An Architecture for Privacy-Sensitive Ubiquitous Computing

MobiSys'04, Boston

“the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others”

Chen, Wei-Chia

What are the previous solutions?

An Architecture for Privacy-Sensitive Ubiquitous Computing

What are the previous solutions?

• Anonymity or secret; strangers

• Sharing information with others who know one’s identity

• Weiser: Control• (Facebook)

An Architecture for Privacy-Sensitive Ubiquitous Computing

Does privacy need an architecture?

An Architecture for Privacy-Sensitive Ubiquitous Computing

Problem

• For end-user: concerned about systems that centralize data

• For developers: acquiring context data from a variety of sources, refining and storing that context data, and retrieving and using context data.

• Ad hoc and multilayer-communication

An Architecture for Privacy-Sensitive Ubiquitous Computing

Previous Work

• Addresses at most one layer

An Architecture for Privacy-Sensitive Ubiquitous Computing

Presence P3P, Privacy Mirror

Infrastructure ParcTab System, Context Toolkit

Physical/Sensors Cricket Location Beacons, Active Bats

Confab: System Requirements

• A decentralized architecture, local devices owned by that end-user

• A range of mechanisms for control and feedback by end-users

• Deniability • Emergencies

An Architecture for Privacy-Sensitive Ubiquitous Computing

Alice’sLocation

Bob’sLocation

Architecture Highlight:

Focusing more on location than on other forms of contextual information

An Architecture for Privacy-Sensitive Ubiquitous Computing

Architecture elements

PersonalInfoSpace

PersonalInfoSpace

LocName

AppSourceSensors

My Computer

Tuple: the basic unit of infoSpace

InfoSpace: network-addressable logical storage units that store context data about those entities

Confab’s Data Model

An Architecture for Privacy-Sensitive Ubiquitous Computing

2

1

Decentralized

Control mechanism

Deniability

Emergencies

Context data types

Data Model

An Architecture for Privacy-Sensitive Ubiquitous Computing

Decentralized

Control mechanism

Deniability

Emergencies

Programming Model

An Architecture for Privacy-Sensitive Ubiquitous Computing

An Architecture for Privacy-Sensitive Ubiquitous Computing

PersonalInfoSpace

PersonalInfoSpace

LocName

App

On Operators

SourceSources

Out OperatorsIn Operators

My Computer

Check access policies Check privacy tagNotify on incoming data

Check access policies Check privacy tags Notify on outgoing data Invisible mode Add privacy tag Interactive

Garbage CollectPeriodic ReportsCoalesce

Decentralized

Control mechanism

Deniability

Emergencies

Evaluation: BEARS Emergency Response Servic

An Architecture for Privacy-Sensitive Ubiquitous Computing

Decentralized

Control mechanism

Deniability

Emergencies

Making continuous location queries, as well as making updates to both the trusted third-party and to the building server

Confab provides application developers with a framework and a suite of mechanisms for building privacy-sensitive applications. Operators : within an end-user’s infospace to help control the flow of personal information, and can be customized.

Service descriptions : used by applications to describe at what granularity and at what rate the data is needed.

An Architecture for Privacy-Sensitive Ubiquitous Computing

Summary of data model and programming model

Confab toolkit for facilitating construction of privacy-sensitive ubicomp applications

“Use technology correctly to enhance life. It is important that people have a choice in how much information can be disclosed

than the technology is useful.”

An Architecture for Privacy-Sensitive Ubiquitous Computing

Conclusion

+ Privacy at physical, infrastructure, and presentation layers+ Push architecture towards local capture, processing, storage+ Couple w/ better UIs for greater choice, control, and feedback