Privacy and Security in the Brave New World: The Use of Multiple Mental Models

  • Sandra Spickard Prettyman
  • Susanne FurmanEmail author
  • Mary Theofanos
  • Brian Stanton
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9190)


We live in a world where the flow of electronic information and communication has become a ubiquitous part of our everyday life. While our lives are enhanced in many ways, we also experience a myriad of challenges especially to our privacy and security. Survey data shows that the majority of people are ‘very concerned’ about privacy and security but that they don’t always act in ways to protect their privacy. Our goal was to explore how participants understand and experience privacy and security as they engage in online activities. To that end we used a qualitative approach to understand the participants’ mental models of online privacy and security. The data from our 40 interviews show that users have multiple mental models that guide their understanding of and experience with privacy and security. These mental models not only operate simultaneously but are rarely fully formed and often contradict each other.


Mental models Online privacy and security Qualitative approach 


  1. 1.
    Dourish, P., Anderson, K.: Collective information practice: Exploring privacy and security as social and cultural phenomena. Hum.-Comput. Interact. 21, 319–342 (2006)CrossRefGoogle Scholar
  2. 2.
    Swanson, C., Urner, R., Lank, E.: Naïve security in a Wi-Fi world. Trust Manage. 4, 32–47 (2010)Google Scholar
  3. 3.
    Viseau, A., Clement, A., Aspinall, J.: Situating privacy online: Complex perceptions and everyday practices. Inf. Commun. Soc. 7, 92–114 (2004)CrossRefGoogle Scholar
  4. 4.
    Wash, R.: Folk models of home computer security. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, p. 1–16. ACM, Redmond (2010)Google Scholar
  5. 5.
    Asgharpour, P., Liu, D., Camp, L.J.: Mental models of computer security risks. In: WOODSTOCK 1997, El Paso TX (1997)Google Scholar
  6. 6.
    Camp, L.J.: Mental models of privacy and security. SSRN (2006). or
  7. 7.
    Asgharpour, F., Liu, D., Camp, L.J.: Mental models of computer security risks. In: Work Shop on the Economics of Information Security (2007)Google Scholar
  8. 8.
    Sheehan, K.B.: Toward a typology of Internet users and online privacy concerns. Inf. Soc. 18(1), 21–32 (2002)CrossRefGoogle Scholar
  9. 9.
    Brandeis, L., Warren, S.: The right to privacy. Harvard Law Rev. 4, 193 (1890)CrossRefGoogle Scholar
  10. 10.
    Schoeman, F.: Philosophical Dimensions of Privacy. Cambridge Press, Cambridge (1984)CrossRefGoogle Scholar
  11. 11.
    Hoffman, L.: Computers and Privacy in the Next Decade. Academic Press, New York (1980)Google Scholar
  12. 12.
    Furman, S., Theofanos, M.F., Choong, Y.Y., Stanton, B.: Basing cybersecurity training on user perceptions. IEEE Secur. Priv. 10(2), 40–49 (2012)CrossRefGoogle Scholar
  13. 13.
    Charmaz, K.: Constructing grounded theory: a practical guide through quantitative analysis. SAGE, Thousand Oaks (2006)Google Scholar
  14. 14.
    National Research Council: Toward better usability, security, and privacy of information technology. National Academies Press, Washington DC (2010)Google Scholar
  15. 15.
    Dourish, P., Grinter, R.E., de la Flor, J.D., Joseph, M.: Security in the wild: userstrategies for managing security as an everyday, practical problem. Pers. Ubiquit. Comput. 8(6), 391–401 (2004)CrossRefGoogle Scholar
  16. 16.
    Hruschka, D.J., Schwartz, D., John, D.C.S., Picone-Decaro, E., Jenkins, R.A., Carey, J.W.: Reliability in coding open-ended data: Lessons learned from HIV behavioral behavioral research. Field Methods 16, 307–331 (2004)CrossRefGoogle Scholar
  17. 17.
    Stokes, J.: Understanding Moore’s Law. ars technica. Accessed on 09 Sep 2014, 27 Sep 2008Google Scholar
  18. 18.
    Schaller, B.: The Origin, Nature, and Implications of “Moore’s Law”. Research Microsoft. com. Accessed on 22 Aug 2011, (26 Sep 1996)Google Scholar
  19. 19.
    Hutton, D.: Lessons unlearnt: the (human) nature of disaster management, emergency management. In: Eksioglu, B. (ed.) Operations Management. InTech, Rijeka (2012). ISBN: 978-95307-989-9, doi: 10.5772/35019. http://www.books/emergency-management/lessons-unlearnt-the-human-nature-of-disaster-management

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Sandra Spickard Prettyman
    • 1
  • Susanne Furman
    • 2
    Email author
  • Mary Theofanos
    • 2
  • Brian Stanton
    • 2
  1. 1.Culture CatalystTecumsehUSA
  2. 2.National Institute of Standards and TechnologyGaithersburgUSA

Personalised recommendations