PRIVACY IN UBICOMP

Weiser: Privacy a key challenge

Privacy and technology Type of information collected? Who has access? Access for what purpose? How long is information stored? In what format is information stored? What levels of accuracy and precision?

IRB release form example Type of information collected:

Speech Interactions with GUI, devices Data generated by devices Physiological measures from on-body

sensors (e.g. ECG) Off-body sensors (e.g. eye tracker) Video Questionnaire answers

Who has access? Andrew Kun, students, staff Researchers from other institutions Consumers of printed and online media

(scientific publications, blogs, etc.)

Access for what purpose? Development of user interfaces for cars

and handheld devices

How long is information stored? “The data will be stored for future use in

our research.” = “We have no plans to ever destroy the

data.”

In what format is info stored? Not specified No link to participant other than in video

data

What levels of accuracy, precision?

Not specified = nothing omitted (e.g. face recognizable in video)

Privacy and technology Internet – no privacy, but… China:

Filter search engines: if you filter, you may know who submitted the query Should companies sell equipment or leave

China? Self-censorship:

Individuals Companies: e.g. Windows Live Spaces

Should companies practice self-censorship or leave China?

Jeremy Bentham’s Panopticon

Privacy and technology China:

MySpace: can denounce other users

Of course, this is nothing new…

Forbidden topics? Political: Taiwan independence Religious: e.g. Falun Gong Sex: e.g. Muzi Mei blog

Contrast: First Amendment

Need another horror story? Nazi censuses using IBM technology:

Identified Jews, homosexuals, Jehovah’s Witnesses, etc.

What is privacy? 1215: Magna

Carta King will bound

by law

1361: Justices of the Peace Act Sentences for:

Peeping Toms Eavesdroppers

“My home is my castle” 1763: William Pitt

(later PM)

Warren and Brandeis 1890: “the right to be let

alone”

1967: Alan Westin Individuals, groups, institutions When, how and to what extent

information about them communicated to others

= Information privacy

Privacy over the centuries Focus shift from local to remote:

Local/physical: Bodily Territorial

Solitude Information Communication

Ubicomp effects? Local privacy under attack again!

Speech recognition for eavesdropping Smart shirt: ECG Smart fridge: what you eat/buy Robots, cameras: what’s inside your house Etc.

Gary T. Marx: Personal border crossings

Borders: Natural Social Spatial or temporal Due to ephemeral or transitory effects

Natural borders Walls, doors Clothing Darkness Sealed letters Phone calls

Social borders Family Doctor, lawyer

Spatial and temporal borders Spatial: work vs. private life Temporal: past transgressions

Ephemeral/transitory effects Will anybody remember today’s lecture

in detail?

The end of the ephemeral? Lifelogging: Steve Mann Helping people with amnesia, etc.:

Microsoft SenseCam (pdf, video)

Solove’s privacy taxonomy Tort law = remedies for civil wrongs Data holders and information:

Collection Surveillance Interrogation

Processing Aggregation, etc.

Dissemination Breach of confidentiality, etc.

Why do we need privacy? Privacy = property

Can sell it as a commodity Trust market forces

But…

Why do we need privacy? Autonomy of the individual

Experiment Maintaining different faces Allow for emotional release functionality

Why do we need privacy? Social good necessary for functioning of

a democracy Enables citizens to participate

Do people care about location privacy?

John Krumm, "Inference Attacks on Location Tracks", Fifth International Conference on Pervasive Computing (Pervasive 2007), May 13-16, 2007, Toronto, Ontario, Canada. (PDF) (PPT) (PPT 2007)

People Don’t Care About Location Privacy – John Krumm, Pervasive’07

(1) Danezis, G., S. Lewis, and R. Anderson. How Much is Location PrivacyWorth? in Fourth Workshop on the Economics of Information Security.2005. Harvard University.

• 74 U. Cambridge CS students• Would accept £10 to reveal 28 days of measured locations (£20 for commercial use) (1)

• 226 Microsoft employees• 14 days of GPS tracks in return for 1 in 100 chance for $200 MP3 player• 62 Microsoft employees• Only 21% insisted on not sharing GPS data outside

• 11 with location-sensitive message service in Seattle• Privacy concerns fairly light (2)

(2) Iachello, G., et al. Control, Deception, and Communication: Evaluating the Deployment of a Location-Enhanced Messaging Service. in UbiComp 2005: Ubiquitous Computing. 2005. Tokyo, Japan.

(3) Kaasinen, E., User Needs for Location-Aware Mobile Services. Personal and Ubiquitous Computing, 2003. 7(1): p. 70-79.

• 55 Finland interviews on location-aware services• “It did not occur to most of the interviewees that they could be located while using the service.” (3)

Legal background Established in tort law:

Intrusion upon solitude, private affairs Public disclosure of embarrassing personal

facts Publicity placing one in false light in public

eye Appropriation of name/likeness

How to hack RFID-enabled credit cards for $8

Privacy/data protection law Tort law: two individuals Privacy/data protection law: government

or industry and individual Basis: OECD Fair Information Principles

OECD Fair Information Principles

Collection limitation Data quality Purpose specification Use limitation Security safeguards Openness Individual participation Accountability

Legislative approaches US:

Overarching privacy laws for federal government

As-needed for state/local government and private organizations

EU: Overarching privacy laws for all entities

Interpersonal privacy Most people won’t sue (tort), they will

not use your design So…

Privacy is not a binary function. More than yes/no.

Privacy is a social process. Continually adjusted.

The elderly, ubicomp and privacy

Ethical Technology in the Homes of Seniors at Indiana University (ETHOS): Ambient Clock (video)

Ubicomp for couples Empathy Mirror:

Kang-Hao Chang et al. CHI 2008 (pdf, video)

CoupleVibe: Elizabeth Bales et al. Ubicomp 2009 (pdf)

RFID The hype: IBM commercial video The most boring video of all time:

RFID parking The RFID Ecosystem at the

University of Washington (video)