Ubiquitous Computing: Privacy Issues

23
Ubiquitous Computing: Privacy Issues Hongseok Kim November 19, 2003 SI 668

description

privacy issues in ubiquitous computing

Transcript of Ubiquitous Computing: Privacy Issues

Page 1: Ubiquitous Computing: Privacy Issues

Ubiquitous Computing:Privacy Issues

Hongseok KimNovember 19, 2003

SI 668

Page 2: Ubiquitous Computing: Privacy Issues

Overview

• Basics of Ubiquitous Computing

• Context Awareness

• Privacy Issues

• Policy Principles and Guidelines

Page 3: Ubiquitous Computing: Privacy Issues

Ubiquitous Computing Vision

• Mark Weiser (1952~1999), XEROX PARC– Coined the term, “ubiquitous computing”, in 1988– Seminal Article: “The Computer for the 21st Century,” Sci

entific American (Sep. 1991)

“The most profound technologies are those that disappear. They weave themselves into the fabric of every

day life until they are indistinguishable from it.”

Page 4: Ubiquitous Computing: Privacy Issues

Inverted Paradigm

• “Computer in the world (embodied virtuality)” instead of “World in the computer (virtual reality)”

• Small, lightweight, and cheap processors embedded in everyday objects

Page 5: Ubiquitous Computing: Privacy Issues

Smart Objects

• Enrich real world objects with information processing capabilities– Embedded Processors and Memory

can remember pertinent events!

– Wireless Communicationscommunicate with their environment

– Sensorsresponsive

context-sensitive or context-aware behavior

Page 6: Ubiquitous Computing: Privacy Issues

Context Awareness

• Context awareness– A ubiquitous computing system must be

cognizant of its user’s state and surroundings, and must modify its behavior according to the cognizance.

• A user’s context can be:– Physical location– Physiological state (e.g., body temperature and

heart rate)– Emotional state (e.g., angry, distraught, and calm)– Personal history– Daily behavioral patterns

Page 7: Ubiquitous Computing: Privacy Issues

An Example of a Smart Object

• MediaCup@TecO– augmented with sensin

g, processing and communication capabilities (integrated in the cup's bottom), to collect and communicate general context information in a given environment

Page 8: Ubiquitous Computing: Privacy Issues

Networked with Other Smart Objects

ANOTHER BEER,PLEASE, HAL…

I’M SORRY, DAVE.I CAN’T DO THAT.

THE BATHROOM SCALEAND THE HALL MIRROR

ARE REPORTINGDISTURBING

FLAB ANOMALIES.

Page 9: Ubiquitous Computing: Privacy Issues

Smart Clothing

• Conductive textiles and inks– Print electrically active

patterns directly onto fabrics

• Sensors based on fabric– e.g., monitor pulse, blood

pressure, body temperature

• Invisible collar microphones and Integrated small cameras

• Youth clothing– Game console on the sleeves?– Integrated GPS-driven

locatorsPrivacy Issues?

Page 10: Ubiquitous Computing: Privacy Issues

Context Awareness Revisited

• Xerox Parc’s automatic phone-call routing experiment

• A federal office described in Neal Stephenson’s “Snow Crash”

Page 11: Ubiquitous Computing: Privacy Issues

Privacy Implications of UbiComp

• What is it that makes ubiquitous computing any different from other computer science domains with respect to privacy?

• Why should scientists and engineers in this particular domain be any more concerned with such vague notions of liberty, freedom, and privacy?

Page 12: Ubiquitous Computing: Privacy Issues

Privacy Implications, cont’d.

• Ubiquitous devices are ideally suited for covert operation and illegal surveillance.

• Information provided by many sensors to acquire knowledge about the context; these sensors can be invisible to users.

• The sensors, gathering information about people without being noticed, can be a threat to privacy.

Page 13: Ubiquitous Computing: Privacy Issues

Privacy Challenges (1)

• Privacy is already a concern with the WWW

• Much more dramatic in a ubiquitous computing environment– Unlimited coverage (sensors everywhere)

– Loss of awareness (invisible computing)

– New types of data (location, health, habits, …)

– More knowledge though context

– Anonymity hard to achieve

– Difficulty in explicit notice or consent by user

Page 14: Ubiquitous Computing: Privacy Issues

Privacy Challenges (2)

• Privacy is greatly complicated by ubiquitous computing.– Mechanisms such as location tracking,

smart spaces, and use of surrogates monitor user actions on an almost continuous basis.

– As a user becomes more dependent on a ubiquitous computing system, the system becomes more knowledgeable about that user’s movements, behavior patterns and habits.

Page 15: Ubiquitous Computing: Privacy Issues

Six Guiding Principles

• Marc Langheinrich, “Privacy by Design: Principles of Privacy-Aware Ubiquitous Systems,” in the proceedings of Ubicomp 2001.– Notice – Choice and Consent– Anonymity and Pseudonymity– Proximity and Locality– Adequate Security– Access and Recourse

Page 16: Ubiquitous Computing: Privacy Issues

Notice (Openness)

• The subject whose information is collected must be notified.

• Environment where it is often difficult for data subjects to realize that data collection is actually taking place

• Necessary to have not only mechanisms to declare collection practices (i.e., privacy policies), but also efficient ways to communicate these to the user (i.e., policy announcement).

Page 17: Ubiquitous Computing: Privacy Issues

Choice and Consent

• It is necessary to get explicit consent of the subject by means of digital or handwriting signature.

• How can we offer customers many choices of security and get their consent?

• In order to give users a true choice, we need to provide a selection mechanism (i.e., privacy agreements) so that users can indicate which services they prefer.

Page 18: Ubiquitous Computing: Privacy Issues

Anonymity and Pseudonymity

• An important option when offering clients a number of choices. – But, it is not easy to get anonymity in ubiquitous environ

ment because sensors will easily disclose the real identity.

• Pseudonymity is an alternative that allows for a more fine grained control of anonymity in ubiquitous environments.

Page 19: Ubiquitous Computing: Privacy Issues

Proximity and Locality

• A user can benefit from information gathered only within a particular area. Information value decreases when distance increases.

• The system should support mechanisms to encode and use locality information for collected data that can enforce access restrictions based on the location of the person wanting to use the data.

Page 20: Ubiquitous Computing: Privacy Issues

Adequate Security

• It is not necessary to increase the security level to an extent when it is not worth the intrusion.

• We need to employ robust security features only in situations with highly sensitive data transfer– financial transactions– transfer of medical information

Page 21: Ubiquitous Computing: Privacy Issues

Access and Recourse

• Needs to provide a way for users to access their personal information in a simple way through standardized interfaces (i.e., data access).

• Users should be informed about the usage of their data once it is stored, similar to call-lists that are often part of monthly phone bills (i.e., usage logs).

Page 22: Ubiquitous Computing: Privacy Issues

Privacy in Ubiquitous Computing

• Privacy is possible in ubiquitous computing environment.– Let people know about collections

– Let people query, update, delete their own data

– Let people know about each usage

• Solutions need not be perfect to be useful– Trusting fair information practices

– Trusting collectors to keep their promises

– Trusting the legal system

Page 23: Ubiquitous Computing: Privacy Issues

Conclusions

• We are not trying to achieve total security, let alone total privacy!

• What should be within our reach is achieving a good balance of convenience and control when interacting with ubiquitous, invisible devices and infrastructures.

• We can begin by designing ubiquitous systems for privacy in the initial stages, not after implementation.