Ad-hoc
Guesting: when exceptions are the rule
|
Brinda
Dalal1, Les Nelson1, Diana Smetters1,
Nathaniel Good1, Ame Elliot2 |
|
|
1Palo Alto
Research Center, Inc. 3333 Coyote Hill Road Palo Alto, CA 94304 {bdalal, smetters, nathaniel.good}@parc.com lesnelson@acm.org |
2IDEO Palo Alto |
Abstract
People’s work days are
filled with exceptions to normal routine. These exceptions affect the security
and privacy of their information access and sharing. In a recent ethnographic
study of ten users in the Bay Area, we identify a number of key problems not
well addressed by current data sharing technologies, and from them derive
requirements for Ad-hoc Guesting,
our term for minimal, readily available access control addressing situations
not planned for in advance.
Information sharing and
persistent data access is increasingly critical to people’s work and
personal lives. Yet, corporate security policies rarely comprehend dynamic user
models and people’s informal and persistent practices around ad-hoc
sharing. This paper reports the results of a field study focusing on
people’s practices around access control, security and file sharing.
Our study sought to
understand three areas: under what circumstances do people or companies share
or restrict access to files, what tools or behavioral norms are being used to
do so, and how are people’s experiences, problems and needs changing in
regard to secure file sharing and access control, especially in the case of geographically
dispersed colleagues, clients, friends and family members?
We identified a number of
key problems users face in sharing data:
·
Sharing with myself:
users are their own most common sharing partner, effortfully
moving data between their own machines, accounts and devices in order to ensure
continued access.
·
Transient data: users often need to hold data only briefly while
transporting it from one place or another; and that data may linger, be lost
and forgotten.
·
Transient access: users need to access data for only short periods of
time – they intend only one-time access, or to make data available in
certain situations.
·
Over sharing: users grant more access than necessary when it is
difficult to limit who has access to content or how much to share with others,
or when pressed for time to extract information from larger data sets
·
Ad-hoc sharing: users often share content with groups of recipients
they have not shared with before, and may not again.
·
Impedance matching: users spend considerable time and effort tailoring
content for sharing based on their understanding of recipient needs or the
demands of the sharing mechanisms in use.
Based on these insights, we propose that the general
nature of the problem faced by users is what we term ad-hoc guesting: where users need to share
data securely with unplanned sets of people with whom they have not previously
shared who may belong to another organization, thus cannot be
“named” by traditional access control. These interactions are
transitory and lightweight, often not worth the effort required to set up new
sharing mechanisms or change administrative state.
Our research builds upon a
growing body of literature on file-sharing and access control. Previous studies
have focused on personal file sharing, specifically, in the domains of music
[3,4] or photographs [1,2],
or professional collaborations in corporations [6], where email is viewed as
the preponderant medium for file sharing [6,7].
Ahern et al.[1] investigated sharing preferences for personal photos over a mobile phone photo sharing network, and discovered that access control mechanisms were too coarse for many users’ needs. They found that end users often overloaded access control mechanisms in order to get around usability issues, such as making all