Itri icl 0116_distribute

個資(Personal data)與巨資
(Big Data)的Privacy新挑戰
who cares?
- 從手機感測資訊之應用談起

史馥銘

1

Outline
• From Personal Data to Big Data
• Demystify Privacy ?
• Privacy issues around smartphone sensing
• UX for privacy: data and context
• Privacy rethink

2

你的資料 ≈你

CACM, May 2010
3

Big Data Analysis
的Privacy故事

4

What will you buy next?
5

What is your risk of getting x?
6

Why should we care?
• Healthy ecosystem for mobile apps, personal data
and third parties

7

Most personal device with rich data

8

Companies are making inferences
from that personal information

9


10


11


12


13

So What Happened in that Scenario?
• Inferences made from both data instances
and pattern
• Inferences might be incorrect
• Data used for one purpose might also be used
for another purpose
• Inferences might be harmful

14

Inappropriate Data Use

Less trust
Less useful data
Less monetization
15

Challenges
• What if my data in Big Data is incomplete?
• Do I have control to what parts of their data
get involved in any Big Data analysis?
• What could be the harms?
– social groups
– insurance
– work

16

Privacy is complicated

17

Privacy is not security

18

Privacy is not anonymity

19

Privacy is not access control list

20

問題一

請問美國政府哪一個單位
管Privacy ?

FTC (Fair Trade Commission)
公平交易委員會
Why?
21

Privacy 討論的三大支柱
• Inform and consent
• Self-determination (access control)
• Personal identifiable information
– regulation
– de-identification

22

Inform and consent

還記得你哪一次
點過 Cancel嗎?

23

該 Inform 使用者什麼？

24

First Step to Improve Privacy on
Smartphone

• Transparency
– What kinds of data are collected by the apps?
– Where are they sent to?
– How will the data be used?

25

研究議題1: 恢復使用者知的權利
AppWindow

你知道你的APP如何
讀取你的個資嗎?

26

先聽結論

Users feel that
the apps are intrusive
when the apps
do not respect data
usage contexts
啥?

Usage Context
• 用我的Data OK, 但是(我以為)只能在…
• User 心中都有一個*我以為Data這樣用*
• Boundary management
– Google +
– LinkedIn
– Facebook

28

Big Failure of Google Buzz

通訊錄不等於好友!
因為data context 不同

29

Loss & Collapse of Context
reasoning

B IF (B ^ C) THEN ..
A
school

drinking
C

Story about my Google Map
Google map collects data when the phone is off
Moving: sampling rate goes up

出乎意料?
• Why apps are reading my location when the
phone is off?

Privacy Fingerprint (Angrybird)

E.g. Privacy-impacting Behavior

Revealing Privacy-Impacting Behavior Patterns of Smartphone Applications, Gokhan Bal, 2012
38

研究議題2: UX for Privacy
• 三大支柱之一：Self-determination (control)
• Do we feel some places are more private then
others?
• Privacy in public place?
• Not dichotomy but involves various factors
• Depends on situations

Research problems
• How do we design fine-grained control for
people to disclose their data to applications?

40

Research problems
• Could we give more fine-grained control for
• How do people create a policy?
– what are the factors that affect their decisions?

41

Research problems
• Could we give more fine-grained control for
• How do people create a policy?
– what are the factors that affect their decisions?
• Control of what?
– what should be the appropriate data abstractions
for control?
– e.g. Google circle, a better abstraction for sharing
in social network?
42

Study Flow
• Logs various types of sensors
• Prompts the user with a notification

1. annotations (location, situation, timestamp)
2. sensor data (ambient sound, accelerometer, Bluetooth, GPS, Wi-Fi,
gyroscope, cellular info..etc )

generate
survey

Databases

43

Survey

3 different types of data consumers (apps)
(academic, local stores, online companies)
are selected randomly for each question)

Local store label
is customized for
each user

44

Recall context then respond
• Without interrupting the user to think about
*privacy* questions at the moment, we help
the user to reconstruct his situation context
later
So I was talking to
my colleagues this
morning in my
office, this app asked
for my location Yes
No
[*policy*] I don’t
want my locations
in work be disclosed
to any app
45

結論
• We found that context does affect people’s
decisions for data disclosure
• People actually made non-reasonable decision
when they are ignorant of the privacy
implications
– “I am willing to give my situation to Google
because I figure that they might already know
everything about me”

46

重新思考今天的 Data 現況

Networked, inferred
and public by default

47

支配Privacy Practice的三大因素
• Norm (information flow + expectation of
privacy)
• User trust
• Regulation

48

Where are we heading?
• Big Data Analysis + 應用平台
– 電子發票
– Smart City
• 如果要把資料效益最大化，應該把 Privacy
納入系統設計
– security/anonymity*
– user experience
– access control
– audit logs

49

Privacy-Aware Smartphone
• Embedded Privacy into OS level
• Privacy-impacting factors of smartphone
sensing

50

個資法
• 科技人請加入對話

51

30 seconds takeaway
• Big Data is not necessary good data
• 隱私 (privacy) 其實不是一個好詞 for issues
around personal data in Big Data
• Platform designer needs to think about usage
of data, not applications
• Think context and data together whenever
design UX for privacy

52

30 seconds takeaway
• 隱私 (privacy) 其實不是一個好的形容詞 for
issues around personal data in Big Data
• Platform designer needs to think about usage
of data, not applications

53

30 seconds takeaway
• Platform designer needs to also think about
usage of data and its impact on privacy, not
just application features

54

30 seconds takeaway
• Platform designer needs to also think about
usage of data and its impact on privacy, not
just application features

55

Itri icl 0116_distribute

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Itri icl 0116_distribute

Similar to Itri icl 0116_distribute (20)

Itri icl 0116_distribute

Editor's Notes