 |
|
Background.
Software can be viewed as the implementation of rules, norms, criteria and policies. All those if's and switch statements have human consequences, as you will realize if you ever been told by a customer service representative that the computer can't issue a refund right now. How can we make policies that regulate user behavior more visible, modular, flexible, and contested? Policies regulate many human concerns, but my current interests are in allowing users to specify usage policies in the area of personal privacy and to investigate the underlying infrastructure issues necessary to make this work.
Studies of privacy policies and privacy-related behavior.
We have conducted several studies of policies and policy-related behavior. The methodologies are diverse. In the case of policy-related behavior, we have moved away from surveys to pseudo-experiments and log analysis. Our own studies show that people do not do what they say, at least when it comes to online commerce and personal disclosure of information. In the case of policies themselves, we have done corpus analysis to analyze what types of restrictions are imposed by published website policies, mainly in the healthcare industry.
Specifying privacy policies.
There is a continuum from informal policies that regulate individual and organizational behavior at one extreme to specifications of software functionality, that govern what a system does at the other extreme. Typically, when we specify an embedded application, such as a real-time controller, we expect a correctly implemented solution to do what the specification says. If it doesn't, it's wrong. But when we specify human policies, we have to cater for situations in which people don't do what the policy requires. Doctors share patient information when emergency care requires it. Professors bend the grading criteria for borderline students. Most sociotechnical systems, being part human and part technological, are somewhere in between. Their behavior is biddable and conditional rather than specifiable and deterministic. However, we want to be able to write policies in a machine-readable and executable language, because systems often have to execute policies on behalf of their users or owning organizations. Privacy policies, intellectual property protection restrictions, security policies, are frequently encountered examples of rules that regulate human conduct but which are enforced by technology.
Early attempts to specify policies were typically formal languages based on logics of obligation and permission - and therefore not easily understood by those drafting policies or software developers - or were simple sets of settable preference flags, which were easy to understand in principle, but typically only referred to implementation concepts (such as whether cookies could be created by a browser) and therefore not easy for most users to relate to. Our current work is focused on a semi-formal policy specification graphical language PSGL that can be used to translate the creation and delegation of obligations and permissions into event-oriented terms. The intention is for this to be a bridge between policy makers or lawyers, users or consumer representatives, and system implementors.
Technology for policy management.
The iWatch system consists of a crawler that analyzes connections among websites and a browser proxy that alerts users to information sharing. Connections identified by the crawler are taken as prima facie evidence of possible intentions by the managing companies to share personal data of online customers.
Current work includes the development of a prototype policy workbench for listing, tabulating and simple analysis of PSGL policies.
We have also conducted investigations into the elaboration of technology requirements from high-level policies and information sharing goals. (See the requirements page for more information.)
Relevant publications.