Professional Documents
Culture Documents
Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
Usable Security in Practice: Collaborative Management of Electronic & Physical Personal Information - Presentation
In the ACM Portal there are 33,619 references with the word “Security” in the title or abstract.
While I’m not here to summarize decades of work, I am here to talk about one aspect of
security that hasn’t been covered at all until recently. Security literature, when not proposing
a deceptive new algorithm, has been known to put forth the position that humans are the
weak link in the security chain. Well recent work has pushed back on that notion. That it isn’t
that people aren’t secure, it is that the software that isn’t usable that is the problem. It is an
issue that passwords are too complex, and that security systems are not modeled after user
mental models.
You can read more about this issue in this foundational work, called “Users are not the...
My work is an important extension beyond the work of usable security. In my work I look past
single individuals looking at computers and instead look at how communities manage
security and privacy in the work setting.
Computer
Science &
Security
Adams, A. and M.A.
Sasse, Users Are Not
the Enemy, in
Communications of
the ACM. 1999. p.
40-46.
In the ACM Portal there are 33,619 references with the word “Security” in the title or abstract.
While I’m not here to summarize decades of work, I am here to talk about one aspect of
security that hasn’t been covered at all until recently. Security literature, when not proposing
a deceptive new algorithm, has been known to put forth the position that humans are the
weak link in the security chain. Well recent work has pushed back on that notion. That it isn’t
that people aren’t secure, it is that the software that isn’t usable that is the problem. It is an
issue that passwords are too complex, and that security systems are not modeled after user
mental models.
You can read more about this issue in this foundational work, called “Users are not the...
My work is an important extension beyond the work of usable security. In my work I look past
single individuals looking at computers and instead look at how communities manage
security and privacy in the work setting.
Medical
Informatics &
Adoption of
Electronic
Records
Similar to the rise of studying how to make technology more usable there has been an
increase in a push to use electronic records. This push, while not limited to, is ever prevalent
in the medical industry where doctors are carrying tables, iphones, and nurses and office
staff are working with electronic medical records.
When considering electronic records, though, there can be a focus on looking at issues that
affect adoption, instead of what how the issues related to their use can affect the work that
people are doing. To see these issues we have to go beyond asking questions such as
adoption rates, or how usable these systems are, or what are the workflows that people do,
but to understand how technologies that are embedded into people’s environments are tools
that embody values. It is in understanding the work that people do, that we can then design
technologies that support them.
You can learn more about this issue in the work of Berner, Detmer, and Simborg, on “Will the
Wave Finally Break”
These two motivations are what drives my work to understand communities that are allegedly
transitioning from paper to electronic records, and, specifically, how these issues are
affecting the security of sensitive personal information. To do this I study two locations where
these issues are embodied.
Medical
Informatics &
Adoption of
Electronic
Records
Berner, E.S., D.E. Detmer &
D. Simborg, Will the Wave
Finally Break? A Brief View
of the Adoption of
Electronic Medical Records
in the United States. J Am
Med Inform Assoc, 2005.
12(1): p. 3-7.
Similar to the rise of studying how to make technology more usable there has been an
increase in a push to use electronic records. This push, while not limited to, is ever prevalent
in the medical industry where doctors are carrying tables, iphones, and nurses and office
staff are working with electronic medical records.
When considering electronic records, though, there can be a focus on looking at issues that
affect adoption, instead of what how the issues related to their use can affect the work that
people are doing. To see these issues we have to go beyond asking questions such as
adoption rates, or how usable these systems are, or what are the workflows that people do,
but to understand how technologies that are embedded into people’s environments are tools
that embody values. It is in understanding the work that people do, that we can then design
technologies that support them.
You can learn more about this issue in the work of Berner, Detmer, and Simborg, on “Will the
Wave Finally Break”
These two motivations are what drives my work to understand communities that are allegedly
transitioning from paper to electronic records, and, specifically, how these issues are
affecting the security of sensitive personal information. To do this I study two locations where
these issues are embodied.
Childcare Centers
Sunday, October 17, 2010 4
The first location I study is childcare centers, where one in three children in America spend
their day. These places need to balance the daily care of the child, with maintaining and using
the private information of child and parent
Physician’s Offices
Sunday, October 17, 2010 5
And I study physician’s offices. 99% of americans see a doctor between three and four times a
year, with 1.5 million physicians in the united states alone
Research
Question
How do socio-technical systems that
use sensitive personal information
manage work-practice breakdowns
surrounding the implicit and explicit
rules of process?
•What are the implicit and explicit
rules surrounding how medical
p racti ces a n d c h i l d c a r e s h a n d l e
sensitive personal information?
•What breakdowns happen when the
explicit and implicit rules are not
followed?
•How are breakdowns accounted for,
negotiated, and managed in socio-
technical systems where sensitive
personal information exists?
51 Interviewed Participants:
• 13 Childcare Directors
• 18 Medical Directors
• 21 Parents
121 hours of observations
• 4 Childcares & 4 Physician’s
offices
•Notes, collected artifacts,
pictures
The questions I am asking need to derive the motivations behind why certain information is
private; why certain policies were created; why certain policies are not working. These are
questions that cannot be answered quantitatively
I’m now going to talk about two norms that are relevant for security that the analysis of
participant interviews helped elicit.
Security &
Interruptions
Childcares and Physician’s Offices
have valuable security practices
•Childcare directors are within
proximal distance to files
•Placing papers with extra
sensitive information in the back
of the file
•Physical files afford being closed,
or hidden
•Information can be shredded,
labeled, handed to only specific
people
<first point>
unannounced inspection
canceled sessions - teachers out sick, directors child was sick, daughter to hospital
drive school van
went to front desk to assist with busy times
rocking sick children to sleep
acting as cook
---
delivering supenia
missing patient files - seen in every location
a new patient coming to the window
an insurance company calling to ask for a copy of a patient’s file
----
Understanding the tension between security on-the-fly but managing the messiness of the
work in this setting is what reflects a deep need to evaluate where the zones of ambiguity
exist in the design space for security and privacy. By allowing for ambiguity about how to
respond to a particular new stimulus or problem, the childcare is capable to negotiating a
new policy that allows them to navigate to new or bendable appropriate solutions.
Recognizing these, and then understanding how to design for them is an emerging area for
us to consider.
Information
Redundancy
Information in multiple forms:
electronic, billing, health
“The problem is, and someone
Reasons:
wouldn’t think about why it’s
•To serve a community purpose so important, but it’s like the
•To protect information from being Virginia Tech massacre we had
lost
3 patients who we had to
•To use appropriate information identify the bodies.”
based on contextual needs
http://weblogs.jomc.unc.edu/ihc/wp-content/uploads/2010/04/
electronic_medical_records.jpg
http://www.corbisimages.com/Images/spacer.gif
Slide 2
Slide 11
.penny: http://www.flickr.com/photos/44124468595@N01/14370954/
Slide 17
Transformation
Subject Object Process Outcome
Rules Division of
Community
Labor
Sunday, October 17, 2010 17
What wasn’t selected: Value-Centered Design, Design tensions, Communities of Practice, DCog, Common information Spaces, and Macroergonomics
Marx and Engles, but is highly influenced by Vygotsky (Roth et al. 2007), Leont’ev (Leont'ev 1981 (Russian original 1947)), and Luria.
1. Activity is the central part - focus on the context of the activity instead of surrounding the actions/operations
2. Activities are dynamic and have different scale; Activities have history - e.g., a form
3. Artifacts serve as mediators; have limitations; limitations may be particular to objective of activity
4. Activity structure - explain parts of diagram
Sensitive
Information Rich
Places
Aspects:
•Managing other’s information
•Information in multiple places
•Numerous people accessing
•Information in different forms
•Managing security & privacy is
secondary
Both childcares and physicians offices are sensitive information rich places. What do I mean
by that. I mean that they have the following characteristics. [Read characteristics] By studying
both childcares and physician’s offices I will be able to better generalize about how privacy
and security are managed in this space.
Also considered for study were employee records, criminal records, and others that have
been considered for future work.