SlideShare a Scribd company logo

An Architecture for Privacy-Sensitive Ubiquitous Computing at Mobisys 2004

Download as PPT, PDF
Jason Hong
Jason Hong

Some older research I did looking at one way of building privacy-sensitive apps for ubiquitous computing environments. The core idea is to focus on locality, where all of the data is sensed and processed locally as much as possible. Privacy is the most often-cited criticism of ubiquitous computing, and may be the greatest barrier to its long-term success. However, developers currently have little support in designing software architectures and in creating interactions that are effective in helping end-users manage their privacy. To address this problem, we present Confab, a toolkit for facilitating the development of privacy-sensitive ubiquitous computing applications. The requirements for Confab were gathered through an analysis of privacy needs for both end-users and application developers. Confab provides basic support for building ubiquitous computing applications, providing a framework as well as several customizable privacy mechanisms. Confab also comes with extensions for managing location privacy. Combined, these features allow application developers and end-users to support a spectrum of trust levels and privacy needs. Authors are Jason Hong and James Landay

TechnologyNews & Politics
1 of 36
An Architecture for Privacy-Sensitive Ubiquitous Computing Jason I. Hong HCI Institute Carnegie Mellon University James A. Landay Computer Science and Eng. University of Washington
Ubicomp Privacy is a Serious Concern From a nurse required to wear active badge “[It] could tell when you were in the bathroom, when you left the unit, and how long and where you ate your lunch. EXACTLY what you are afraid of.” - allnurses.com
Ubicomp Presents Range of Privacy Risks Everyday Risks Extreme Risks Stalkers, Muggers _________________________________ Well-being Personal safety Employers _________________________________ Over-monitoring Discrimination Reputation Friends, Family _________________________________ Over-protection Social obligations Embarrassment Government __________________________ Civil liberties How to maximize real benefit of ubicomp while minimizing perceived and actual privacy risks?
Approach Confab Privacy Toolkit Informed by End-User Needs Hard to analyze privacy – Analysis of end-user needs for ubicomp privacy Interviews, surveys, postings on message boards Hard to implement privacy-sensitive systems – Confab toolkit for privacy-sensitive ubicomp apps Capture, processing and presentation of personal info Focus on location privacy – Evaluation thru building apps Location-enhanced messenger Location-enhanced web proxy
Outline  Motivation  End-user Privacy Needs  Confab Toolkit for Privacy-Sensitive Ubicomp  Applications Built
An HCI Perspective on Privacy “The problem, while often couched in terms of privacy, is really one of control. If the computational system is invisible as well as extensive, it becomes hard to know: – what is controlling what – what is connected to what – where information is flowing – how it is being used The O rig ins o f Ubiq uito us Co m puting Re se arch at PARC in the Late 1 9 8 0 s We ise r, Go ld, Bro wn Empowerpeople so they can choose to share: • the right information • with the right people orservices • at the right time
Analysis of End-User Privacy Needs Lots of speculation about ubicomp privacy, little data Published Sources – Examined papers describing usage of ubicomp systems – Examined existing and proposed privacy protection laws Surveys and Interviews – Analyzed survey data of 130 people on ubicomp privacy prefs – Interviewed 20 people on location-based services Existing Systems – Analyzed postings on nurse message board on locator systems
Summary of End-User Privacy Needs Clear value proposition Simple and appropriate control and feedback Plausible deniability Limited retention of data Decentralized control Special exceptions for emergencies Alice’s Location Bob’s Location
Outline  Motivation  End-user Privacy Needs  Confab Toolkit for Privacy-Sensitive Ubicomp  Applications Built
Confab Toolkit for Privacy-Sensitive Ubicomp Confab for privacy-sensitive ubicomp apps – Cover end-user privacy needs – Provide solid technical foundation for privacy-sensitive ubicomp A toolkit needs to support all three of these layers – Must capture, store, process, & share in privacy-sensitive manner Physical / Sensor Infrastructure Presentation I might present choices well to users… …but not have control over how the info was acquired or processed …but not help developers process it safely or provide visibility to end-usersI might acquire information privately…
Past Work Addresses at Most One Layer Today, building privacy-sensitive apps would have to be done in an ad hoc manner Physical / Sensor Infrastructure Presentation Cricket Location Beacons, Active Bats P3P, Privacy Mirrors ParcTab System, Context Toolkit
Confab High-Level Architecture Capture, store, and process personal data on my computer as much as possible (laptops and PDAs) Provide greater control and feedback over sharing InfoSpace Data Store InfoSpace Data Store LocName App On Operators Source Sources Out OperatorsIn Operators My Computer Logging CheckPrivacy Tag Invisible Mode Enforce Access UserInterfaces Garbage Collect Periodic Reports
Example Built-in Confab Operator Flow Control Goal: Disclose different info to different requestors Conditions – Age of data – Data Format – Requestor Domain – Data Type – Requestor ID – Current Time – Requestor Location Actions – Lower Precision – Allow – Set (fake value) – Hide (data is removed) – Invisible (no out data) – Timeout (fake network load) – Interactive – Deny (forbidden)
Outline  Motivation  End-user Privacy Needs  Confab Toolkit for Privacy-Sensitive Ubicomp  Physical layer for acquiring location  Infrastructure layer  Presentation layer  Applications Built
Physical / Sensor Layer Intel’s Place Lab Location Source Determine location via local database of WiFi Access Points – Unique WiFi MAC Address -> Latitude, Longitude – Periodically update your local copy A B C –Works indoors and in urban canyons –Works with encrypted nodes –No special equipment –Privacy-sensitive –Rides the WiFi wave
PlaceLab Data at SF Bay Area SF Bay Area ~60000 Nodes (~4 Megs)
PlaceLab Data at UC Berkeley University of California Berkeley Berkeley Campus ~1000 Nodes
Outline  Motivation  End-user Privacy Needs  Confab Toolkit for Privacy-Sensitive Ubicomp  Physical layer for acquiring location  Infrastructure layer  Presentation layer  Applications Built
Infrastructure Layer Confab’s Built-in MiniGIS Operator People and apps need semantically useful names – “Meet me at 37.875, -122.257” MiniGIS operator transforms location info locally – Using network-based services would be privacy hole Whittled down to 30 megs from public sources – Places hardest to get, 3 ugrads + me scouring Berkeley Country Name = United States Region Name = California City Name = Berkeley ZIPCode = 94709 Place Name = Soda Hall Latitude/Longitude = 37.875, -122.257
Confab Architecture InfoSpace Data Store InfoSpace Data Store LocName PlaceLab Source Tourguide Location Messenger How to make users aware of and be able to control the flow of personal info? My Computer Out Operators • Flow Control • MiniGIS
Outline  Motivation  End-user Privacy Needs  Pitfalls in User Interfaces for Privacy  Confab Toolkit for Privacy-Sensitive Ubicomp  Physical layer for acquiring location  Infrastructure layer  Presentation layer  Applications Built
Notification UI when others request your location (pull) – Default is always “unknown” (plausible deniability) Presentation Layer Notifications
Presentation Layer PlaceBar PlaceBar UI used when you send to others (push) – If you give me “city” location, I can offer “events, museum lines”
Confab Architecture InfoSpace Data Store InfoSpace Data Store LocName PlaceLab Source Location Messenger How to control personal info once it leaves yourcomputer? My Computer Tourguide
Privacy Tags Digital Rights Management for Privacy – Like adding note to email, “Please don’t forward” – Notify address - notify-abc@cs.berkeley.edu – Time to live - 5 days – Max number of sightings - last 5 sightings of my location Provide libraries for making it easy for app developers Requires non-technical solutions for deployment – Market support thru TrustE, Consumer Reports – Legal support thru data retention laws
Outline  Motivation  Analysis of End-user Privacy Needs  Confab Toolkit for Privacy-Sensitive Ubicomp  Applications Built
Putting it Together #1 Location-Enhanced Messenger
Putting it Together #1 Location-Enhanced Messenger
Putting it Together #2 Location-Enhanced Web Proxy Auto-fills location information on existing web sites Starbucks MapQuest PageModification URL =http://www.starbucks.com/ txtCity =CityName txtState =RegionCode txtZip =ZIPCode
Location-aware web sites – Different content based on your current location Putting it Together #2 Location-Enhanced Web Proxy
Application Details Location-enhanced Instant Messenger – Uses Hamsam library for cross-platform IM – ~2500 LOCs across 23 classes, about 5 weeks (mostly GUI) – Acquiring location, InfoSpace store (and prefs), location queries, automatic updates, access notifications, MiniGIS + dataset Location-enhanced web proxy – Added ~800 LOCs to existing 800 LOCs, about 1 week – Location queries, automatic updates, MiniGIS + dataset, PlaceBar Other apps – Emergency Response app, distributed querying app Confab reduces what would be a lot of duplicated work
Other Parts of this Work Common risks to design for in privacy-sensitive systems? Hong, Ng, Lederer, Landay [DIS2004] Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems Common mistakes to avoid in the user interface? Lederer, Hong, Dey, Landay [PUC 2004] Personal Privacy through Understanding and Action: Five Pitfalls for Designers Design rationale at presentation layer User evaluations of the apps
Conclusions Confab toolkit for facilitating construction of privacy- sensitive ubicomp applications – Privacy at physical, infrastructure, and presentation layers – Push architecture towards local capture, processing, storage – Couple w/ better UIs for greater choice, control, and feedback “Use technology correctly to enhance life. It is important that people have a choice in how much information can be disclosed. Then the technology is useful.”
Thanks to: DARPA Expeditions NSF ITR Intel Fellowship Siebel Systems Fellowship PARC Intel Research John Canny Anind Dey Scott Lederer Jennifer Ng Bill Schilit Doug Tygar Many, many others… http://placelab.org Jason I. Hong jasonh@cs.berkeley.edu http://guir.berkeley.edu/confab Acknowledgements
Hypothesis: The Privacy Hump Pessimistic Many legitimate concerns Many alarmist rants “Right” way to deploy? Value proposition? Rules on fair use? Optimistic Things have settled down Few fears materialized Market, Social, Legal, Tech We get tangible value time fears
Missing Pieces of the Privacy Puzzle How do privacy perceptions change over time? – Ecommerce studies suggest experience important, privacy hump How do privacy perceptions vary across cultures? – Western cultures tend to be more individualistic Metrics for privacy? – Specific data types (location) or problems (price discrimination) Economic incentives for companies to do “the right thing”? Other kinds of protection at the physical layer? How perfect do we want our ubicomp systems to be? – Accurate and reliable -> harder to lie

Recommended

Vest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuvenVest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuvenMarc Hullegie
 
Fostering an Ecosystem for Smartphone Privacy
Fostering an Ecosystem for Smartphone PrivacyFostering an Ecosystem for Smartphone Privacy
Fostering an Ecosystem for Smartphone PrivacyJason Hong
 
Unit 1
Unit 1Unit 1
Unit 1karthiksmart21
 
Exo cortex
Exo cortexExo cortex
Exo cortexSerendipity Seraph
 
Anti spyware coalition definitions and supporting documents
Anti spyware coalition definitions and supporting documentsAnti spyware coalition definitions and supporting documents
Anti spyware coalition definitions and supporting documentsUltraUploader
 
Technical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsTechnical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsOllie Whitehouse
 
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...Cellebrite
 
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and ArtifactsTrends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and ArtifactsCellebrite
 

Recommended

Vest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuvenVest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuvenMarc Hullegie
 
Fostering an Ecosystem for Smartphone Privacy
Fostering an Ecosystem for Smartphone PrivacyFostering an Ecosystem for Smartphone Privacy
Fostering an Ecosystem for Smartphone PrivacyJason Hong
 
Unit 1
Unit 1Unit 1
Unit 1karthiksmart21
 
Exo cortex
Exo cortexExo cortex
Exo cortexSerendipity Seraph
 
Anti spyware coalition definitions and supporting documents
Anti spyware coalition definitions and supporting documentsAnti spyware coalition definitions and supporting documents
Anti spyware coalition definitions and supporting documentsUltraUploader
 
Technical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsTechnical Challenges in Cyber Forensics
Technical Challenges in Cyber ForensicsOllie Whitehouse
 
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...
There's an App for That: Digital Forensic Realities for Mobile App Evidence, ...Cellebrite
 
Trends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and ArtifactsTrends in Mobile Device Data and Artifacts
Trends in Mobile Device Data and ArtifactsCellebrite
 
Big Crypto for Little Things
Big Crypto for Little ThingsBig Crypto for Little Things
Big Crypto for Little ThingsH4Diadmin
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Sailaja Tennati
 
A management introduction to IoT - Myths - Pitfalls - Challenges
A management introduction to IoT - Myths - Pitfalls - ChallengesA management introduction to IoT - Myths - Pitfalls - Challenges
A management introduction to IoT - Myths - Pitfalls - ChallengesSven Beauprez
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
Internet of Things - Benefits for the Ummah
Internet of Things - Benefits for the UmmahInternet of Things - Benefits for the Ummah
Internet of Things - Benefits for the UmmahDr. Mazlan Abbas
 
Ubiquitous computing
Ubiquitous computingUbiquitous computing
Ubiquitous computingPriti Punia
 
Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...
Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...
Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...benaam
 
Ubiquitous Computing: Privacy Issues
Ubiquitous Computing: Privacy IssuesUbiquitous Computing: Privacy Issues
Ubiquitous Computing: Privacy IssuesHongseok Kim
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
SenseDroid
SenseDroidSenseDroid
SenseDroidSantanu Sarma
 
Dynamic Data Analytics for the Internet of Things: Challenges and Opportunities
Dynamic Data Analytics for the Internet of Things: Challenges and OpportunitiesDynamic Data Analytics for the Internet of Things: Challenges and Opportunities
Dynamic Data Analytics for the Internet of Things: Challenges and OpportunitiesPayamBarnaghi
 
Cps innovation lab kolkata iiest
Cps innovation lab kolkata iiestCps innovation lab kolkata iiest
Cps innovation lab kolkata iiestArpan Pal
 
SplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunk
 
Towards the Design of Intelligible Object-based Applications for the Web of T...
Towards the Design of Intelligible Object-based Applications for the Web of T...Towards the Design of Intelligible Object-based Applications for the Web of T...
Towards the Design of Intelligible Object-based Applications for the Web of T...Pierrick Thébault
 
Context is King: AR, AI, Salience, and the Constant Next Scenario
Context is King: AR, AI, Salience, and the Constant Next ScenarioContext is King: AR, AI, Salience, and the Constant Next Scenario
Context is King: AR, AI, Salience, and the Constant Next ScenarioClark Dodsworth
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
Week 11 12 chap11 c-2
Week 11 12 chap11 c-2Week 11 12 chap11 c-2
Week 11 12 chap11 c-2Zahir Reza
 
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with trainingASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with trainingAPNIC
 
System Support for Internet of Things
System Support for Internet of ThingsSystem Support for Internet of Things
System Support for Internet of ThingsHarshitParkar6677
 
Enabling the physical world to the Internet and potential benefits for agricu...
Enabling the physical world to the Internet and potential benefits for agricu...Enabling the physical world to the Internet and potential benefits for agricu...
Enabling the physical world to the Internet and potential benefits for agricu...Andreas Kamilaris
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 

More Related Content

Similar to An Architecture for Privacy-Sensitive Ubiquitous Computing at Mobisys 2004

Big Crypto for Little Things
Big Crypto for Little ThingsBig Crypto for Little Things
Big Crypto for Little ThingsH4Diadmin
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Sailaja Tennati
 
A management introduction to IoT - Myths - Pitfalls - Challenges
A management introduction to IoT - Myths - Pitfalls - ChallengesA management introduction to IoT - Myths - Pitfalls - Challenges
A management introduction to IoT - Myths - Pitfalls - ChallengesSven Beauprez
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
Internet of Things - Benefits for the Ummah
Internet of Things - Benefits for the UmmahInternet of Things - Benefits for the Ummah
Internet of Things - Benefits for the UmmahDr. Mazlan Abbas
 
Ubiquitous computing
Ubiquitous computingUbiquitous computing
Ubiquitous computingPriti Punia
 
Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...
Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...
Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...benaam
 
Ubiquitous Computing: Privacy Issues
Ubiquitous Computing: Privacy IssuesUbiquitous Computing: Privacy Issues
Ubiquitous Computing: Privacy IssuesHongseok Kim
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
Dynamic Data Analytics for the Internet of Things: Challenges and Opportunities
Dynamic Data Analytics for the Internet of Things: Challenges and OpportunitiesDynamic Data Analytics for the Internet of Things: Challenges and Opportunities
Dynamic Data Analytics for the Internet of Things: Challenges and OpportunitiesPayamBarnaghi
 
Cps innovation lab kolkata iiest
Cps innovation lab kolkata iiestCps innovation lab kolkata iiest
Cps innovation lab kolkata iiestArpan Pal
 
SplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunk
 
Towards the Design of Intelligible Object-based Applications for the Web of T...
Towards the Design of Intelligible Object-based Applications for the Web of T...Towards the Design of Intelligible Object-based Applications for the Web of T...
Towards the Design of Intelligible Object-based Applications for the Web of T...Pierrick Thébault
 
Context is King: AR, AI, Salience, and the Constant Next Scenario
Context is King: AR, AI, Salience, and the Constant Next ScenarioContext is King: AR, AI, Salience, and the Constant Next Scenario
Context is King: AR, AI, Salience, and the Constant Next ScenarioClark Dodsworth
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
Week 11 12 chap11 c-2
Week 11 12 chap11 c-2Week 11 12 chap11 c-2
Week 11 12 chap11 c-2Zahir Reza
 
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with trainingASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with trainingAPNIC
 
System Support for Internet of Things
System Support for Internet of ThingsSystem Support for Internet of Things
System Support for Internet of ThingsHarshitParkar6677
 
Enabling the physical world to the Internet and potential benefits for agricu...
Enabling the physical world to the Internet and potential benefits for agricu...Enabling the physical world to the Internet and potential benefits for agricu...
Enabling the physical world to the Internet and potential benefits for agricu...Andreas Kamilaris
 

Similar to An Architecture for Privacy-Sensitive Ubiquitous Computing at Mobisys 2004 (20)

Big Crypto for Little Things
Big Crypto for Little ThingsBig Crypto for Little Things
Big Crypto for Little Things
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter
 
A management introduction to IoT - Myths - Pitfalls - Challenges
A management introduction to IoT - Myths - Pitfalls - ChallengesA management introduction to IoT - Myths - Pitfalls - Challenges
A management introduction to IoT - Myths - Pitfalls - Challenges
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
 
Internet of Things - Benefits for the Ummah
Internet of Things - Benefits for the UmmahInternet of Things - Benefits for the Ummah
Internet of Things - Benefits for the Ummah
 
Ubiquitous computing
Ubiquitous computingUbiquitous computing
Ubiquitous computing
 
Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...
Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...
Early Lessons from Building Sensor.Network: An Open Data Exchange for the Web...
 
Ubiquitous Computing: Privacy Issues
Ubiquitous Computing: Privacy IssuesUbiquitous Computing: Privacy Issues
Ubiquitous Computing: Privacy Issues
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
SenseDroid
SenseDroidSenseDroid
SenseDroid
 
Dynamic Data Analytics for the Internet of Things: Challenges and Opportunities
Dynamic Data Analytics for the Internet of Things: Challenges and OpportunitiesDynamic Data Analytics for the Internet of Things: Challenges and Opportunities
Dynamic Data Analytics for the Internet of Things: Challenges and Opportunities
 
Cps innovation lab kolkata iiest
Cps innovation lab kolkata iiestCps innovation lab kolkata iiest
Cps innovation lab kolkata iiest
 
SplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCP
 
Towards the Design of Intelligible Object-based Applications for the Web of T...
Towards the Design of Intelligible Object-based Applications for the Web of T...Towards the Design of Intelligible Object-based Applications for the Web of T...
Towards the Design of Intelligible Object-based Applications for the Web of T...
 
Context is King: AR, AI, Salience, and the Constant Next Scenario
Context is King: AR, AI, Salience, and the Constant Next ScenarioContext is King: AR, AI, Salience, and the Constant Next Scenario
Context is King: AR, AI, Salience, and the Constant Next Scenario
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
 
Week 11 12 chap11 c-2
Week 11 12 chap11 c-2Week 11 12 chap11 c-2
Week 11 12 chap11 c-2
 
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with trainingASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with training
 
System Support for Internet of Things
System Support for Internet of ThingsSystem Support for Internet of Things
System Support for Internet of Things
 
Enabling the physical world to the Internet and potential benefits for agricu...
Enabling the physical world to the Internet and potential benefits for agricu...Enabling the physical world to the Internet and potential benefits for agricu...
Enabling the physical world to the Internet and potential benefits for agricu...
 

Recently uploaded

The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 

Recently uploaded (20)

The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 

An Architecture for Privacy-Sensitive Ubiquitous Computing at Mobisys 2004

  • 1. An Architecture for Privacy-Sensitive Ubiquitous Computing Jason I. Hong HCI Institute Carnegie Mellon University James A. Landay Computer Science and Eng. University of Washington
  • 2. Ubicomp Privacy is a Serious Concern From a nurse required to wear active badge “[It] could tell when you were in the bathroom, when you left the unit, and how long and where you ate your lunch. EXACTLY what you are afraid of.” - allnurses.com
  • 3. Ubicomp Presents Range of Privacy Risks Everyday Risks Extreme Risks Stalkers, Muggers _________________________________ Well-being Personal safety Employers _________________________________ Over-monitoring Discrimination Reputation Friends, Family _________________________________ Over-protection Social obligations Embarrassment Government __________________________ Civil liberties How to maximize real benefit of ubicomp while minimizing perceived and actual privacy risks?
  • 4. Approach Confab Privacy Toolkit Informed by End-User Needs Hard to analyze privacy – Analysis of end-user needs for ubicomp privacy Interviews, surveys, postings on message boards Hard to implement privacy-sensitive systems – Confab toolkit for privacy-sensitive ubicomp apps Capture, processing and presentation of personal info Focus on location privacy – Evaluation thru building apps Location-enhanced messenger Location-enhanced web proxy
  • 5. Outline  Motivation  End-user Privacy Needs  Confab Toolkit for Privacy-Sensitive Ubicomp  Applications Built
  • 6. An HCI Perspective on Privacy “The problem, while often couched in terms of privacy, is really one of control. If the computational system is invisible as well as extensive, it becomes hard to know: – what is controlling what – what is connected to what – where information is flowing – how it is being used The O rig ins o f Ubiq uito us Co m puting Re se arch at PARC in the Late 1 9 8 0 s We ise r, Go ld, Bro wn Empowerpeople so they can choose to share: • the right information • with the right people orservices • at the right time
  • 7. Analysis of End-User Privacy Needs Lots of speculation about ubicomp privacy, little data Published Sources – Examined papers describing usage of ubicomp systems – Examined existing and proposed privacy protection laws Surveys and Interviews – Analyzed survey data of 130 people on ubicomp privacy prefs – Interviewed 20 people on location-based services Existing Systems – Analyzed postings on nurse message board on locator systems
  • 8. Summary of End-User Privacy Needs Clear value proposition Simple and appropriate control and feedback Plausible deniability Limited retention of data Decentralized control Special exceptions for emergencies Alice’s Location Bob’s Location
  • 9. Outline  Motivation  End-user Privacy Needs  Confab Toolkit for Privacy-Sensitive Ubicomp  Applications Built
  • 10. Confab Toolkit for Privacy-Sensitive Ubicomp Confab for privacy-sensitive ubicomp apps – Cover end-user privacy needs – Provide solid technical foundation for privacy-sensitive ubicomp A toolkit needs to support all three of these layers – Must capture, store, process, & share in privacy-sensitive manner Physical / Sensor Infrastructure Presentation I might present choices well to users… …but not have control over how the info was acquired or processed …but not help developers process it safely or provide visibility to end-usersI might acquire information privately…
  • 11. Past Work Addresses at Most One Layer Today, building privacy-sensitive apps would have to be done in an ad hoc manner Physical / Sensor Infrastructure Presentation Cricket Location Beacons, Active Bats P3P, Privacy Mirrors ParcTab System, Context Toolkit
  • 12. Confab High-Level Architecture Capture, store, and process personal data on my computer as much as possible (laptops and PDAs) Provide greater control and feedback over sharing InfoSpace Data Store InfoSpace Data Store LocName App On Operators Source Sources Out OperatorsIn Operators My Computer Logging CheckPrivacy Tag Invisible Mode Enforce Access UserInterfaces Garbage Collect Periodic Reports
  • 13. Example Built-in Confab Operator Flow Control Goal: Disclose different info to different requestors Conditions – Age of data – Data Format – Requestor Domain – Data Type – Requestor ID – Current Time – Requestor Location Actions – Lower Precision – Allow – Set (fake value) – Hide (data is removed) – Invisible (no out data) – Timeout (fake network load) – Interactive – Deny (forbidden)
  • 14. Outline  Motivation  End-user Privacy Needs  Confab Toolkit for Privacy-Sensitive Ubicomp  Physical layer for acquiring location  Infrastructure layer  Presentation layer  Applications Built
  • 15. Physical / Sensor Layer Intel’s Place Lab Location Source Determine location via local database of WiFi Access Points – Unique WiFi MAC Address -> Latitude, Longitude – Periodically update your local copy A B C –Works indoors and in urban canyons –Works with encrypted nodes –No special equipment –Privacy-sensitive –Rides the WiFi wave
  • 16. PlaceLab Data at SF Bay Area SF Bay Area ~60000 Nodes (~4 Megs)
  • 17. PlaceLab Data at UC Berkeley University of California Berkeley Berkeley Campus ~1000 Nodes
  • 18. Outline  Motivation  End-user Privacy Needs  Confab Toolkit for Privacy-Sensitive Ubicomp  Physical layer for acquiring location  Infrastructure layer  Presentation layer  Applications Built
  • 19. Infrastructure Layer Confab’s Built-in MiniGIS Operator People and apps need semantically useful names – “Meet me at 37.875, -122.257” MiniGIS operator transforms location info locally – Using network-based services would be privacy hole Whittled down to 30 megs from public sources – Places hardest to get, 3 ugrads + me scouring Berkeley Country Name = United States Region Name = California City Name = Berkeley ZIPCode = 94709 Place Name = Soda Hall Latitude/Longitude = 37.875, -122.257
  • 20. Confab Architecture InfoSpace Data Store InfoSpace Data Store LocName PlaceLab Source Tourguide Location Messenger How to make users aware of and be able to control the flow of personal info? My Computer Out Operators • Flow Control • MiniGIS
  • 21. Outline  Motivation  End-user Privacy Needs  Pitfalls in User Interfaces for Privacy  Confab Toolkit for Privacy-Sensitive Ubicomp  Physical layer for acquiring location  Infrastructure layer  Presentation layer  Applications Built
  • 22. Notification UI when others request your location (pull) – Default is always “unknown” (plausible deniability) Presentation Layer Notifications
  • 23. Presentation Layer PlaceBar PlaceBar UI used when you send to others (push) – If you give me “city” location, I can offer “events, museum lines”
  • 24. Confab Architecture InfoSpace Data Store InfoSpace Data Store LocName PlaceLab Source Location Messenger How to control personal info once it leaves yourcomputer? My Computer Tourguide
  • 25. Privacy Tags Digital Rights Management for Privacy – Like adding note to email, “Please don’t forward” – Notify address - notify-abc@cs.berkeley.edu – Time to live - 5 days – Max number of sightings - last 5 sightings of my location Provide libraries for making it easy for app developers Requires non-technical solutions for deployment – Market support thru TrustE, Consumer Reports – Legal support thru data retention laws
  • 26. Outline  Motivation  Analysis of End-user Privacy Needs  Confab Toolkit for Privacy-Sensitive Ubicomp  Applications Built
  • 27. Putting it Together #1 Location-Enhanced Messenger
  • 28. Putting it Together #1 Location-Enhanced Messenger
  • 29. Putting it Together #2 Location-Enhanced Web Proxy Auto-fills location information on existing web sites Starbucks MapQuest PageModification URL =http://www.starbucks.com/ txtCity =CityName txtState =RegionCode txtZip =ZIPCode
  • 30. Location-aware web sites – Different content based on your current location Putting it Together #2 Location-Enhanced Web Proxy
  • 31. Application Details Location-enhanced Instant Messenger – Uses Hamsam library for cross-platform IM – ~2500 LOCs across 23 classes, about 5 weeks (mostly GUI) – Acquiring location, InfoSpace store (and prefs), location queries, automatic updates, access notifications, MiniGIS + dataset Location-enhanced web proxy – Added ~800 LOCs to existing 800 LOCs, about 1 week – Location queries, automatic updates, MiniGIS + dataset, PlaceBar Other apps – Emergency Response app, distributed querying app Confab reduces what would be a lot of duplicated work
  • 32. Other Parts of this Work Common risks to design for in privacy-sensitive systems? Hong, Ng, Lederer, Landay [DIS2004] Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems Common mistakes to avoid in the user interface? Lederer, Hong, Dey, Landay [PUC 2004] Personal Privacy through Understanding and Action: Five Pitfalls for Designers Design rationale at presentation layer User evaluations of the apps
  • 33. Conclusions Confab toolkit for facilitating construction of privacy- sensitive ubicomp applications – Privacy at physical, infrastructure, and presentation layers – Push architecture towards local capture, processing, storage – Couple w/ better UIs for greater choice, control, and feedback “Use technology correctly to enhance life. It is important that people have a choice in how much information can be disclosed. Then the technology is useful.”
  • 34. Thanks to: DARPA Expeditions NSF ITR Intel Fellowship Siebel Systems Fellowship PARC Intel Research John Canny Anind Dey Scott Lederer Jennifer Ng Bill Schilit Doug Tygar Many, many others… http://placelab.org Jason I. Hong jasonh@cs.berkeley.edu http://guir.berkeley.edu/confab Acknowledgements
  • 35. Hypothesis: The Privacy Hump Pessimistic Many legitimate concerns Many alarmist rants “Right” way to deploy? Value proposition? Rules on fair use? Optimistic Things have settled down Few fears materialized Market, Social, Legal, Tech We get tangible value time fears
  • 36. Missing Pieces of the Privacy Puzzle How do privacy perceptions change over time? – Ecommerce studies suggest experience important, privacy hump How do privacy perceptions vary across cultures? – Western cultures tend to be more individualistic Metrics for privacy? – Specific data types (location) or problems (price discrimination) Economic incentives for companies to do “the right thing”? Other kinds of protection at the physical layer? How perfect do we want our ubicomp systems to be? – Accurate and reliable -> harder to lie

Editor's Notes

  1. Educate on HCI Be excited
  2. Main point is that we need to address these privacy concerns upfront to maximize the benefit of ubicomp Internet Privacy Ubicomp privacy issues RFID Google GMail Sergey Brin, WSJ, on GMail “ I didn’t realize it would be of such high interest to the world, because we’re just making it available to a small group of people” From the Why People Wear Active Badges paper They (badges) will be used to track me around. They will be used to track me around in my private life. They make me furious. From Dev Horn, Former VP of Stick Networks, designing devices Locating friends and family is seen as a negative. This function was seen as “scary” and “creepy” by most consumers, especially because the exact capability of this function was hard to understand. The only exception is among college students who thought being able to find friends would be interesting. “ It creeps me out. There are already too many things that track me.” “ If they want to find me, they can call me.” “ I don’t want to be found.” “ Lord knows, I don’t want my husband to know where I am.”
  3. Many of the threats are from Location Privacy Protection Act 2001 Never Get Lost “ John Anderton, you could use a Guinness right now” Find Friends “ Family is already very close to you, so if they’re checking up on you…sort of already smothering and this is one step further.” “ [It] could tell when you were in the bathroom, when you left the unit, and how long and where you ate your lunch. EXACTLY what you are afraid of.” Emergency Response “ I don’t see how a government or an organization will not come up with an excuse to use [location info] for another purpose.” What’s new here is the scope and scale of ubicomp Past: costly to collect, store, and use info Future: everywhere, always on, more kinds of real-time data Cute “ I would use [friend finder] for spy work and find out if my brother was up to no good. Then I would track him down.” Family [interview] “For a parent, this would be a great spying tool. I just don’t like it at all.” Workplace Abuse / Lack of Respect [survey] “ I don‘t want to be under direct surveillance of my husband or boss no matter what i am doing ” [survey] “this scheme could be used by a boss to constantly track an employee's location without the employee knowing“ [nurses] “These things give me the creeps. George Orwell never thought of this but he should have.” [nurses] “So---are these devices going to be used to track how much time nurses spend in the bathroom during their shift???” [nurses] “The stupid monitoring could tell when you where in the bathroom, when you left the unit, and how long and where you ate your lunch. EXACTLY what you are afraid of. Nurses are not prisoners of the state who need to be monitored every second of every day. ” Tradeoffs CYA (liability, garbage collectors, nurses) Efficiency
  4. These needs and pitfalls became basis of reqts for toolkit
  5. First two, privacy concerns and better design, informed the third, the toolkit
  6. “ Privacy is the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others” Privacy is a deeply embedded concept in our society US Constitution, UN Decl. Human Rights, Hippocratic Oath Leads to many different perspectives on privacy Orwell - “Big Brother” Lessig - Legal, Market, Social, and Technical forces Schoeman - Moral significance of privacy, individual choice G. Marx - Privacy as part of identity and control Privacy is a malleable concept, based on risks and benefits Ex. Credit card to buy goods and services online Ex. Giving out business cards at conferences The key here is end-user choice But ubicomp risks currently seem to outweigh benefits Ex. Initial ubicomp systems, some people suspected the worst Ex. E911 debates, flip a switch and your privacy disappears Existing architectures don’t support end-user choice well Historical perspective
  7. Interviews: did not mention “privacy” unless they did first Lots of speculation, lots of worst-case scenarios, but what are real needs? Survey done by Scott Lederer, I did further analysis on freeform comments Active Badge, PARCTab “ I would use it for spy work and find out if my brother was up to no good. Then I would track him down.” “ Family is already very close to you, so if they’re checking up on you…sort of already smothering, and this is one step further” Find Friend, Active Map, Find Place, Mobile Commerce, Emergency Theoretical work on Designing for Privacy Adams, Bellotti & Sellen, Jiang et al, Palen & Dourish
  8. Concerns were wide-ranged. Very little voiced concerns about government, more about over-monitoring by boss, friends, family (if young), spouses, and intrusion by advertisers Interesting thing here is that people didn’t seem to have concerns about the telecom or service providing location, more about who was using the information In other words, people cared about the endpoint, not the intermediaries Want control and feedback to prevent over-monitoring Value proposition - seemed to be greater resentment towards systems that required something from users but didn’t offer immediate value Control and feedback - lack of control and feedback often led people to suspect the worst, over-monitoring etc Plausible deniability - cell phone example Limited retention - cited in the laws, also makes information more susceptible to data mining Decentralized - came about (indirectly) in the original parctab system, heart of ongoing E911 debates as well, fear of turning a switch and it’s all over Emergencies - obvious
  9. On one hand, ubicomp can be used for great benefit, in terms of safety, efficiency, accountability, quality of life On the other hand, ubicomp can also be used for constant surveillance, loss of control over personal life First two, privacy concerns and better design, informed the third, the toolkit
  10. Confab Architecture and suite of mechanisms for managing privacy Prevent – Strong guarantees on your personal data Avoid – Better user interfaces for managing privacy Detect – Finding over-monitoring or accidental disclosures Architecture and mechanisms provide three different ways of managing privacy Observation: Majority of past work has focused on preventing privacy problems Ex. anonymity, encryption, access control, rule-based systems
  11. Would be difficult w/o Confab, lots of duplicated and non-trivial work P3P (Platform for Privacy Preferences Protocol) Focuses on communicating policy and obtaining consent Privacy Mirrors No control over how information flows or how to build Cricket Location Beacons / Active Bats Does not deal with sharing of information Ubicomp infrastructures [Ex. ParcTab system, Context Toolkit] No support for privacy or end-user control Today, would have to be done in ad hoc manner
  12. Pushing systems design to one extreme, putting as much into a single machine that you have control over
  13. Basic idea: use WiFi Access points to approximate location I did initial Java implementation I did data collection of SF bay area and tools for updating ` http://www.techweb.com/wire/story/TWB20031024S0011 With 300,000 to 400,000 Wi-Fi access points sold every month, Kastner says it's just a question of time before urban users of the wireless technology feel the pain. “ Wifi wave = sales + #wardrivers What are the alternatives here? Centralization was an issue early on in ubicomp (though rarely addressed) Also talked to a lawyer about this (Deidre) Closer data is to you, more legal protection
  14. Image from MapPoint, perhaps the coolest piece of Microsoft software ever written (though they did buy it from someone else, so…)
  15. I wrote this service Telling your friends your GPS location is not useful Also, disclosing lat lon may be more than you really want (most sensitive)
  16. Set-and-forget In-situ Configuration of time based on interviews and surveys Common theme was that people said they wanted only at workplace Another one was just temporary access, b/c acquaintances or tax attorney (temporary) Next “14” days useful for temporary access Can set prefs in situ and then can forget about it, don’t have to constantly check
  17. On one hand, ubicomp can be used for great benefit, in terms of safety, efficiency, accountability, quality of life On the other hand, ubicomp can also be used for constant surveillance, loss of control over personal life First two, privacy concerns and better design, informed the third, the toolkit
  18. Why location-instant messenger? Already a set of trusted friends / co-workers Most common question on SMS is “where are you?” [survey] For example, my friends should always be able to see my truefacefacename and primary email address because they already know that, but depending on what I am doing, I may or may not want them to know what I'm doing or where I am. If I am not available, I would want to be able to leave an away message as in IM.
  19. Why location-instant messenger? Already a set of trusted friends / co-workers Most common question on SMS is “where are you?” [survey] For example, my friends should always be able to see my truefacefacename and primary email address because they already know that, but depending on what I am doing, I may or may not want them to know what I'm doing or where I am. If I am not available, I would want to be able to leave an away message as in IM.
  20. Quote is from an interviewee
  21. Ubiquitous computing is coming Let’s make sure it’s a world we would want to live in
  22. NSF (IIS-0205644) DARPA (N66001-99-2-8913)
  23. Conjecture is that ubicomp has higher hump than past technologies due to quality, quantity, scope of data capture, the encompassing and ubiquitous nature of ubicomp. We need to build things “good enough” to overcome this hump. Doesn’t have to be perfect, just good enough.
  24. Ubiquitous computing is coming Let’s make sure it’s a world we would want to live in