
Annie I. AntónGeorgia Institute of Technology | GT · School of Interactive Computing
Annie I. Antón
PhD in Computer Science
About
154
Publications
59,026
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
6,641
Citations
Introduction
Additional affiliations
July 2012 - present
August 2008 - July 2012
August 2003 - August 2008
Education
August 1992 - June 1997
August 1990 - June 1992
June 1986 - June 1990
Publications
Publications (154)
Requirements engineers often have to develop software for regulated domains. These regulations often contain cross-references to other laws. Cross-references can introduce exceptions or definitions, constrain existing requirements, or even conflict with other compliance requirements. To develop compliant software, requirements engineers must unders...
Businesses and organizations in jurisdictions around the world are required by law to provide their customers and users with information about their business practices in the form of policy documents. Requirements engineers analyze these documents as sources of requirements, but this analysis is a time-consuming and mostly manual process. Moreover,...
Companies must ensure their software complies with relevant laws and regulations to avoid the risk of costly penalties, lost reputation, and brand damage resulting from non-compliance. Laws and regulations contain internal cross-references to portions of the same legal text, as well as cross-references to external legal texts. These cross-reference...
Software engineers regularly build systems that are required to comply with laws and regulations. To this end, software engineers must determine which requirements have met or exceeded their legal obligations and which requirements have not. Requirements that have met or exceeded their legal obligations are legally implementation ready, whereas req...
Internet privacy was the topic in this paper. A 2008 survey revealed that US Internet users' top three privacy concerns haven't changed since 2002, but privacy-related events might have influenced their level of concern within certain categories. The authors describe their results as well as the differences in privacy concerns between US and intern...
In agile software development projects, software engineers prioritize implementation over documentation. Is the cost of missing documentation greater than the cost of producing unnecessary or unused documentation? Agile software engineers must still maintain other software artifacts, such as tickets in an issue tracking system or source code commit...
The Internet of Things (IoT) enables the passive collection of personal data at an unprecedented scale by ubiquitous devices built into our daily lives. However, IoT devices neither provide notice or collect consent as recommended by the U. S. Federal Trade Commission (FTC) fair information practice principles. IoT devices may, based on their physi...
Changes to software requirements occur throughout the software life cycle. Requirements engineers who maintain software systems in regulated environments must identify the affected artifacts when requirements change. This identification is critical to: (a) ensure continued compliance with regulations, and (b) accurately estimate budget requests. Pr...
Although the Cuban government has tightly controlled information access for more than half a century, a small number of Cubans have access at work. In this paper, we examine Internet and social media use by early adopters in Cuba in early 2015, as we enter a time of potential change. Specifically, we explore Cubans’ access limitations and the activ...
Software systems are increasingly regulated. Software engineers therefore must determine which requirements have met or exceeded their legal obligations and which requirements have not. Requirements that have met or exceeded their legal obligations are legally implementation ready, whereas requirements that have not met or exceeded their legal obli...
Software engineers build software systems in increasingly regulated environments, and must therefore ensure that software requirements accurately represent obligations described in laws and regulations. Prior research has shown that graduate-level software engineering students are not able to reliably determine whether software requirements meet or...
Requirements evolve throughout the software life-cycle. When requirements change, requirements engineers must determine what software artifacts could be affected. The history of and rationale for requirements evolution provides engineers some information about artifact dependencies for impact analysis. In this paper, we discuss a case study of requ...
Reflections on a 15-year career reveal that following your heart and mind will ensure that you're in the right place with regard to school and career choices. This is one of five articles providing personal perspectives on gender diversity in computing. The Web extra at http://youtu.be/WjRPdyxgl0o is a video interview in which Annie Antón, chair of...
In the United States, organizations can be held liable by the Federal Trade Commission for the statements they make in their privacy policies. Thus, organizations must include their privacy policies as a source of requirements in order to build systems that are policy-compliant. In this paper, we describe an empirical user study in which we measure...
Over time, laws change to meet evolving social needs. Requirements engineers that develop software for regulated domains, such as healthcare or finance, must adapt their software as laws change to maintain legal compliance. In the United States, regulatory agencies will almost always release a proposed regulation, or rule, and accept comments from...
Developing an access control system that satisfies the requirements expressed in regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), can help ensure regulatory compliance in software systems. A usage control model that specifies the rules governing information access and usage, as expressed in law, is an important...
Companies must ensure their software complies with relevant laws and regulations to avoid the risk of costly penalties, lost reputation, and brand damage resulting from noncompliance. Laws and regulations contain internal cross-references to portions of the same legal text, as well as cross-references to external legal texts. These cross-references...
Security and privacy requirements are often not explicitly stated and are often not easy to elicit. In this paper, we discuss data use agreements (DUAs) as a source of security and privacy requirements that can be leveraged by requirements engineers. Within the healthcare domain, regulations created pursuant to the U.S. Health Insurance Portability...
Ready or not, the digitalization of information has come, and privacy is standing out there, possibly at stake. Although digital privacy is an identified priority in our society, few systematic, effective methodologies exist that deal with privacy threats ...
Behavioral advertising is a method for targeting advertisements to individuals based on behavior profiles, which are created by tracking user behavior over a period of time. Individually targeted advertising can significantly improve the effectiveness of advertising. However, behavioral advertising may have serious implications for civil liberties...
The high cost of non-compliance with laws and regulations that gov-ern software systems makes legal requirements prioritization crucial. In addition, software design, expense, and time constraints all influence how requirements are prioritized. Prioritizing requirements derived from laws and regulations can be untenable using traditional pairwise r...
Online policy documents-such as privacy policies, notices of privacy practices, and terms of use-describe organizations' information practices for collecting, storing, and using consumers' personal information. Organizations need to ensure that the commitments they express in their policy documents reflect their actual business practices. This comp...
Governments enact laws and regulations to safeguard the security and privacy of their citizens. In response, requirements
engineers must specify compliant system requirements to satisfy applicable legal security and privacy obligations. Specifying
legally compliant requirements is challenging because legal texts are complex and ambiguous by nature....
The cost of noncompliance, as well as lost reputation and brand damage resulting from noncompliance, makes legal compliance critical in software systems. In this paper, we present a production rule framework that software engineers can to specify compliance requirements for software. A component of our framework is the production rule modeling meth...
Requirements prioritization is used in the early phases of software development to determine the order in which requirements should be implemented. Requirements are not all equally important to the final software system because time constraints, expense, and design can each raise the urgency of implementing some requirements before others. Laws and...
Companies publish privacy notices to notify consumers about their information practices. These privacy notices express company-specific commitments to the consumer about how the company will collect, use, and securely store data. Requirements engineers need to understand these commitments so they may be operationalized into specific security and pr...
To ensure legal compliance, requirements engineers need tools to determine existing software requirements' compliance with relevant law. We propose using a production rule model for requirements engineers to query as they check software requirements for legal compliance. In this paper, we perform a case study using our approach to evaluate the iTru...
Laws and regulations increasingly impose requirements on IT business practices and products to achieve societal goals such as privacy, safety and accessibility. To meet these requirements, companies integrate their product development with an organizational infrastructure for managing compliance risks. The emphasis has often been on compliance with...
Regulatory compliance is an important consideration for requirements engineering because recent regulations impose costly penalties for noncompliance. This paper details how developing production rule models can aid in acquiring software requirements from regulatory texts. Production rules enable requirements engineers to gain valuable domain knowl...
Access control (AC) is a mechanism for achieving confidentiality and integrity in software systems. Access control policies (ACPs) express rules concerning who can access what information, and under what conditions. ACP specification is not an explicit part of the software development process and is often isolated from requirements analysis activit...
Increasingly, new regulations are governing organizations and their information systems. Individuals responsible for ensuring legal compliance and accountability currently lack sufficient guidance and support to manage their legal obligations within relevant information systems. While software controls provide assurances that business processes adh...
Information systems governed by laws and regulations are subject to civil and criminal violations. In the United States, these violations are documented in court records, such as complaints, indictments, plea agreements, and verdicts, which thus constitute a source of real-world software vulnerabilities. This paper reports on an exploratory case st...
Laws and regulations are playing an increasingly important role in requirements engineering and systems development. Monitoring
systems for requirements and policy compliance has been recognized in the requirements engineering community as a key area
for research. Similarly, legal compliance is critical in systems development, especially given that...
Software engineers must systematically account for the broad scope of environmental behavior, including nonfunctional requirements, intended to coordinate the actions of stakeholders and soft- ware systems. The Inquiry Cycle Model (ICM) provides engineers with a strategy to acquire and refine these requirements by having domain experts answer six q...
We describe a case study in which we evaluated an open-source electronic health record (EHR) systempsilas requirements for compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA). Our findings suggest that legal compliance must be requirements-driven, while establishing due diligence under the law must be test-driven.
Understanding the nature of privacy regulation is a challenge that requirements engineers face when building software systems in financial, healthcare, government, or other sensitive industries. Requirements engineers have begun to model privacy requirements based on taxonomic classifications of privacy. Independently, legal research has modeled pr...
U.S. laws and regulations are designed to support broad societal goals, such as accessibility, privacy and safety. To demonstrate that a product complies with these goals, businesses need to identify and refine legal requirements into product requirements and integrate the product requirements into their ongoing product design and testing processes...
The following topics are dealt with: requirements engineering and law; treaties and jurisdictions; legal requirements acquisition, specification, analysis and validation; formal and informal modeling; traceability; requirements verification; documenting and auditing evidence of compliance; and risk, compliance assurance and system certification.
The U.S. legislation at both the federal and state levels mandates certain organizations to inform customers about information uses and disclosures. Such disclosures are typically accomplished through privacy policies, both online and offline. Unfortunately, the policies are not easy to comprehend, and, as a result, online consumers frequently do n...
Scenarios are widely used as requirements, and the quality of requirements is an important factor in the efficiency and success of a development project. The informal nature of scenarios requires that analysts do much manual work with them, and much tedious and detailed effort is needed to make a collection of scenarios well-defined, relatively com...
Information practices that use personal, financial, and health-related information are governed by US laws and regulations to prevent unauthorized use and disclosure. To ensure compliance under the law, the security and privacy requirements of relevant software systems must properly be aligned with these regulations. However, these regulations desc...
Government regulations are increasingly affecting the security, privacy and governance of information systems in the United States, Europe and elsewhere. Consequently, companies and software developers are required to ensure that their software systems comply with relevant regulations, either through design or re-engineering. We previously proposed...
Requirements engineering is the practice of identifying and specifying system requirements to achieve a specific purpose. Government laws and regulations are written to achieve societal goals, and thus have a direct impact on system requirements and designs. Engineers and regulators need methods and tools to focus the discussion of legal compliance...
Legal texts, such as regulations and legislation, are playing an increasingly important role in requirements engineering and system development. Monitoring systems for requirements and policy compliance has been recognized in the requirements engineering community as a key area for research. Similarly, regulatory compliance is critical in systems t...
Customer-reported field failures provide valuable information for the requirements of the next release. Without a systematic approach, the requirements of the next release may not address the field failures, and the same problems may reoccur. In this paper, we propose a procedure for improving performance requirements based on a retrospective analy...
Before 2005, data broker ChoicePoint suffered fraudulent access to its databases that exposed thousands of customers' personal information. We examine Choice-Point's data breach, explore what went wrong from the perspective of consumers, executives, policy, and IT systems, and offer recommendations for the future.
A framework supporting the privacy policy life cycle helps guide the kind of research to consider before sound privacy answers may be realized.
Healthcare institutions typically post their privacy practices online as privacy policy documents. We conducted a longitudinal study that examines the effects of HIPAA's enactment on a collection of privacy policy documents for a fixed set of organizations over a four-year period. We present our analysis of 24 healthcare privacy policy documents fr...
Security, privacy and governance are increasingly the focus of government regulations in the U.S., Europe and elsewhere. This trendhas created a "regulation compliance problem", whereby companiesand developers are required to ensure that their software complies with relevant regulations, either through design or reengineering. We previously propose...
Digital identities are increasingly being used to facilitate the execution of transactions in various domains. When developing and analyzing digital identity technologies, it is important to consider the perceptions and responses of end users. Users are typically concerned about privacy and security, but do not necessarily understand how these issu...
Government laws and regulations impose requirements on software-intensive information systems. To comply with these laws and regulations, organizations need to evaluate current and future software systems early in the software development and procurement process by using a set of regulatory requirements. Acquiring requirements from regulations is c...
Government laws and regulations impose requirements on software-intensive information systems. To comply, organizations need to evaluate current and future software systems early in the software development and procurement process by using a set of regulatory requirements. Acquiring requirements from regulations is complex because regulations conta...
In the United States, federal and state regulations prescribe stakeholder rights and obligations that must be satisfied by the requirements for software systems. These regulations are typically wrought with ambiguities, making the process of deriving system requirements ad hoc and error prone. In highly regulated domains such as healthcare, there i...
A key reason for the slow adoption of the Platform for Privacy Preferences (P3P) is the lack of a for-mal semantics. Without a formal semantics, a P3P policy may be semantically inconsistent and may be interpreted and represented differently by different user agents. In this paper, we redress these problems by proposing a relational formal semantic...
Laws, regulations, policies and standards are increasing the requirements complexity of software systems that ensure information resources are both available and protected. To motivate discussions as to how current policy models can address this problem, we surveyed several regulations, standards and organizational security policies to identify how...
Specifying correct and complete access control policies is essential to secure data and ensure privacy in information systems. Traditionally, policy specification has not been an explicit part of the software development process. This isolation of policy specification from software development often results in policies that are not in compliance wi...
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has resulted in the presence of very descriptive privacy policies on healthcare Web sites. These policies are intended to notify users about the organization's privacy practices. However, these policies are typically not easy to read, and as a result, few people actually read t...
Natural language policies describe interactions between and across organizations, third-parties and individuals. However, current policy languages are limited in their ability to collectively describe interactions across these parties. Goals from requirements engineering are useful for distilling natural language policy statements into structured d...
Internet privacy policies describe an organization's practices on data collection, use, and disclosure. These privacy policies both protect the organization and signal integrity commitment to site visitors. Consumers use the stated website policies to guide browsing and transaction decisions. This paper compares the classes of privacy protection go...
Solutions to global problems such as disease detection and control, terrorism, immigration and border control, and illicit drug trafficking require sharing and coordinating information and collaboration among government agencies within a country and across national boundaries. This paper presents an approach to achieve information sharing, event no...
Organizations in privacy-regulated industries (e.g. healthcare and financial institutions) face significant challenges when developing policies and systems that are properly aligned with relevant privacy legislation. We analyze privacy regulations derived from the Health Insurance Portability and Accountability Act (HIPAA) that affect information s...
Software requirements, rights, permissions, obligations, and operations of policy enforcing systems are often misaligned. Our goal is to develop tools and techniques that help requirements engineers and policy makers bring policies and system requirements into better alignment. Goals from requirements engineering are useful for distilling natural l...
The threats posed to customer privacy by JetBlue's privacy policy and the methods to support policy compliance in an affort to avoid policy breaches are discussed. JetBlue violated its privacy policy by disclosing customer information to third parties without informing its customers. Contractual relationships complexities and disclaimers buried in...
The Platform for Privacy Preferences (P3P), developed by the W3C, provides an XML-based language for websites to en- code their data-collection and data-use practices in a machine- readable form. To fully deploy P3P in enterprise informa- tion systems and over the Web, a well-defined semantics for P3P policies is a must, which is lacking in the cur...
The U.S. department of Health and Human Services' (HHS) Privacy Rule requires healthcare institutions to notify their customers about the institution's privacy practices. Privacy practices are typically posted online in the form of privacy policy documents, which are intended to help consumers develop an understanding of how their sensitive informa...
This paper discusses the effectiveness of these languages within the context of a case study that entailed the expression of common online privacy statements for a healthcare website, employing requirements engineering quality factors as a framework for our discussion
The increasing use of personal information on Web-based applications can result in unexpected disclosures. Consumers often have only the stated Web site policies as a guide to how their information is used, and thus on which to base their browsing and transaction decisions. However, each policy is different, and it is difficult—if not impossible—fo...
Internet privacy policies are complex and difficult to use. In the eyes of end-users, website policies appear to be monolithic
blocks of poorly structured texts that are difficult to parse when attempting to retrieve specific information. In an increasingly
privacy-aware society, end-users must be able to easily access privacy policies while naviga...
Through his law, "adding manpower to a late software project makes it later,'' Brooks asserts that the assimilation, training, and intercommunication costs of adding new team members outweigh the associated team productivity gain in the short term. Anecdotes suggest that adding manpower to a late project yields productivity gains to the team more q...
Software development is all about making software do something: when software vendors sell their products, they talk about what the products do to make customers' lives easier, such as encapsulating business processes or something similarly positive. Following this trend, most systems for designing software also tend to describe positive features....
Experiences with software technology development projects at ABB Inc. indicated a need for additional flexibility and speed during explorations of applying new technologies to future products. A case study was conducted at ABB to compare and contrast the use of an evolutionary-agile approach with a more traditional incremental approach in two diffe...
As computing becomes more ubiquitous and Internet use continues to rise, it is increasingly important for organizations to construct accurate and effective privacy policies that document their information handling and usage practices. Most privacy policies are derived and specified in a somewhat ad-hoc manner, leading to policies that are of limite...
Global problems such as disease detection and control, terrorism, immigration and border control, illicit drug trafficking, etc. require information sharing, coordination and collaboration among government agencies within a country and across national boundaries. This paper presents a prototype of a transnational information system which aims at ac...
Software organizations are progressively adopting the development practices associated with the Extreme Programming (XP) methodology. Most reports on the efficacy of these practices are anecdotal. This paper provides a benchmark measurement framework for researchers and practitioners to express concretely the XP practices the organization has selec...
Access control is a mechanism for achieving confidentiality and integrity in software systems. Specifying access control policies (ACPs) is a complex process that can benefit from requirements engineering techniques. In this paper, we present a method for deriving access control policies from software requirements specifications (SRS) and database...
This report examines the actions of JetBlue Airways Corporation (JetBlue), which violated its privacy policy when it gave the travel records of five million customers to Torch Concepts, a private Department of Defense contractor. JetBlue's actions have prompted at least two lawsuits, including a claim by the Electronic Privacy Information Center wi...
Scenarios are widely used to specify desired system behavior.
In this paper, we compare the results of three related re-quirements engineering efforts: an industrial requirements specification produced with a use case based process, a case study analyzing those use cases by means of goal analysis; and a second case study analyzing the original use cases with an integrated scenario analysis and management ap-p...
Keeping sensitive information secure is increasingly important in e-commerce and web-based applications in which personally identifiable information is electronically transmitted and disseminated. This paper discusses techniques to aid in aligning security and privacy policies with system requirements. Early conflict identification between requirem...
Scenarios are widely used to specify desired system behaviors, but analyzing and managing large collections of scenarios remain a challenge. Scenario networks facilitate scenario management and serve as a powerful basis for analyzing and validating collections of scenarios. In a scenario network, each scenario is connected to those that may follow...
In this research, we compare three related requirements engineering efforts: an industrial effort based on use cases; a case study analyzing these use cases by means of goal analysis; and a case study analyzing the same use cases with an integrated scenario analysis approach.