The SPARCLE policy workbench will simplify how people manage organizational policies across the enterprise, improve the quality of policy rules, and enable those rules to be implemented through technology to ensure consistency, reliability, and compliance. This capability will reduce risk for organizations and internal and external users who interact with them. SPARCLE was originally created to help organizations manage the privacy of the personal information (PI) they store in their systems. Now, much broader applicability of the technology to other types of policies including security, systems management, autonomic computing, and compliance auditing is envisioned.
Currently privacy policy management in organizations is largely carried out through non-technology processes (documentation and training for people who handle information), with some use of inflexible applications which imbed privacy policy. SPARCLE builds on the last three years of research which identified customer requirements for privacy policy management within organizations.
Research in 2003 identified customer requirements in the area of privacy policy authoring, implementation, and compliance auditing. In 2004 our team developed a roadmap for privacy management and carried out research for a user-validated design of a privacy policy workbench. Research in 2005 developed a functional SPARCLE policy workbench for natural language policy authoring including transforming natural language rules to machine readable policies in standard form.
SPARCLE screen capture showing the natural language with a rule guide method for authoring policy rules
SPARCLE is a research prototype of a policy management workbench. SPARCLE allows the policy expert to write or import privacy policy rules in natural language. The tool automatically parses the text to extract the elements of the rules, and enables the expert to review and modify the rules. Then the tool transforms the rules into XML machine-readable code. The XML code output by the privacy workbench can be used by any enforcement engine that can handle the standardized XML format. The 2005 functional prototype is a significant subset of the proposed system we have designed with customer input during the last three years. In addition, SPARCLE provides internal auditing capabilities to allow the organization to ensure that the policies are correctly enforced and to highlight possible violations. In our research, we have taken an initial focus on privacy policies. Work is now underway to extend the workbench into security and other policy areas.
SPARCLE screen capture showing the structured list method of authoring policy rules
The goal of the proposed system is to enable a logical and verifiable flow from natural language rules written by policy experts within an organization, through the implementation of the rules in the organization’s configuration, to the compliance audits of the enforcement decision logs. The policy creation portion of SPARCLE provides multiple methods of policy creation using either natural language processing or a template format and then provides visualizations to help the creator ensure that the policy is what he intended. A mapping from the policy to the elements in the organization's configuration can be accomplished by members of the IT department. The logical flow continues through to the audit logs of the decisions made by an enforcement engine (there are many possible enforcement engines that might be employed). Compliance officers can use the tool to query the logs and complete general and data subject specific internal compliance audits of the real-time execution of the policy specification of access to personal information.
The tool will be beneficial for an organization as it keeps the natural language version of a policy and the implementation of the policy in synch. The system is intended to work across a heterogeneous configuration covering all data and reduce the organization's risk of data being misused. SPARCLE will increase productivity and reduce costs by providing a usable, effective, and efficient means of policy management for organizations.
In our initial phase of research, we completed surveys and in-depth interviews with participants from industry and government organizations in North America, Europe, and Asia Pacific (Brodie, Karat, Karat, and Feng, 2005; Karat, Brodie, and Karat, 2005; Karat, Karat, Brodie, and Feng, 2005). Using the survey and interview data that we collected, we developed a set of five key privacy concepts that are important to meeting the needs of organizational users of privacy protecting technologies. They include:
- It is important to provide users with one integrated solution for an organization’s heterogeneous configuration even if it consists of a set of utilities that provide users with a similar set of functionality and interaction methods for systems that are implemented differently on different technologies.
- The privacy functionality must be separated from the application code for cost, consistency, and flexibility reasons – users do not want to have to modify all of their applications individually to ensure that PI is protected.
- There needs to be the ability to support an appropriate level of granularity for applying the privacy policy. For example, the ability to control access at the field level in a database.
- There must be the ability to work with both structured and unstructured information. This includes protecting field level data and handling PI within documents in appropriate ways.
- There must be simple and flexible privacy functionality that is designed to meet the needs of the user community that owns each subtask in the privacy process. For example, CPO’s and/or business process owners often write the privacy policies. They must be able to author policies that will end up in machine readable form without having IT skills.
The privacy policy creation utility is divided into three parts. There is a privacy policy authoring utility that uses and stores natural language policies, a transformation utility for translating the policy into machine readable policies, and a visualization utility for helping users understand the implications of new and existing policies. The architectural view of this utility was used to guide the design of a prototype privacy management tool.
Looking at the architectural diagram, one can also see the potential for generalizing the approach to other policy areas.
Abstract View of SPARCLE policy architecture
We completed evaluation sessions with participants in organizations in banking/finance, health care and government in North America in 2004. We created an initial version of the SPARCLE prototype for privacy policy authoring (including two methods – natural language with a rule guide and structured entry from lists), implementing the policies in the organization’s configuration, and compliance auditing of decision logs. This prototype was a Wizard-of-Oz prototype, meaning that the use of the prototype looked and felt real, however, the prototype was not functional. After reviewing the prototype with a number of target users, we took their feedback and iterated on the design and evaluated a second iteration of the prototype with another sample of target users. Participant data on the top rated features of SPARCLE are illustrated below. The value rating scale ranges from a low of 1 for “No Value” to 7 “Highest Value”.
Between iteration 1 and 2 of the prototype we added the template feature which enables users to import policy files from other sources and to modify those files. This enables localization of larger corporate policies or laws. This was seen as a highly valuable feature in itself, and we also believe that it led to a more positive evaluation of the natural language entry in the second iteration of SPARCLE. While structured rule entry seemed to be preferred in the first iteration, Natural Language and Structured List had equal ratings in the second iteration (these features were not altered substantially between iterations). It was also important to hear from the target users that they felt there was considerable value in the fairly simply policy table that we included in the prototype. We had viewed this two-dimensional representation as an initial design which we might need to change substantially, but found that users actually found it to be very clear and a powerful tool for understanding policy coverage. Additionally, target users responded very positively to the incremental authoring process which allowed high level specification in natural language followed by detail specification (possibly by a different person at a different time). Finally, the participants reported that the compliance checking capabilities we included in the prototype are likely to meet many of their needs regarding monitoring the use of PI within their organizations.
Quantitative Results for Top Five Rated SPARCLE Features
An empirical laboratory study was run to compare the two privacy policy authoring methods illustrated in the prototype (Karat, Karat, Brodie, and Feng, 2005). In order to provide a baseline comparison for the two methods (Natural Language with a Guide, and Structured Entry from Element Lists), we added a control condition that allowed users to enter privacy policies in text in any format that they were satisfied with (Unguided NL). Participants read scenarios and then created the privacy rules necessary for the situation. All participants completed all three conditions. No training was provided. The results were scored based on the predetermined solutions and the percentage of elements correctly identified in rules for the scenario was computed. The figure below illustrates the results. The results are quite promising and show that users were able to write rules where they correctly identified about 80% of the necessary elements using either of the two methods provided by SPARCLE compared to correctly identifying about 40% of the elements using the baseline condition.
Average scores of the quality of the rules according to the quality evaluation metric in three conditions
In 2005, we created a fully functional version of the SPARCLE policy authoring capabilities tested in 2004. Our team is analyzing the participant data from the evaluation of this prototype now and making plans for future research to complete the policy workbench. This future research includes the design and development of the other utilities necessary for an end-to-end solution and the generalization of the SPARCLE approach into other policy areas.
The research and results to date on this innovative line of research are very exciting in terms of the potential for providing individuals and organizations the ability to write high quality policy rules that can be implemented with technology and verified for compliance with regulations and legislation. With increasing knowledge of the technical capabilities possible, elected officials and regulators may be able to write better legislation and regulations in the future.
Related Publications
Carolyn A. Brodie, Clare-Marie N. Karat, John Karat and Jinjuan Feng. Usable Security and Privacy: A Case Study of Developing Privacy Management Tools. SOUPS 2005 Symposium on Usable Privacy and Security. ACM, April 2005.
Clare-Marie N. Karat, John Karat and John Karat. Designing Personalized User Experiences for eCommerce (Letter of Intention). Kluwer Academic Pulbishers, 2004.
Clare-Marie N. Karat, Carolyn A. Brodie and Clare-Marie N. Karat. Usability Design and Evaluation for Privacy and Security Solutions. In Designing Secure Systems that People Can Use, by Edited by Dr. Lorrie Cranor and Dr. Simson Garfinkle, O'Reilly and Associates, 2005.
Karat, J., Karat, C., Brodie, C. and Feng, J.. Natural Language Policy Authoring: Designing to Enable Privacy Policy Management in Organizations. Proceedings of INTERACT2005, Springer, in press. 2005.
Karat, J., Karat, C., Brodie, C. and Feng, J.. Privacy in information technology: Designing to enable privacy policy management in organizations. International Journal of Human-Computer Studies 63(1):153-174, 2005.
Karat, J., Karat, C, Brodie, C. and Feng, J.. Designing Natural Language and Structured Entry Methods for Privacy Policy Authoring. Proceedings for The Tenth IFIP TC13 International Conference of Human-Computer Interaction, Springer. 2005.
News and information
Reinventing Enterprise Technology. eWeek, September 26, 2005. p. 45-50
Integrating Privacy, Audit and Compliance Initiatives in a Multi-System Enterprise Environment: The Business Case for Multi-Level Security. Larstan Business Reports, 2005.
Karat. J., Brodie. C. and Karat. C. SPARCLE: A Policy Management Workbench. Invited address at the 27th International Conference of Data Protection and Privacy Commissioners, Montreux, Switzerland, September 14, 2005.
Rate this article
Innovator's corner
Clare-Marie Karat Researcher
What is the most exciting potential future use for the work you're doing?
We think SPARCLE will enable higher quality legislation to be written about the use of personal data as the legislators and regulators become aware of the technical tools available for authoring, implementation, and compliance auditing of policies. We believe this capability will provide the potential for improving communication and education within and outside an organization about how that organization will use your data, as well as enabling a verification of that use.
What is the most interesting part of your research?
Our research is based on the concepts of user-centered design that include iterative cycles of design and user feedback on that design. The design space allows us to explore new ideas and alternatives that flourish within the research environment. In our work we are constantly surprised and informed by our interaction with potential users of the technology. Our project involves the novel integration of emerging and established technologies to produce a unique and valuable set of capabilities.
What inspired you to go into this field?
In 2002 we were developing a personalization strategy for ibm.com. In the course of this work, we found people’s ability to control information about themselves to be a key success factor in the acceptance of personalization approaches. We became intrigued with the concept of data privacy and technology to enable it. Now, we see potential for a more general and valuable policy framework based on the combined use of natural language, visualizations, and the more traditional structured approaches to interaction design and interfaces.
What is your favorite invention of all time?
Our favorite inventions include air conditioning, antibiotics, and the guitar.
Research team
Related Research
Disciplines: Computer Science
Research Areas: Security and Privacy
Research Labs: Watson Research Center