Privacy and Trust Issues with Invisible Computers Center for E-Business Technology Seoul National University Seoul, Korea Saadi Lahlou, Marc Langheinrich,

Privacy and Trust Issues with Privacy and Trust Issues with Invisible ComputersInvisible Computers

Center for E-Business TechnologySeoul National University

Seoul, Korea

Saadi Lahlou, Marc Langheinrich, Carsten RockerCommunications of ACM , 2005

Presented by Nam, Kwang HyunIntelligent Database Systems LabSchool of Computer Science & EngineeringSeoul National University, Seoul, Korea

Copyright 2008 by CEBT

ContentsContents

Introduction

The data collection of Ubiquitous computing

Fear of Filing

Privacy Enhancing Guidelines

Discussion

Context-Aware Personalization - 2


IntroductionIntroduction

Invisible Computer (Disappearing Computer)

“Will we be surrounded by computers by 2010? Yes, but we won’t know it.”

– Bill Gates, Microsoft’s chairman and chief software architect, "The World in 2003," a publication of The Economist Group

As people find more ways to incorporate these inexpensive, flexible and infinitely customizable devices into their lives, the computers themselves will gradually "disappear" into the fabric of our lives.

– http://www.microsoft.com/presspass/ofnote/11-02worldin2003.mspx

The following era of computing is “Ubiquitous computing”.



IntroductionIntroduction

Privacy

(individual) private life which is not interfered by others

– Word dictionary

“the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively.”

– Wikipedia

“The desire of people to choose freely under what circumstances and to what extent they will expose themselves, their attitude and their behavior to others.”

– Alan Westin, “Privacy And Freedom“, 1967



ScenarioScenario


Heung-Boo

Shit! My knee is hurt.I’ll sue this supermarket

Your sue is dismisseddue to lack of evidence.

If I didn’t, the store would reveal records of my (substantial) alcohol purchasesWhat! But, Mediator told me

zip up my mouth.

Because he is a card-club member of this supermarket,His shopping habit kept being tracked and recorded.

Because he is a card-club member of this supermarket,His shopping habit kept being tracked and recorded.

One day, Heung-Boo went to supermarket to buy beer. During shopping, he suddenly slipped on a banana peel. One day, Heung-Boo went to supermarket to buy beer.

During shopping, he suddenly slipped on a banana peel. The story shows how recording seemingly innocuous data

about daily activities can have significant consequences on our lives.The story shows how recording seemingly innocuous data

about daily activities can have significant consequences on our lives.

How did the supermarket get his purchase history? How did the supermarket get his purchase history?


The data collection of Ubiquitous The data collection of Ubiquitous computingcomputing


There are five characteristics to explain differences of data collection between Ubiquitous computing and today

1. The unprecedented coverage of smart environments and objects

Present in homes, offices, cars, schools, and elderly care facilities

2. The data collection will be practically invisible

Visible

– Card swiping, Form signing

Invisible

– Sensors in walls, doors, and shirts




3. Data will be more intimate than ever before

What we do

Where we do it

When we do it

How we feel while doing so

– Expressed by heart rate, perspiration, or walking pattern

4. The underlying motivation for the data collection

Smart objects are dependent on as much information as they can possibly collect in order to best serve us




5. The increasing interconnectivity

Allowing smart devices to cooperatively helps us

Unprecedented level of data sharing

– Making unwanted information flows much more likely

These characteristics indicate that data collections in the age of ubiquitous computing

A quantitative change from today

A qualitative change from today

Never before has so much information about us been instantly available


Risks of Ubiquitous ComputingRisks of Ubiquitous Computing

Ubiquity

everywhere

Invisibility

not detectable

Sensing

anytime

Memory Augmentation

stored and recombined

– [M. Langheinrich, ETH Zurich]



Fear of FilingFear of Filing

Loss of privacy is associated with the quantity of personal information collected

Fear of privacy infringements constantly increases with the integration of computers in everyday life

When boundaries between public and private spaces blur, users feel uneasy

Because they don’t know what information often triggering substantial privacy and security concerns about the technology




Making technology ‘invisible’

Sensory borders disappear

– Because collecting and processing of personal information is a core function of smart environments, privacy, and ubiquity seem to be in constant conflict

Privacy was either an abstract problem

Not a problem yet (“only prototypes”)

Not a problem at all (Firewalls and cryptography would take care of it)

Not their problem (but one for politicians, lawmakers, or more vaguely society)

Simply not part of the project deliverables




The design decisions have far-reaching consequences for the future costs of privacy protection within the system

The design of adequate solutions will only succeed

If privacy-related problems are methodically approached from the initial stages of development



Movie: Minority ReportMovie: Minority Report

Expected ubiquitous environment appear this movie.

Especially, body identification system which is located in building, street, and subway station analysis personal information by extracting information from human’s eye.

This is used to search out criminal suspects and to provide one-to-one advertisement(marketing).

However, if this is used with bad intention, then…



Movie: Eagle EyeMovie: Eagle Eye

In this movie, main computer knows everything about hero(leading character).

It knows

– What he has done and is doing

– Where he is

– And so on…

He and other people try to escape from being monitored by computer.

However …

This movie shows fear of invisible data gathering from people.



Privacy Enhancing GuidelinesPrivacy Enhancing Guidelines

European Disappearing Computer Privacy Design Guidelines

Help system designers implement privacy within the core of ubiquitous computing systems

Privacy is often a trade-off with usability

– Therefore, designing for privacy is difficult

The guidelines state 9 rules

– Reinterpret some of the well-known fair information practices in light of disappearing computers

– Add new rules that specifically deal with the privacy challenges introduced by such invisible and comprehensive data collection




1. Think Before Doing

Evaluate potential system impacts

The very nature of a system or its parts may be against privacy in their intention

2. Re-visit Classic Solutions

Search for existing solutions in the physical world or in old systems for the similar class of problem/service

Understand the way in which new technologies change the effects of classic issues




3. Openness

Systems should give human users access to what they do, do it, and do nothing else

Help human users construct a valid and simple mental model of what the system does

Goals, ownership and state of system should be explicit, true and easily accessible to human users, in a simple format

4. Privacy Razor

Human user characteristics seen by the system should contain ONLY elements which are necessary for the explicit goal of the activity performed with the system




5. Third Party Guarantee

Using a neutral or trusted third party may open more solutions or lighter design

6. Make Risky Operations Expensive

No system is 100% privacy safe. Human users should be made aware of which operations are privacy-sensitive

Operations identified as privacy-sensitive should be made costly for the system, the human user, the third party




7. Avoid Surprise

Human users should be made aware when their activity has an effect on the system

Acknowledgement should be explicit for irreversible major changes

Cancellation should be an option as much as possible, not only in the interface, but in the whole interaction with the system

8. Consider Time

Expiry date should be the default option for all data




9. Good Privacy Is Not Enough

Safety, security, sustainability, equity, and etc. are important issues with which trade-offs may have to be considered

These trade-offs should be discussed with stake-holders or their representatives as much as possible




Designers of ubiquitous system use these guidelines as a start point when creating disappearing computer applications

Evaluate their usefulness for their design process

Fold back their experiences into guidelines

– To allow them to evolve together with the applications that define the field of ubiquitous and pervasive computing

After a number of iterations, such guidelines could form the basis for a social dialogue that brings together developers, service provides, legal experts, and social scientists

In order to

– Update existing privacy legislation

– Construct together with users a sustainable future with invisible computers



DiscussionDiscussion

Double-edged sword!!

Ubiquitous computing may provides people much more convenient life than today’s

However, according to its characteristic, this can be also a method to infringe human’s privacy.

Then, do we have to stop researching it?



DiscussionDiscussion

Is there any perfect solution or method for privacy infringement?

I think protection is much harder than infringement.

Even though we try to protect privacy, privacy may be violated.

Then do nothing?

The best way to protect our privacy is to keep observing the situation of privacy infringement, and to keep researching the way of protection and to keep cooperating with the field of law.


Documents

Privacy and Trust Issues with Invisible Computers Center for E-Business Technology Seoul National University Seoul, Korea Saadi Lahlou, Marc Langheinrich,