Privacy is the most often-cited criticism of ubiquitous computing, and may be the greatest barrier to its long-term success. However, developers currently have little support in designing software architectures and in creating interactions that are effective in helping end-users manage their privacy. To address this problem, we present Confab, a toolkit for facilitating the development of privacy-sensitive ubiquitous computing applications. The requirements for Confab were gathered through an analysis of privacy needs for both end-users and application developers. Confab provides basic support for building ubiquitous computing applications, providing a framework as well as several customizable privacy mechanisms. Confab also comes with extensions for managing location privacy. Combined, these features allow application developers and end-users to support a spectrum of trust levels and privacy needs.

Ubiquitous and mobile technologies create new challenges for system security. Effective security solutions depend not only on the mathematical and technical properties of those solutions, but also on people’s ability to understand them and use them as part of their work. As a step towards solving this problem, we have been examining how people experience security as a facet of their daily life, and how they routinely answer the question, “is this system secure enough for what I want to do?” We present a number of findings concerning the scope of security, attitudes towards security, and the social and organizational contexts within which security concerns arise, and point towards emerging technical solutions.

Although ethnography has become a common approach in HCI research and design, considerable confusion still attends both ethnographic practice and the criteria by which it should be evaluated in HCI. Often, ethnography is seen as an approach to field investigation that can generate requirements for systems development; by that token, the major evaluative criterion for an ethnographic study is the implications it can provide for design. Exploring the nature of ethnographic inquiry, this paper suggests that “implications for design ” may not be the best metric for evaluation and may, indeed, fail to capture the value of ethnographic investigations.

Ubiquitous computing stands to redefine established notions of pr ivacy as it introduces regular, pervasive sensing of personal information such as identity, location, and activity. To effectively and comfortably manage the di scl osure of personal information, end-users will require a coherent conceptual model of privacy and convenient user interfaces to manage it. We describe a conceptual framework designed to support personal privacy management in ubiquitous computing by empowering users to adjust the precision of disclosed information. The framework relies on three key strategies: encapsulation, a priori configuration, and manual configuration. We describe a prototypical user interface built to instantiate this framework and we report the results of a formative evaluation of the framework. Results show our approach is superior to simple, automated disclosure paradigms but can be further refined.

Software development is typically cooperative endeavor where a group of engineers need to work together to achieve a common, coordinated result. As a cooperative effort, it is especially difficult because of the many interdependencies amongst the artifacts created during the process. This has lead software engineers to create tools, such as configuration management tools, that isolate developers from the effects of each other’s work. In so doing, these tools create a distinction between private and public aspects of work of the developer. Technical support is provided to these aspects as well as for transitions between them. However, we present empirical material collected from a software development team that suggests that the transition from private to public work needs to be more carefully handled. Indeed, the analysis of our material suggests that different formal and informal work practices are adopted by the developers to allow a delicate transition, where software developers are not largely affected by the emergent public work. Finally, we discuss how groupware tools might support this transition.

We present a unified model of everyday privacy in ubiquitous computing environments, designed to aid system designers and administrators in conceptualizing the end-user privacy experience. The model accounts for the influence of societal-scale forces, contextual factors, and subjective perception on end-user privacy. We identify notice and consent as the fair information practices of greatest everyday utility to users, as they gradually engender the user's conceptual model of ubicomp privacy. Navigating the regular deluge of personal information collection events in ubicomp requires that notice be minimally intrusive and consent be implicitly granted by a persistent, situationspecific set of user preferences. We extend our model into an interactional metaphor called situational faces, designed to mitigate the complexity of privacy for the end-user. When encountering a situation, a user engages the appropriate face, a metaphorical abstraction of a set of privacy preferences.

Abstract. Legitimacy is a key part of the social requirements specification for a trusted virtual community environment (VCE). If an environment is not seen as legitimate, social conflicts may reduce community benefits like trade and ecommerce. Legitimacy must be built into a VCE at design time, or it may not be possible at all. This can be done using a legitimacy requirements framework (LRF) which interprets historical "rights " in terms of ownership of generic VCE objects. This involves more than merely specifying who has the right to do what to what, because objects may contain other objects, objects may be dependent, rights may interact, groups may have rights, and there may be rights to rights. A LRF could be used by software designers to derive legitimacy requirements for a wide variety of multi-user systems, from chat rooms to virtual realities. It would draw focus to common problems, and aid their common solution. A simple LRF is presented to provide a basis for designers of virtual social environments to copy, discuss or deviate from.

Abstract. We present a conceptual model of everyday privacy in ubiquitous computing environments, based on the works of Lessig and Adams. By everyday privacy, we mean the enduser’s ongoing exposure to and control over personal information collection. The model accounts for the influence of societal-scale forces, contextual factors, and subjective perception on end-user privacy. We identify notice and consent as the fair information practices of greatest everyday utility to users, as they gradually engender the user’s conceptual model of ubicomp privacy. Navigating the regular deluge of personal information collection events in ubicomp requires that notice be minimally intrusive and consent be implicitly granted by a persistent, situation-specific set of user preferences. We extend our model into an interactional metaphor called faces, designed to mitigate the complexity of privacy for the end-user. Users vary the face they wear depending on the recipient and/or situation, where a face is a meaningful encapsulation of privacy preferences. 1

Electronic argumentation support is increasingly important in today’s networked society. Virtual research collaboration, e-business, and many other domains of professional life critically depend on adequate support of tools for productive argumentative interactions. However, a plethora of technologies exist that are not necessarily tools. A technology only is a tool if it serves the purposes of the community in which it is used. In this paper, we outline an approach to diagnose to what extent a particular argumentation technology is a tool. We do this by combining a sociotechnical view on technologies with a pragma-dialectical approach to argumentation analysis. We argue that for technologies to become a tool, argumentation routines and design need to co-evolve. We illustrate our approach by applying it to a case on group report authoring. 1.

End-users are often perceived as the weakest link in information security. Because of this perception, a growing body of research and commercial activity is focused on automated approaches to security. With these approaches, security decisions are removed from the hands of the users, and are placed instead in systems themselves, or in remote services or organizations that establish policies that are automatically enforced. We contend that although security automation is potentially beneficial in theory, in practice it is not a panacea for end-user information security. A number of technical and social factors mitigate against the acceptance and efficacy of automated end-user security solutions in many cases. In this paper, we present a discussion of the inherent limitations of automating security for end-users. We then discuss a set of design guidelines for choosing whether to automate end-user security systems. We conclude with a set of research directions focused on increasing the acceptance and efficacy of security solutions for end-users.