Post on 11-Feb-2017
Lutz Schmitt – @luxux – EuroIA Summit 2016 Amsterdam
PRIVACY BY DEFAULT
illustration by Lutz Schmitt – licensed under cc-nc-by 4.0
The concept was created a good 10 years ago.
illustration by Lutz Schmitt – licensed under cc-nc-by 4.0
I added the missing parts for a
future world with ambient intelligence,
that I would want to live in.
illustration by Lutz Schmitt – licensed under cc-nc-by 4.0
Diagram by Claire Rowland. Used with permission.
Facets of IoT UX by Claire Rowland
Social Normative Norms that form society and regulate human interaction
Technology Design Rules how technology must work,
to ensure the social norms invisible
Diagram by Claire Rowland. Used with permission.
Social Normative Norms that form society and regulate human interaction
Technology Design Rules how technology must work,
to ensure the social norms invisible
This talk is about the foundation
for all of this
PREPARATIONS
security is fundamental
ultimately, it‘s all about trust
https://twitter.com/MetroUK/status/776150782194376704
PREPARATIONS:
PRIVACY
the right to be let alone
1. The right to privacy does not prohibit any
publication … which is of public … interest
4. The right to privacy ceases upon the
publication of the facts by the individual,
or with his consent.
Limitations of the Right to Privacy
the need for privacy is individual
Alan Westin in Privacy and Freedom, 1967
• Solitude
• Intimacy
• Anonymity
• Reserve
STATES OF PRIVACY
Alan Westin in Privacy and Freedom, 1967
• Solitude
• Intimacy
• Anonymity
• Reserve
• Pseudonymity
STATES OF PRIVACY EXTENDED
privacy can only
be violated by other persons!?
Source: https://www.hackread.com/samsung-smart-tv-listening-conversations/
No one shall be subjected to arbitrary
interference with his privacy, family, home
or correspondence, nor to attacks upon his
honour and reputation. Everyone has the
right to the protection of the law against
such interference or attacks.
Article 12
Universal Declaration of Human Rights
http://www.un.org/en/universal-declaration-human-rights/
PREPARATIONS:
INTERNET
THE INTERNET AS OF TODAY
SOME SERVICE OWNED
BY A COMPANY
User
User
User
WE GO INTO THIS SPHERE
TO BECOME A USER
User
User
User
THE SPHERE DEFINES THE
MEANS OF INTERACTION
photo by Becky Striepe on flickr.com licensed under cc-by-nc-sa 2.0
the internet is
not a public place
photo by Tom Borowski on flickr.com licensed under cc-by-nc 2.0
Facebook is Mark
Zuckerbergs living room
and this happens to continue
PREPARATIONS:
INTERNET OF THINGS
synonyms
photo by Philips. Released as press release.
Remote controlling your lightbulbs
photo by revolv. Released in the press kit.
devices that need a cloud connection
photo amazon.com. product shot. Used under fair use policy.
we have reached zero effective cost
THE VISION FOR THE
INTERNET OF THINGS
THAT HOOKED ME
photo by Sarah Leo on flickr.com – licensed under cc-by-sa 2.0
Mark Weiser, The Computer for the 21st Century, 1991
WHAT WE NEED TO
SOLVE
DEFINING
CHALLENGE #1
a friend with lack of knowledge
photo by Juan Ignacio Sánchez Lara on flickr. Licensed under cc-by-nc-sa-2
the ambient intelligence won‘t
come with a power button
how must the IoT work,
DEFINING
CHALLENGE #2
Mark Weiser, The Computer for the 21st Century, 1991
we need to trust and believe,
Arthur C. Clarke, Hazards of Prophecy 1962
How do we design this magic reality,
DEFINING
CHALLENGE #3
decisions and
setups all the time
staying in control
or at least informed
INTERACTION
OVERLOAD
DEFINING
CHALLENGE #4
Screenshot. Source: the internet
lack of balance
what means of balancing do we need
• Design magic that empowers people
• Avoid interaction overload
• Staying in control without pulling the plug
• Implement means of balancing interests
CHALLENGES FOR THE
INTERNET OF THINGS
GUIDELINES FOR THE
INTERNET OF THINGS
TO ENABLE PRIVACY
TECHNOLOGY
MUST BE SECURE
THE NETWORK
MUST BE
EVERYTHING
MUST BE CONNECTED
EVERYTHING
MUST BE IDENTIFIABLE
COMMUNICATION
MUST BE DENIABLE
A PERSONS INTENT
MUST BE KNOWN
DECISIONS
MUST BE REVERSABLE
a concept for privacy in a world with the internet of things
PRIVACY BY DEFAULT
illustration by Lutz Schmitt – licensed under cc-nc-by 4.0
Privacy is the choice, who we trust
enough to provide information and
allow communication with
CHARLOTTE
Ms. HOPKINS
ANONYMOUS
introducing identity
our identity
representation changes
PSEUDO IDENTITIES
CORE IDENTITY
PUBLIC IDENTITY
CONTEXTUAL IDENTITIES
Our true unique self Our pretended
selves
Our contextual true selves
Our non-private self
these identities are a basic rule set
SERVICE
OBJECT
LOCA-TION
PERSON
INSTI-TUTION
everything and everybody
needs that identity structure
ANIMAL
identity
only ownage allows
Source: https://www.hackread.com/samsung-smart-tv-listening-conversations/
Our pretended selves
IDENTITIES CAN BE OWNED
phone
diary
Bitcoin vallet
house
interaction is ultimately
between persons
of course a person
mustn‘t be human
introducing
privacy spheres
PUBLIC
RESERVED
INTIMATE
PERSONAL ONLY YOU
WITH ACTIVE GRANT
WITH PASSIVE GRANT
EVERYBODY
privacy spheres
CORE IDENTITY
CONTEXTUAL IDENTITY – HOME OWNER
CONTEXTUAL IDENTITY – WORK
INTIMATE RESERVED PUBLIC PERSONAL
secret diary
pictures from last night
work certificates
grant home control
fitness tracker data
pseudo contact details
geo location
shirt‘s product info
work contact details
coffee maker‘s fill status
shirt‘s unique ID
pictures from THAT night
second Bitcoin vallet
INTIMATE RESERVED PUBLIC PERSONAL
personal data
personal data
personal data
right to management
body data
identification & communication
body data
object data
Identification & communication
usage data
identification
personal data
wealth data and transaction id
similar data may not be exposed
INTIMATE RESERVED PUBLIC PERSONAL
personal data 1
personal data 2
every identity has a default
INTIMATE RESERVED PUBLIC PERSONAL
Right to manage
Right to use
Unique identification
object info
sensor data
combining identity and privacy spheres
CORE IDENTITY
CONTEXTUAL IDENTITY – HOME OWNER
CONTEXTUAL IDENTITY – WORK
INTIMATE RESERVED PUBLIC PERSONAL
CORE ID – UID24298723459
PSEUDO ID – MADAMEPOMPADILLE
CONTEXTUAL ID – HR42CHOPKINS
PUBLIC IDENTITY
INTIMATE RESERVED PUBLIC PERSONAL
CORE ID – UID24298723459 Right to manage
Right to use
Unique identification
object info
sensor data
INTIMATE RESERVED PUBLIC PERSONAL
CORE ID – UID24298723459 Right to manage
Right to use
Unique identification
object info
sensor data
relationships
only similar identities may interact
me you OK
me you NO
those who initiate
communication
INTIMATE RESERVED PUBLIC INTIMATE RESERVED
OK, automatic rules apply
INTIMATE RESERVED PUBLIC INTIMATE RESERVED
maybe OK, person’s decision
needed
actually the idea of privacy is simple
but I see that it won‘t make
it easier to design products
and there are complicated
social issues to solve
finally,
I agree on the universal human rights
photo by mere41782 on flickr.com – licensed under cc by nd 2.0
Now go out there and
build a future
I want to live in.
Please.
@luxux www.lutzschmitt.com