THE I-SAFETY PROBLEM
How can we motivate Internet consumers to engage in behavior that will protect their privacy online? This question assumes increasing importance as privacy threats reach alarming proportions. In a recent multicity audit of consumers' computers conducted by the National Cyber Security Alliance, four-fifths were infested with spyware (National Cyber Security Alliance 2004). One-eighth of all identity thefts are attributed to online sources including spyware, online transactions, viruses, and phishing (Better Business Bureau 2005). Two-thirds of all e-mail worldwide is now spam (MessageLabs 2005), up from 7% in 2001 (Brightmail 2004). Consumers, as well as Web site proprietors, software developers, and policy makers, must play a role in protecting privacy (Milne and Culnan 2004). However, consumers are called upon (Consumer Reports 2004; PC Magazine 2004) to enact a bewildering array of measures to protect their privacy online: update virus protection, mind security settings, download patches, install firewalls, screen e-mail, shut down spyware, control cookies, deploy encryption, fend off browser hijackers, and block pop-ups. How can the average consumer be enlisted in the abstract and complex cause of privacy protection and ultimately, network security?
From the consumer's perspective, privacy and security measures entail managing the release of personal information while deflecting unwanted intrusions, parallel to two underlying dimensions of consumer privacy (cf. Goodwin 1991; Lee and LaRose 1994). Online privacy may then be defined in behavioral terms as actions that prevent unwanted disclosures and intrusions while using the Internet. As such, consumers translate preferences into actions that protect themselves, their information, and their computers. We conceptualize the problem as one of personal safety protection, arming consumers with the requisite information and skills so that they can make informed choices and enact appropriate behaviors that will shield them from online privacy threats. Following the common practice of adding an e-, an i-, or a cyber- to denote the online version of a familiar concept, we call ours i-Safety. The result is an intentional double entendre, the i signifying information but also highlighting the role that the individual must play to protect one's information and the network at large. …