tion leads to the use of IT in new applications and the deployment of new technologies. The growing complexity of IT systems and the fast-growing importance of network access and network-intermediated computing are likely to increase the emergence of new vulnerabilities.


Information privacy concerns the protection of information about individuals and other entities. The environment for privacy is dynamic, reflecting societal shifts (e.g., increases in electronic communication), varying and evolving attitudes (e.g., across generations or cultures), and discontinuities (e.g., events and emerging conditions that rapidly transform the national debate, such as the September 11, 2001, attacks and the global response to them) as well as technological change. The decreasing cost of storage combined with the increase in communications devices, including, and especially, mobile ones, has led to remarkable impacts on personal privacy within a very short period of time. Private information can be compromised by attacking networks and computers directly or by tricking users into revealing the information or the credentials required to access it.3 Protecting privacy often occurs in the face of competing interests in the collection or use of particular information, and addressing privacy issues thus involves understanding and balancing these interests.


Usability may be thought of narrowly in terms of the quality of a system’s interfaces, but the concept applies more broadly to how well a system supports user needs and expectations. The International Organization for Standardization (ISO) 9241-11 standard defines usability as “the extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use.”4 A framework attributed to both Nielsen5 and Shneiderman6 describes usability in terms of learnability, efficiency of use, memorability, few and noncatastrophic errors, and subjective satisfaction. Usability relates not only to understanding what taking a particular action means in


One example of the latter is phishing, which refers to attempts to acquire sensitive information such as passwords by pretending in an e-mail or other communication to be a trustworthy entity.


International Organization for Standardization (ISO), Ergonomics of Human System Interactions: Guidance on Usability (Part 11), ISO, Geneva, 1998.


Jakob Nielsen, Usability Engineering, Academic Press, San Diego, Calif., 1993, p. 26.


Ben Shneiderman, Designing the User Interface: Strategies for Effective Human-Computer-Interaction, Addison-Wesley, Reading, Mass., 1992.

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement