Intro to Ubicomp Privacy

Jason I. Hong

• Ubicomp envisions– lots of sensors for gathering data

– rich world models describing people, places, things

– pervasive networks for sharing

• This data can be used for good and for bad

The Fundamental Tension

Find Friends

Smart Homes

Smart Stores

• “I’ve got nothing to hide”– Protection from spam, identity theft, mugging

• Surveillance– General suspicion of guilt until proven innocent

– Lack of trust in work environments

• Starting over– Something stupid you did as a kid

• Creativity and freedom to experiment– Protection from total societies

– Room for each person to develop individually

• “The right to be let alone”

Why Care About Privacy?End-User Perspective

Everyday Risks Extreme Risks

Stalkers, Muggers_________________________________

Well-beingPersonal safety

Employers_________________________________

Over-monitoringDiscrimination

Reputation

Friends, Family_________________________________

Over-protectionSocial obligationsEmbarrassment

Government__________________________

Civil liberties

• Most obvious problem with ubicomp by outsiders

Why Care?Designer and App Developer Perspective

• “Do I wear badges? No way. I am completely against wearing badges. I don't want management to know where I am. No. I think the people who made them should be taken out and shot... it is stupid to think that they should research badges because it is technologically interesting. They (badges) will be used to track me around. They will be used to track me around in my private life. They make me furious.”

• Ubicomp “might lead directly to a future of safe, efficient, soulless, and merciless universal surveillance” – Rheingold

Why Care?Designer and App Developer Perspective

• Hard to define until something bad happens– “Well, of course I didn’t mean to share that”

– “You know it when you lose it”

• Risks not always obvious– Burglars went to airports to collect license plates

– Credit info used by kidnappers in South America

• Malleable depending on situation– Still use credit cards to buy online

– Benefit outweighs cost

Why is Privacy Hard?

• Data getting easier to store– Think embarrassing facts from a long time ago (ex. big hair)

– Think function creep (ex. SSNs)

• Hard to predict effect of disclosure– Hard to tell what credit card companies, Amazon are doing

• More data means can market to you better

– Trust your friend do the right thing?

• Easy to misinterpret– Went to drug rehabilitation clinic, why?

• Bad data can be hard to fix– Sen. Ted Kennedy on TSA watch list

Why is Privacy Hard?

• Scope and scale– Everywhere, any time

• Easier to collect and share info– Location, activities, habits, hobbies, people with

• Breaks existing notions of space and time– Close the door

– Whisper to people

• Machine readable and searchable

How Ubicomp Changes the Landscape

• Transparent Society– Multi-way flow of info (vs one-way to govts or corporations)

• Don’t care– I’ve got nothing to hide – We’ve always adapted– "You have zero privacy anyway. Get over it."

• Fundamentalist– Don’t understand the tech– Don’t trust others to do the right thing

• Pragmatist– Cost-benefit– Communitarian benefit to society as well as individual

Some Philosophical Views

• Make it easy for organizations to do the right thing– Detecting abuse (ex. honeypots, audits)– Better database aggregation and anonymization– Better org-wide policies and enforcement

• Make it easy for individuals to share right info with right people at right times– Better ubicomp architectures that put end-users in control

• Can’t just flip a switch• Make it easier for app developers to do right thing

– Better UIs (awareness, disclosures, decision-making)– Better design and evaluation methods

Fundamental Tech Challenges

Is Privacy Always Good?

• Can be used as a shield for abusive behavior• Supermarket loyalty cards

– Gauge effect of marketing, effects of price and demand

– Market to best customers

• Can streamline economic transactions– Easy credit

• Reputation management• EU – “Regulators prosecuted an animal rights activist

who published a list of fur producers and a consumer activist who criticized a large bank on a Web page that named the bank’s directors.”

Is Privacy Always Good?

• What is the role of tech? How much should it do?– With respect to Market, Law, and Social Norms?

• What values should we embody in tech?– And how to design for those values?– Is privacy always good to have?

• How to assess risks better beforehand?• Better h/w and s/w architectures?

– Physical layer of privacy?• Better UIs? Understandable mental models? • Metrics for privacy?• Third parties / companies that manage your privacy?

Discussion Points