to conve...

Private data management in collaborative environments

Organizations are under increasing pressures to manage all of the personal data concerning their customers and employees in a responsible manner. With the advancement of information and communication technologies, improved collaboration, and the pressures of marketing, it is very difficult to locate personal data is, let alone manage its use. in this paper, we outline the challenges of managing personally identifiable information in a collaborative environment, and describe a software prototype we call SNAP (Social Networking Applied to Privacy). SNAP uses automated workflow discovery and analysis, in combination with various text mining techniques, to support automated enterprise management of personally identifiable information.

Field testing a natural-language information system: usage characteristics and users' comments

Abstract A field trial was conducted to test a natural-language technology developed by the authors (COMODA) and to dispense AIDS information to the public. This trial allowed users with computers and modems to dial-in to an AIDS information system and ask questions or browse through the information. The system received nearly 500 calls during a two month period. The calls lasted an average of 10 minutes and involved an average of 27 interactions between the user and the computer. Approximately 45% of the interactions were direct naturallanguage questions, and the COMODA system was quite successful in answering these questions. Also, the comments left by the users were extremely positive, with 96% of the users who rated the system giving it a positive rating. The users commented that the COMODA system was an easy-to-use method of accessing valuable AIDS information, and they would like to see the system expanded to cover more topic areas. The users also made useful suggestions on how the system could be improved. It was concluded that the COMODA system is a viable natural-language access system for presenting information to the public.