Explicit User Audit

Name Explicit User Audit
Sources (Garfinkel, 2005)
Synonyms None
Context This is an application of the first and second Fair Information Practice principles to computer systems:
1. There must be no personal data record-keeping systems whose very existence is secret.
2. There must be a way for a person to find out what information about him- or herself is in a record and how it is used (United States Dept. of Health and Automated Personal Data Systems, 1973).
Problem Without Explicit User Audit, there is no way for the user to determine if the system contains confidential information.
Solution Allow the user to inspect all user-generated information stored in the system to see if information is present and verify that it is accurate. There should be no hidden data.
Examples The “View Saved Passwords” button in Firefox allows the user to see both the saved Username and the password, although showing passwords requires that the user click a second button and enter the Firefox “master password” (if one has been set). Example Source: (Garfinkel, 2005)
Implementation Ensure that all content can be readily reached using the navigational tools provided by the system. All information on the disk should reside in the file system, not in the free list. All information in documents should be visible when the document is displayed. Ideally, information should be tagged to indicate when the information was acquired; this tag should also be displayed.
If the amount of information in the system is large, a search facility should be provided.
This pattern can be implemented either by never throwing out any information, or else by making sure that information deleted by the user is actually removed from the system using Complete Delete.
Consequences The user can determine if confidential information is present inside the system. In the case of cookies, Explicit User Audit on the local computer may reveal the need for Explicit User Audit at remote web sites.
Dependencies None
Relationships [Explicit Item Delete]
[Complete Delete]
[Delayed Unrecoverable Action]
Principles [Visibility]
Guidelines None
Check lists None
Use cases None
Tags Explicit User Audit, Explicit Item Delete, Complete Delete, Delayed Unrecoverable Action, Expectation Conformity, Controllability
Log history [12/21/2015]: Added to repository

References

Garfinkel, S.L., 2005. Design principles and patterns for computer systems that are simultaneously secure and usable (PhD thesis). Massachusetts Institute of Technology.

United States Dept. of Health, Education, Automated Personal Data Systems, W.S.A.C. on, 1973. Records, computers, and the rights of citizens: Report, DHEW publication, no. (oS) 73-94. U.S. Department of Health, Education; Welfare.