Thursday, June 30, 2011

The HICCUPPS heuristic, ethics, and future.

A while back I read about the HICCUPPS(F) testing oracles heuristic, which I thought was fascinating. As a challenge for myself, (and based on James Bach's encouragement to own my own methodology), I decided to try and come up with something that HICCUPPS missed.

If you haven't heard of HICCUPPS(F) before, you can read what HICCUPPS(F) means, from Michael Bolton's blog.

Ethics / Decision Infuencers
I came up with another consistency Heuristic, "Consistent with Ethical Standards". I emailed Michael Bolton about this, and he felt that Ethics can fit under "Consistent with User Expectations." I think he's right. But I also think that makes it easy to overlook ethical problems. An easy example (for me) is privacy. Daniel Solove has written entire books on understanding privacy, and has a taxonomy of around 20 privacy harms; the Safe Harbor website lists seven protection principles for data privacy. (As a side note, I think Solove de-emphasized the harm of long-term storage versus ephemerality, but that's another discussion). The point is that privacy and its details (and the ethics of data privacy) aren't really on most people's radar. That's changing, but slowly. I think a lot of people aren't really aware of how privacy affects them, nor of the ethical ramifications of various technical privacy controls. Mostly, it comes down to the fact that without highly visible use of our personal data, we can't really understand how our privacy is being violated. So how do our user expectations come into play, when we don't even understand the ramifications of privacy violations? Solove wrote an entire paper on the idea that people say "I've got nothing to hide" and how that misses the point of privacy. Well, several points.

So, what happens when users don't have high enough ethical expectations of the software they're using? Or what happens when users don't have privacy expectations they should--because they're ignorant?  What happens if programmers and testers don't understand privacy implications, or the history of privacy and how it is evolving?  I think there are ethical considerations that reach beyond User Expectations. I am not about to re-invent HICCUPPS(F) heuristic, but I might personally call it HICCUPPS(EF) or something.  I might also put it under the heading "Activist/Expert Expectations" -- noting of course that we don't want to be consistent with all activist and media expectations.  You might care very much about the reviews on cnet or consumer reports media outlets, though.  This also reminds me of something my Human-Computer-Interfaces professor said once: that expert users are also influential users: they help their friends and others decide which software to use.  So, when thinking about user expectations, also make sure you're thinking about influential expert users--past, present and future.

Another shortcoming I thought about was that HICCUPPS doesn't explicitly focus on the future of a product. A product's future potential, future plans, and the changing nature of certain human processes makes it likely that software with poor designs will not be adaptable. Is the software maintainable? Or rather, is the software or feature consistent with likely futures of the product and its elements? This fits with the "H", only somewhat--so now I try to remember that when I ask about history, I should think about the future too. One example: a software product I tested once used building names to identify data records. However, it turns out that some of the records changed buildings, and that some of the building's names changed. The database wasn't flexible enough to allow for these changes. We worked around the problem, but it was still a problem (caused by management directives, I might add. The developer knew there were risks when he made the first implementation, even if they were underestimated).

The "Else" Question
The author of one of my favorite sci-fi books published some information on how to write books.  When inventing plots and motivations, he challenged writers to never stop with the first answer: always ask an "else" question.  Why else?  What else?  And so on.

So, my question is this: can you come up with something that HICCUPPS misses, or at least something it doesn't explicitly include?

In other words, what else are some of the shortcomings (or hidden details) of HICCUPPS(F)?

No comments:

Post a Comment