Mental Models of Privacy and Security
L. Jean Camp
Indiana University Bloomington - School of Informatics and Computing
The mental models method is a mechanism for risk communication that was pioneered in environmental risk communication, and is being used to improve medical risk communication. This paper proposes that mental models as a method of risk communication can be used to improve communication to end users about computer security risks. In fact, there exist at least five mental models that are currently being used to communicate in an atheoretical, and thus arguably suboptimal, manner.
Understanding why mental models is sometimes preferable to direct quantifiable risk information requires an introduction to risk perception. There are well-known heuristics of individual risk perception, validated by decades of experimental economics. Thus this work begins with an introduction to risk perception. Then, an introduction to mental models and some familiarity with computer security brings to the fore a set of mental models that are applicable to and already implied in computer security. Each of these models is discussed as being (in)appropriate to computer security.
Consistent communication using already extant (but inchoate) mental models is a promising method of risk communication for computer security. Yet continuing to use the mental models as metaphors has risks of its own.
Number of Pages in PDF File: 13
Keywords: privacy, security, usability
JEL Classification: D81, D11, D7, L86, O3
Date posted: August 9, 2006