Mental Models of Privacy and Security

13 Pages Posted: 9 Aug 2006  

L. Jean Camp

Indiana University Bloomington - School of Informatics and Computing

Date Written: 2006

Abstract

The mental models method is a mechanism for risk communication that was pioneered in environmental risk communication, and is being used to improve medical risk communication. This paper proposes that mental models as a method of risk communication can be used to improve communication to end users about computer security risks. In fact, there exist at least five mental models that are currently being used to communicate in an atheoretical, and thus arguably suboptimal, manner.

Understanding why mental models is sometimes preferable to direct quantifiable risk information requires an introduction to risk perception. There are well-known heuristics of individual risk perception, validated by decades of experimental economics. Thus this work begins with an introduction to risk perception. Then, an introduction to mental models and some familiarity with computer security brings to the fore a set of mental models that are applicable to and already implied in computer security. Each of these models is discussed as being (in)appropriate to computer security.

Consistent communication using already extant (but inchoate) mental models is a promising method of risk communication for computer security. Yet continuing to use the mental models as metaphors has risks of its own.

Keywords: privacy, security, usability

JEL Classification: D81, D11, D7, L86, O3

Suggested Citation

Camp, L. Jean, Mental Models of Privacy and Security (2006). Available at SSRN: https://ssrn.com/abstract=922735 or http://dx.doi.org/10.2139/ssrn.922735

L. Jean Camp (Contact Author)

Indiana University Bloomington - School of Informatics and Computing ( email )

901 E 10th St
Bloomington, IN 47401
United States

Paper statistics

Downloads
1,024
Rank
16,212
Abstract Views
4,019