2010 CRC PhD Student Conference

   Distilling Privacy Requirements for Mobile Applications
2010 CRC PhD Student Conference

      (i) What are the end-user privacy requirements for mobile applications?
Upcoming SlideShare
Loading in …5



Published on

PhD Student Conference at the OU's Centre fro Research in Computing

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. 2010 CRC PhD Student Conference Distilling Privacy Requirements for Mobile Applications Keerthi Thomas k.thomas@open.ac.uk Supervisors Prof. Bashar Nuseibeh Dr. Arosha Bandara Mr. Blaine Price Department/Institute Computing Status Part-time Probation viva After Starting date Oct. 2008 As mobile computing applications become commonplace, eliciting and analysing users’ privacy requirements associated with these applications is increasingly important. Such mobile privacy requirements are closely linked to both the physical and socio-cultural context in which the applications are used. Previous research by Adams and Sasse [1] has highlighted how system designers, policy makers and organisations can easily become isolated from end-users’ perceptions of privacy in different contexts. For mobile applications, end-users’ context changes frequently and Mancini et al.’s observations of such users [2] suggest that changes in users’ context result in changes in the users’ privacy requirements. Omitting these privacy requirements not only affects the user’s privacy but also has an impact on how well the system is adopted or utilised. Moreover, the design of technologies influencing privacy management is often considered and addressed as an afterthought [3], when in fact the guarantees and assurances of privacy should have been included in the design right from the outset. The aim of my research is therefore to ensure that privacy requirements of mobile systems are captured early, together with the specification of the possible variations in these systems’ operating context. Privacy requirements have been analysed from different perspectives by the requirements engineering community. Anton et al. [4] explored the role of policy and stakeholder privacy values, Breaux and Anton [5] modelled requirements based on privacy laws such as HIPAA, and Cranor et al. [6] represented her requirements using privacy policies of various online organisations. Some researchers have modelled privacy as part of a wider modelling effort. For example, Yu and Cysneiros [7] characterised privacy as a non-functional requirement in i* using OECD guidelines [8], and Kalloniatis et al. [9] described a security engineering method to incorporate privacy requirements early in the system development process. However, I am not aware of any work that specifically focuses on the challenges of understanding the privacy requirements associated with mobile computing applications. Eliciting end-user privacy requirements for mobile applications is both sensitive and difficult. Questionnaires do not reveal the ‘real’ choices end-users make because the decisions are influenced by the emerging context in a particular situation. Shadowing users for long hours is neither practical nor useful as the experience of being under observation is likely to change the behaviour of the users in ways that invalidate any observed behaviours that relate to privacy. Mancini et al.’s prior work [2] showed that privacy preferences and behaviours in relation to mobile applications are closely linked to socio-cultural, as well as to physical, boundaries that separate different contexts in which the applications are used. From the literature survey carried out earlier, I am not aware of any requirements engineering process that specifically supported the elicitation of privacy requirements for mobile or context-aware systems. Given the complexities and the need to elicit privacy requirements for mobile systems, the aim of my research is therefore to address the following questions: Page 102 of 125
  2. 2. 2010 CRC PhD Student Conference (i) What are the end-user privacy requirements for mobile applications? (ii) How can privacy requirements be elicited for mobile applications? What elicitation techniques, requirement models and analysis methods are needed in the privacy requirements engineering process? To address these research questions, I present a systematic approach to modelling privacy requirements for mobile computing applications where I demonstrate how requirements are derived (“distilled”) from raw empirical data gathered from studying users of mobile social networking applications. I propose the use of a user-centric privacy requirements model that combines relevant contextual information with the users’ interaction and privacy perceptions of the mobile application. The development of this model was informed by empirical data gathered from my previous studies of mobile privacy [2]. Finally, I validate my work by using the model as the basis for extending existing requirements modelling approaches, such as Problem Frames. I show how the extended Problem Frames approach can be applied to capture and analyse privacy requirements for mobile social networking applications. References [1] Adams, A. and Sasse, M.A., Privacy issues in ubiquitous multimedia environments: Wake sleeping dogs, or let them lie? in Proc. of INTERACT ’99, Edinburgh, 1999, pp. 214-221J. [2] Mancini, C., et al., From spaces to places: emerging contexts in mobile privacy. in Proc. of the 11th Int, Conf. on Ubiquitous computing, Orlando, FL, 2009, pp. 1-10. [3] Anton, A.I. and Earp, J.B., Strategies for Developing Policies and Requirements for Secure Electronic Commerce Systems. in 1st ACM Workshop on Security and Privacy in E-Commerce, Athens, Greece, 2000, pp. unnumbered pages. [4] Anton, A.I., Earp, J.B., Alspaugh, T.A., and Potts, C., The Role of Policy and Stakeholder Privacy Values in Requirements Engineering. in Proc. of the 5th IEEE Int. Symp, on Requirements Engineering, 2001, pp.138. [5] Breaux, T.D. and Anton, A.I., Mining rule semantics to understand legislative compliance. in Proc. of the 2005 ACM workshop on Privacy in the electronic society, Alexandria, VA, USA, 2005, pp. 51 - 54 [6] Cranor, L.F., 1998. The platform for privacy preferences. Communications of ACM 42 (2), 48–55. [7] Yu, E. and L.M. Cysneiros. Designing for Privacy and Other Competing Requirements. in 2nd Symp. on Requirements Engineering for Information Security (SREIS'02). 2002. Raleigh, North Carolina. [8] “Inventory of instruments and mechanisms contributing to the implementation and enforcement of the OCDE privacy guidelines on global networks” Head of Publications Services, OECD, 2 rue- André-Pascal, 75775 Paris Cedex 16, France. [9] Kalloniatis, C., Kavakli, E., and Gritzalis, S. Addressing privacy requirements in system design: the PriS method Requirements Engineering, Springer London, 13 (3). pp. 241-255. Page 103 of 125