Content uploaded by Sally Jo Cunningham
Author content
All content in this area was uploaded by Sally Jo Cunningham
Content may be subject to copyright.
Available via license: CC BY 4.0
Content may be subject to copyright.
26
Sally Jo Cunningham
Masood Masoodian
MasoodianAnne Adams
Privacy and Trust Issues for Online Personal Photograph Collections
Journal of Theoretical and Applied Electronic Commerce Research
ISSN 0718–1876 Electronic Version
VOL 5 / ISSUE 2 / AUGUST 2010 / 26-40
© 2010 Universidad de Talca - Chile
This paper is available online at
www.jtaer.com
DOI: 10.4067/S0718-18762010000200003
Privacy Issues for Online Personal
Photograph Collections
Sally Jo Cunningham1, Masood Masoodian2 and Anne Adams3
The University of Waikato, Department of Computer Science
1 sallyjo@cs.waikato.ac.nz, 2 masood@cs.waikato.ac.nz
3 The Open University, Institute of Educational Technology, A.Adams@open.ac.uk
Received 15 February 2010; received in revised form 17 June 2010; accepted 18 June 2010
Abstract
Technological developments now allow community groups, clubs, and even ordinary individuals to create
their own, publicly accessible online digital multi-media collections. However, it is unclear as to whether the
users of such collection are fully aware of the potential privacy implications of submitting their personal contents
(e.g. photographs, video, etc.) to these digital collections. They may even hold misconceptions of the
technological support for preserving their privacy. In this paper we present results from 18 auto-ethnographic
investigations and 19 ethnographic observations and interviews into privacy issues that arise when people
make their personal photo collections available online. The Adams’ privacy model is used to discuss the
findings according to information sensitivity, information receiver, and information usage. Further issues of trust
and ad hoc poorly supported protection strategies are also presented. Ultimately while photographic data is
potentially highly sensitive, the privacy risks are often hidden and the protection mechanisms are limited.
Key words: Online Collections, Photograph Collections, Image Collections, Privacy Issues, Trust
Issues
27
Sally Jo Cunningham
Masood Masoodian
MasoodianAnne Adams
Privacy and Trust Issues for Online Personal Photograph Collections
Journal of Theoretical and Applied Electronic Commerce Research
ISSN 0718–1876 Electronic Version
VOL 5 / ISSUE 2 / AUGUST 2010 / 26-40
© 2010 Universidad de Talca - Chile
This paper is available online at
www.jtaer.com
DOI: 10.4067/S0718-18762010000200003
1 Introduction
Online collection of multi-media content, such as digital libraries, can be both empowering and excluding. Increased
information access has powerful social ramifications [2], [1] that are not always fully understood. Furthermore,
increasing information access can often change social structures and organizational norms. It is therefore only
reasonable to assume that personal digital collections would try to avoid these social consequences. However, the
personal desire to share information and the need for privacy is a continual battle that personal resources are caught
in the middle of. Information ownership is a complex field relating to copyrights, intellectual property rights, policy and
legislative initiatives [7], [33]. The individuals’ perception of information privacy and trust in online digital collections is
often overshadowed by these issues. Yet it is the individuals’ perceptions that guide how these resources will be
used, misused or avoided. Understanding the end-users’ perceptions of privacy and trust is vital as the role of digital
resources in organizations and personal usage is changing. For instance, in the case of digital libraries, Holmstrom
[23] highlights the importance of privacy in the changing role of such libraries and those that support them. It is
argued that these resources are changing from assets with librarians as asset managers to those of resources with
librarians as customer relationship managers. Holmstrom [23] argues that we have become too sensitive to privacy
issues and that this has over-restricted digital library development. However, a clear guideline for digital library
developers to support them in acceptable end-user digital library development is not given.
Photographs are increasingly being used as documents in personal online collections. The ability to personalize
these resources is a strong motivation for users to develop and re-use them. But much of the enjoyment of
photographs comes from sharing them (e.g., showing friends where you’ve been, marvelling over how quickly
children have grown, and recording special moments for geographically dispersed loved ones). Digital resources
have increased the ease with which we can share this information. But with sharing comes risks, and potential
privacy invasion is a major source of worry for developers of the systems for management of online digital collections,
as well as their end-users.
Personal photos pose special concerns regarding privacy, in that images may convey a more nuanced and layered
impression of an individual than many common types of text / factual data (eg, location information as gathered from
a GPS device, financial transaction data from commercial websites, etc.). Adams and Sasse [4] distinguish between
the primary level of information that can be inferred from data—the core financial, medical, commercial, ‘facts’
conveyed by the data—and the secondary level of information that includes interpretive and qualitative inferences
such as emotional state. Photos may reveal far more of the secondary information than the photo owner is
comfortable revealing to others. Consider, for example, two types of location data about Chris, an 18 year old
university student: time stamped GPS data gleaned from Chris’s mobile, and a time stamped photo of Chris at a
party. Both can be used to infer Chris’s attendance at a given social function, but a photo will reveal far more of
Chris’s mood and activities. Users of social networking sites are keenly aware of the significance of personal photos
in representing one’s personal brand: photographs are carefully chosen to present the most attractive aspects of the
individual (both in terms of physical appearance and personality). The secondary information inferred from a photo
can either reinforce or undercut that personal identity [6].
This paper relates people’s perceptions of their online personal photo collections to the Adams’ privacy model [1], [3].
The model has been previously used for the development and review of privacy mechanisms in multi-media, mobile
and ubiquitous environments [8], [24], [26] and online learning environments [34] but it has never been applied to the
domain of digital collections. Because of the complexity of personal photo collection data the authors believe that this
model would be a useful tool for analyzing user perceptions.
Research on online personal photo collection systems has concentrated on supporting individuals in organizing,
searching, browsing, and annotating their collections. A common sense understanding of how and when people take
photos is used to inform the design of novel interface features specific to personal photo collections. For example,
the insights that photos are taken in a time-linear order and that people tend to take several snapshots of the same
event or person in a brief period of time, have led to experimental systems using photo timestamps as a basis for
browsing structures [22], or using time and image content to automatically cluster photos into ‘events’ [14]. The
insight that an individual tends to take multiple photos of the same people and places over time can be exploited by
using photo time and location information in previous, annotated photos to develop annotations for new, un-
captioned photos [30]. An investigation into how people manage collections of digital photos [36] confirms basic
understandings of personal photo collection interactions, but this study was conducted during the early days of digital
cameras. Further research is therefore needed to better understand other user behaviour, resulting from the use of
more modern digital camera technology that could inform the design of improved tools for management of online
photo collections.
Almost all existing systems primarily focus on the individual’s use of a personal photo collection. Less is known about
how people share photos, and how photo sharing can be incorporated into online personal photo collection systems.
Earlier work on personal photography from a sociological or human-human interaction perspective (for example,
[27]) has been conducted before the widespread adoption of digital cameras. This current work is one step towards
examining the aspects of sharing of photos, primarily digital photos, as these behaviors may impact the design of
28
Sally Jo Cunningham
Masood Masoodian
MasoodianAnne Adams
Privacy and Trust Issues for Online Personal Photograph Collections
Journal of Theoretical and Applied Electronic Commerce Research
ISSN 0718–1876 Electronic Version
VOL 5 / ISSUE 2 / AUGUST 2010 / 26-40
© 2010 Universidad de Talca - Chile
This paper is available online at
www.jtaer.com
DOI: 10.4067/S0718-18762010000200003
systems for management of online personal photo collections. Our contribution is to present a rich picture of photo
sharing behaviours, gathered from a relatively large, multi-cultural group of primarily young (under age 30)
participants, and to place these behaviours in the context of an existing model of privacy (the Adams model [1], [4]).
2 Background
For us to be private there must be a public environment. Privacy, and thus being private, can only be reviewed within
that of public context [5], [21]. Public concern over photograph sharing and privacy issues dates back to the early
days of modern photography, when George Eastman marketed the cheap, handheld camera. These cameras
unleashed a horde of ‘Kodakers’ whose unrestrained photo-taking, editing, and sharing created a backlash of privacy
rights legislation in, for example, New York [28]. The amateur photography enthusiasts, or ‘camera fiends’, provoked
intense negative feelings in their unwilling subjects—and the poor and insignificant were frequently the target of
‘those dreadful little boxes’, as well as the rich and famous. Photos were traded, given away with cigarette packs,
and sold in a variety of shops, often without the subjects’ knowledge or consent [28]. Lurid speculation surrounded
the motivations of the ‘Collectors, cranks, dudes and theatrical people’ [32] who purchased the photos—what
unsavoury uses were they finding for these images? Modern ‘Photoshopping’ of images was prefigured by the
discovery of techniques for altering film photos and negatives; LeGrange Brown, for example, caused a scandal in
New York when he “put the heads of innocent women on the undraped bodies of other females” [39], to the
consternation and embarrassment of ‘reputable young women’ and “numbers of gentlemen fearful that pictures of
their female relatives may have been tampered with in this way” [13]. Photos could be mis-appropriated to serve as
product endorsements, as Miss Abigail M. Roberson discovered when confronted with her own face on barrels of
flour [35].
Current photographic digital collection systems support sharing and thus increase distribution through effective
storage and retrieval mechanisms [15]. Privacy concerns, therefore, emerge again, as digital cameras allow ordinary
people to duplicate and alter photographs in ways that previously were only possible for professional photographers.
Recent computer privacy research links these socially dependent contextual issues (such as sharing) with technical
and policy concerns [31]. However, defining and specifying systems from these socially and emotively reliant criteria
are complicated.
Many discussions of privacy often reduce it to a simple binary private or not private distinction by defining privacy
with regard to Personal Information. The problem with many definitions of Personal Information is that they
concentrate on the data itself and its ability to personally identify someone rather than how it is perceived [4], [9], [33].
This approach can be too restrictive when applied to photographic data since many pictures identify someone and
anonymizing them (for example, by pixilating peoples faces) often destroys the value and meaning of the image.
Both Goffman [21] and Giddens [19] highlight the importance of social roles and the duplicity of our actions. Privacy
is closely interwoven with how others perceive us. We act not only as means to attain a purpose but also with the
desire of creating the appropriate impression with others. Photographs can be an aid or an embarrassment in our
social interactions since they give the impression of accuracy yet present a manipulated version of reality. We pose
for photographs to give an impression. Pictures can show us in positive and negative lights with no basis in reality.
Goffman [21] in particular emphasizes the different roles that we play in different situations and for different people.
Understanding how we present ourselves is vital to maintaining an accurate appraisal of, and control of, our privacy.
2.1 Previous Photo Sharing Studies
The bulk of early research into personal photography behavior has focused on physical photos, as specifically on
photo taking, photo annotation, and collection management (eg, [12]) rather than specifically on photo sharing. With
physical photos, sharing is directly under the control of the photo owner: the photo, its negative, or a small number of
copies are individually given or shown to other people, and the relative expense and difficulty of duplicating and
distributing large copies reduces the risk of inadvertent sharing.
Recent studies of digital photo sharing behavior (and related privacy concerns) have primarily taken in depth looks at
specific contexts for sharing, rather than viewing photo sharing in general. For example, studies have looked at
collocated sharing of images on camera phones [37] and photos shared digitally via cameraphone [6], photo sharing
via social network sites [10], and sharing through Flickr.com [29]. These papers give valuable insights into different
aspects of privacy and photo sharing, but do not paint the full picture of sharing behaviors and the associated (and
various) privacy aspects. This present paper investigates the full range of photo sharing and looks specifically at
privacy. Furthermore, these studies are relatively small scale, involving 14 or fewer participants and data gathering
through a single interview or focus group involvement for each participant. We develop our rich picture of
photographic privacy issues from ethnographic data drawn from 37 individuals, over the spectrum of photo sharing
(collocated and distant, digital and physical photos, across a variety of photo taking devices).
29
Sally Jo Cunningham
Masood Masoodian
MasoodianAnne Adams
Privacy and Trust Issues for Online Personal Photograph Collections
Journal of Theoretical and Applied Electronic Commerce Research
ISSN 0718–1876 Electronic Version
VOL 5 / ISSUE 2 / AUGUST 2010 / 26-40
© 2010 Universidad de Talca - Chile
This paper is available online at
www.jtaer.com
DOI: 10.4067/S0718-18762010000200003
2.2 Information Control and Risks
The control and feedback approach has been a major perspective in privacy research. Bellotti [7] notes the
importance of an individual’s ability to retain privacy via access control and feedback. Bellotti and Sellen [8]
previously noted that with careful privacy related design, users could increase control of personal data and thus
privacy. The clear advantage of this approach is that it relates users’ privacy rights to technical and interface design
decisions. However, their findings do not convey the true complexity of privacy, especially with regard to users’
constantly fluctuating ability to trade-off privacy against potential benefits. Although, they do note that to define
privacy adequately, it must be understood that it is an unstable phenomena that varies according to context, users’
roles and societal / organizational norms, whilst privacy benefits can affect users’ overall perceptions of a system.
The complexities of privacy issues are further complicated by Bellotti’s [7] suggestion that privacy can be invaded
without the user being aware of it. This brings to the forefront the additional question of whether it is what is known
about a person that is invasive, or who knows it. Thus the identity of the person receiving the data can be a deciding
factor in whether someone will provide it or not [16]. Many privacy invaders, however, do not see themselves as such
because they believe that valid reasons justify the privacy breach: for example, that there is a countervailing use to
which the information can be put [25], or that their relationship with the person gives them the right to access the
material (e.g., a parent looking through a child’s schoolwork).
Understanding real world strategies for controlling our privacy can highlight how end-users misinterpret the degree of
privacy afforded by a system [3]. Both Goffman [21] and Giddens [19] suggest that our behaviors are framed within
each specific situation. Situations are defined by both the physical aspects of the place and the knowledge and
expectations of others present there. We all assume that in many situations we know what acceptable and
unacceptable behavior is (e.g., it is acceptable to clap at the end of a theatre performance but not at the end of a
funeral service). However, these codes change within different cultures and cultures can vary between organizations,
cities or countries. We rely on social cues, norms and pressure to provide feedback on what is acceptable and to
enforce those behaviors (e.g., everyone stares at someone who claps at a funeral). Problems occur online because
a person’s actions and thus these cues are frequently hidden. In multimedia environments reciprocity is noted as an
important phenomenon to support through privacy mechanisms [6]. In online personal collections this would mean
that you not only know that someone has accessed your information, but that they know, you know they’ve accessed
it.
2.3 Privacy Models
Palen and Dourish [31] base their privacy framework on identifying the boundary between privacy and publicity,
either of which may be beneficial depending on the context. Four issues are identified as being important for
designers: the social and organizational context, temporal factors from actions in that context, possible threats from
information usage, and trade-offs made by the user. However, this framework misses the importance of fluctuating
information sensitivity levels according to who is receiving and how they are using the information.
Another model that is more suited to dealing with privacy factors in multimedia information sharing context is what
we will refer to here as the Adams’ privacy model [1], [4]. The aim of this model is to help multimedia communication
systems to “determine which information users regard as private, from whom, and in which context” [1]. Rather than
dealing with privacy as a black/white (or binary yes/no) variable, the model attempts to define “privacy boundaries”
which if breached will reduce the effectiveness of the system being used. Furthermore, what defines these
boundaries is in fact the privacy “perception” of the users. According to Adams’ model the User is anyone who has
data transmitted about them either directly or indirectly. Direct information may for instance be a person’s
consumption habits or medical records, while indirect information might be their image or voice. In fact the user may
not actually be actively using the system, and may be totally unaware that their data is being transmitted [1], [8].
As shown in Figure 1, Adams’ model defines three main factors which interact with one another to create the users’
overall perception of their privacy. These factors are defined as [1]:
• Information Sensitivity: is the primary privacy factor which the other factors affect to determine the perceived
sensitivity level. Information Sensitivity in a way defines the users’ perceptions of the confidentiality of the
information being transmitted. Also, users’ judgment of the sensitivity levels of the information is not binary
(private/not private), but multi-dimensional with varying degrees of sensitivity.
• Information Receiver: is the users’ perception of the person who receives and/or manipulates their
information. Although a range of factors would influence the users’ assessment of the Information Receiver,
the issue of trust seems to be the most important one in defining the users’ perception of the Information
Receiver.
• Information Usage: is the users’ perception of how and for what purpose their information will be used at
present as well as in the future. The potential importance that the users attribute to the perceived
Information Usage is crucial to the users’ estimation of privacy risk/benefit trade-offs.
30
Sally Jo Cunningham
Masood Masoodian
MasoodianAnne Adams
Privacy and Trust Issues for Online Personal Photograph Collections
Journal of Theoretical and Applied Electronic Commerce Research
ISSN 0718–1876 Electronic Version
VOL 5 / ISSUE 2 / AUGUST 2010 / 26-40
© 2010 Universidad de Talca - Chile
This paper is available online at
www.jtaer.com
DOI: 10.4067/S0718-18762010000200003
Information
Sensitivity
Information
Receiver Information
Usage
User
Judgment
Trust Cost/Benefit
|
Figure 1: Adams’ Model of Privacy
3 User Study
As mentioned earlier, the purpose of our user study was to better understand why and how people share their
personal photographs, so that this knowledge could be used for guiding the design of more effective systems for
management of online personal photo collections. In the remainder of this paper we describe our study, identify its
major findings, and relate these finding to the privacy factors of the Adams’ model.
3.1 Data Collection
Data for this study was gathered through a project assigned to undergraduate students in a human-computer
interaction course at the University of Waikato. The goal of the project was to design and prototype a shared, online
photo collection management system. The students based their designs on ethnographic investigations into the
photo taking and sharing habits of themselves and at least one friend. These investigations were summarized (a total
over 150 pages) and these summaries are analyzed in this paper.
3.2 Study Participants
In total 18 students’ project submissions have been included in this study. These students conducted 18 auto-
ethnography (see the next Section) and 19 ethnographic observations and interviews of another person. Table 1
summarizes the gender and national origin of the students and the people interviewed by them. To preserve the
anonymity of the students, each participant is referred to with a randomly assigned letter of the alphabet. Note that
Participant G interviewed 2 people, rather than 1, and this resulted in a total of 19 ethnographic observations and
interviews. Combining the 18 students and 19 others whom they interviewed and observed gave us 37 study
participants in total (a summary of their demographic is shown at the bottom part of Table 1).
3.3 Methodology
The first task undertaken by students participating in this study was to perform a ‘personal ethnography’ on their own
photo taking and sharing habits. In a personal ethnography or auto-ethnography [17]-[18], ethnographic techniques
of observation and analysis are applied to one’s own experiences. The challenge in this type of study is to view
oneself objectively, to see one’s own worldview as freshly as possible, and to then interpret the identified
experiences in the light of applicable theory. The auto-ethnography is particularly valuable for novice ethnographers,
as it encourages critical introspection and allows them to practice the technique before interacting with their
informants [18].
31
Sally Jo Cunningham
Masood Masoodian
MasoodianAnne Adams
Privacy and Trust Issues for Online Personal Photograph Collections
Journal of Theoretical and Applied Electronic Commerce Research
ISSN 0718–1876 Electronic Version
VOL 5 / ISSUE 2 / AUGUST 2010 / 26-40
© 2010 Universidad de Talca - Chile
This paper is available online at
www.jtaer.com
DOI: 10.4067/S0718-18762010000200003
Table 1: Gender and nationality of the study participants
ID Gende
r
National Origin Informant Gende
r
Informant National Origin
A M Korea F Korea
B F China M China
C M China M China
D M NZ F NZ
E M China F China
F M NZ M NZ
G F China F China
M NZ
H M China M China
I M China M China
J M NZ M China
K M NZ F NZ
L M Iran F Iran
M M NZ F NZ
N F China F China
O F NZ M NZ
P M NZ F NZ
Q M NZ F NZ
R M China F NZ
Male Female National Origin Count
22 15 NZ 17
China 16
Iran 2
Korea 2
The students then performed a similar ethnographic observation of another person’s photo collection and sharing
habits. They observed and interviewed the other person to create a description of how and when that person shared
photos with others.
To guide the process of autho-ethnographic self observation and the ethnographic interview and observation of
others, as part of this study we provided the students with a list of possible open-ended questions which they could
use. Table 2 provides a summary of these questions.
We used grounded theory methods [20], [34], [38] to analyze the students’ summaries of ethnographic observations
and interviews; the students’ ethnographic descriptions were aggregated and treated as raw data, analyzed by the
researchers rather than directly by the students themselves. This distancing of the data gatherer from the data
analysis allows us to partly finesse the difficulties in dealing with auto-ethnographic interpretation, as the auto-
ethnographer in this work is not directly analyzing the data. Another common criticism of both auto-ethnography and
ethnography is that the ethnographer may inadvertently bias the data by failing to record or perceive specific aspects
of the activity under study. By including 18 students as data gatherers, we reduce the likelihood of blind spots
remaining in the aggregated data. The relatively large number of observers (18) and observations (37, including both
auto-ethnography and investigations of another individual’s photo-related behaviours) lends confidence to our
analysis and conclusions.
In the next section, we describe the findings of our analysis, and present evidence that photo sharing is a significant
behavior associated with photo-taking and the development of a personal photo collection. We also argue that it is
crucial for online photo collection systems to support users’ sharing practices, while at the same time providing them
with effective means of protecting the privacy of their photos. In particular, we focus on the privacy and trust issues
elicited from these ethnographies.
32
Sally Jo Cunningham
Masood Masoodian
MasoodianAnne Adams
Privacy and Trust Issues for Online Personal Photograph Collections
Journal of Theoretical and Applied Electronic Commerce Research
ISSN 0718–1876 Electronic Version
VOL 5 / ISSUE 2 / AUGUST 2010 / 26-40
© 2010 Universidad de Talca - Chile
This paper is available online at
www.jtaer.com
DOI: 10.4067/S0718-18762010000200003
Table 2: Summary of the open-ended questions used by the students in this study
When and where you take photos:
What other activities are you engaged in?
Where are you, physically?
Why you take photos:
What is your motivation?
Are you taking photos to remember an event or person?
To send to someone else?
To print and frame?
Just because the scene was interesting?
The non-visual information associated with your photos:
Do you write captions in physical or digital photo albums?
Do you note down when and where you take pictures?
Do you have a timestamp on your photos?
Have you sent a multimedia email or mobile phone message, and if so, what sort of text was associated with the
picture?
Do you have special folder names for your digital photos, and if so, how are those names chosen?
The ways that you share photos with others:
Do you email photos to others?
Send pxt messages?
Show people photos still on your digital camera?
Show people physical photographs?
Send CDs of digital photos?
Put photos on your homepage?
Use photos as “wallpaper” on your mobile phone, PDA, laptop?
What other ways do you share photos with others?
Restrictions that you place on use of your photos:
Are there some photos that you are willing to allow people to view but not copy, or are you willing for people to
make copies of all photos that you allow them to view?
Who you share given photos with:
Do you keep some photos private?
Are there some photos that you share only with friends or relatives?
Or do you allow anyone to view all your photos?
What else:
What other factors can you think of that impact how you use and share photos?
4 Photo Sharing Behaviour
There is very little I like more then [sic] sharing my photographs with others and I use every medium I can think of to
do this. [Participant M]
The purpose that people take pictures is to share with others. [Participant E]
Showing—and sometimes showing off—our photos is an intrinsic part of photo-taking. While we enjoy privately
perusing our own collections, we also like other people to view our efforts. Table 3 lists the photo sharing methods
described in the auto-ethnographies and ethnographies. These sharing methods are classified according to whether
the intention of the photo owner is that:
• the sharing experience be mediated by the photo owner (that is, that the owner verbally or textually
explains the photo),
• the act of sharing involves giving the other person a copy of the photo (either physical or digital),
• the photo be shared with members of the public at large (rather than controlling access, or having a known,
small group share the photo).
We emphasize the word ‘intention’ above. As will be discussed in the next section, the assumptions that people
make about a given sharing method may not always be borne out by practice.
33
Sally Jo Cunningham
Masood Masoodian
MasoodianAnne Adams
Privacy and Trust Issues for Online Personal Photograph Collections
Journal of Theoretical and Applied Electronic Commerce Research
ISSN 0718–1876 Electronic Version
VOL 5 / ISSUE 2 / AUGUST 2010 / 26-40
© 2010 Universidad de Talca - Chile
This paper is available online at
www.jtaer.com
DOI: 10.4067/S0718-18762010000200003
Table 3: A summary of the listed sharing behaviors
Mediated? Copy
shared? Public
access? Description of behavio
r
√ √ Emailing photos to relatives and friends
√ √ Sending photos as part of multimedia (PXT) mobile phone messages
√ Showing people photos on the LCD screen of a digital camera, or on the
display screen of a mobile phone
√ Displaying print photos on walls of bedroom, other rooms in house, on
refrigerator door; displaying print photos in office
√ Print photos given to others (often as gifts, sometimes framed or in an
album)
√ Photo-board display of events in an individual’s life, at a 21s
t
party or
funeral
√ √ Photos on print and electronic wedding invitations, party invitations
√ √ Photos included on custom-print T-shirts, mugs, calendars, stickers
√ Photos written to CD or printed and placed in an album, given as gifts to
relatives and friends
√ √ √ Photos placed on personal homepage, group homepage (e.g.,
homepage for a band the individual belongs to, homepage for a flat of
students), personal blog
√ Photos used as screensaver or as wallpaper for personal computer or
mobile phone
√ √ Photos used as screensaver or wallpaper for public computer (university
lab computer)
√ PDA photo album used to show photos around small groups
√ √ Internet Messaging (e.g., IRC, MSN) used to send photos with message
√ √ √ MSN contact used to display a photo, as an ‘avatar’ or representation of
the user
√ √ Photos uploaded to public ‘online photo album’ websites such as Flickr or
Ringo
√ Photos uploaded to member sites or sites with access control, such as
Yahoo Groups or high school classmate sites
Mediation involves explaining aspects of the photo that the photo owner feels are significant to ‘understanding’ the
image. These aspects vary, and can include the event depicted, its date, the names of people depicted and their
relationship to the photo-taker, photographic techniques used, and so forth. Mediation can occur verbally, or through
text attached to or associated with the photo (for example, a file name, an MSN message, a caption on a webpage, a
nearby paragraph in a blog). The explanations can be lengthy—an email describing its attached photo, or a minute-
by-minute verbal explanation of the wedding album displayed on the coffee table—or as brief as a single word tag on
an online photo site.
Textual annotations such as captions are primarily made when photos are shared, but not in face-to-face
circumstances (“Normally I do not write any captions on the photos or in albums, this is because I know where I took
them and what it is, and chances are that if someone else is looking at them, then I'll be there to explain who that
person is or what the photo is of”; Participant P). But memories fade, and with them the nuances of the owner’s
understanding of the images (“'For any photos I take I barely ever write captions but now when I look back on the
photos I took 5 years ago, I kind of wish I did”, Participant Q; “As I have just looked through my photo collection I am
aware that I cannot remember what is happening in many of the photos. I also have no idea when most of the photos
were taken, I can only guess”, Participant J). Asynchronous photo sharing, then, dramatically increases the likelihood
that textual photo descriptions (‘metadata’) will be recorded for a photo.
Face-to-face sharing of photos usually involves allowing the other(s) to view the photos, but not providing copies. For
much of the history of photography, giving a ‘copy’ of a photo involved creating a new print from the negative. During
the first century or so of the history of personal photography few people had access to the expensive equipment
required to create a credible copy from a print, so photo owners could give away a print and be confident that the
image would not be further distributed. Similarly, alterations made to print images were so crude as to be easily
detected. Digital photographs of course have no such limitations on the production and distribution of copies, or on
the types of modifications that can be made to the images. As will be discussed in the next section, at times the
assumptions made about copying and distribution of shared printed photos are applied to digital photos.
Control over who is allowed to view a photo is most easily achieved in face-to-face sharing. Note that sharing can be
one-on-one, or to large groups (for example, presenting slideshows of party photos to friends and flatmates). Face-
to-face sharing can be restricted by physical access to the environment in which the photo is displayed (e.g. the
fridge bedecked with school photos is in the kitchen, or PC that displays photos as a screensaver is in the bedroom).
Online ‘environments’ can feel as personal and comfortable as a physical environment, but this sense of control over
34
Sally Jo Cunningham
Masood Masoodian
MasoodianAnne Adams
Privacy and Trust Issues for Online Personal Photograph Collections
Journal of Theoretical and Applied Electronic Commerce Research
ISSN 0718–1876 Electronic Version
VOL 5 / ISSUE 2 / AUGUST 2010 / 26-40
© 2010 Universidad de Talca - Chile
This paper is available online at
www.jtaer.com
DOI: 10.4067/S0718-18762010000200003
virtual access can be illusory; Section 5.1 presents examples of mis-matches between the participants’ perceptions
of control over access in online sharing systems, and the actual situation.
Despite all these potential concerns that one must take into account, the sheer length of Table 3 demonstrates that
people are generally enthusiastic sharers, and embrace every new technology that allows them to reproduce,
distribute, and display their photos. Even Participant J, who doesn’t own a camera and so rarely takes photos himself,
has accumulated a ‘quite large’ photo collection by having friends and relatives give him copies of their photos of
shared events.
It is also important to note that sharing physical print photos continues to remain a significant activity—sometimes by
giving a physical copy of a photo, but more frequently by allowing others to view the photos through (semi-)
permanent displays (Figure 2) or temporary albums useful for toting around the latest pictures (Figure 3). The
purpose of these displays is two-fold: to serve as a reminder of significant people, places, and events; and to
facilitate relationships by promoting sharing and discussion: Placing printed photos open is not only to remind me of
reminiscences but also to give a chance to have social relationship with other people, because the photos can give
the very begin point for conversation. [Participant A]
Digital photos are easier to share, and offer increased opportunities for sharing. Photos displayed as wallpaper or in
screensavers on home PCs are easier to update than framed photos on walls. Participants reported organizing slide
shows of photos from recent activities (“I have a photo viewing session in my room, using my monitor, after every
night out with the camera for my flatmates”; Participant M); sharing of photos from an event can itself become an
event, which can also be photographed for later viewing! Participant M reports that “it’s always great looking through
the photos of the night before and comparing what we remember (or don’t remember) to the photo.” Photos are
emailed, sent as PXT messages, viewed on the LCD screen of the digital camera immediately after they are shot,
transported on memory sticks, burned to CDROM…the list expands with each new device and display opportunity.
Figure 2: Photograph displays [Interviewed by Participant R]
Figure 3: A temporary photo album [Participant N]
The events shared through photos need not even be real. ‘Photoshopped’ or staged photos can provide a humorous
topic for conversation “and hopefully give them a laugh as well” [Participant M] (Figure 4). Online communities offer
the opportunity for online experiences that are compelling enough to capture and share (Figure 5); the ‘photos’ can
be shared within the game or other role-playing environment, and can also be shared in the ‘real’ world (“I even used
both of the images as my desktop wallpapers”; Participant K).
35
Sally Jo Cunningham
Masood Masoodian
MasoodianAnne Adams
Privacy and Trust Issues for Online Personal Photograph Collections
Journal of Theoretical and Applied Electronic Commerce Research
ISSN 0718–1876 Electronic Version
VOL 5 / ISSUE 2 / AUGUST 2010 / 26-40
© 2010 Universidad de Talca - Chile
This paper is available online at
www.jtaer.com
DOI: 10.4067/S0718-18762010000200003
Figure 4: “Me and Bill Gates Sharing a Moment” [Participant M]
Figure 5: Photos Taken within Guild Wars, ‘as a tourist’ at Perdition Rock and with the Participant ‘in
an action photo’ at Augery Rock [Participant K]
5 Results and Discussion: Conceptions of Privacy
I don’t have a lot of restrictions on my photos at all, I don’t mind who looks at my pictures as long as they don't get
deleted but I trust all my mates that look at them. I also don't mind my mates copying my photos and taking them for
their own collections as I do the same thing; I share my photos with all my mates and family. I let my mates look at all
my pictures, but my family is a bit of a different story. I will only show some of my pictures to my family.... I don't
really like people that haven’t met me before looking at my photos because they are a bit of a personal thing.
[Participant Q]
Comments such as this show that the participants in our study had not necessarily consciously thought through how
they maintain privacy for their personal photos. Strategies were sometimes piecemeal, or even self-contradictory.
In this section we outline the privacy concerns expressed by participants, and discuss them firstly with regard to their
trust and strategies for protecting privacy. The issues impacting on users’ privacy perceptions are then categorized
according to the information sensitivity, receiver, and usage factors of the Adams’ model.
5.1 Trust, Etiquette and Current Privacy Protection Strategies
Several of the techniques for privacy described in the following section (e.g. email, CD distribution, websites with
login access) depend on trust in the relationship between the picture taker and the photograph receivers. People do
not dispassionately assess the privacy benefits and risks prior to each opportunity to share photos, or any other
information or media exchange [1], [3]. Instead, they rely upon previous relationships with the recipients, and upon a
common understanding of the implicit etiquette involved in sharing—that, for example, the shared photos will not be
edited or passed along to others outside the circle. This etiquette is not necessarily adhered to in practice, and the
trust in a relationship may be misplaced: [10] considers a sad litany of photo privacy violations among family and
friends, as detailed in letters to advice columnists in the US.
Part of the difficulty may be that the etiquette involved is in fact unwritten. Formal guides focus nearly exclusively on
good manners when taking a photo—particularly at ceremonies such as weddings and graduations [10]. The
protocols associated with responsible photo sharing are left to common sense. While some actions are clearly
beyond the pale, the acceptability of most other activities depends on the context, the complex interplay between the
content or subject of the photo (information sensitivity), the relationship between the photo provider and the receiver
(information receiver), and the way in which the photo is used (information usage).
Participants reported a number of strategies that they used to enforce privacy, to some degree, for photos in their
collection. One significant advantage of prints over digital photos is that it is more difficult—or at least, it takes more
36
Sally Jo Cunningham
Masood Masoodian
MasoodianAnne Adams
Privacy and Trust Issues for Online Personal Photograph Collections
Journal of Theoretical and Applied Electronic Commerce Research
ISSN 0718–1876 Electronic Version
VOL 5 / ISSUE 2 / AUGUST 2010 / 26-40
© 2010 Universidad de Talca - Chile
This paper is available online at
www.jtaer.com
DOI: 10.4067/S0718-18762010000200003
effort—to copy or alter printed photos. One person belonging to a ‘more elderly aging group between 60 and 70’
[interviewed by Participant G] was reported to share his photos in print form, but not to ‘allow’ copying (that is, he did
not provide negatives and/or did not permit the print to leave his possession).
For digital photos, an obvious privacy technique is simply to never display or distribute the electronic copies. This
measure is too drastic, as showing and sharing is a significant factor of the pleasure of taking photographs.
Remembering that the informants for this study were nearly exclusively advanced computing students, consider a
few of the strategies that they reported using to support privacy for their digital photo collections:
• Using email to distribute copies: “…emailing pictures enables me to restrict the viewers…rather than letting
everybody to see all of my pictures.” [Participant E]
• Burning photos to CD and distributing the CDs: “It also protects the photos from being seen by other people
in transit.” [Participant F]
• Posting photos to a public alumni website: “I will not worry about the privacy since these people who see my
photos know me and all of us need an account and password to get in the website.” [Participant I]
• Posting photos to a personal website: recognized to be generally insecure, but an acceptable level of
privacy is achieved because “in practice we only give its URL out to friends as some of the photographs on
the website are of a personal nature.” [Participant M]
• Haphazard file organization: “Where as [sic] I due to multiple computers and installs, have various places on
different machines where photos are stored, so of which are easier to find, and others are purposely harder
to find, but not hidden.” [Participant P]
Participants realized these were uneasy privacy solutions which were eventually likely to fail. One possible
explanation for selection of these particular strategies is that they are simple to implement—it is remarkably easy, for
example, to end up with a chaotic folder structure. Another is that a deep familiarity with an environment and its tools
leads to a sense of control and mastery—which can in turn result in a distorted sense of security and freedom from
threat of privacy invasion [3].
5.2 Information Sensitivity
Photographs of faces in particular are a way of presenting ourselves to the world, and we want to literally project a
good image through our photos. Our poses, however artificial, reflect the impression that we wish to leave on the
viewer: Participant E, for example, notes that women in photos are usually exhibiting ‘lovely smiles or making some
lovely poses. However, males are always showing off their “cool” aspects rather than having a smiling face…” We
enjoy looking at pictures of other people, but may be self-conscious of our own images; self-portraits are particularly
likely to be held as private and shared only with family and close friends [Participant B]. Photos that do not conform
to our self-image will probably not be shared, and may even be destroyed (“…particularly embarrassing shots of
me…which I usually dispose of quickly as to prevent them falling into the wrong hands” [Participant M]).
The activities captured in a photo may render it sensitive, particularly if the subject is ourselves or someone close to
us. Participants found it difficult to describe these activities without violating their own or their informants’ privacy
(Participant H, for example, simply refers to photos depicting “some small secrets”). Another category of concern is
photos showing the subject clowning around in a potentially embarrassing manner (“photos that could be
misinterpreted or… a subject … could be misrepresented by the way the photo is taken.” [Participant O]). Again,
photos “that are innocently taken” [Participant O] might challenge the image that we wish to project to the world,
particularly if we are not able to interpret that image to viewers.
Photos of our family members are generally viewed as private, not to be shared beyond the family circle (or perhaps
to very close friends). Concern is cited over the potential for mis-use (“…some people use photos badly on their
websites and I don’t want that to happen to my family members’ photos” [Participant L]), but in the main the idea that
strangers might view private family moments is unacceptable (“only family members can access [the online family
photo album], you don’t want weirdos looking at your photos” [Participant D]). Exceptions exist, of course—it can
sometimes be difficult to avoid having to look at wedding photos, for example (“This photo with other wedding photos
is always shown to other people who visit our place.” [Participant A]). Photographs of children are particularly
sensitive, and might not be shared even with close friends (“’photos of my nieces and nephew…If one of my friends
asked for a copy I would feel quite uncomfortable about that and I’d have to say no unless they had a genuine
reason like they were an artist making a collage of baby photos or something like that.” [Participant D]).
Most participants reported taking photographs of famous buildings, scenery, and other locations of interest to
sightseers; they saw no privacy issues with sharing such photos even if they contained images of people, if the
people were not readily identifiable. However, a few participants did report reservations about sharing even these
seemingly innocuous photos; a skilled photographer would not like to have others view photos that are technically
37
Sally Jo Cunningham
Masood Masoodian
MasoodianAnne Adams
Privacy and Trust Issues for Online Personal Photograph Collections
Journal of Theoretical and Applied Electronic Commerce Research
ISSN 0718–1876 Electronic Version
VOL 5 / ISSUE 2 / AUGUST 2010 / 26-40
© 2010 Universidad de Talca - Chile
This paper is available online at
www.jtaer.com
DOI: 10.4067/S0718-18762010000200003
flawed and so “look a little strange” [Participant L]. Even a ‘stock’ shot of a tourist destination can become imbued
with a deeply personal meaning and message to the photo-taker, to the extent that one participant didn’t ‘really want
to share other shots that she took overseas, like photos of buildings or people. She thinks that other people wouldn’t
know what they mean and why she wanted to take them.” [Interviewed by Participant L] Again, the opportunity to
mediate between the information receiver and the image can be crucial in permitting sharing of photos.
Several participants raised copyright concerns. Participant R restricted the sharing of images including people: “I just
allow people who are not in the photos to view rather than copy because it involves copyrights [sic] issues.” Serious
amateur photographers may be enthusiastic in allowing others to copy and distribute their best photos (“he thinks
that it is a good way to let more people know about his works” [interviewed by Participant B]), but only if the images
are not modified. It is preferable that viewers know who created the photo—Participant B, for example, uses
Photoshop™ to add a digital signature to the bottom right corner of photos before he makes them available online.
Copyright law is complex and a bit frightening; anxiety over breaking copyright, or having to deal with poorly
understood copyright procedures, makes some people reluctant to use legitimately available photos. For example,
one music band decided not to use commercial quality photos from a local photographer’s website because “the
copyright issues are probably not worth bothering with” [Participant J].
5.3 Information Receiver
Some photos are identified as acceptable to share with a particular class of receivers: with ‘family’, ‘mates’, alumni
from high school, and so forth. These classes may be vaguely or tightly defined. A striking feature of these classes is
the assumption that once an individual is admitted to the class of, for example, ‘mates’, that that person will always
continue to be a mate—a dangerous assumption since a photo, once shared, cannot be retrieved if the relationship
deteriorates and the trust is betrayed.
Photos of oneself are inappropriate to share with people who know only one’s virtual, but not physical, self; for
example, Participant K at one point used a photo of himself as an avatar on MSN, but rethought this and “removed it
fairly quickly because it was a threat to my privacy to allow anyone on my contact list to see a photo of me…I am
also a bit wary of posting images of myself … [in] chat forums. It is always disturbing that I never know who might be
viewing such images—there are some strange people out there.”
It can be profoundly distressing to have one’s expectations of who is viewing a photo violated—to lose control of
images in particular of oneself, family, and friends [1]. The photos do not have to fall into the hands of unsavory
strangers lurking in seedy sections of the Web, or that ‘weird guy down the road’ [Participant J]; even seemingly
minor (to an outsider) violations of expectations can be annoying. Participant L reports that a friend developed
‘strong ideas’ about photo sharing after including photos of her friends and family in a university assignment: “Last
year she found out that her assignment had been sent to another university in New Zealand for check marking… No
one told her about sending the assignment away before they sent it.” It was acceptable for the photos involved to be
viewed by her lecturer, but not for unknown lecturers from another institution to assess them.
There is a complex interplay between image content and groups with which the image can be comfortably shared.
Some types of images are shared with family, but not with friends (“…images which were taken in unhappy family
situations…which I would probably never under any circumstances show to anyone outside of our family” [Participant
J]); others can be shown to friends, but not parents (“…some of my photos are a little R-rated and I don’t believe
they’re suitable for my family members to see” [Participant Q]); current girlfriends are not shown photos of ex-
girlfriends [Participant E]); people associated with work might not be trusted with family photos (“[she] has been
tutoring for a while now and … she doesn’t not want one of her students to find her personal photos” [interviewed by
Participant L]); and so forth. And, of course, some photos are so private that they are for ‘you your self and no one
else’, and cannot be shared [Participant J].
If identifiable people are subjects of a photo (and it is not, for example, a crowd shot of a tourist destination), then
privacy concerns may be extended to those people. The subjects may have been captured in activities that the photo
taker would personally prefer to keep private (“A good example is the photos she took of her friends skinny-dipping in
Raglan—obviously, the people in the photo would not have been too happy if the whole world got to see those
photos” [Interviewed by Participant K]). Simple consideration for the feelings of others may also be a factor (“…this is
to respect people in the photos. Without permissions from others in the photos, I definitely refuse [to give permission]
to copy.” [Participant R]).
In some cases, it is not the information content of the photo per se that renders it unsuitable for sharing with some
people, but the meaning given to that image by the relationship between the photo taker and the photo viewer.
Participant O, for example, shares some photos only with family and friends, even though these are “harmless” and
“can’t be misinterpreted”; the photos have meaning to Participant O, and so she feels that the photos should only be
viewed by others who would catch that meaning because they know her or “understand the reason behind the photo”.
Finally, we may not wish to associate particular types of content with certain categories of information receiver, even
though we do not personally find the content objectionable: “I have recently heard a fairly disturbing account by a
38
Sally Jo Cunningham
Masood Masoodian
MasoodianAnne Adams
Privacy and Trust Issues for Online Personal Photograph Collections
Journal of Theoretical and Applied Electronic Commerce Research
ISSN 0718–1876 Electronic Version
VOL 5 / ISSUE 2 / AUGUST 2010 / 26-40
© 2010 Universidad de Talca - Chile
This paper is available online at
www.jtaer.com
DOI: 10.4067/S0718-18762010000200003
friend of when he was restoring data back onto their family computer and came across his father’s computer porn
collection. I am glad I wasn’t directly there to observe this particular experience” [interviewed by Participant J].
5.4 Information Usage
The use of conventional film cameras by ordinary people is generally speaking a well-defined activity in that people
use them to take photos to remember and share events, and objects of interest such as people, scenery and so on.
Indeed in most cases the use of the photo is in fact decided before the photos are taken—to print and view the photo
and/or give a copy of it to someone else. One of the reasons for making this type of photo taking a well-defined
activity is due to the cost and time delays associated with getting photographs printed, which often forces people to
decide why they want to take a photo (its usage) before they take it, so that they don’t end up “wasting” another shot
of the film.
With digital cameras, on the other hand, people are much more likely to take a photo and after viewing it decide what
they may wish to use it for; e.g., keep it, make it their desktop image, put it on the web, email it to someone else, etc.
Photos can be taken for the sole purpose of sharing—a humorous situation or an odd image is captured and sent on
(Figure 6). Similarly in some cases the type of the digital camera being used defines the intended use of the resulting
photo. For instance many of our study participants have mentioned that they use their mobile phone cameras, which
are low resolution, only for taking humorous photos which they primarily want to share with others rather than to
keep for themselves; they use better quality digital cameras with higher resolutions for taking more “serious” photos
which can be kept and/or shared with others.
Figure 6: A humorous photo taken for the sole purpose of sharing [Interviewed by Participant L]
Although our intended usage of photos taken by our digital cameras are much broader than the ones taken with
conventional cameras and printed on paper, to some extent we expect that the digital photos we share with others
will be used by them in a manner similar to conventional photos; i.e., recipients will view them but will not modify
them or share them freely with others. With conventional photos the medium itself (printed paper) restricted their use
by people other than their owner, because in the past printed photos could not be reproduced or modified easily.
Perhaps this is why people, even in our digital age, have similar expectation from others when they share photos.
Many of the participants in our study clearly stated that although they shared their photos with their family, friends, or
general public, they often wanted those accessing their photos to refrain from editing them or freely sharing them
with others. The main privacy concern that caused these types of restrictions to be requested or expected was due
to the concern that the photos may be “misused” [Participant O] or fall “into the wrong hands” [Participant M]. A
typical concern was expressed by Participant L, who shared family photos only within the family because “some
people use photos badly on their websites and I don’t want that to happen to my family members’ photos.” Another
interesting comment came from Participant O, who would only allow people to view his photos while he was present
because “a subject of the photo could be misrepresented”. This participant further pointed out that “I am happy to
have these photos viewed while in my possession so I can explain them or I can make sure they aren’t reproduced
and misused.” The need to avoid misinterpretation (by providing an explanation or interpretation) is one aspect of the
need to avoid image ‘misuse’.
6 Conclusions
Our research demonstrates the utility of Adams’ privacy model [1], [3], [4] for identifying concerns that contributors to
an online digital collection will have when sharing their multimedia information, in this case their digital photographs,
with other users of the collection. The findings from our study initially highlighted the complexity of privacy. For
instance, some of the participants changed their perception of privacy risks in mid-sentence when describing their
privacy needs and concerns. It could be argued that the issue of privacy is simply a can of worms that should not be
opened. However, the ad hoc strategies our study participants developed to protect their privacy show the clear
importance of protecting their privacy. One issue that is particularly significant is the sense of control that end-users
39
Sally Jo Cunningham
Masood Masoodian
MasoodianAnne Adams
Privacy and Trust Issues for Online Personal Photograph Collections
Journal of Theoretical and Applied Electronic Commerce Research
ISSN 0718–1876 Electronic Version
VOL 5 / ISSUE 2 / AUGUST 2010 / 26-40
© 2010 Universidad de Talca - Chile
This paper is available online at
www.jtaer.com
DOI: 10.4067/S0718-18762010000200003
in an online digital collection will require over the sharing, re-use and interpretation of the photographs that they
contribute to the collection.
The results highlight the changing patterns in photograph taking in conjunction with later usage. Multiple methods for
sharing and re-using pictures are detailed. However, users retain assumptions about re-usage that were acquired
from hard-copy usage (e.g. photos will not be edited, duplicated, distorted or distributed). Many of the participants’
comments and strategies for controlling usage related to their desire for control over others’ perceptions of them [19],
[21].
No single factor of the Adams’ model—Information Sensitivity, Information Receiver, or Information Usage—is a
sufficient base for a privacy mechanism in an online personal photo collection; no subject or type of image is
always/never perceived as sensitive, no receiver is trusted with all/none of the photos, and no type of usage is
always/never allowed. We have also discovered another thread in the privacy tangle: that at times the ability to
mediate or to explain the photo can be fundamental to the decision as to whether to share a photo. A useful privacy
or security mechanism should support all these factors, in any combination that the information owner sees requisite.
And, of course, support privacy and sharing while observing the interface or interaction design maxim of requiring as
little effort and planning from the photo owner as possible—a tall order indeed!
Ultimately who views our images and how they perceive us is a guiding force in our everyday social interactions.
Problems occur with technical interactions where the risks are hidden and the mechanisms to support privacy are
sadly lacking. We present here a first step towards understanding everyday photo taking and photo sharing habits,
so that guidelines can be developed to design more effective personal or public online digital photo storage, search
and sharing systems. A better understanding of users’ privacy concerns will allow us to address those concerns
when constructing systems for management of online digital photo collections—and, we hope, will encourage wider
usage of such systems.
Acknowledgments
We wish to thank our students for their efforts in gathering ethnographic and auto-ethnographic data for this work,
and those who participated in their interviews and observations.
References
[1] A. Adams, Multimedia information changes the whole privacy ballgame, in Proceedings of Computers Freedom
and Privacy, ACM Press, 2000, pp. 25-32.
[2] A. Adams, A. Blandford, and P. Lunt, Social empowerment and exclusion: A case study on digital libraries, ACM
TOCHI, vol. 12, no. 2, pp. 174-200, 2005.
[3] A. Adams, and M. A. Sasse, Privacy issues in ubiquitous multimedia environments: Wake sleeping dogs or let
them lie?, in Proceedings INTERACT, Edinburgh, 1999, pp. 214-221.
[4] A. Adams, and M. A. Sasse, Privacy in multimedia communications: Protecting users not just data, in
Proceedings of IHM–HCI, Lille, 2001, pp. 49-64.
[5] P. E. Agre, Beyond the mirror world: privacy and the representational practices of computing, in Technology and
Privacy the New Landscape (P. E. Agre and M. Rotenberg, Eds.). Massachusetts, MIT Press, 1997, pp. 29-62.
[6] S. Ahern, D. Eckles, N. Good, S. King, M. Naaman, and R. Nair, Over-exposed? Privacy patterns and
considerations in online and mobile photo sharing, in Proceedings of ACM conference on Human Factors in
Computing Systems. San Jose, CA. ACM Press, 2007, pp. 1-10.
[7] V. Bellotti, What you don’t know can hurt you: Privacy in collaborative computing, in Proceedings of HCI,
Springer Verlag, 1996, pp. 241-261.
[8] V. Bellotti, and A. Sellen, Designing of privacy in ubiquitous computing environments, in Proceedings of ECSCW,
Kluwer, 1993, pp. 77-92.
[9] C. Bennett, Convergence revisited: Towards a global policy for the protection of personal data, in Technology
and Privacy the New Landscape (P. E. Agre and M. Rotenberg, Eds.). Massachusetts: MIT Press, 1997, pp. 99-
123.
[10] A. I. Besmer, and H. R. Lipford, Moving beyond untagging: Photo privacy in a tagged world, in Proceedings of
ACM conference on Human Factors in Computing Systems. Atlanta, GA. ACM Press, 2010, pp. 1563-1572.
[11] M. Boyle, and S. Greenberg, The language of privacy: Learning from video media space analysis and design,
ACM Trans. on Computer-Human Interaction, vol. 12, no. 2, pp. 328-370, 2005.
[12] R. Chalfen, The sociovidistic wisdom of Abby and Ann: Toward an etiquette of home mode photography,
American Culture, vol. 7, no. 1-2, pp. 22-31, 1984.
[13] Comstock Sure, Brooklyn Daily Eagle, vol. 48, no. 271, 29 September 1888, p. 6.
[14] M. Cooper, J. Foote, A. Girgesohn, and L. Wilcox, Temporal event clustering for digital photo collections, ACM
Trans. On Multimedia Computing, Communications, and Applications, vol. 1, no. 3, 2005, pp. 269-288.
[15] L. Covi, and R. Kling, Organisational dimensions of effective digital library use: Closed rational and open natural
systems model, in Culture of the Internet S. Kiesler, Ed. Hillsdale, NJ: Lawrence Erlbaum Associates, 1997, pp.
343-360.
40
Sally Jo Cunningham
Masood Masoodian
MasoodianAnne Adams
Privacy and Trust Issues for Online Personal Photograph Collections
Journal of Theoretical and Applied Electronic Commerce Research
ISSN 0718–1876 Electronic Version
VOL 5 / ISSUE 2 / AUGUST 2010 / 26-40
© 2010 Universidad de Talca - Chile
This paper is available online at
www.jtaer.com
DOI: 10.4067/S0718-18762010000200003
[16] L. F. Cranor, and J. Reagle, Designing a social protocol: Lessons learned from the platform for privacy
preferences project, in Telephony, the Internet and the Media (J. K. MacKie-Mason, and D. Waterman, Eds.).
Mahwah: Lawrence Erlbaum Associates, 1998, pp. 215-234.
[17] L. Crawford, Personal ethnography, Communication Monographs, vol. 63, no. 2, 1996, pp. 158-170.
[18] S. J. Cunningham, and M. Jones, Autoethnography: A tool for practice and education, in Proceedings of the 6th
International Conference on Computer-Human Interaction, Auckland, 2005, pp. 1-8.
[19] A. Giddens, The constitution of society, Polity Press, Cambridge, 1984.
[20] B. Glaser, and A. Strauss, The Discovery of Grounded Theory, Aldine, Chicago, IL, 1967.
[21] E. Goffman, The Presentation of Self in Everyday Life, Penguin press, London, 1969.
[22] A. Graham, H. Garcia-Molina, A. Paepcke, and T. Winograd, Image and cultural digital libraries: Time as
essence for photo browsing through personal digital libraries, in Proceedings ACM/IEEE Joint Conference on
Digital Libraries, Portland, Oregon, 2002, pp. 326-335.
[23] J. Holmstrom, Managing a paradigm shift: Aligning management, privacy policy, technology and standards, in
Proceedings ECDL, Bath, England, 2004, pp. 442-451.
[24] J. I. Hong, and J. A. Landay, Architecture for privacy-sensitive ubiquitous computing, in Proceedings of MobiSys,
Boston, MA, 2004, pp. 177-189.
[25] R. Kling, Information technologies and the shifting balance between privacy and social control, Computers and
Controversy: Value Conflicts and Social Choices, R. Kling, Ed. London: Academic Press, 1996, pp. 614-636.
[26] S. Lederer, J. Mankoff, and A. Dey, Who wants to know what when: Privacy preference determinants in
ubiquitous computing, in Proceedings of ACM Conference on Human Factors in Computing Systems, Fort
Lauderdale, Florida, 2003, pp. 724-725.
[27] A. Makela, V. Giller, M. Tscheligi, and R. Sefelin, Joking, storytelling, artsharing, expressing affection: A field trial
of how children and their social network communicate with digital images in leisure time, in Proceedings of ACM
Conference on Human Factors in Computing Systems, Hague, Netherlands, 2000, pp. 548-555.
[28] R. E. Mensel, Kodakers lying in wait, Amateur Photography and the Right of Privacy in New York, 1885-1915,
American Quarterly vol. 42, no. 1, pp. 24-45, 1991.
[29] A. Miller, and W. K. Edwards, Give and take: A study of consumer-photo-sharing culture and practice, in
Proceedings of ACM Conference on Human Factors in Computing Systems, San Jose, CA, 2007, pp. 347-356.
[30] M. Naamen, R. B. Yeh, H. Garcia-Molena, and A. Paepcke, Leveraging context to resolve identity in photo
albums, in Proceedings of ACM/IEEE Joint Conference on Digital Libraries, Denver, Colorado, 2005, pp. 178-
187.
[31] L. Palen, and P. Dourish, Unpacking “Privacy” for a networked world. in Proceedings ACM conference on
Human Factors in Computing Systems, Fort Lauderdale, Florida, 2003, pp. 129-136.
[32] Photographic Times and American Photographer, vol. 18, 23rd November, pp. 560, 1888.
[33] C. D. Raab, and C. J. Bennet, The distribution of privacy risks: Who needs protection?, The Information Society,
vol. 14, no. 4, pp. 253-262, 1998.
[34] M. N. Razami, and L. Iverson, A grounded theory of information sharing behavior in a personal learning space,
in Proceedings ACM Computer Supported Cooperative Work, Alberta, Canada, 2006, pp. 459-468.
[35] ’Right of Privacy’ Denied, The New York Times, 2 July 1902, pp. 6.
[36] K. Rodden, and K. R. Wood, How do people manage their digital photographs?, in Proceedings of ACM
Conference on Human Factors in Computing Systems, Fort Lauderdale, Florida, 2003, pp. 409-416.
[37] H. Stelmaszewska, B. Fields, and A. Blandford, The roles of time, place, value and relationships in collocated
photo sharing with camera phones, in Proceedings of HCI. Liverpool, UK. British Computer Society, 2008, pp.
141-150.
[38] A. Strauss, and J. Corbin, Basics of Qualitative Research: Grounded Theory Procedures and Techniques, Sage,
Newbury Park, 1990.
[39] Young Brown’s Record, Brooklyn Daily Eagle, vol. 48, no. 272, pp. 1, 1888.
