Privacy for Ubiquitous Computing

Privacy for Ubiquitous Computing

Joshua Sunshine

Looking Forward

Defining Ubiquitous Computing

Unique Privacy Problems

Examples

Exercise 1: Privacy Solution

Privacy Tradeoffs

Professional Solutions

Exercise 2: User Study

Conclusion

Ubiquitous Computing Definitions

Everywhere (duh!)

Invisible

Mobile

Interoperable

Context Aware

Personal

Multi-Agent

Privacy Problems

More data collected, more data to be used inappropriately (Everywhere)

User forget they are revealing private information (Invisible)

Hard to configure data sharing (Invisible, Everywhere)

Privacy Problems 2

New class of data -- contextual information (Context Aware)

Stalkers (location)

Advertisers (location, activity

)

Hard To Identify Invasions (Multi-Agent)

Hard to Recover (Multi-Agent)

Example, Boss

Example, Mobile Phones

Problem: Interruptions

Caller doesn’t know receiver’s context

Solution: Reveal Context

Location

Activity

Company

Conversation

Example, Bus Tracking

Problem: When will the next bus arrive?

Tool: Cell phones

Solution:

Aggregate information from riders phones

Send alerts to people waiting for a bus

Exercise 1: Privacy Solution

Break up into two groups

Make a list of privacy problems

Come up with a solution that avoids or minimizes these problems

10 minutes

Professional Privacy Problems, Bus Tracking

Identity violation

Identity of individual is determined

Happens when identifier is sent in a report to the server

Tracking violation

Movement of individual tracked over time

Happens when identify one report as belonging to a person who sent an earlier report

Professional Solution, Bus Tracking

Hitchhiking

Anonymous data collection

Location is Computed on the Client

Only the Client Device is Trusted

Report Approval

Restriction of Reports to Specific Locations

User Study, Mobile Phones

Context Types: Location, Activity, Company, Conversation

Relationship Types: Significant other, family member, friend, colleague, boss, and unknown

Representative Sample of 20, regular routine

Participants “called” at regular intervals by individual with one of the relationship types

Asked to share context

Results, Mobile Phones

Criticism, Mobile Phones

Bad: Value is not real

Participants were not receiving real phone calls based on their answers

Goal: Avoid interruptions

Questionnaire is an interruption

Good:

Context is

m

ore than location

Ideas for Configuration in Real Setting

Privacy Tradeoffs

Value of Sharing vs. Privacy of Not Sharing

Control vs. Trust

Prevention vs. Detection

Configurability vs. Invisibility

Fidelity vs. Confidentiality

Fine vs. Coarse Grained Filtering

Exercise 2: User Study

Same groups

Create a user study for the Professional Bus Tracking System

Try to determine if the solution uses the correct trade offs

Focus on usability of privacy, not on overall usability

20 minutes

Bibliography

http://www.tartanracing.org

/

Khalil

, A. and Connelly, K. 2006. Context-aware telephony: privacy preferences and sharing patterns. In Proceedings of the 2006 20th Anniversary Conference on Computer Supported Cooperative Work (Banff, Alberta, Canada, November 04 - 08, 2006). CSCW '06. ACM, New York, NY, 469-478

.

Tang, K. P.,

Keyani

, P., Fogarty, J., and Hong, J. I. 2006. Putting people in their place: an anonymous and privacy-sensitive approach to collecting sensed data in location-based applications. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Montreal, Quebec, Canada, April 22 - 27, 2006). R.

Grinter

, T.

Rodden

, P. Aoki, E.

Cutrell

, R. Jeffries, and G. Olson, Eds. CHI '06. ACM, New York, NY, 93-102

.

Hong, J.I., J. Ng, and J.A.

Landay

. Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems. In Proceedings of Designing Interactive Systems (DIS2004). Boston, MA. pp. 91-100 2004.