cylab
play

CyLab A Case Study on the Role of Usability Studies in Developing - PowerPoint PPT Presentation

Nov 05, 2023 •317 likes •708 views

CyLab A Case Study on the Role of Usability Studies in Developing Public Engineering & Policy Public Policy Rebecca Balebako, Richard Shay, Lorrie Faith Cranor y & c S a e v c i u r P r i t e y l b L a a s

  1. CyLab A Case Study on the 
 Role of Usability Studies in Developing Public 
 Engineering & Policy Public Policy Rebecca Balebako, Richard Shay, Lorrie Faith Cranor y & c S a e v c i u r P r i t e y l b L a a s b U o b r a a t L o y r C y U H D T T E P . U : / M / C C U . S P S C . 1

  2. WANTED: USABILITY EXPERTS • Usability experts are needed to help create and evaluate public policy • Voting machines • Accessibility • Privacy and Security • I offer some lessons learned 2

  3. RECENT POLICY: WHITE HOUSE 3

  4. NTIA: MOBILE APPLICATION TRANSPARENCY 4

  5. MULTI-STAKEHOLDER PROCESS (MSHP) • Open meetings • Monthly • Stakeholders • App development companies • Consumer-advocate non-profits • Privacy lawyers 5

  6. NTIA CODE OF CONDUCT • Goal: Short-form privacy notice for apps • Inform app users about data collection • Improve transparency • Standardized notice 6

  7. NTIA CODE OF CONDUCT • Short form notice must inform users about • 7 Data Types • 8 Third-Party Entities 7

  8. DATA TYPES • Biometrics (information about your body, including fingerprints, facial recognition, signatures and/or voice print.) • Browser History and Phone or Text Log (A list of websites visited, or the calls or texts made or received.) • Contacts (including list of contacts, social networking connections or their phone numbers, postal, email and text addresses.) • Financial Information (Includes credit, bank and consumer-specific financial information such as transaction data.) • Health, Medical or Therapy Information (including health claims and information used to measure health or wellness.) • Location (precise past or current location and history of where a user has gone.) • User Files (files stored on the device that contain your content, such as calendar, photos, text, or video.) 8

  9. DATA TYPES • Biometrics (information about your body, including fingerprints, facial recognition, signatures and/or voice print.) • Browser History and Phone or Text Log (A list of websites visited, or the calls or texts made or received.) • Contacts (including list of contacts, social networking connections or their phone numbers, postal, email and text addresses.) • Financial Information (Includes credit, bank and consumer-specific financial information such as transaction data.) • Health, Medical or Therapy Information (including health claims and information used to measure health or wellness.) • Location (precise past or current location and history of where a user has gone.) • User Files (files stored on the device that contain your content, such as calendar, photos, text, or video.) 9

  10. DATA TYPES • Biometrics (information about your body, including fingerprints, facial recognition, signatures and/or voice print.) • Browser History and Phone or Text Log (A list of websites visited, or the calls or texts made or received.) • Contacts (including list of contacts, social networking connections or their phone numbers, postal, email and text addresses.) • Financial Information (Includes credit, bank and consumer-specific financial information such as transaction data.) • Health, Medical or Therapy Information (including health claims and information used to measure health or wellness.) • Location (precise past or current location and history of where a user has gone.) • User Files (files stored on the device that contain your content, such as calendar, photos, text, or video.) 10

  11. THIRD-PARTY ENTITIES • Ad Networks (Companies that display ads to you through apps.) • Carriers (Companies that provide mobile connections.) • Consumer Data Resellers (Companies that sell consumer information to other companies for multiple purposes including offering products and services that may interest you.) • Data Analytics Providers (Companies that collect and analyze your data.) • Government Entities (Any sharing with the government except where required or expressly permitted by law.) • Operating Systems and Platforms (Software companies that power your device, app stores, and companies that provide common tools and information for apps about app consumers.) • Other Apps (Other apps of companies that the consumer may not have a relationship with) • Social Networks (Companies that connect individuals around common interests and facilitate sharing.) 11

  12. THIRD-PARTY ENTITIES • Ad Networks (Companies that display ads to you through apps.) • Carriers (Companies that provide mobile connections.) • Consumer Data Resellers (Companies that sell consumer information to other companies for multiple purposes including offering products and services that may interest you.) • Data Analytics Providers (Companies that collect and analyze your data.) • Government Entities (Any sharing with the government except where required or expressly permitted by law.) • Operating Systems and Platforms (Software companies that power your device, app stores, and companies that provide common tools and information for apps about app consumers.) • Other Apps (Other apps of companies that the consumer may not have a relationship with) • Social Networks (Companies that connect individuals around common interests and facilitate sharing.) 12

  13. FRAGILE AGREEMENT 13

  14. USABILITY TEST SUBGROUP • There was no consensus in the usability group with regard to the following: • Is any of the actual language of the Code subject to testing for consumer comprehension? 14

  15. EXPERIMENT TO EVALUATE THE UNDERSTANDING OF THE CODE OF CONDUCT TERMS Rebecca Balebako, Rich Shay, Lorrie Faith Cranor 15

  16. ONLINE SURVEY • 10 randomized app scenarios • Users selected the data and entities shared in each scenario • 2 conditions – with and without parentheticals 16

  17. SCENARIO EXAMPLE 17

  18. PARENTHETICAL CONDITION 18

  19. SURVEY PARTICIPANTS • 791 participants from Amazon mturk • 51% female • Age 18-73 years (mean 33, std 11) • 82% own a smartphone • Total cost: $913.35 19

  20. WHAT IS THE RIGHT ANSWER? • Ask the Experts – NTIA MSHP participants • 4 participated • Low agreement amongst experts • All 4 agreed on 8/19 entities • All 4 agreed on 16/34 data types 20

  21. PARTICIPANT RESULTS • Used ‘common understanding’ • Winning term • High common understanding: • >60% of participants agreed on the winning term • Low common understanding • <60% of participants agreed 21

  22. COMMON UNDERSTANDING THIRD PARTIES SuperTax: State Agency 22

  23. COMMON UNDERSTANDING THIRD PARTIES 23

  24. 24

  25. SuperTax: Photo of W2 With parenthetical User Files (files stored on the device that contain your content, such as calendar, photos, text, or video.) 25

  26. USER STUDY RESULTS • Parenthetical text helped sometimes • Third-Party entities are poorly understood. • Better definitions are needed 26

  27. IMPACT • Technical report released July 17, 2013 • Final NTIA MSHP meeting July 25 th , 2013 27

  28. PUBLIC POLICY FOR USABILITY EXPERTS • Disagreement about what ‘usability’ is. • Cost of usability studies impacts what gets studied and when. • Process fatigue; the timeline to solve a problem is different than in academia. • Engage early. 28

  29. QUESTIONS? 29 B A L E B A K O @ C M U . E D U

  30. LIMITATIONS • No ground truth • Did not test better or alternative wording • Not part of the typical flow for users • Short form was not actually tested • Final Code of Conduct was announced one week after tech report was released 30

  31. PROTOTYPE 31

  32. CURRENT INTERFACES 32

  33. COMMON UNDERSTANDING THIRD PARTIES 33

  34. COMMON UNDERSTANDING DATA TYPES 34

  35. COMMON UNDERSTANDING DATA TYPES 35

  36. COMMON UNDERSTANDING DATA TYPES With parenthetical SuperTax: Photo of W2 User Files (files stored on the device that contain your content, such as calendar, photos, text, or video.) 36

  37. PROTOTYPE FROM ACT 37

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On the Usability of Firewall Configuration Tina Wong July 27 2006 CyLab IACBP 1 Firewalls

On the Usability of Firewall Configuration Tina Wong July 27 2006 CyLab IACBP 1 Firewalls

Carnegie Mellon CyLab 4720 FORBES AVENUE CIC BUILDING PITTSBURGH, PA 15213 PH: 412.268.1870 FX: 412.268.7675 www.cylab.cmu.edu On the Usability of Firewall Configuration Tina Wong July 27 2006 CyLab IACBP 1 Firewalls Firewalls are

890 views • 20 slides
Alessandro Acq isti and Ralph Gross Alessandro Acquisti and Ralph Gross Heinz College/CyLab C

Alessandro Acq isti and Ralph Gross Alessandro Acquisti and Ralph Gross Heinz College/CyLab C

Alessandro Acq isti and Ralph Gross Alessandro Acquisti and Ralph Gross Heinz College/CyLab C Carnegie Mellon University i M ll U i it Research support from National Science Foundation, U.S. Army R Research Office (through CyLab), Carnegie

302 views • 26 slides
Alessandro Acq isti and Ralph Gross Alessandro Acquisti and Ralph Gross Heinz College/CyLab C

Alessandro Acq isti and Ralph Gross Alessandro Acquisti and Ralph Gross Heinz College/CyLab C

Alessandro Acq isti and Ralph Gross Alessandro Acquisti and Ralph Gross Heinz College/CyLab C Carnegie Mellon University i M ll U i it Research support from National Science Foundation, U.S. Army R Research Office (through CyLab), Carnegie

553 views • 27 slides
Nektarios Leontiadis (CMU/EPP/CyLab) leontiadis@cmu.edu Joint work

Nektarios Leontiadis (CMU/EPP/CyLab) leontiadis@cmu.edu Joint work

Nektarios Leontiadis (CMU/EPP/CyLab) leontiadis@cmu.edu Joint work with Nicolas Christin (CMU) and Tyler Moore (Harvard) Online crime Emergence of complex

625 views • 24 slides
A Survey of Current Android ABacks Timothy Vidas Daniel

A Survey of Current Android ABacks Timothy Vidas Daniel

A Survey of Current Android ABacks Timothy Vidas Daniel Vo*pka Nicolas Chris=n ECE/CyLab INI/CyLab INI/CyLab Carnegie Mellon Carnegie Mellon Carnegie

540 views • 40 slides
The Privacy and CyLab Security Behaviors of Smartphone Engineering &amp; App Developers

The Privacy and CyLab Security Behaviors of Smartphone Engineering &amp; App Developers

The Privacy and CyLab Security Behaviors of Smartphone Engineering &amp; App Developers Public Policy Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason Hong, Lorrie Faith y &amp; c S a e v c i u r P r i t e y l b L a

646 views • 26 slides
The Crossfire Attack Min Suk Kang Soo Bum Lee Virgil D. Gligor ECE Department and CyLab,

The Crossfire Attack Min Suk Kang Soo Bum Lee Virgil D. Gligor ECE Department and CyLab,

The Crossfire Attack Min Suk Kang Soo Bum Lee Virgil D. Gligor ECE Department and CyLab, Carnegie Mellon University May 20 2013 Old: DDoS Attacks against Single Servers typical attack : floods server with HTTP, UDP, SYN, ICMP packets

613 views • 28 slides
Whats Necessary to Establish Malware Freedom Unconditionally? Virgil D. Gligor ECE and CyLab

Whats Necessary to Establish Malware Freedom Unconditionally? Virgil D. Gligor ECE and CyLab

Whats Necessary to Establish Malware Freedom Unconditionally? Virgil D. Gligor ECE and CyLab Carnegie Mellon University Pittsburgh, PA 15213 FCS Workshop Boston June 22, 2020 06/22/2020 1 Outline I. Background - adversary: persistent

397 views • 21 slides
Privacy economics, Privacy economics, CyLab attitudes, and attitudes, and behavior behavior

Privacy economics, Privacy economics, CyLab attitudes, and attitudes, and behavior behavior

Privacy economics, Privacy economics, CyLab attitudes, and attitudes, and behavior behavior Engineering &amp; Public Policy Lorrie Faith Cranor September 5, 2013 y &amp; c S a e v c i u r P r i t e y l b L a a s b

845 views • 26 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor November 11, 2014 y &amp; c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor October 29, 2013 y &amp; c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Online Behavioral CyLab Advertising User Studies y &amp; c S a e v c i u r P r i

Online Behavioral CyLab Advertising User Studies y &amp; c S a e v c i u r P r i

Online Behavioral CyLab Advertising User Studies y &amp; c S a e v c i u r P r i t e y l b L Pedr Pedro Giovanni Leon and o Giovanni Leon and Blase Blase Ur Ur a a s b U o b r a a t W3C DNT and Beyond

358 views • 25 slides
Fair information Fair information CyLab practices and privacy practices and privacy principles

Fair information Fair information CyLab practices and privacy practices and privacy principles

Fair information Fair information CyLab practices and privacy practices and privacy principles principles Engineering &amp; Public Policy Lorrie Faith Cranor September 11, 2014 y &amp; c S a e v c i u r P r i t e y l b

815 views • 28 slides
Fair information Fair information CyLab practices and privacy practices and privacy principles

Fair information Fair information CyLab practices and privacy practices and privacy principles

Fair information Fair information CyLab practices and privacy practices and privacy principles principles Engineering &amp; Public Policy Lorrie Faith Cranor &amp; Rebecca Balebako y &amp; c S a e v c i u r P r i t e

823 views • 24 slides
Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem Kyle Soska

Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem Kyle Soska

Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem Kyle Soska Nicolas Christin Carnegie Mellon University Carnegie Mellon University ECE / Cylab ECE / Cylab ksoska@cmu.edu nicolasc@cmu.edu 1 Conventional

650 views • 47 slides
Automatically Detecting Vulnerable Sites Before They Turn Malicious Kyle Soska Nicolas

Automatically Detecting Vulnerable Sites Before They Turn Malicious Kyle Soska Nicolas

Automatically Detecting Vulnerable Sites Before They Turn Malicious Kyle Soska Nicolas Chris&gt;n Carnegie Mellon University Carnegie Mellon University ECE / Cylab ECE / Cylab

491 views • 28 slides
Section 7: Lab 2 &amp; Authentication CSE 484 / CSE M 584 Administrivia May 15 th May 25 th

Section 7: Lab 2 &amp; Authentication CSE 484 / CSE M 584 Administrivia May 15 th May 25 th

Section 7: Lab 2 &amp; Authentication CSE 484 / CSE M 584 Administrivia May 15 th May 25 th Final Project Checkpoint 1 Due @ Memorial Day: No Lecture 11:59pm Lab 2 Due @ 11:59pm Homework 3 Due @ 11:59pm May 22 nd May 29 th More Lab 2 Hints

868 views • 33 slides
Secure Face Matching Using Fully Homomorphic Encryption Vishnu Boddeti Michigan State University

Secure Face Matching Using Fully Homomorphic Encryption Vishnu Boddeti Michigan State University

Secure Face Matching Using Fully Homomorphic Encryption Vishnu Boddeti Michigan State University October 23rd, 2018 []$ [1/1] &gt;&gt;&gt; Face Representation and Matching * Face Representation: Alignment Embedding Function Representation

1.19k views • 55 slides
Helper data schemes for privacy-preserving biometrics Boris kori TU Eindhoven van der

Helper data schemes for privacy-preserving biometrics Boris kori TU Eindhoven van der

Helper data schemes for privacy-preserving biometrics Boris kori TU Eindhoven van der Meulen seminar Leuven, December 2011 1 Outline Security with noisy data - biometrics &amp; privacy - Physical Unclonable Functions (PUFs)

828 views • 39 slides
What is an experiment? In an experiment, a Physical Phenomenon is isolated as good as possible

What is an experiment? In an experiment, a Physical Phenomenon is isolated as good as possible

What is an experiment? In an experiment, a Physical Phenomenon is isolated as good as possible from the environment and its effect on (or interaction with) a Measuring quantity is recorded. Using a model , if the physical interaction is well

561 views • 37 slides
Lecture 7: Authentication Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi

Lecture 7: Authentication Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi

T-79.159 Cryptography and Data Security Lecture 7: Authentication Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi T-79.159 Cryptography and Data Security, 10.03.2004 Lecture 7: Authentication, Helger Lipmaa 1 Recap

904 views • 53 slides
Next Generation Border Crossing ePassports and their Impact on Border Control Gregor Kltzsch |

Next Generation Border Crossing ePassports and their Impact on Border Control Gregor Kltzsch |

Next Generation Border Crossing ePassports and their Impact on Border Control Gregor Kltzsch | Bundesdruckerei GmbH | Berlin Contents Trends Status quo ePassports Impact on border control Future border control requirements and

621 views • 16 slides
Making decisions with biometric systems: the usefulness of a Bayesian perspective A. Nautsch ,

Making decisions with biometric systems: the usefulness of a Bayesian perspective A. Nautsch ,

Making decisions with biometric systems: the usefulness of a Bayesian perspective A. Nautsch , D. Ramos Castro , J. Gonz guez , alez Rodr Christian Rathgeb , Christoph Busch Hochschule Darmstadt, CRISP, CASED, da/sec

1.24k views • 57 slides
Application of Blockchains to Patient-Centered Health Records Adrian Gropper, MD CTO, Patient

Application of Blockchains to Patient-Centered Health Records Adrian Gropper, MD CTO, Patient

Application of Blockchains to Patient-Centered Health Records Adrian Gropper, MD CTO, Patient Privacy Rights McCombs School of Business Healthcare Initiative April 7, 2017 1 Patient Physician Health Record 2 Community Service Research

416 views • 15 slides

More recommend