what do you want to share today
play

What Do You Want to Share Today? Building Privacy-Aware AmI-Systems - PowerPoint PPT Presentation

What Do You Want to Share Today? Building Privacy-Aware AmI-Systems Marc Langheinrich Institute for Pervasive Computing ETH Zrich March 21. 2006 SWAMI Conference, Brussels 1 Fair Information Principles (FIP) Drawn up by the OECD,


  1. “What Do You Want to Share Today?” Building Privacy-Aware AmI-Systems Marc Langheinrich Institute for Pervasive Computing ETH Zürich March 21. 2006 SWAMI Conference, Brussels 1

  2. Fair Information Principles (FIP) � Drawn up by the OECD, 1980 � “Organisation for economic cooperation and development” � Voluntary guidelines for member states � Goal: ease transborder flow of goods (and information) � Five principles (simplified) Openness Collection Limitation 1. 4. Data access and control Data subject’s consent 2. 5. Data security 3. � Core principles of most modern privacy laws � Implication: Technical solutions must support FIP March 21. 2006 SWAMI Conference, Brussels 2

  3. Fair Information Principles (FIP) � Drawn up by the OECD, 1980 � “Organisation for economic cooperation and development” � Voluntary guidelines for member states � Goal: ease transborder flow of goods (and information) � Five principles (simplified) Openness Collection Limitation 1. 4. Data access and control Data subject’s consent 2. 5. Data security 3. � Core principles of most modern privacy laws Core Question : Can (user interface) technology support those principles that need Core Question : Can (user interface) technology support those principles that need user involvement? Can we put the user „into the loop“ of privacy protection? � Implication: Technical solutions must support FIP user involvement? Can we put the user „into the loop“ of privacy protection? March 21. 2006 SWAMI Conference, Brussels 3

  4. Openness in AmI � No hidden data collection! � Legal requirement in many countries � Established means: privacy policies � Who, what, why, how long, etc. ... March 21. 2006 SWAMI Conference, Brussels 4

  5. Openness in AmI � No hidden data collection! � Legal requirement in many countries � Established means: privacy policies � Who, what, why, how long, etc. ... � How to publish policies in Ubicomp? � Periodic broadcasts? � Too many devices? � Countless announcements an annoyance � Notices “get in the way” – Background vs Foreground March 21. 2006 SWAMI Conference, Brussels 5

  6. Openness in AmI � No hidden data collection! � Legal requirement in many countries � Established means: privacy policies � Who, what, why, how long, etc. ... How many people read SSL certificate warnings? How many people read SSL certificate warnings? � How to publish policies in Ubicomp? Cookie warnings? Do you want to proceed, yes or no? Cookie warnings? Do you want to proceed, yes or no? � Periodic broadcasts? � Too many devices? � Countless announcements an annoyance � Notices “get in the way” – Background vs Foreground March 21. 2006 SWAMI Conference, Brussels 6

  7. Access & Control in AmI � Identifiable data must be accessible � Users can review, change, sometimes delete � Collectors must be accountable � Privacy-aware storage technology? March 21. 2006 SWAMI Conference, Brussels 7

  8. Access & Control in AmI � Identifiable data must be accessible � Users can review, change, sometimes delete � Collectors must be accountable � Privacy-aware storage technology? � Whom should I ask? � Countless, often unknown interactions. Centralized?! � How to check for correctness? � Is this really my walking pattern? March 21. 2006 SWAMI Conference, Brussels 8

  9. Consent in AmI � Participation requires explicit consent � Usually a signature or pressing a button � True consent requires true choice � More than „take it or leave it“ March 21. 2006 SWAMI Conference, Brussels 9

  10. Consent in AmI � Participation requires explicit consent � Usually a signature or pressing a button � True consent requires true choice � More than „take it or leave it“ � How to ask without a screen? � Designing UI‘s for embedded systems, or � Finding means of delegation (is this legal?) � Consenting to what? � Do I understand the implications? March 21. 2006 SWAMI Conference, Brussels 10

  11. Consent in AmI � Participation requires explicit consent � Usually a signature or pressing a button � True consent requires true choice � More than „take it or leave it“ � How to ask without a screen? � Designing UI‘s for embedded systems, or � Finding means of delegation (is this legal?) � Consenting to what? � Do I understand the implications? March 21. 2006 SWAMI Conference, Brussels 11

  12. Example: Convenience � Emnid survey Germany (03/2002) � 50% have at least one loyalty card � 72% welcome such offers � 70 million cards in circulation (12/2003) � Average rebate: 1.0-0.5% � 15% of consumers estimate rebate being 5-10% � Minding the fine print? � Explicit signature allows detailed data mining � Consequences? March 21. 2006 SWAMI Conference, Brussels 12

  13. Consumer Loyalty Cards – Legal Implications � Arson near youth house Niederwangen (Berne) � At scene of crime: Migros-tools � Court ordered disclosure of all 133 consumers who bought items on their supermarket card (8/2004) � Arsonist not yet found (11/2005) March 21. 2006 SWAMI Conference, Brussels 13

  14. Consumer Loyalty Cards – Legal Implications � Arson near youth house Niederwangen (Berne) � At scene of crime: Migros-tools � Court ordered disclosure of all 133 consumers who bought items on their supermarket card (8/2004) � Arsonist not yet found (11/2005) Informed Consent? Informed Consent? Who Would Think of Such Things When Buying a Screwdriver?! Who Would Think of Such Things When Buying a Screwdriver?! March 21. 2006 SWAMI Conference, Brussels 14

  15. “Do-the-right-thing” Privacy � No one wants to manage their privacy! � Anonymizer (Zero-Knowledge.com)? Infomediaries? � Privacy interface? Identity managers? March 21. 2006 SWAMI Conference, Brussels 15

  16. “Do-the-right-thing” Privacy � No one wants to manage their privacy! � Anonymizer (Zero-Knowledge.com)? Infomediaries? � Privacy interface? Identity managers? � Challenge: When to share what with whom? � Simple command (touch, shake, press) for paying, etc. � System knows what to share (not too much!) � Challenge: Something wrong? � Simple to check � Simple to fix or get help March 21. 2006 SWAMI Conference, Brussels 16

  17. „Pervasive Privacy“ (Rossnagel) Anytime, Anywhere, Automatic, Pro-Active „The most profound technologies are those that disappear . They weave themselves into the fabric of everyday life until they are indistinguishable from it.“ Mark Weiser (1952 – 1999) � Let technology disappear into laws, social habits � Not through interfaces, but operate in the background March 21. 2006 SWAMI Conference, Brussels 17

  18. „Pervasive Privacy“ (Rossnagel) Anytime, Anywhere, Automatic, Pro-Active „The most profound technologies are those that disappear . They weave themselves into the fabric of everyday life until they are indistinguishable from it.“ Mark Weiser (1952 – 1999) � Let technology disappear into laws, social habits � Not through interfaces, but operate in the background � Can we make privacy laws „automatable“? � Can we know/predict what the user wants (no AI, pls)? � What do we need to „fix“ disclosure problems? March 21. 2006 SWAMI Conference, Brussels 18

Recommend


More recommend