The Case for Privacy Awareness Requirements

1. Introduction

The emergence of mobile and pervasive technologies has transformed everyday life (Aker & Mbiti, 2010), but privacy concerns threaten their acceptance by some users (Shin, 2010; Satyanarayanan, 2003). In part, the problem is with privacy awareness, which often arises when technologies blur the boundaries between public and personal spaces (Lahlou, et. al., 2005), and users are unaware of when and for what purpose sensitive information about them is being collected, analyzed or disseminated. Traditional theories suggest users should be able to manage their privacy, yet empirical research evidence suggests that users often lack enough awareness to make privacy sensitive decisions (Acquisti & Grossklags, 2005). This suggests a need for more systematic approaches to enable the explicit consideration of privacy awareness in software systems.

Privacy awareness imbibes the notions of privacy and awareness (Figure 1). In requirements engineering, these two notions have been investigated in a number of research studies. In privacy research, the engineering of privacy requirements has been proposed (Kalloniatis, et.al., 2008; Bijwe & Mead, 2010; He & Antón 2003). Similarly, awareness requirements have been seen as an avenue to systematically capture the awareness features of systems (Mylopoulos et al., 2010; Endsley, 1993). However, while a number of research papers have pointed to the impact of awareness on the regulation of privacy (Mancini et.al., 2009; Jedrzejczyk, et.al., 2010), there is no approach to systematically describe, represent, and analyse privacy awareness from a requirements perspective.

Pötzsch, (2009) defines privacy awareness as an individual’s cognition of who, when, which, what amount, and how personal information about his/her activity is processed and utilized. Pötzsch’s view of privacy awareness helps provide a set of constructs for building a context for which privacy can be assessed. However, individuals’ cognition of these contexts, and their description and implementation, has not been investigated in privacy engineering (Spiekermann & Cranor, 2009). We suggest that privacy awareness is critical to enable users and systems gain sufficient knowledge about how to act in privacy sensitive situations. As they gain assurance that their privacy is broadly preserved, they may consider forfeiting their privacy when engaging in some interactions. Privacy awareness is also useful to enable users understand the consequences of events on their privacy, and can assist in threat mitigation and subsequent reassurance that privacy is preserved.

Figure 1.

Privacy awareness and its requirements draw upon notions privacy and awareness

In this ‘visionary paper’, we begin by presenting a short review of privacy and awareness concepts in section 2. In section 3, we then present our argument for privacy awareness by using a scenario to describe the privacy awareness needs that can help users establish appropriate levels of privacy. In section 4, we introduce and illustrate the notion of privacy awareness requirements as a novel systematic means for considering privacy during software development. We discuss open research issues for engineering privacy awareness in software systems. These research challenges range from methods and processes for identifying privacy awareness requirements, representation and analysis mechanisms, and the socio-technical issues that are inherent when considering the privacy awareness needs of software systems. Finally, we present our conclusions and own agenda for further work in section 5.

2. Background And Motivation

While awareness and privacy are two distinct concepts that have been investigated separately in the development of software systems, little is known about the benefit of their synergy. This section reviews the background of these two concepts and motivates different aspects of individual privacy negotiations where awareness is essential.