2. Overview
• Basics of Ubiquitous Computing
• Context Awareness
• Privacy Issues
• Policy Principles and Guidelines
3. Ubiquitous Computing Vision
• Mark Weiser (1952~1999), XEROX PARC
– Coined the term, “ubiquitous computing”, in 1988
– Seminal Article: “The Computer for the 21st
Century,”
Scientific American (Sep. 1991)
“The most profound technologies are
those that disappear. They weave
themselves into the fabric of everyday
life until they are indistinguishable
from it.”
4. Inverted Paradigm
• “Computer in the world (embodied virtuality)”
instead of “World in the computer (virtual
reality)”
• Small, lightweight, and cheap processors
embedded in everyday objects
5. Smart Objects
• Enrich real world objects with information
processing capabilities
– Embedded Processors and Memory
can remember pertinent events!
– Wireless Communications
communicate with their environment
– Sensors
responsive
context-sensitive or context-aware behavior
6. Context Awareness
• Context awareness
– A ubiquitous computing system must be cognizant of
its user’s state and surroundings, and must modify
its behavior according to the cognizance.
• A user’s context can be:
– Physical location
– Physiological state (e.g., body temperature and heart
rate)
– Emotional state (e.g., angry, distraught, and calm)
– Personal history
– Daily behavioral patterns
7. An Example of a Smart Object
• MediaCup@TecO
– augmented with
sensing, processing
and communication
capabilities (integrated
in the cup's bottom), to
collect and
communicate general
context information in
a given environment
8. Networked with Other Smart Objects
ANOTHER BEER,
PLEASE, HAL…
I’M SORRY, DAVE.
I CAN’T DO THAT.
THE BATHROOM SCALE
AND THE HALL MIRROR
ARE REPORTING
DISTURBING
FLAB ANOMALIES.
9. Smart Clothing
• Conductive textiles and inks
– Print electrically active patterns
directly onto fabrics
• Sensors based on fabric
– e.g., monitor pulse, blood
pressure, body temperature
• Invisible collar microphones
and Integrated small cameras
• Youth clothing
– Game console on the sleeves?
– Integrated GPS-driven locators
Privacy Issues?
10. Context Awareness Revisited
• Xerox Parc’s automatic phone-call routing
experiment
• A federal office described in Neal Stephenson’s
“Snow Crash”
11. Privacy Implications of
UbiComp
• What is it that makes ubiquitous computing any
different from other computer science domains
with respect to privacy?
• Why should scientists and engineers in this
particular domain be any more concerned with
such vague notions of liberty, freedom, and
privacy?
12. Privacy Implications, cont’d.
• Ubiquitous devices are ideally suited for covert
operation and illegal surveillance.
• Information provided by many sensors to
acquire knowledge about the context; these
sensors can be invisible to users.
• The sensors, gathering information about people
without being noticed, can be a threat to
privacy.
13. Privacy Challenges (1)
• Privacy is already a concern with the WWW
• Much more dramatic in a ubiquitous computing
environment
– Unlimited coverage (sensors everywhere)
– Loss of awareness (invisible computing)
– New types of data (location, health, habits, …)
– More knowledge though context
– Anonymity hard to achieve
– Difficulty in explicit notice or consent by user
14. Privacy Challenges (2)
• Privacy is greatly complicated by ubiquitous
computing.
– Mechanisms such as location tracking, smart spaces,
and use of surrogates monitor user actions on an
almost continuous basis.
– As a user becomes more dependent on a ubiquitous
computing system, the system becomes more
knowledgeable about that user’s movements,
behavior patterns and habits.
15. Six Guiding Principles
• Marc Langheinrich, “Privacy by Design: Principles
of Privacy-Aware Ubiquitous Systems,” in the
proceedings of Ubicomp 2001.
– Notice
– Choice and Consent
– Anonymity and Pseudonymity
– Proximity and Locality
– Adequate Security
– Access and Recourse
16. Notice (Openness)
• The subject whose information is collected must
be notified.
• Environment where it is often difficult for data
subjects to realize that data collection is actually
taking place
• Necessary to have not only mechanisms to
declare collection practices (i.e., privacy
policies), but also efficient ways to communicate
these to the user (i.e., policy announcement).
17. Choice and Consent
• It is necessary to get explicit consent of the
subject by means of digital or handwriting
signature.
• How can we offer customers many choices of
security and get their consent?
• In order to give users a true choice, we need to
provide a selection mechanism (i.e., privacy
agreements) so that users can indicate which
services they prefer.
18. Anonymity and Pseudonymity
• An important option when offering clients a
number of choices.
– But, it is not easy to get anonymity in ubiquitous
environment because sensors will easily disclose the
real identity.
• Pseudonymity is an alternative that allows for a
more fine grained control of anonymity in
ubiquitous environments.
19. Proximity and Locality
• A user can benefit from information gathered
only within a particular area. Information value
decreases when distance increases.
• The system should support mechanisms to
encode and use locality information for collected
data that can enforce access restrictions based
on the location of the person wanting to use the
data.
20. Adequate Security
• It is not necessary to increase the security level to
an extent when it is not worth the intrusion.
• We need to employ robust security features only
in situations with highly sensitive data transfer
– financial transactions
– transfer of medical information
21. Access and Recourse
• Needs to provide a way for users to access their
personal information in a simple way through
standardized interfaces (i.e., data access).
• Users should be informed about the usage of
their data once it is stored, similar to call-lists
that are often part of monthly phone bills (i.e.,
usage logs).
22. Privacy in Ubiquitous
Computing
• Privacy is possible in ubiquitous computing
environment.
– Let people know about collections
– Let people query, update, delete their own data
– Let people know about each usage
• Solutions need not be perfect to be useful
– Trusting fair information practices
– Trusting collectors to keep their promises
– Trusting the legal system
23. Conclusions
• We are not trying to achieve total security, let
alone total privacy!
• What should be within our reach is achieving a
good balance of convenience and control when
interacting with ubiquitous, invisible devices
and infrastructures.
• We can begin by designing ubiquitous systems
for privacy in the initial stages, not after
implementation.