The Case for Privacy Awareness Requirements

The Case for Privacy Awareness Requirements

Inah Omoronyia (School of Computing Science, University of Glasgow, Glasgow, UK)
Copyright: © 2016 |Pages: 18
DOI: 10.4018/IJSSE.2016040102
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Privacy awareness is a core determinant of the success or failure of privacy infrastructures: if systems and users are not aware of potential privacy concerns, they cannot effectively discover, use or judge the effectiveness of privacy management capabilities. Yet, privacy awareness is only implicitly described or implemented during the privacy engineering of software systems. In this paper, the author advocates a systematic approach to considering privacy awareness. He characterizes privacy awareness and illustrate its benefits to preserving privacy in a smart mobile environment. The author proposes privacy awareness requirements to anchor the consideration of privacy awareness needs of software systems. Based on these needs, an initial process framework for the identification of privacy awareness issues is proposed. He also argues that a systematic route to privacy awareness necessitates the investigation of an appropriate representation language, analysis mechanisms and understanding the socio-technical factors that impact the manner in which we regulate our privacy.
Article Preview

1. Introduction

The emergence of mobile and pervasive technologies has transformed everyday life (Aker & Mbiti, 2010), but privacy concerns threaten their acceptance by some users (Shin, 2010; Satyanarayanan, 2003). In part, the problem is with privacy awareness, which often arises when technologies blur the boundaries between public and personal spaces (Lahlou, et. al., 2005), and users are unaware of when and for what purpose sensitive information about them is being collected, analyzed or disseminated. Traditional theories suggest users should be able to manage their privacy, yet empirical research evidence suggests that users often lack enough awareness to make privacy sensitive decisions (Acquisti & Grossklags, 2005). This suggests a need for more systematic approaches to enable the explicit consideration of privacy awareness in software systems.

Privacy awareness imbibes the notions of privacy and awareness (Figure 1). In requirements engineering, these two notions have been investigated in a number of research studies. In privacy research, the engineering of privacy requirements has been proposed (Kalloniatis, et.al., 2008; Bijwe & Mead, 2010; He & Antón 2003). Similarly, awareness requirements have been seen as an avenue to systematically capture the awareness features of systems (Mylopoulos et al., 2010; Endsley, 1993). However, while a number of research papers have pointed to the impact of awareness on the regulation of privacy (Mancini et.al., 2009; Jedrzejczyk, et.al., 2010), there is no approach to systematically describe, represent, and analyse privacy awareness from a requirements perspective.

Figure 1.

Privacy awareness and its requirements draw upon notions privacy and awareness

Pötzsch, (2009) defines privacy awareness as an individual’s cognition of who, when, which, what amount, and how personal information about his/her activity is processed and utilized. Pötzsch’s view of privacy awareness helps provide a set of constructs for building a context for which privacy can be assessed. However, individuals’ cognition of these contexts, and their description and implementation, has not been investigated in privacy engineering (Spiekermann & Cranor, 2009). We suggest that privacy awareness is critical to enable users and systems gain sufficient knowledge about how to act in privacy sensitive situations. As they gain assurance that their privacy is broadly preserved, they may consider forfeiting their privacy when engaging in some interactions. Privacy awareness is also useful to enable users understand the consequences of events on their privacy, and can assist in threat mitigation and subsequent reassurance that privacy is preserved.

In this ‘visionary paper’, we begin by presenting a short review of privacy and awareness concepts in section 2. In section 3, we then present our argument for privacy awareness by using a scenario to describe the privacy awareness needs that can help users establish appropriate levels of privacy. In section 4, we introduce and illustrate the notion of privacy awareness requirements as a novel systematic means for considering privacy during software development. We discuss open research issues for engineering privacy awareness in software systems. These research challenges range from methods and processes for identifying privacy awareness requirements, representation and analysis mechanisms, and the socio-technical issues that are inherent when considering the privacy awareness needs of software systems. Finally, we present our conclusions and own agenda for further work in section 5.

2. Background And Motivation

While awareness and privacy are two distinct concepts that have been investigated separately in the development of software systems, little is known about the benefit of their synergy. This section reviews the background of these two concepts and motivates different aspects of individual privacy negotiations where awareness is essential.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 8: 4 Issues (2017): 2 Released, 2 Forthcoming
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing