Giovanni Iachello | Georgia Institute of Technology (original) (raw)
Papers by Giovanni Iachello
Compelled to improve information security by the introduction of personal data protection legisla... more Compelled to improve information security by the introduction of personal data protection legislation, organizations worldwide are adopting standardized security management guidelines to inform their internal processes. This paper analyzes whether existing security management standards support process requirements for personal data management, drawing from experience with security policies in private organizations and through an analysis of current European and US legislation. Various aspects of personal data management not commonly addressed by security standards are identified, and a number of generally applicable enhancements are proposed to one common standard, IS17799. The appropriateness of including data protection guidelines in security standards is discussed, showing how these enhancements could simplify the definition of personal data management procedures in organizations.
A Sarah che ha imparato la sua pazienza e me l'ha donata. iv ACKNOWLEDGEMENTS This work has signi... more A Sarah che ha imparato la sua pazienza e me l'ha donata. iv ACKNOWLEDGEMENTS This work has significantly benefited from the help of a large group of people, at Georgia Tech, Intel Research, and elsewhere. First, in alphabetical order and for his intellectual contribution, my advisor, Gregory Abowd. Without his advice, encouragement and help, this work would not exist. I would also like to thank my committee members, Paul Dourish, Keith Edwards, Sy Goodman and Kai Rannenberg, whose pointed questions and comments greatly improved this dissertation. I learned much from many friends and collaborators over the past few years. They made my PhD a rewarding and fulfilling experience, and helped me greatly: Sunny Consolvo,
ACM Transactions on Computer-human Interaction, 2008
We describe the two-year-long development and evaluation of the Proportionality Method, a design ... more We describe the two-year-long development and evaluation of the Proportionality Method, a design method intended to aid HCI practitioners in designing advanced IT applications with complex privacy implications. The method is inspired by Data Protection Authorities' (DPA) and ...
Early IT security evaluation criteria like the TCSEC and the ITSEC suffered much criticism for th... more Early IT security evaluation criteria like the TCSEC and the ITSEC suffered much criticism for their lack of coverage of privacy-related requirements. Recent evaluation criteria, like the CC and the ISO-ECITS now contain components assigned to privacy. This is a step towards enhanced privacy protection, especially for non-experts. We examined the suitability and use of these components and the criteria as a whole by specifying a number of Protection Profiles (PPs) for remailer mix networks, as mix networks aim at user anonymity and unobservable message transfer. This contribution reports on the PPs and the experiences gained. It also introduces proposals for improving the criteria that were derived from this work.
In the past independent IT security evaluation according to published criteria has not realized i... more In the past independent IT security evaluation according to published criteria has not realized its potential for the assessment of privacy enhancing technologies (PETs). The main reason for this was, that PETs were not covered appropriately in the evaluation criteria. This situation has changed somewhat, and therefore this paper reports on a case study, in which we developed Protection Profiles for remailer mixes. One reason for the development of these Protection Profiles was to test the privacy related components in the new Evaluation Criteria for IT Security - Common Criteria (International Standard 15408, ECITS/CC) and to develop improvements. Another reason was to contribute to an independent evaluation of privacy enhancing technologies. The experiment shows, that the ECITS/CC enable PPs for remailer mixes, but that there are still improvements necessary. The paper presents the Protection Profiles and the structured threat analysis for mixes, on which the Protection Profiles are based.
IEEE Pervasive Computing, 2005
Mobile HCI is rapidly becoming one of the prime conferences on human-computer interaction with mo... more Mobile HCI is rapidly becoming one of the prime conferences on human-computer interaction with mobile technology. Its sixth edition took place on 13-16 September in Glasgow, where it originated in 1998. The conference, chaired by Mark Dunlop (University of Strathclyde) and Stephen Brewster (Glasgow University), gathered a heterogeneous group of academics and practitioners that has acquired a unique identity over the past five years. This year's contributions highlighted four research areas: evaluation methods and techniques, context-adaptive systems (including user adaptation, location technology, and power management), the tension between experience and reflection, and interaction styles (auditory, small-display presentation, tilt and touch input, and text entry).
We set the context for three demonstrations by describing the Topological Media Lab's research ag... more We set the context for three demonstrations by describing the Topological Media Lab's research agenda We next describe three concrete applications that bundle together some of our responsive ambient media and augmented clothing instruments in illustrative scenarios.
We set the context for three demonstrations by describing the Topological Media Lab's research ag... more We set the context for three demonstrations by describing the Topological Media Lab's research agenda. We next describe three concrete applications that bundle together some of our responsive ambient media and augmented clothing instruments in illustrative scenarios.
This note describes how continuous sensing of gesture enabling expressive control of real-time au... more This note describes how continuous sensing of gesture enabling expressive control of real-time audio/visual media is achieved using Berkeley motes. We have contributed a relatively stable, inexpensive, extensible, and replicable wireless sensing platform for continuous motion tracking and placed the sensors into clothing to provide unobtrusive, natural affordances to the gesturing user. This paper includes an analysis of system requirements and a discussion of the software/hardware architecture.
Personal and Ubiquitous Computing, 2004
We present the user-centered design and testing process of a mobile, location-aware event planner... more We present the user-centered design and testing process of a mobile, location-aware event planner. Using questionnaires, interviews, and discussions with potential users, we investigated the ways individuals plan social events, such as business meetings, dinners and gatherings, and perform the attendant communication tasks. We catalogued the contextually dependent ways in which people plan their meetings and informal social events and devised a wide range of conceptual sketches to address our potential users’ professed needs. We developed a preliminary PDA-based prototype based on clear conceptual entities (people, places, locations and events) and designed to support short interaction sequences and large maps. Its evaluation with a group of nine participants provided qualitative feedback and prompted an interface redesign. This development process taught us a number of interesting lessons applicable to this category of location-aware applications, which we report at the end of the article. The set of design recommendations can assist designers in the development of location aware systems.
The problem of designing and evaluating mobile computing applications is of growing concern in th... more The problem of designing and evaluating mobile computing applications is of growing concern in the HCI community, due in part to the difficulty of applying traditional design and evaluation methods to increasingly informal and unstructured usage contexts. We describe the design and evaluation of an integrated location-aware event and meeting planner built to work in a PDA form factor. We discuss the limitations and possibilities of location technology on mobile devices and how it can be used to create useful, usable, and elegant applications. We outline major design decisions, the results of qualitative formative evaluation performed with a small number of participants, and the second iteration of the design. Finally, we offer a number of general considerations on the design process and on specific issues related to mobile handheld applications, including reference metrics for design assessment, user training and cross-over effects from desktop systems.
Foundations and Trends in Human-computer Interaction, 2007
The purpose of this article is twofold. First, we summarize research on the topic of privacy in H... more The purpose of this article is twofold. First, we summarize research on the topic of privacy in Human-Computer Interaction (HCI), outlining current approaches, results, and trends. Practitioners and researchers can draw upon this review when working on topics related to privacy in the context of HCI and CSCW. The second purpose is that of charting future research trends and of pointing out areas of research that are timely but lagging. This work is based on a comprehensive analysis of published academic and industrial literature spanning three decades, and on the experience of both ourselves and of many of our colleagues.
We recently proposed the concept of proportionality as a principle able to guide the design of ub... more We recently proposed the concept of proportionality as a principle able to guide the design of ubiquitous computing applications and improve their acceptance. Inspired by the principle, we proposed a design process framework that assists the practitioner in making reasoned ...
We discuss the problems related to access control in automated capture and access systems, which ... more We discuss the problems related to access control in automated capture and access systems, which capture, store and retrieve information gathered through sensors in physical environments. We discuss several unique requirements that set capture and access apart from traditional information processing systems, and that make existing access control approaches such as role-based access control (RBAC) and digital rights management (DRM) unsuitable for this domain. Drawing from access control theory research, we devise an access control system that satisfies these requirements. Further, we describe its implementation within an existing capture and access system, and discuss emergent issues relating to retention time, rights management and information sharing. We argue that some traditional security requirements might not in fact be appropriate when applied to environmental captured information, due to the perceptual and social characteristics of such data. Finally, we provide an example of how this access control architecture might fit in a capture and access system composed of mobile devices.
Sound is an important medium in our lives, but its ephemeral nature can be problematic when peopl... more Sound is an important medium in our lives, but its ephemeral nature can be problematic when people cannot recall something they heard in the past. Motivated by everyday conversational breakdowns, we present the design of a continuous, near-term audio buffering application: the Personal Audio Loop (PAL). PAL was designed as a truly ubiquitous service to recover audio content from a person’s recent past. Initial brainstorming and prototyping for PAL revealed major aspects of the design space that require further investigation, including potential usefulness in everyday life, the level of ubiquity required, the usability features for any instantiation of the service, and the social and legal considerations for potential deployment. We present a design of PAL, informed by a controlled laboratory study, diary study, and examination of pertinent legislation. We conclude with an analysis of the results and some initial observations of the deployment of a prototype developed for a Motorola i730 handset.
People are increasingly carrying location-aware devices (i.e., able to determine their own locati... more People are increasingly carrying location-aware devices (i.e., able to determine their own location, and therefore that of the user, in physical space). A variety of such location systems are currently deployed or under development, from the global mobile telephony infrastructure [4] to schemes based on infrared badges, Bluetooth, GPS, or WiFi (802.11).
We developed an inquiry technique, which we called "paratype," based on experience prototyping an... more We developed an inquiry technique, which we called "paratype," based on experience prototyping and eventcontingent experience sampling, to survey people in reallife situations about ubiquitous computing (ubicomp) technology. We used this tool to probe the opinions of the conversation partners of users of the Personal Audio Loop, a memory aid that can have a strong impact on their privacy. We present the findings of this study and their implications, specifically the need to broaden public awareness of ubicomp applications and the unfitness of traditional data protection guidelines for tackling the privacy issues of many ubicomp applications. We also point out benefits and methodological issues of paratypes and discuss why they are particularly fit for studying certain classes of mobile and ubicomp applications.
... Inspired by this principle, we develop a design method for ubicomp applications, based on our... more ... Inspired by this principle, we develop a design method for ubicomp applications, based on our own experience, and aimed at HCI practitioners and designers. ... The issue of individual privacy rights in ubicomp design has been long present to researchers. ...
We have recently proposed a design process framework that assists the practitioner in tackling th... more We have recently proposed a design process framework that assists the practitioner in tackling the privacy and security issues of ubiquitous computing (ubicomp) applications during their development. In this report, we discuss a design study to evaluate the comprehensibility and usability of the design method. The study was conducted with six graduate students at our institution. Students were given the option of using the design method for completing a semester-long design exercise of a ubiquitous computing application of their choice. Researchers analyzed their written deliverables using quantitative metrics and conducted follow-up interviews. Results suggest that the design method is comprehensible and usable by inexperienced designers. Participants commented that the method might help especially in the design of exploratory applications with diverging stakeholders, broadening the coverage of the design process and generating stronger rationales for design decisions.
Compelled to improve information security by the introduction of personal data protection legisla... more Compelled to improve information security by the introduction of personal data protection legislation, organizations worldwide are adopting standardized security management guidelines to inform their internal processes. This paper analyzes whether existing security management standards support process requirements for personal data management, drawing from experience with security policies in private organizations and through an analysis of current European and US legislation. Various aspects of personal data management not commonly addressed by security standards are identified, and a number of generally applicable enhancements are proposed to one common standard, IS17799. The appropriateness of including data protection guidelines in security standards is discussed, showing how these enhancements could simplify the definition of personal data management procedures in organizations.
A Sarah che ha imparato la sua pazienza e me l'ha donata. iv ACKNOWLEDGEMENTS This work has signi... more A Sarah che ha imparato la sua pazienza e me l'ha donata. iv ACKNOWLEDGEMENTS This work has significantly benefited from the help of a large group of people, at Georgia Tech, Intel Research, and elsewhere. First, in alphabetical order and for his intellectual contribution, my advisor, Gregory Abowd. Without his advice, encouragement and help, this work would not exist. I would also like to thank my committee members, Paul Dourish, Keith Edwards, Sy Goodman and Kai Rannenberg, whose pointed questions and comments greatly improved this dissertation. I learned much from many friends and collaborators over the past few years. They made my PhD a rewarding and fulfilling experience, and helped me greatly: Sunny Consolvo,
ACM Transactions on Computer-human Interaction, 2008
We describe the two-year-long development and evaluation of the Proportionality Method, a design ... more We describe the two-year-long development and evaluation of the Proportionality Method, a design method intended to aid HCI practitioners in designing advanced IT applications with complex privacy implications. The method is inspired by Data Protection Authorities' (DPA) and ...
Early IT security evaluation criteria like the TCSEC and the ITSEC suffered much criticism for th... more Early IT security evaluation criteria like the TCSEC and the ITSEC suffered much criticism for their lack of coverage of privacy-related requirements. Recent evaluation criteria, like the CC and the ISO-ECITS now contain components assigned to privacy. This is a step towards enhanced privacy protection, especially for non-experts. We examined the suitability and use of these components and the criteria as a whole by specifying a number of Protection Profiles (PPs) for remailer mix networks, as mix networks aim at user anonymity and unobservable message transfer. This contribution reports on the PPs and the experiences gained. It also introduces proposals for improving the criteria that were derived from this work.
In the past independent IT security evaluation according to published criteria has not realized i... more In the past independent IT security evaluation according to published criteria has not realized its potential for the assessment of privacy enhancing technologies (PETs). The main reason for this was, that PETs were not covered appropriately in the evaluation criteria. This situation has changed somewhat, and therefore this paper reports on a case study, in which we developed Protection Profiles for remailer mixes. One reason for the development of these Protection Profiles was to test the privacy related components in the new Evaluation Criteria for IT Security - Common Criteria (International Standard 15408, ECITS/CC) and to develop improvements. Another reason was to contribute to an independent evaluation of privacy enhancing technologies. The experiment shows, that the ECITS/CC enable PPs for remailer mixes, but that there are still improvements necessary. The paper presents the Protection Profiles and the structured threat analysis for mixes, on which the Protection Profiles are based.
IEEE Pervasive Computing, 2005
Mobile HCI is rapidly becoming one of the prime conferences on human-computer interaction with mo... more Mobile HCI is rapidly becoming one of the prime conferences on human-computer interaction with mobile technology. Its sixth edition took place on 13-16 September in Glasgow, where it originated in 1998. The conference, chaired by Mark Dunlop (University of Strathclyde) and Stephen Brewster (Glasgow University), gathered a heterogeneous group of academics and practitioners that has acquired a unique identity over the past five years. This year's contributions highlighted four research areas: evaluation methods and techniques, context-adaptive systems (including user adaptation, location technology, and power management), the tension between experience and reflection, and interaction styles (auditory, small-display presentation, tilt and touch input, and text entry).
We set the context for three demonstrations by describing the Topological Media Lab's research ag... more We set the context for three demonstrations by describing the Topological Media Lab's research agenda We next describe three concrete applications that bundle together some of our responsive ambient media and augmented clothing instruments in illustrative scenarios.
We set the context for three demonstrations by describing the Topological Media Lab's research ag... more We set the context for three demonstrations by describing the Topological Media Lab's research agenda. We next describe three concrete applications that bundle together some of our responsive ambient media and augmented clothing instruments in illustrative scenarios.
This note describes how continuous sensing of gesture enabling expressive control of real-time au... more This note describes how continuous sensing of gesture enabling expressive control of real-time audio/visual media is achieved using Berkeley motes. We have contributed a relatively stable, inexpensive, extensible, and replicable wireless sensing platform for continuous motion tracking and placed the sensors into clothing to provide unobtrusive, natural affordances to the gesturing user. This paper includes an analysis of system requirements and a discussion of the software/hardware architecture.
Personal and Ubiquitous Computing, 2004
We present the user-centered design and testing process of a mobile, location-aware event planner... more We present the user-centered design and testing process of a mobile, location-aware event planner. Using questionnaires, interviews, and discussions with potential users, we investigated the ways individuals plan social events, such as business meetings, dinners and gatherings, and perform the attendant communication tasks. We catalogued the contextually dependent ways in which people plan their meetings and informal social events and devised a wide range of conceptual sketches to address our potential users’ professed needs. We developed a preliminary PDA-based prototype based on clear conceptual entities (people, places, locations and events) and designed to support short interaction sequences and large maps. Its evaluation with a group of nine participants provided qualitative feedback and prompted an interface redesign. This development process taught us a number of interesting lessons applicable to this category of location-aware applications, which we report at the end of the article. The set of design recommendations can assist designers in the development of location aware systems.
The problem of designing and evaluating mobile computing applications is of growing concern in th... more The problem of designing and evaluating mobile computing applications is of growing concern in the HCI community, due in part to the difficulty of applying traditional design and evaluation methods to increasingly informal and unstructured usage contexts. We describe the design and evaluation of an integrated location-aware event and meeting planner built to work in a PDA form factor. We discuss the limitations and possibilities of location technology on mobile devices and how it can be used to create useful, usable, and elegant applications. We outline major design decisions, the results of qualitative formative evaluation performed with a small number of participants, and the second iteration of the design. Finally, we offer a number of general considerations on the design process and on specific issues related to mobile handheld applications, including reference metrics for design assessment, user training and cross-over effects from desktop systems.
Foundations and Trends in Human-computer Interaction, 2007
The purpose of this article is twofold. First, we summarize research on the topic of privacy in H... more The purpose of this article is twofold. First, we summarize research on the topic of privacy in Human-Computer Interaction (HCI), outlining current approaches, results, and trends. Practitioners and researchers can draw upon this review when working on topics related to privacy in the context of HCI and CSCW. The second purpose is that of charting future research trends and of pointing out areas of research that are timely but lagging. This work is based on a comprehensive analysis of published academic and industrial literature spanning three decades, and on the experience of both ourselves and of many of our colleagues.
We recently proposed the concept of proportionality as a principle able to guide the design of ub... more We recently proposed the concept of proportionality as a principle able to guide the design of ubiquitous computing applications and improve their acceptance. Inspired by the principle, we proposed a design process framework that assists the practitioner in making reasoned ...
We discuss the problems related to access control in automated capture and access systems, which ... more We discuss the problems related to access control in automated capture and access systems, which capture, store and retrieve information gathered through sensors in physical environments. We discuss several unique requirements that set capture and access apart from traditional information processing systems, and that make existing access control approaches such as role-based access control (RBAC) and digital rights management (DRM) unsuitable for this domain. Drawing from access control theory research, we devise an access control system that satisfies these requirements. Further, we describe its implementation within an existing capture and access system, and discuss emergent issues relating to retention time, rights management and information sharing. We argue that some traditional security requirements might not in fact be appropriate when applied to environmental captured information, due to the perceptual and social characteristics of such data. Finally, we provide an example of how this access control architecture might fit in a capture and access system composed of mobile devices.
Sound is an important medium in our lives, but its ephemeral nature can be problematic when peopl... more Sound is an important medium in our lives, but its ephemeral nature can be problematic when people cannot recall something they heard in the past. Motivated by everyday conversational breakdowns, we present the design of a continuous, near-term audio buffering application: the Personal Audio Loop (PAL). PAL was designed as a truly ubiquitous service to recover audio content from a person’s recent past. Initial brainstorming and prototyping for PAL revealed major aspects of the design space that require further investigation, including potential usefulness in everyday life, the level of ubiquity required, the usability features for any instantiation of the service, and the social and legal considerations for potential deployment. We present a design of PAL, informed by a controlled laboratory study, diary study, and examination of pertinent legislation. We conclude with an analysis of the results and some initial observations of the deployment of a prototype developed for a Motorola i730 handset.
People are increasingly carrying location-aware devices (i.e., able to determine their own locati... more People are increasingly carrying location-aware devices (i.e., able to determine their own location, and therefore that of the user, in physical space). A variety of such location systems are currently deployed or under development, from the global mobile telephony infrastructure [4] to schemes based on infrared badges, Bluetooth, GPS, or WiFi (802.11).
We developed an inquiry technique, which we called "paratype," based on experience prototyping an... more We developed an inquiry technique, which we called "paratype," based on experience prototyping and eventcontingent experience sampling, to survey people in reallife situations about ubiquitous computing (ubicomp) technology. We used this tool to probe the opinions of the conversation partners of users of the Personal Audio Loop, a memory aid that can have a strong impact on their privacy. We present the findings of this study and their implications, specifically the need to broaden public awareness of ubicomp applications and the unfitness of traditional data protection guidelines for tackling the privacy issues of many ubicomp applications. We also point out benefits and methodological issues of paratypes and discuss why they are particularly fit for studying certain classes of mobile and ubicomp applications.
... Inspired by this principle, we develop a design method for ubicomp applications, based on our... more ... Inspired by this principle, we develop a design method for ubicomp applications, based on our own experience, and aimed at HCI practitioners and designers. ... The issue of individual privacy rights in ubicomp design has been long present to researchers. ...
We have recently proposed a design process framework that assists the practitioner in tackling th... more We have recently proposed a design process framework that assists the practitioner in tackling the privacy and security issues of ubiquitous computing (ubicomp) applications during their development. In this report, we discuss a design study to evaluate the comprehensibility and usability of the design method. The study was conducted with six graduate students at our institution. Students were given the option of using the design method for completing a semester-long design exercise of a ubiquitous computing application of their choice. Researchers analyzed their written deliverables using quantitative metrics and conducted follow-up interviews. Results suggest that the design method is comprehensible and usable by inexperienced designers. Participants commented that the method might help especially in the design of exploratory applications with diverging stakeholders, broadening the coverage of the design process and generating stronger rationales for design decisions.