research-article

Public Access

Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges

Authors:

Mohammad Tahaei,

Alisa Frik, and

Kami VanieaAuthors Info & Claims

CHI '21: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

May 2021

Article No.: 693, Pages 1 - 15

https://doi.org/10.1145/3411764.3445768

Published: 07 May 2021 Publication History

All formats PDF

Abstract

Software development teams are responsible for making and implementing software design decisions that directly impact end-user privacy, a challenging task to do well. Privacy Champions—people who strongly care about advocating privacy—play a useful role in supporting privacy-respecting development cultures. To understand their motivations, challenges, and strategies for protecting end-user privacy, we conducted 12 interviews with Privacy Champions in software development teams. We find that common barriers to implementing privacy in software design include: negative privacy culture, internal prioritisation tensions, limited tool support, unclear evaluation metrics, and technical complexity. To promote privacy, Privacy Champions regularly use informal discussions, management support, communication among stakeholders, and documentation and guidelines. They perceive code reviews and practical training as more instructive than general privacy awareness and on-boarding training. Our study is a first step towards understanding how Privacy Champions work to improve their organisation’s privacy approaches and improve the privacy of end-user products.

References

[1]

Alessandro Acquisti and Jens Grossklags. 2007. What can behavioral economics teach us about privacy. Digital privacy: theory, technologies and practices 18 (2007), 363–377. https://doi.org/10.1201/9781420052183.ch18

[2]

Majed Almansoori, Jessica Lam, Elias Fang, Kieran Mulligan, Adalbert Gerald Soosai Raj, and Rahul Chatterjee. 2020. How Secure Are Our Computer Systems Courses?. In Proceedings of the 2020 ACM Conference on International Computing Education Research (Virtual Event, New Zealand) (ICER ’20). Association for Computing Machinery, New York, NY, USA, 271–281. https://doi.org/10.1145/3372782.3406266

Digital Library

[3]

Teresa M. Amabile. 1993. Motivational synergy: Toward new conceptualizations of intrinsic and extrinsic motivation in the workplace. Human Resource Management Review 3, 3 (1993), 185–201. https://doi.org/10.1016/1053-4822(93)90012-S

[4]

Oshrat Ayalon, Eran Toch, Irit Hadar, and Michael Birnhack. 2017. How Developers Make Design Decisions about Users’ Privacy: The Place of Professional Communities and Organizational Climate. In Companion of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing (Portland, Oregon, USA) (CSCW ’17 Companion). Association for Computing Machinery, New York, NY, USA, 135–138. https://doi.org/10.1145/3022198.3026326

Digital Library

[5]

Kenneth A Bamberger and Deirdre K Mulligan. 2015. Privacy on the Ground: Driving Corporate Behavior in the United States and Europe. MIT Press. https://mitpress.mit.edu/books/privacy-ground

[6]

Catherine Barrett. 2019. Are the EU GDPR and the California CCPA becoming the de facto global standards for data privacy and protection?Scitech Lawyer 15, 3 (2019), 24–29. https://search.proquest.com/docview/2199825726

[7]

Cynthia Mathis Beath. 1991. Supporting the Information Technology Champion. MIS Quarterly 15, 3 (1991), 355–372. https://doi.org/10.2307/249647

Digital Library

[8]

Ingolf Becker, Simon Parkin, and M. Angela Sasse. 2017. Finding Security Champions in Blends of Organisational Culture. In Proceedings 2nd European Workshop on Usable Security. Internet Society, Paris, France, 11 pages. https://doi.org/10.14722/eurousec.2017.23007

[9]

Odette Beris, Adam Beautement, and M. Angela Sasse. 2015. Employee Rule Breakers, Excuse Makers and Security Champions: Mapping the Risk Perceptions and Emotions That Drive Security Behaviors. In Proceedings of the 2015 New Security Paradigms Workshop (Twente, Netherlands) (NSPW ’15). Association for Computing Machinery, New York, NY, USA, 73–84. https://doi.org/10.1145/2841113.2841119

Digital Library

[10]

Karin Bernsmed and Martin Jaatun. 2019. Threat modelling and agile software development: Identified practice in four Norwegian organisations. In 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). IEEE, 1–8. https://doi.org/10.1109/CyberSecPODS.2019.8885144

[11]

Robert L Brennan and Dale J Prediger. 1981. Coefficient Kappa: Some Uses, Misuses, and Alternatives. Educational and psychological measurement 41, 3 (1981), 687–699. https://doi.org/10.1177/001316448104100307

[12]

Fei Bu, Nengmin Wang, Bin Jiang, and Huigang Liang. 2020. “Privacy by Design” implementation: Information system engineers’ perspective. International Journal of Information Management 53 (2020), 102124. https://doi.org/10.1016/j.ijinfomgt.2020.102124

[13]

Andrew Campbell and Sally Yeung. 1991. Creating a sense of mission. Long Range Planning 24, 4 (1991), 10 – 20. https://doi.org/10.1016/0024-6301(91)90002-6

[14]

Susan Cartwright and Nicola Holmes. 2006. The meaning of work: The challenge of regaining employee engagement and reducing cynicism. Human Resource Management Review 16, 2 (2006), 199 – 208. https://doi.org/10.1016/j.hrmr.2006.03.012The New World of Work and Organizations.

[15]

Ann Cavoukian. 2009. Privacy by Design: The 7 Foundational Principles. Information and privacy commissioner of Ontario, Canada 5 (2009), 5 pages. https://iab.org/wp-content/IAB-uploads/2011/03/fred_carter.pdf

[16]

Lorrie Cranor and Norman Sadeh. 2013. A Shortage of Privacy Engineers. IEEE Security & Privacy 11, 2 (2013), 77–79. https://doi.org/10.1109/MSP.2013.25

Digital Library

[17]

Maria da Conceição Freitas and Miguel Mira da Silva. 2018. GDPR Compliance in SMEs: There is much to be done. Journal of Information Systems Engineering & Management 3, 4 (2018), 30. https://doi.org/10.20897/jisem/3941

[18]

Adéle Da Veiga and Jan HP Eloff. 2010. A framework and assessment instrument for information security culture. Computers & Security 29, 2 (2010), 196–207. https://doi.org/10.1016/j.cose.2009.09.002

Digital Library

[19]

Duy Dang-Pham, Siddhi Pittayachawan, and Vince Bruno. 2017. Applications of social network analysis in behavioural information security research: Concepts and empirical analysis. Computers & Security 68(2017), 1–15. https://doi.org/10.1016/j.cose.2017.03.010

Digital Library

[20]

Duy Dang-Pham, Siddhi Pittayachawan, and Vince Bruno. 2017. Applying network analysis to investigate interpersonal influence of information security behaviours in the workplace. Information & Management 54, 5 (2017), 625–637. https://doi.org/10.1016/j.im.2016.12.003

[21]

Duy Dang-Pham, Siddhi Pittayachawan, and Vince Bruno. 2017. Investigation into the formation of information security influence: Network analysis of an emerging organisation. Computers & Security 70 (Sept. 2017), 111–123. https://doi.org/10.1016/j.cose.2017.05.010

[22]

Linda Di Geronimo, Larissa Braz, Enrico Fregnan, Fabio Palomba, and Alberto Bacchelli. 2020. UI Dark Patterns and Where to Find Them: A Study on Mobile Applications and User Perception. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (Honolulu, HI, USA) (CHI ’20). Association for Computing Machinery, New York, NY, USA, 1–14. https://doi.org/10.1145/3313831.3376600

Digital Library

[23]

Nora A Draper and Joseph Turow. 2019. The corporate cultivation of digital resignation. New Media & Society 21, 8 (2019), 1824–1839. https://doi.org/10.1177/1461444819833331

[24]

Pietro Ferrara and Fausto Spoto. 2018. Static Analysis for GDPR Compliance. In Proceedings of the Second Italian Conference on Cyber Security (ITASEC 2018), Milan, Italy(CEUR Workshop Proceedings, Vol. 2058). CEUR-WS.org, 10 pages. http://ceur-ws.org/Vol-2058/paper-10.pdf

[25]

Rita Francese, Carmine Gravino, Michele Risi, Giuseppe Scanniello, and Genoveffa Tortora. 2017. Mobile App Development and Management: Results from a Qualitative Investigation. In Proceedings of the 4th International Conference on Mobile Software Engineering and Systems(Buenos Aires, Argentina) (MOBILESoft ’17). IEEE Press, 133–143. https://doi.org/10.1109/MOBILESoft.2017.33

Digital Library

[26]

Alisa Frik, Leysan Nurgalieva, Julia Bernd, Joyce S. Lee, Florian Schaub, and Serge Egelman. 2019. Privacy and Security Threat Models and Mitigation Strategies of Older Adults. In Proceedings of the Fifteenth USENIX Conference on Usable Privacy and Security (Santa Clara, CA, USA) (SOUPS’19). USENIX Association, USA, 21–40. https://www.usenix.org/conference/soups2019/presentation/frik

Digital Library

[27]

Trevor Gabriel and Steven Furnell. 2011. Selecting security champions. Computer Fraud & Security 2011, 8 (2011), 8–12. https://doi.org/10.1016/S1361-3723(11)70082-3

[28]

Colin M. Gray, Yubo Kou, Bryan Battles, Joseph Hoggatt, and Austin L. Toombs. 2018. The Dark (Patterns) Side of UX Design. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (Montreal QC, Canada) (CHI ’18). Association for Computing Machinery, New York, NY, USA, 1–14. https://doi.org/10.1145/3173574.3174108

Digital Library

[29]

Irit Hadar, Tomer Hasson, Oshrat Ayalon, Eran Toch, Michael Birnhack, Sofia Sherman, and Arod Balissa. 2018. Privacy by designers: software developers’ privacy mindset. Empirical Software Engineering 23, 1 (Feb. 2018), 259–289. https://doi.org/10.1007/s10664-017-9517-1

Digital Library

[30]

Tracy Hall, Helen Sharp, Sarah Beecham, Nathan Baddoo, and Hugh Robinson. 2008. What Do We Know about Developer Motivation?IEEE Software 25, 4 (2008), 92–94. https://doi.org/10.1109/MS.2008.105

Digital Library

[31]

Julie M Haney and Wayne G Lutters. 2017. Skills and Characteristics of Successful Cybersecurity Advocates. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017). USENIX Association, 7. https://www.usenix.org/conference/soups2017/workshop-program/wsiw2017/haney

[32]

Julie M. Haney and Wayne G. Lutters. 2017. The Work of Cybersecurity Advocates. In Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems (Denver, Colorado, USA) (CHI EA ’17). Association for Computing Machinery, New York, NY, USA, 1663–1670. https://doi.org/10.1145/3027063.3053134

Digital Library

[33]

Julie M. Haney and Wayne G. Lutters. 2018. ”It’s Scary…It’s Confusing…It’s Dull”: How Cybersecurity Advocates Overcome Negative Perceptions of Security. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018). USENIX Association, Baltimore, MD, 411–425. https://www.usenix.org/conference/soups2018/presentation/haney-perceptions

[34]

Julie M. Haney and Wayne G. Lutters. 2019. Motivating Cybersecurity Advocates: Implications for Recruitment and Retention. In Proceedings of the 2019 on Computers and People Research Conference (Nashville, TN, USA) (SIGMIS-CPR ’19). Association for Computing Machinery, New York, NY, USA, 109–117. https://doi.org/10.1145/3322385.3322388

Digital Library

[35]

Julie M. Haney, Mary Theofanos, Yasemin Acar, and Sandra Spickard Prettyman. 2018. “We make it a big deal in the company”: Security Mindsets in Organizations that Develop Cryptographic Products. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018). USENIX Association, Baltimore, MD, 357–373. https://www.usenix.org/conference/soups2018/presentation/haney-mindsets

[36]

Michael S.H Heng, Eileen M Trauth, and Sven J Fischer. 1999. Organisational champions of IT innovation. Accounting, Management and Information Technologies 9, 3(1999), 193–222. https://doi.org/10.1016/S0959-8022(99)00008-9

[37]

Jaap-Henk Hoepman. 2019. Privacy Design Strategies (The Little Blue Book). Radboud University. https://cs.ru.nl/~jhh/publications/pds-booklet.pdf

[38]

Christopher Horn and Anita D‘Amico. 2019. Measuring Application Security. In Advances in Human Factors in Cybersecurity, Tareq Z. Ahram and Denise Nicholson (Eds.). Vol. 782. Springer International Publishing, Cham, 44–55. https://doi.org/10.1007/978-3-319-94782-2_5

[39]

Jane M Howell and Christine M Shea. 2001. Individual differences, environmental scanning, innovation framing, and champion behavior: key predictors of project performance. Journal of Product Innovation Management 18, 1 (2001), 15–27. https://doi.org/10.1016/S0737-6782(00)00067-9

[40]

Shubham Jain, Janne Lindqvist, 2014. Should I Protect You? Understanding Developers’ Behavior to Privacy-Preserving APIs. In Workshop on Usable Security (USEC’14). Internet Society, 10 pages. https://doi.org/10.14722/usec.2014.23045

[41]

Donna Kelley and Hyunsuk Lee. 2010. Managing Innovation Champions: The Impact of Project Characteristics on the Direct Manager Role*. Journal of Product Innovation Management 27, 7 (2010), 1007–1019. https://doi.org/10.1111/j.1540-5885.2010.00767.x

[42]

J. Richard Landis and Gary G. Koch. 1977. The Measurement of Observer Agreement for Categorical Data. Biometrics 33, 1 (1977), 159–174. https://doi.org/10.2307/2529310

[43]

Jonathan Lazar, Jinjuan Heidi Feng, and Harry Hochheiser. 2017. Chapter 11 - Analyzing qualitative data. In Research Methods in Human Computer Interaction (second edition ed.), Jonathan Lazar, Jinjuan Heidi Feng, and Harry Hochheiser (Eds.). Morgan Kaufmann, Boston, 299–327. https://doi.org/10.1016/B978-0-12-805390-4.00011-X

[44]

He Li, Lu Yu, and Wu He. 2019. The Impact of GDPR on Global Technology Development. Journal of Global Information Technology Management 22, 1(2019), 1–6. https://doi.org/10.1080/1097198X.2019.1569186

[45]

Xenia Mountrouidou, David Vosen, Chadi Kari, Mohammad Q. Azhar, Sajal Bhatia, Greg Gagne, Joseph Maguire, Liviana Tudor, and Timothy T. Yuen. 2019. Securing the Human: A Review of Literature on Broadening Diversity in Cybersecurity Education. In Proceedings of the Working Group Reports on Innovation and Technology in Computer Science Education (Aberdeen, Scotland UK) (ITiCSE-WGR ’19). Association for Computing Machinery, New York, NY, USA, 157–176. https://doi.org/10.1145/3344429.3372507

Digital Library

[46]

Deborah Mrazek and Michael Rafeld. 1992. Integrating Human Factors on a Large Scale: Product Usability Champions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Monterey, California, USA) (CHI ’92). Association for Computing Machinery, New York, NY, USA, 565–570. https://doi.org/10.1145/142750.142989

Digital Library

[47]

Helen Nissenbaum. 2009. Privacy in context: Technology, policy, and the integrity of social life. Stanford University Press. http://www.sup.org/books/title/?id=8862

Digital Library

[48]

State of California Department of Justice. 2018. California Consumer Privacy Act (CCPA). Retrieved August 2020 from https://oag.ca.gov/privacy/ccpa

[49]

Stack Overflow. 2020. Developer Survey Results. Retrieved August 2020 from https://insights.stackoverflow.com/survey/2020

[50]

Leysia Palen and Paul Dourish. 2003. Unpacking “Privacy” for a Networked World. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Ft. Lauderdale, Florida, USA) (CHI ’03). Association for Computing Machinery, New York, NY, USA, 129–136. https://doi.org/10.1145/642611.642635

Digital Library

[51]

The European parliament and the council of the European union. 2018. General Data Protection Regulation (GDPR). Retrieved August 2020 from https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679

[52]

Chris Parnin, Christian Bird, and Emerson Murphy-Hill. 2011. Java Generics Adoption: How New Features Are Introduced, Championed, or Ignored. In Proceedings of the 8th Working Conference on Mining Software Repositories (Waikiki, Honolulu, HI, USA) (MSR ’11). Association for Computing Machinery, New York, NY, USA, 3–12. https://doi.org/10.1145/1985441.1985446

Digital Library

[53]

Chris Parnin, Christian Bird, and Emerson Murphy-Hill. 2013. Adoption and use of Java generics. Empirical Software Engineering 18, 6 (Dec. 2013), 1047–1089. https://doi.org/10.1007/s10664-012-9236-6

Digital Library

[54]

Mariana Peixoto, Dayse Ferreira, Mateus Cavalcanti, Carla Silva, Jéssyka Vilela, João Araújo, and Tony Gorschek. 2020. On Understanding How Developers Perceive and Interpret Privacy Requirements Research Preview. In Requirements Engineering: Foundation for Software Quality, Nazim Madhavji, Liliana Pasquale, Alessio Ferrari, and Stefania Gnesi (Eds.). Springer International Publishing, Cham, 116–123. https://doi.org/10.1007/978-3-030-44429-7_8

Digital Library

[55]

Hiep Cong Pham, Linda Brennan, Lukas Parker, Nhat Tram Phan-Le, Irfan Ulhaq, Mathews Zanda Nkhoma, and Minh Nhat Nguyen. 2019. Enhancing cyber security behavior: an internal social marketing approach. Information & Computer Security 28, 2 (Oct. 2019), 133–159. https://doi.org/10.1108/ICS-01-2019-0023

[56]

Jaco Renken and Richard Richard. 2019. Champions of IS Innovations. Communications of the Association for Information Systems 44 (2019), 811–851. https://doi.org/10.17705/1CAIS.04438

[57]

SAFECode. 2019. Software Security Takes a Champion - A Short Guide on Building and Sustaining a Successful Security Champions Program. Technical Report. SAFECode. http://safecode.org/wp-content/uploads/2019/02/Security-Champions-2019-.pdf

[58]

Gabe Scelta, Hamid Rashid, Hoi Wai Jackie Cheng, Marcelo LaFleur, Mariangela Parra-Lancourt, Alex Julca, Nicole Hunt, S. Islam, and Hiroshi Kawamura. 2019. Data Economy: Radical transformation or dystopia?Frontier Technology Quarterly 1 (Jan. 2019). https://www.un.org/development/desa/dpad/wp-content/uploads/sites/45/publication/FTQ_1_Jan_2019.pdf

[59]

Donald A. Schon. 1963. Champions for Radical New Inventions. Harvard Business Review 41 (1963), 77–86. https://id.lib.harvard.edu/ead/c/bak00203c02144/catalog

[60]

Awanthika Senarath and Nalin A. G. Arachchilage. 2018. Why Developers Cannot Embed Privacy into Software Systems? An Empirical Investigation. In Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering 2018 (Christchurch, New Zealand) (EASE’18). Association for Computing Machinery, New York, NY, USA, 211–216. https://doi.org/10.1145/3210459.3210484

Digital Library

[61]

Awanthika Senarath, Marthie Grobler, and Nalin Asanka Gamagedara Arachchilage. 2019. Will They Use It or Not? Investigating Software Developers’ Intention to Follow Privacy Engineering Methodologies. ACM Transactions on Privacy and Security 22, 4, Article 23 (Nov. 2019), 30 pages. https://doi.org/10.1145/3364224

Digital Library

[62]

Katie Shilton, Donal Heidenblad, Adam Porter, Susan Winter, and Mary Kendig. 2020. Role-Playing Computer Ethics: Designing and Evaluating the Privacy by Design (PbD) Simulation. Science and Engineering Ethics PP, PP (July 2020), 16 pages. https://doi.org/10.1007/s11948-020-00250-0

[63]

Daniela Soares Cruzes, Martin Gilje Jaatun, Karin Bernsmed, and Inger Anne Tondel. 2018. Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects. In 2018 25th Australasian Software Engineering Conference (ASWEC). IEEE, Adelaide, SA, 111–120. https://doi.org/10.1109/ASWEC.2018.00023

[64]

Daniel J Solove. 2005. A taxonomy of privacy. University of Pennsylvania Law Review 154 (2005), 477–560. https://ssrn.com/abstract=667622

[65]

Daniel J Solove. 2007. “I’ve Got Nothing to Hide” and Other Misunderstandings of Privacy. San Diego Law Review 44(2007), 745. https://ssrn.com/abstract=998565

[66]

Sarah Spiekermann, Jana Korunovska, and Marc Langheinrich. 2019. Inside the Organization: Why Privacy and Security Engineering Is a Challenge for Engineers. Proc. IEEE 107, 3 (2019), 600–615. https://doi.org/10.1109/JPROC.2018.2866769

[67]

Mohammad Tahaei, Adam Jenkins, Kami Vaniea, and Maria K. Wolters. 2020. “I Don’t Know Too Much About It”: On the Security Mindsets of Computer Science Students. In Socio-Technical Aspects in Security and Trust (first ed.), Thomas Groß and Tryfonas Theo (Eds.). Springer International Publishing. https://www.springer.com/book/9783030559571

[68]

Mohammad Tahaei and Kami Vaniea. 2019. A Survey on Developer-Centred Security. In 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 129–138. https://doi.org/10.1109/EuroSPW.2019.00021

[69]

Mohammad Tahaei, Kami Vaniea, and Naomi Saphra. 2020. Understanding Privacy-Related Questions on Stack Overflow. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (Honolulu, HI, USA) (CHI ’20). Association for Computing Machinery, New York, NY, USA, 1–14. https://doi.org/10.1145/3313831.3376768

Digital Library

[70]

Tyler W. Thomas, Madiha Tabassum, Bill Chu, and Heather Lipford. 2018. Security During Application Development: An Application Security Expert Perspective. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (Montreal QC, Canada) (CHI ’18). Association for Computing Machinery, New York, NY, USA, Article 262, 12 pages. https://doi.org/10.1145/3173574.3173836

Digital Library

[71]

Kerry-Lynn Thomson, Rossouw Von Solms, and Lynette Louw. 2006. Cultivating an organizational information security culture. Computer fraud & security 2006, 10 (2006), 7–11. https://doi.org/10.1016/S1361-3723(06)70430-4

[72]

Inger Anne Tøndel, Martin Jaatun, and Daniela Cruzes. 2020. IT Security Is From Mars, Software Security Is From Venus. IEEE Security & Privacy 18, 04 (July 2020), 48–54. https://doi.org/10.1109/MSEC.2020.2969064

Digital Library

[73]

Ismini Vasileiou and Steven Furnell. 2019. Personalising Security Education: Factors Influencing Individual Awareness and Compliance. In Information Systems Security and Privacy, Paolo Mori, Steven Furnell, and Olivier Camp (Eds.). Springer International Publishing, Cham, 189–200. https://doi.org/10.1007/978-3-030-25109-3_10

[74]

Daniel Votipka, Rock Stevens, Elissa M. Redmiles, Jeremy Hu, and Michelle L. Mazurek. 2018. Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 374–391. https://doi.org/10.1109/SP.2018.00003

[75]

Isabel Wagner and David Eckhoff. 2018. Technical Privacy Metrics: A Systematic Survey. Comput. Surveys 51, 3, Article 57 (June 2018), 38 pages. https://doi.org/10.1145/3168389

Digital Library

[76]

Ari Ezra Waldman. 2018. Designing without privacy. Houston Law Review 55(2018), 659. https://ssrn.com/abstract=2944185

[77]

Charles Weir, Ingolf Becker, James Noble, Lynne Blair, Angela Sasse, and Awais Rashid. 2019. Interventions for Software Security: Creating a Lightweight Program of Assurance Techniques for Developers. In 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP). IEEE, 41–50. https://doi.org/10.1109/ICSE-SEIP.2019.00013

Digital Library

[78]

Charles Weir, Ingolf Becker, James Noble, Lynne Blair, M. Angela Sasse, and Awais Rashid. 2020. Interventions for long-term software security: Creating a lightweight program of assurance techniques for developers. Software: Practice and Experience 50, 3 (2020), 275–298. https://doi.org/10.1002/spe.2774

[79]

Charles Weir, Ben Hermann, and Sascha Fahl. 2020. From Needs to Actions to Secure Apps? The Effect of Requirements and Developer Practices on App Security. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, Boston, MA, 17 pages. https://www.usenix.org/conference/usenixsecurity20/presentation/weir

[80]

Sara J Weston, M Teresa Cardador, Patrick L Hill, Ted Schwaba, Jennifer Lodi-Smith, and Susan K Whitbourne. 2020. The Relationship Between Career Success and Sense of Purpose: Examining Linkages and Changes. The Journals of Gerontology: Series B PP (09 2020), 10 pages. https://doi.org/10.1093/geronb/gbaa162

Cited By

Alhirabi NBeaumont SRana OPerera C(2024)Designing Privacy-Aware IoT Applications for Unregulated DomainsACM Transactions on Internet of Things10.1145/36484805:2(1-32)Online publication date: 23-Apr-2024
https://dl.acm.org/doi/10.1145/3648480
Lee HYang YVon Davier TForlizzi JDas S(2024)Deepfakes, Phrenology, Surveillance, and More! A Taxonomy of AI Privacy RisksProceedings of the CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642116(1-19)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642116
Herwanto GEkaputra FQuirchmayr GTjoa A(2024)Toward a Holistic Privacy Requirements Engineering Process: Insights From a Systematic Literature ReviewIEEE Access10.1109/ACCESS.2024.338088812(47518-47542)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3380888
Show More Cited By

Index Terms

Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges

Index terms have been assigned to the content through auto-classification.

Recommendations

Why developers cannot embed privacy into software systems?: An empirical investigation
EASE '18: Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering 2018

Pervasive use of software applications continue to challenge user privacy when users interact with software systems. Even though privacy practices such as Privacy by Design (PbD), have clear instructions for software developers to embed privacy into ...
Read More
RFID Privacy: An Overview of Problems and Proposed Solutions

As organizations aggressively deploy Radio Frequency Identification systems, activists are increasingly concerned about RFID's potential to invade user privacy. This overview highlights potential threats and how they might be addressed using both ...
Read More
Anonymous authentication for mobile Single Sign-On to protect user privacy

This article proposes a system in which a Global System for Mobile (GSM) communication user can access and be authenticated to third party services with total anonymity as far as the Services Providers are concerned and where the GSM Network Operator ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CHI '21: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

May 2021

10862 pages

ISBN:9781450380966

DOI:10.1145/3411764

General Chairs:
Yoshifumi Kitamura
Tohoku University, Japan
,
Aaron Quigley
University of New South Wales, Australia
,
Program Chairs:
Katherine Isbister
University of California Santa Cruz, USA
,
Takeo Igarashi
The University of Tokyo, Japan
,
Publications Chairs:
Pernille Bjørn
University of Copenhagen, Denmark
,
Steven Drucker
Microsoft Research, USA

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 May 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

National Science Foundation
Center for Long-Term Cybersecurity at UC Berkeley

Conference

CHI '21

Sponsor:

SIGCHI

CHI '21: CHI Conference on Human Factors in Computing Systems

May 8 - 13, 2021

Yokohama, Japan

Acceptance Rates

Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

Upcoming Conference

CHI PLAY '24

Sponsor:
sigchi

The Annual Symposium on Computer-Human Interaction in Play

October 14 - 17, 2024

Tampere , Finland

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

38
Total Citations
View Citations
2,315
Total Downloads

Downloads (Last 12 months)1,433
Downloads (Last 6 weeks)245

Other Metrics

View Author Metrics

Citations

Cited By

Alhirabi NBeaumont SRana OPerera C(2024)Designing Privacy-Aware IoT Applications for Unregulated DomainsACM Transactions on Internet of Things10.1145/36484805:2(1-32)Online publication date: 23-Apr-2024
https://dl.acm.org/doi/10.1145/3648480
Lee HYang YVon Davier TForlizzi JDas S(2024)Deepfakes, Phrenology, Surveillance, and More! A Taxonomy of AI Privacy RisksProceedings of the CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642116(1-19)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642116
Herwanto GEkaputra FQuirchmayr GTjoa A(2024)Toward a Holistic Privacy Requirements Engineering Process: Insights From a Systematic Literature ReviewIEEE Access10.1109/ACCESS.2024.338088812(47518-47542)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3380888
Mcconkey ROlukoya O(2024)Runtime and Design Time Completeness Checking of Dangerous Android App Permissions Against GDPRIEEE Access10.1109/ACCESS.2023.334719412(1-22)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2023.3347194
Fischer-Hübner SKaregar FFischer-Hübner SKaregar F(2024)Overview of Usable Privacy Research: Major Themes and Research DirectionsThe Curious Case of Usable Privacy10.1007/978-3-031-54158-2_3(43-102)Online publication date: 20-Mar-2024
https://doi.org/10.1007/978-3-031-54158-2_3
Serafini RGutfleisch MHorstmann SNaiakshina AKelley PKapadia A(2023)On the recruitment of company developers for security studies: results from a qualitative interview studyProceedings of the Nineteenth USENIX Conference on Usable Privacy and Security10.5555/3632186.3632204(321-340)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.5555/3632186.3632204
Mink JKaur HSchmüser JFahl SAcar YCalandrino JTroncoso C(2023)"Security is not my field, I'm a stats guy"Proceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620448(3763-3780)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620448
Menges UHielscher JKocksch LKluge ASasse M(2023)Caring Not Scaring - An Evaluation of a Workshop to Train Apprentices as Security ChampionsProceedings of the 2023 European Symposium on Usable Security10.1145/3617072.3617099(237-252)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3617072.3617099
Shrestha ASharma TSaha PAhmed SAl-Ameen M(2023)A First Look into Software Security Practices in BangladeshACM Journal on Computing and Sustainable Societies10.1145/36163831:1(1-24)Online publication date: 22-Sep-2023
https://dl.acm.org/doi/10.1145/3616383
Ekambaranathan AZhao JVan Kleek M(2023)How Can We Design Privacy-Friendly Apps for Children? Using a Research through Design Process to Understand Developers' Needs and ChallengesProceedings of the ACM on Human-Computer Interaction10.1145/36100667:CSCW2(1-29)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3610066
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents