You are here: Resources > FIDIS Deliverables > HighTechID > D3.3: Study on Mobile Identity Management > 

D3.3: Study on Mobile Identity Management

Usability and Security for Mobile Identity Management Systems  Study on Mobile Identity Management
 Identity Management Mock-ups for Mobile Phones


Studies on Usability of P3P for Mobile Phones

Alerting and Informing in P3P Enabled Browsing

P3P, W3C’s Platform for Privacy Preferences Project, defines a set of terms that Internet service providers can use to describe their privacy practices in both a standardised, machine-readable way and also in a human-readable way. This enables users to understand what data will be collected by sites they visit and how that data will be used. (Cranor, 2002) The latest draft of the P3P element definitions can be found at P3P’s web site (P3P, 2003). 

If users are able to rely on user agents performing some or most of the analysing of web and WAP sites’ policy statements, then there must be a swift way of telling the users the results of the analyses. In some P3P-enabled web browsers the user can set the conditions for when the agent shall give a warning (alternatively this could be used to block access in the way the PICS classification is used). In general, one could imagine two kinds of conditions for warning: either the site does not contain any P3P policy statement at all, or there is such a statement but it deviates from the user’s preferences. In either case a warning should be given and in the latter case the agent should display the deviating declarations either automatically or upon request from the user. It should be noted that the user may not be worried by a warning when he enters certain kinds of trusted sites, such as his local hospital, even if their policy statements tell about far-reaching uses of information which are directly linked to him. 

In our studies, the focus has been so far on textual rather than voice presentation. It has not been assumed that users will use earpieces or phones with free speech capabilities to hear alerts or to listen to the information of the privacy preference setting pages. Certainly, other kinds of alerts are possible when using an ordinary mobile phone, especially using the ringer signal, vibration and the LED indicator. However, using a ringer signal makes it impractical to use WAP at many public places and shared work places (compare desktop computers environments where the sound level can be set once and for all, which makes the user familiar with the sound of the alert signal). Vibrations and LED indicators are not present on every model of mobile phones. Furthermore, LED indicators might furthermore not be immediately visible for persons using the WAP function of their phones. Concentrating on on-screen information makes it possible to compare the merits of different display sizes. 

Preliminary prototypes have concerned phones models with different screen sizes; the smallest being 100 x 80 pixels. Only one test subject used this prototype because it was not successful at all. This person did not notice when the alert symbols were switched on, or the icons got in the way for the ordinary text or disappeared. Alerting in devices with the smallest screens will possibly have to including ringer and vibration. However, one should also rethink the alerting needs. Simple browsing should not cause any alarm regardless of the privacy policies of the visited sites, because the browser should simply be anonymised and not give away any information about itself or its user if no anonymisation is used. In fact, because many sites are not P3P-enabled a warning will have to be given very frequently. The resulting frequent interruptions may not be wanted and neither would it be easy to inform the user of what the different policy details in effect mean on-the-fly. 

Setting privacy preferences

In addition to the alerting function, there should also be a function allowing a user to set his privacy preferences. If users are supposed to be informed about how personally identifiable data are used, then there should be a way of setting such preferences in an informed way. Users have to be able to understand the alternatives when setting their preferences. Informing the user at this stage could be pursued in various depths depending on what the user requests. Because the screen size is limited one has to structure the information in accordance with limitations of people’s short-term memory capacity. Scrollable pages might be a good solution; because vocabulary tests (see below) had indicated that many users are not familiar with privacy terminology, it was decided to use a design with hyperlinks in the privacy setting menu. Brief tests with hierarchical screen-sized pages with text-links between levels have been made. Links could be clicked by the users to get a definition or explanation of specific terms, or to get to a page with a menu allowing the user to set option for the personal definition. For instance, if the user clicked on “sensitive information”, a screen appeared which allowed the user to define what sensitive information is for him. 

Vocabulary tests

The Internet is used by people of varying linguistic backgrounds. This may cause problems if users are to exercise informational self-determinacy based on privacy policy documents in the language of the web site owner only. W3C’s Platform for Privacy Preferences Project, P3P, designs a set of tags to enable automatic interpretations of privacy policies of web sites. The tags have short but comprehensive definitions in the English language, but these definitions are too technical to be readily intelligible for lay English users. The P3P has therefore suggested a set of simplified phrasings in the English language (P3P, 2003). They call these simplifications ‘translations’. However, one might avoid using this word in that sense when discussing inter-linguistic issues where the word ‘translation’ already has an established meaning. Non-English users’ understanding of privacy vocabulary has been the topic of investigation below. 

For instance, when twenty-four Swedish first-year students were given a questionnaire (a few weeks after the academic year had started), the results showed a rather weak understanding of frequently used terms. The opt-in/opt-out options might seem essential to any use of network services, yet only two persons tried to explain the meaning of these concepts. What is more, their answers do not reveal any real insight into the matter: “In-option and out-option” might be based on some experience of these options but might as well not, while “Optical in or out” is definitively wrong. The word consent is not specifically used within computer-related fields and could supposedly be understood by any university student. Nevertheless, 80% said they did not know its meaning.


Usability and Security for Mobile Identity Management Systems  fidis-wp3-del3.3.study_on_mobile_identity_management.final_04.sxw  Identity Management Mock-ups for Mobile Phones
18 / 36