Secure Internet Programming - menu
Secure Internet Programming
Princeton University
Department of Computer Science

Value-Sensitive Design for Browser Security
Edward Felten, Helen Nissenbaum, Batya Friedman

The common good of our information infrastructure depends on well-designed network security that is embraced by the public and private sectors. Well designed network security requires well-formed technical mechanisms and responsiveness to underlying moral and societal values, as well as a well-thought out system of user interactions. In recent years, significant efforts have been directed toward developing the technical dimensions of network security, but little systematic work investigates and integrates the corresponding dimensions of human values and user experience. This collaborative project provides a model of interdisciplinary collaboration that can deepen our understanding of the cognitive, ethical and social implications of new types of inter-activity. It will study and implement security for a network browser that integrates these three key considerations: technical excellence, responsiveness to moral and societal values, and sensitivity to users' perceptions. It will: (1) develop a conceptual framework, or model, for network security that accounts for human values and user experience; (2) design and implement a working prototype of a network security system guided by the conceptual model; and (3) apply the experience of this project toward a better understanding of methodology for the general purpose of designing technology that is responsive, or sensitive to, human values. Drawing on the technical, philosophical, and social science expertise of the three investigators, the work will begin with a close study of the network security in existing browsers such as Netscape 4.0 and Internet Explorer 4.0. The goal is to characterize the technical mechanisms, grasp value implications, and understand users' perceptions, of these systems. Based on this study, the investigators will develop a conceptual model that represents the interaction among technical characteristics, values supported by (or embodied in) the system, and users' perceptions of their interactive experience with it. This model will guide the next phase of the project: to design and implement a prototype for a security configuration that is explicitly responsive to values and users' perceptions. User studies and further philosophical analysis of the prototype will be used, in turn, to refine the security configuration and, ultimately, to refine and assess the model itself. Through industry contacts and other traditional methods, the investigators will disseminate the results of their study, including the conceptual model, prototype, and aspects of the multidisciplinary methodology they develop.