Change search
Link to record
Permanent link

Direct link
BETA
Alternative names
Publications (10 of 60) Show all publications
Kitkowska, A., Wästlund, E. & Martucci, L. (2020). (In)escapable Affect? Exploring Factors Influencing Privacy-RelatedBehavioral Intentions. In: Proceedings of the 53rd Hawaii International Conference on System Sciences | 2020: . Paper presented at 53rd Hawaii International Conference on System Sciences (HICSS),Jan 07 - 10, 2020,Maui, Hawaii, United States of America (pp. 4112-4121).
Open this publication in new window or tab >>(In)escapable Affect? Exploring Factors Influencing Privacy-RelatedBehavioral Intentions
2020 (English)In: Proceedings of the 53rd Hawaii International Conference on System Sciences | 2020, 2020, p. 4112-4121Conference paper (Refereed)
Abstract [en]

The study was run to investigate exploratory capabilities of factors such as individual characteristics, privacy concerns and information disclosure in the context of privacy behaviors. The research examined whether affective states arising from immediate emotions alter such capabilities. The results of an online study with 474 international participants demonstrate that immediate emotions might influence information sharing. The effect of privacy concerns, personality and information disclosure on the willingness to share is stronger when participants are in a neutral affective state. However, when the positive or negative feelings take over, the influence of these factors on willingness to share decreases. In this article, we postulate the necessity to include immediate emotions into research on privacy-related decision-making and discuss the applicability of our results in the context of privacy UIs.

Keywords
End-user Empowerment in the Digital Age, Affect, Attitude, Behavior, Decision making, Show 1 more
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-76575 (URN)978-0-9981331-3-3 (ISBN)
Conference
53rd Hawaii International Conference on System Sciences (HICSS),Jan 07 - 10, 2020,Maui, Hawaii, United States of America
Projects
Privacy & Us
Funder
EU, Horizon 2020
Available from: 2020-01-29 Created: 2020-01-29 Last updated: 2020-01-29
Voronkov, A., Martucci, L. & Lindskog, S. (2020). Measuring the Usability of Firewall Rule Sets. IEEE Access, 27106-27121
Open this publication in new window or tab >>Measuring the Usability of Firewall Rule Sets
2020 (English)In: IEEE Access, E-ISSN 2169-3536, p. 27106-27121Article in journal (Refereed) Published
Abstract [en]

Firewalls are computer systems that assess the network traffic using an ideally coherentand manageable set of rules. This study aims to provide means to measure the usability of firewall rulesets in terms of how easily IT professionals can understand and manage them. First, we conductedsemi-structured interviews with system administrators wherein we obtained the usability challenges relatedto the management of firewall rule sets. This was followed by the analysis of related work. The interviewresults were combined with the findings from the related work. Accordingly, we acquired four usabilityattributes related to the manageability of firewalls; these were formally defined. We tested and measured thecognitive aspects related to the structure and ordering of the rules through a user study. A third user studywith system administrators validated our metrics. It exhibited a very strong correlation between the metricsand how the administrators characterized usability.

Place, publisher, year, edition, pages
IEEE, 2020
Keywords
Firewall rule set, iptables, formalization, metrics, usability, user study
National Category
Human Computer Interaction
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-64702 (URN)10.1109/ACCESS.2020.2971093 (DOI)000525466900049 ()
Projects
HITS, 4707
Note

Artikeln publicerad som manuskript i Voronkovs lic.uppsats.

Available from: 2017-10-17 Created: 2017-10-17 Last updated: 2020-05-11Bibliographically approved
Voronkov, A. & Martucci, L. (2020). Natural vs. Technical Language Preference and its Impact on Firewall Configuration. In: : . Paper presented at HCI INTERNATIONAL 2020.
Open this publication in new window or tab >>Natural vs. Technical Language Preference and its Impact on Firewall Configuration
2020 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Firewalls are network security components designed to regulate incoming and outgoing traffic to protect computers and networks. The behavior of firewalls is dictated by its configuration file, which is a written sequence of rules expressed by a set of keys and parameters. In this paper, we investigate whether certain representations of firewall rule sets can affect understandability. To collect data for our investigation, we designed an online survey for an audience who are familiar with firewalls, in which we aimed to compare two different rule set representations: iptables and English. We collected data from 56 participants. Our results show that participants’ perception of a certain rule set representation depends on their firewall expertise. Participants with basic or intermediate knowledge of firewalls consider rule sets expressed in English to be 40% easier to understand, whereas advanced or expert firewall users deemed it to be 27% more difficult. We will discuss the reasons for these results and describe their possible implications.

National Category
Engineering and Technology Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-76773 (URN)
Conference
HCI INTERNATIONAL 2020
Projects
HITS, 4707
Funder
Knowledge Foundation
Available from: 2020-02-20 Created: 2020-02-20 Last updated: 2020-02-27
Kitkowska, A., Shulman, Y., Martucci, L. & Wästlund, E. (2020). Psychological Effects and Their Role in Online Privacy Interactions: A Review. IEEE Access, 8, 21236-21260
Open this publication in new window or tab >>Psychological Effects and Their Role in Online Privacy Interactions: A Review
2020 (English)In: IEEE Access, E-ISSN 2169-3536, Vol. 8, p. 21236-21260Article in journal (Refereed) Published
Abstract [en]

Because of the increasing dependency on online technologies in even the most ordinary activities, people have to make privacy decisions during everyday online interactions. Visual design often influences their choices. Hence, it is in the hands of choice architects and designers to guide users towards specific decision outcomes. This “nudging” has gained much interest among scholars in interdisciplinary research, resulting in experimental studies with visual cues that may have the potential to alter attitudes and behaviors. Attitude and behavior changes are often attributed to several psychological effects manifesting in cognitive processing and decision-making. This article presents the results of a systematic literature review carried out to identify which psychological effects have been previously studied in the context of online privacy interactions. Subsequently, fifteen articles were selected and thoroughly reviewed, resulting in the identification of twenty psychological effects. The visual cues triggering these effects were recognized and classified against their capabilities to alter privacy attitudes and behaviors. Specifically, the visual cues were divided into two categories: privacy-enhancing and privacy-deteriorating. This review discusses the applicability of such cues in research and UI design. Further, the findings are discussed against the existing research on digital nudges. The authors conclude with a discussion on issues of research quality in the privacy-related field and outline the road to improvement.

Place, publisher, year, edition, pages
IEEE, 2020
Keywords
HCI, privacy, decision-making, attitude, behaviour, visual cues, design
National Category
Human Computer Interaction
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-76668 (URN)10.1109/ACCESS.2020.2969562 (DOI)000525391900050 ()
Projects
Privacy & Us, 4961
Funder
EU, Horizon 2020
Available from: 2020-02-05 Created: 2020-02-05 Last updated: 2020-05-27Bibliographically approved
Iwaya, L. H., Li, J., Fischer-Hübner, S., Åhlfeldt, R.-M. & Martucci, L. (2019). E-Consent for Data Privacy: Consent Management for Mobile Health Technologies in Public Health Surveys and Disease Surveillance. In: Lucila Ohno-Machado, Brigitte Séroussi (Ed.), MEDINFO 2019: Health and Wellbeing e-Networks for All. Paper presented at MEDINFO 2019, the 17th World Congress on Medical and Health Informatics, Lyon, France, 25-30 August 2019 (pp. 1224-1227). IOS Press, 264
Open this publication in new window or tab >>E-Consent for Data Privacy: Consent Management for Mobile Health Technologies in Public Health Surveys and Disease Surveillance
Show others...
2019 (English)In: MEDINFO 2019: Health and Wellbeing e-Networks for All / [ed] Lucila Ohno-Machado, Brigitte Séroussi, IOS Press, 2019, Vol. 264, p. 1224-1227Conference paper, Published paper (Refereed)
Abstract [en]

Community health workers in primary care programs increasingly use Mobile Health Data Collection Systems (MDCSs) to report their activities and conduct health surveys, replacing paper-based approaches. The mHealth systems are inherently privacy invasive, thus informing individuals and obtaining their consent is important to protect their right to privacy. In this paper, we introduce an e-Consent tool tailored for MDCSs. It is developed based on the requirement analysis of consent management for data privacy and built upon the solutions of Participant-Centered Consent toolkit and Consent Receipt specification. The e-Consent solution has been evaluated in a usability study. The study results show that the design is useful for informing individuals on the nature of data processing, privacy and protection and allowing them to make informed decisions

Place, publisher, year, edition, pages
IOS Press, 2019
Series
Studies in Health Technology and Informatics, ISSN 0926-9630, E-ISSN 1879-8365
Keywords
mobile health, privacy, public health surveillance
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-70211 (URN)10.3233/SHTI190421 (DOI)978-1-64368-002-6 (ISBN)978-1-64368-003-3 (ISBN)
Conference
MEDINFO 2019, the 17th World Congress on Medical and Health Informatics, Lyon, France, 25-30 August 2019
Available from: 2018-11-21 Created: 2018-11-21 Last updated: 2019-10-28Bibliographically approved
Iwaya, L. H., Fischer-Hübner, S., Åhlfeldt, R.-M. & Martucci, L. (2019). Mobile Health Systems for Community-Based Primary Care: Identifying Controls and Mitigating Privacy Threats. JMIR mhealth and uhealth, 7(3), 1-16, Article ID e11642.
Open this publication in new window or tab >>Mobile Health Systems for Community-Based Primary Care: Identifying Controls and Mitigating Privacy Threats
2019 (English)In: JMIR mhealth and uhealth, E-ISSN 2291-5222, Vol. 7, no 3, p. 1-16, article id e11642Article in journal (Refereed) Published
Abstract [en]

Background: Community-based primary care focuses on health promotion, awareness raising, and illnesses treatment and prevention in individuals, groups, and communities. Community Health Workers (CHWs) are the leading actors in such programs, helping to bridge the gap between the population and the health system. Many mobile health (mHealth) initiatives have been undertaken to empower CHWs and improve the data collection process in the primary care, replacing archaic paper-based approaches. A special category of mHealth apps, known as mHealth Data Collection Systems (MDCSs), is often used for such tasks. These systems process highly sensitive personal health data of entire communities so that a careful consideration about privacy is paramount for any successful deployment. However, the mHealth literature still lacks methodologically rigorous analyses for privacy and data protection.

Objective: In this paper, a Privacy Impact Assessment (PIA) for MDCSs is presented, providing a systematic identification and evaluation of potential privacy risks, particularly emphasizing controls and mitigation strategies to handle negative privacy impacts.

Methods: The privacy analysis follows a systematic methodology for PIAs. As a case study, we adopt the GeoHealth system, a large-scale MDCS used by CHWs in the Family Health Strategy, the Brazilian program for delivering community-based primary care. All the PIA steps were taken on the basis of discussions among the researchers (privacy and security experts). The identification of threats and controls was decided particularly on the basis of literature reviews and working group meetings among the group. Moreover, we also received feedback from specialists in primary care and software developers of other similar MDCSs in Brazil.

Results: The GeoHealth PIA is based on 8 Privacy Principles and 26 Privacy Targets derived from the European General Data Protection Regulation. Associated with that, 22 threat groups with a total of 97 subthreats and 41 recommended controls were identified. Among the main findings, we observed that privacy principles can be enhanced on existing MDCSs with controls for managing consent, transparency, intervenability, and data minimization.

Conclusions: Although there has been significant research that deals with data security issues, attention to privacy in its multiple dimensions is still lacking for MDCSs in general. New systems have the opportunity to incorporate privacy and data protection by design. Existing systems will have to address their privacy issues to comply with new and upcoming data protection regulations. However, further research is still needed to identify feasible and cost-effective solutions.

Place, publisher, year, edition, pages
JMIR Publications, 2019
Keywords
Mobile health, mHealth, information security, information privacy, data protection, privacy impact assessment, community-based primary care, family health strategy
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-70212 (URN)10.2196/11642 (DOI)2-s2.0-85067895402 (Scopus ID)
Available from: 2018-11-21 Created: 2018-11-21 Last updated: 2019-07-10Bibliographically approved
Voronkov, A., Martucci, L. & Lindskog, S. (2019). System Administrators Prefer Command Line Interfaces, Don’t They? An Exploratory Study of Firewall Interfaces. In: PROCEEDINGS OF THE FIFTEENTH SYMPOSIUM ON USABLE PRIVACY AND SECURITY (SOUPS 2019): . Paper presented at 15th Symposium on Usable Privacy and Security (pp. 259-271). Berkeley, USA
Open this publication in new window or tab >>System Administrators Prefer Command Line Interfaces, Don’t They? An Exploratory Study of Firewall Interfaces
2019 (English)In: PROCEEDINGS OF THE FIFTEENTH SYMPOSIUM ON USABLE PRIVACY AND SECURITY (SOUPS 2019), Berkeley, USA, 2019, p. 259-271Conference paper, Published paper (Refereed)
Abstract [en]

A graphical user interface (GUI) represents the most common option for interacting with computer systems. However, according to the literature system administrators often favor command line interfaces (CLIs). The goal of our work is to investigate which interfaces system administrators prefer, and which they actually utilize in their daily tasks. We collected experiences and opinions from 300 system administrators with the help of an online survey. All our respondents are system administrators, who work or have worked with firewalls. Our results show that only 32% of the respondents prefer CLIs for managing firewalls, while the corresponding figure is 60%for GUIs. We report the mentioned strengths and limitations of each interface and the tasks for which they are utilized by the system administrators. Based on these results, we provide design recommendations for firewall interfaces.

Place, publisher, year, edition, pages
Berkeley, USA: , 2019
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-76774 (URN)000527571900015 ()2-s2.0-85076095048 (Scopus ID)978-1-939133-05-2 (ISBN)
Conference
15th Symposium on Usable Privacy and Security
Projects
HITS, 4707
Funder
Knowledge Foundation
Available from: 2020-02-16 Created: 2020-02-16 Last updated: 2020-05-27Bibliographically approved
Fischer-Hübner, S., Martucci, L., Fritsch, L., Pulls, T., Herold, S., Iwaya, L. H., . . . Albin, Z. (2018). A MOOC on Privacy by Design and the GDPR. In: Lynette Drevin, Marianthi Theocharidou (Ed.), Information Security Education: Towards a Cybersecure Society. Paper presented at 11th IFIP World Conference on Information Security Education (WISE 11), Held at the 24th IFIP World Computer Congress, WCC 2018, Poznan, Poland, September 18–20, 2018, Proceedings (pp. 95-107). Cham, Switzerland: Springer
Open this publication in new window or tab >>A MOOC on Privacy by Design and the GDPR
Show others...
2018 (English)In: Information Security Education: Towards a Cybersecure Society / [ed] Lynette Drevin, Marianthi Theocharidou, Cham, Switzerland: Springer, 2018, p. 95-107Conference paper, Published paper (Refereed)
Abstract [en]

In this paper we describe how we designed a massive open online course (mooc) on Privacy by Design with a focus on how to achieve compliance with the eu gdpr principles and requirements in it engineering and management. This mooc aims at educating both professionals and undergraduate students, i.e., target groups with distinct educational needs and requirements, within a single course structure. We discuss why developing and publishing such a course is a timely decision and fulfills the current needs of the professional and undergraduate education. The mooc is organized in five modules, each of them with its own learning outcomes and activities. The modules focus on different aspects of the gdpr that data protection officers have to be knowledgeable about, ranging from the legal basics, to data protection impact assessment methods, and privacy-enhancing technologies. The modules were delivered using hypertext, digital content and three video production styles: slides with voice-over, talking heads and interviews. The main contribution of this work is the roadmap on how to design a highly relevant mooc on privacy by design and the gdpr aimed at an heterogeneous audience.

Place, publisher, year, edition, pages
Cham, Switzerland: Springer, 2018
Series
IFIP Advances in Information Technology (AICT) ; 531
Keywords
privacy, teaching, mooc, course design
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-69413 (URN)10.1007/978-3-319-99734-6_8 (DOI)978-3-319-99734-6 (ISBN)
Conference
11th IFIP World Conference on Information Security Education (WISE 11), Held at the 24th IFIP World Computer Congress, WCC 2018, Poznan, Poland, September 18–20, 2018, Proceedings
Projects
WISR
Funder
Knowledge Foundation, NU16
Available from: 2018-09-27 Created: 2018-09-27 Last updated: 2019-12-04Bibliographically approved
Iwaya, L. H., Fischer-Hübner, S., Åhlfeldt, R.-M. & Martucci, L. (2018). mHealth: A Privacy Threat Analysis for Public Health Surveillance Systems. In: Bridget Kane (Ed.), 2018 IEEE 31st International Symposium on Computer-Based Medical Systems: . Paper presented at Proceedings of 31st IEEE Symposium on Computer-Based Medical Systems (CBMS 2018). Karlstad, Sweden: IEEE
Open this publication in new window or tab >>mHealth: A Privacy Threat Analysis for Public Health Surveillance Systems
2018 (English)In: 2018 IEEE 31st International Symposium on Computer-Based Medical Systems / [ed] Bridget Kane, Karlstad, Sweden: IEEE, 2018Conference paper, Published paper (Refereed)
Abstract [en]

Community Health Workers (CHWs) have been using Mobile Health Data Collection Systems (MDCSs) for supporting the delivery of primary healthcare and carrying out public health surveys, feeding national-level databases with families’ personal data. Such systems are used for public surveillance and to manage sensitive data (i.e., health data), so addressing the privacy issues is crucial for successfully deploying MDCSs. In this paper we present a comprehensive privacy threat analysis for MDCSs, discuss the privacy challenges and provide recommendations that are specially useful to health managers and developers. We ground our analysis on a large-scale MDCS used for primary care (GeoHealth) and a well-known Privacy Impact Assessment (PIA) methodology. The threat analysis is based on a compilation of relevant privacy threats from the literature as well as brain-storming sessions with privacy and security experts. Among the main findings, we observe that existing MDCSs do not employ adequate controls for achieving transparency and interveinability. Thus, threatening fundamental privacy principles regarded as data quality, right to access and right to object. Furthermore, it is noticeable that although there has been significant research to deal with data security issues, the attention with privacy in its multiple dimensions is prominently lacking.

Place, publisher, year, edition, pages
Karlstad, Sweden: IEEE, 2018
Series
IEEE International Symposium on Computer-Based Medical Systems, E-ISSN 2372-9198
Keywords
Privacy, Data privacy, Security, Surveillance, Data collection, Public healthcare
National Category
Computer Sciences
Research subject
Computer Science; Information Systems
Identifiers
urn:nbn:se:kau:diva-68003 (URN)10.1109/CBMS.2018.00015 (DOI)978-1-5386-6060-7 (ISBN)978-1-5386-6061-4 (ISBN)
Conference
Proceedings of 31st IEEE Symposium on Computer-Based Medical Systems (CBMS 2018)
Available from: 2018-07-11 Created: 2018-07-11 Last updated: 2019-11-10Bibliographically approved
Iwaya, L. H., Fischer-Hübner, S., Åhlfeldt, R.-M. & Martucci, L. (2018). Overview of Privacy Challenges in Mobile Health Data Collection Systems. In: : . Paper presented at Medical Informatics Europe: MIE 2018, Gothenburg, Sweden, 24-26 April, 2018..
Open this publication in new window or tab >>Overview of Privacy Challenges in Mobile Health Data Collection Systems
2018 (English)Conference paper, Poster (with or without abstract) (Refereed)
Abstract [en]

Community Health Workers (CHWs) have been using Mobile HealthData Collection Systems (MDCSs) for public health surveys, feeding the national-level databases with the families’ personal data. Since such systems are inherentlyused for public surveillance and manage sensitive data (i.e., health data), deal-ing with the privacy issues is crucial to successful deployments. In this poster wepresent the privacy challenges related to MDCSs, providing a summary speciallyimportant to health managers and developers.

Keywords
mobile health, privacy, security, mHealth data collection system
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-70414 (URN)
Conference
Medical Informatics Europe: MIE 2018, Gothenburg, Sweden, 24-26 April, 2018.
Available from: 2018-12-05 Created: 2018-12-05 Last updated: 2019-09-11Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-9980-3473

Search in DiVA

Show all publications