[NOISE] This week we're going to talk about usable privacy, and so I wanted to start us off with this short lecture just talking about what we mean by usable privacy and how we distinguish that from security, and giving you some of the basic components that we'll find in all the videos for this week. First, I'd like to start off by just pointing out that privacy is a kind of security. We've talked about how users are allowed to access data, how they can control access to their systems, or their files. That's all a type of security, and privacy is really the same thing. With security, we tend to have black and white. A person has access to a system or not. A person is properly authenticated or not. A person is working within the bounds of the system or not. But privacy is a little bit more fuzzy. I may choose to share something not with particular users but with a group of friends and my friends of friends. I don't even know necessarily who's in that group, but I'm comfortable being, with it being shared with them. Similarly, I may understand that a system is going to collect some of my personal data and I want to have a good understanding of what they're going to do with it. I don't need every single detail of how it's going to be used and shared. And in fact it would be impossible for a lot of systems to enumerate that. But I should have a right to know on a general level. So. When we get down to it, users want to protect their information, and that's a key for security and it's a key for privacy. Users should have the right to understand what happens with their data. This is a guideline that we've seen in security systems that users should understand who they're giving authority to. Who has that authority and who's exercising that. We're talking about the same thing here with privacy. And users should have as much control as possible over how their data's used. Again, this is something that we've seen in security where users should have control over granting authority or preserving it. And some times it has to be left to the system or left to administrators, but as much as possible, users should have that control. So we talk about a lot of the same things with security and privacy. And in fact, what I think you'll see through out the lectures this week is that many of the guidelines and rules that we've developed when learning about how to make usable secure systems, are going to apply when we're talking about making usable privacy systems. But there are a couple of things that are unique to privacy systems, that we don't really see with security that we should talk about before we jump into the rest of the lectures. The first is privacy policies. These tell a user everything they need to know about how their data is collected, used and shared. And we can analyze privacy policies themselves for usability. We're going to talk in depth about this in a later lecture, but in short, privacy policy should be clear to users. They should explain all of the necessary details to users without overwhelming them. So, let's take a look at a few privacy policies just to see what can expect if we go read them. Which we should. We'll start with Facebook's data use policy, and we will look at this in a few other videos this week. It's written in what we call natural language, that is it's written, not with a lot of technical jargon or legalese, but in a way that an average person can understand. If we just look at the categories here we have information we receive and how it's used. Learn about the types of information we receive and how that information's used. Pretty easy to understand. If we go into that section, for example, we can see again it's organized in a way that's easy to understand and the text is quite clear. If we start at this section, your information, it tells us that your information is the information that's required when you sign up for the site as well as the information you choose to share. And if we pick any particular part in here, for example, information you choose to make public, choosing to make your information public is exactly what it sounds like. Anyone, including people off Facebook will be able to see it. And it goes on to describe this in detail. This is a good way to have a privacy policy because it means at least at the basic level people understand the words that you're putting in front of them. There may be things that are vague or they don't understand in the conceptual component, but the language is at least accessible. That's one step towards a usable privacy policy. Twitter's privacy policy is written in a similar way. Though it tends to have a bit more technical jargon. If we just click through a few parts we can see it mentions SMSs, APIs. Those are things that not every average user would understand. And if we scroll down, for example, to additional information we see that we've got big blocks of text, that makes it a little bit harder for users just because it overwhelming and distracting to read such a big long list of things. Where Facebook's policy, on the other hand, was broken up into sections. But again, the language doesn't tend to be legal, though there are some technical terms, it's relatively accessible to an average person. But it's taking a step towards the more technical, and not to bash on our host, but Coursera's privacy policy is much more technical and much more legal. If we go through, for example, and look at the section, what you consent to by using our site. It says, please understand that by submitting any personally identifiable information to us you consent and agree that we may collect, use and disclose such personally identifiable information in accordance with this privacy policy and our terms of use, as permitted or required by law. That's a very legally dense and long sentence, there's a lot of kind of technical terms, references back to things that they're already said and that makes this document a lot less usable as a privacy policy, because people are going to get caught up trying to understand the language. It's not presented in a way that's at all designed with the reader in mind. It's designed with the lawyers protecting themselves in mind. And so, just as we've analyzed the usability of systems, we can analyse the usability of privacy policies. And in terms of accessibility of the language in helping users understand what the policy is. Corsera doesn't do a very good job. In addition to privacy policies, we also have privacy controls. Now, we certainly saw a lot of security controls, different interfaces and mechanisms for allowing people to control access to information and secure systems. Similarly, we have privacy controls. These should allow a user to say whether or not data should be collected and who has permission to see it. That could be something as simple as a privacy control on Facebook to controls about data collection in much larger systems where data's being used by the company and not necessarily shared with other users. And, again, this is something we'll look at more in depth as we go through the videos this week. Let's take one quick look at some privacy controls. This is the location services privacy screen on my iPhone and if you look at this we can see which apps have access to location information. This shows that the Chipotle app has access to my location, which I don't want it to have. So I can click on that and it brings me to a page describing Chipotle's permissions for location. I can check that off of Always onto Never. And then when I go back to privacy, we can see that it no longer has permission. So this is a pretty straightforward and simple control for allowing access to a private piece of information, my location, to different apps. But just to wrap this up, going forward through the rest of this week's lectures keep in mind that privacy and security are part of the same issue. Furthermore, analyzing usability is done the same way with privacy as we've seen with security, and that we've seen even in some totally unrelated systems. You're going to keep in mind those same five elements. Speed, efficiency, learnability, memorability and user preference. Those are going to come up through out the lectures this week and it's a mantra that you can repeat when you're trying to analyze the usability of a system. And, as always, keep the user in mind first. Because it's what the user wants and how they want their data disclosed and used that matters when it comes to privacy. And if you go in with that focus you're much more likely to build systems that are going to respect the desires of users.
