| Home | |
| Publications | |
| Courses | |
| CV | |
| Bio | |
| Contact info |
|
Browser Security and Human Values
Research group:
Executive Summary: The common good of our information infrastructure depends on well-designed network security that is embraced by the public
and private sectors. Well-designed network security requires well-formed technical mechanisms and responsiveness to underlying
moral and societal values, as well as a well-thought out system of user interactions. In recent years, significant efforts
have been directed toward developing the technical dimensions of network security, but little systematic work investigates and
integrates the corresponding dimensions of human values and user experience. This collaborative project provides a model of
interdisciplinary collaboration that can deepen our understanding of the cognitive, ethical and social implications of new types
of inter-activity. It will study and implement security for a network browser that integrates these three key considerations:
technical excellence, responsiveness to moral and societal values, and sensitivity to users' perceptions. It will: (1) develop
a conceptual framework, or model, for network security that accounts for human values and user experience; (2) design and
implement a working prototype of a network security system guided by the conceptual model; and (3) apply the experience of
this project toward a better understanding of methodology for the general purpose of designing technology that is responsive,
or sensitive to, human values. Drawing on the technical, philosophical, and social science expertise of the three investigators,
the work will begin with a close study of the network security in existing browsers such as Netscape 4.0 and Internet Explorer 4.0.
The goal is to characterize the technical mechanisms, grasp value implications, and understand users' perceptions of these systems.
Based on this study, the investigators will develop a conceptual model that represents the interaction among technical characteristics,
values supported by (or embodied in) the system, and users' perceptions of their interactive experience with it. This model will
guide the next phase of the project: to design and implement a prototype for a security configuration that is explicitly responsive
to values and users' perceptions. User studies and further philosophical analysis of the prototype will be used, in turn, to
refine the security configuration and, ultimately, to refine and assess the model itself. Through industry contacts and other
traditional methods, the investigators will disseminate the results of their study, including the conceptual model, prototype,
and aspects of the multidisciplinary methodology they develop.
Xaojian Zhao
Daniel C. Howe
David Mazières
Helen Nissenbaum
ABSTRACT
People have criticized on-line services for violating privacy by collecting
too much personal
information. Though web browsers must generally reveal basic network
information such as a
user’s current IP address, web sites often collect far more, including a
user’s name, physical
location, and email address. Service providers justify their data collection
on the grounds that
users benefit from such activities as they enable personalization of online
experience.
Unfortunately, there is no way to evaluate this claim as most services that
collect information do
so either by default, or as a condition of access, making it difficult or
inconvenient for users to
avoid revealing personal information. In this paper, we present the Phantom
Access Agent, a lightweight application designed to
conceal personal
information from online services that require registration as a condition of
access. PAA enables
users to complete forms with random registration information and facilitates
transparent reregistration
on subsequent returns with a single button-click. Unlike several other systems
that
enhance users’ choices to share or not share personal information, PAA runs
on users’ local
computers, avoiding dependency on third-parties; whether on the online
services themselves to
fulfill the promises of their privacy policies or on proxies that offer
protection by mediating
transactions between individuals and web services. We believe that locating
these powers on the
client-side better models autonomously chosen privacy preferences.
Sustaining the Public Good Vision of the Internet: THE POLITICS OF SEARCH ENGINES Lucas Introna
Helen Nissenbaum
ABSTRACT This paper argues that search engines raise not merely technical issues but also political ones. Our study of search engines suggest that they systematically exclude (in some cases by design and in some accidentally) certain sites in favor of others, systematically give prominence to some at the expense of others. We argue that such biases run counter to the basic architecture of the Web as well as the values and ideals that have fuelled widespread support for its growth and development. We consider ways of addressing the politics of search engines, raising doubts whether, in paricular, the market mechanism could serve as an acceptable corrective. |
