zones of ambiguity dealers
TRANSCRIPT
-
8/9/2019 Zones of Ambiguity Dealers
1/24
June 9th, 2010, Dealers
Security Knowledge: Evaluating
the Practice of Security inChildcares & Physicians OfficesLaurian Vega
Steve Harrison & Deborah TatarDepartment of Computer Science, Virginia Tech
Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
2/24
+Usability
Adams, A. and M.A. Sasse, Users AreNot the Enemy, in Communications of
the ACM. 1999. p. 40-46.
Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
3/24
Childcare CentersWednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
4/24
Physicians OfficesWednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
5/24
SensitiveInformation Rich
Places Aspects:
Managing others information Information in multiple
places
Numerous people accessing
Information in different forms
Managing security & privacyis secondary
Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
6/24
Studying
Security Practice
Trust: People share knowledgeand sensitive informationtowards mutual goals
Privacy: working andmanaging sensitive
information Negotiation: when security
breakdowns occur rules are notclear
Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
7/24
Method
Southwest-Virginia Rurual
IRB Approved 46 Interviewed Participants:
Childcare & Medical Directors,Parents
14 Childcare Observations Observations 2-3 hours,
Notes, collected artifacts,coded by 2 researchers
Observation of physiciansoffices currently underway
Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
8/24
Competing identities of business and care
Childcare
Directors
Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
9/24
Zones of
Ambiguitythose components of thepractices that might have
to be resolved with theaddition or enforcement ofmore official protocolupon the introduction of
computerized informationhandling mechanisms
Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
10/24
Child-centeredknowledge
communication
Childcares function andcoordinate based on the daily
routines of parents
It is within this communicationthat shared private informationco-constructed and divulged
Parents reflected a deep needfor face-to-face communication
Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
11/24
Child-centeredknowledge
communication
There exists the potential forcommunication breakdowns
even within information richenvironments
Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
12/24
Child-centeredknowledge
communication "we try to remind [the parents]
verbally and give themsomething because most of ourparents actually had - I actuallyhad to take apart my parenthandbook and take theagreement sheet off of the backbecause I found out that mostof the time I was gettingenrollment forms I wasn'tgetting that sheet back becauseno one reads the handbook."
Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
13/24
Parents DelegateSecurity & Privacy to
Childcares
Assumptions:
That directors monitor whoaccesses files
That information is centrally
located
That there are restrictivepolicies
Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
14/24
Parents DelegateSecurity & Privacy to
Childcares
Parental concerns unsurfaced:
Obfuscating information
Parents, when able, notselected for no one to haveaccess
Through interviews parentsreflected that they weregoing to find out
This is foolish of me as a
parent, but I have neverasked.
Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
15/24
Childcare Providers,Security, &
Interruptions
Childcares have valuablesecurity practices
Directors office being aseparate place
Placing files with extra
sensitive information in theback of the file
Physically mediatingsensitive information
Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
16/24
Childcare Providers,Security, &
Interruptions
But... these places areintrinsically messy
41% of the time when someoneis interrupted, they do notreturn to their task (OConaill& Frohlich 1995)
Childcare directors have tocreate on-the-fly policies andpractices to manage privacy inthese messy spaces
Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
17/24
Summary
Practice is as important as policy for
security and privacy Social systems naturally create zones for
ambiguity to manage the messiness of life
To truly design usable security meansunderstanding how to also design for thesezones of ambiguity
Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
18/24
Thank you
A special thanks to Tom DeHart, Laura Agnich, Edgardo Vega,
Zalia Shams, Monika Akbar, Stacy Branham, & Aubrey Baker
who helped run, code, and analyze the data.
Laurian Vega
Steve Harrison & Deborah TatarDepartment of Computer Science, Virginia Tech
Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
19/24
Zones of
AmbiguityPolicies are recognized
valuable but as not really
representing the practice
That quality communicationis necessary for the co-construction of knowledge
Parents had little knowledgeof how their informationwas managed, and used tobe generally with ambiguity
Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
20/24
Child-centeredknowledge
communication The quality of this
communication affects:
Perceptions of a childs safety
The negotiation of how howthe care will be managed
The business of the childcare
the teachers are well informed
and they know even what my kid
like and dislike and all that and I
feel that I have her secure and in agood place. In the old daycare, if I
asked 'did my kid sleep today' they
would respond 'I don't know, I just
got here.
Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
21/24
HIPAA
Effective in 1996
Outlines (somewhat
ambiguously) US Nationalregulations in regards toprivacy and security ofpatients information
The HIPAA Privacy Rule provides federal protections for personal health information held bycovered entities and gives patients an array of rights with respect to that information. At the
same time, the Privacy Rule is balanced so that it permits the disclosure of personal health
information needed for patient care and other important purposes.The Security Rule specifies aseries of administrative, physical, and technical safeguardsfor covered entities to use to assure
the confidentiality, integrity, and availability of electronic protected health information. Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
22/24
Southwest
Virginia Rural Appalachia
Highly impacted bysurrounding university
Low technology adoption
Population around 150,000 insurrounding municipalities
30 childcares, 60 medicalpractices within 10 miles of
universityWednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
23/24Wednesday, July 7, 2010
-
8/9/2019 Zones of Ambiguity Dealers
24/24
Parents DelegateSecurity & Privacy to
Childcares In general, parents are unaware
and content with how theirinformation is being managed
Because the childcare is trustedwith the child, they are trustedwith the childs information