Privacy Issues

1
Privacy Issues IN Mobile Commerce Zhengchuan XU
(Michael) Oct. 24, 2006
2
What is Privacy in Mobile Commerce
3
Ubicomp Privacy is a Serious Concern

• From a nurse required to wear active badge
• It could tell when you were in the
• bathroom, when you left the unit, and
• how long and where you ate your lunch.
• EXACTLY what you are afraid of.
• allnurses.com

4
The public concern the privacy in MC(1)
5
The public concern the privacy in MC(2)
Lets talk about Privacy in MC!!
6
Agenda

• Introduction
• Issue
• Regulation
• Adoption Model
• System-Confab Toolkit

7
1 Introduction_Definition
8
1 Introduction_Definition
9
1 Introduction_Definition
10
1 Introduction_Definition
11
1 Introduction_Definition

• There are so many definition due to the role of
  cultural differences in shaping attitudes toward
  privacy.
• The ability of an individual to be able to
  determine for themselves the circumstances and
  extent that information about them is exposed to
  others by Westin (1967)
• Informational self-determination
• informational dimensions.
• psychological dimensions

12
1 Introduction_Definition

• Mobile commerce (m-commerce)
• a natural extension of e-commerce that allows
  users to interact with other users or businesses
  in a wireless mode, anytime/anywhere.mobile
  commerce

Carnegie Mellon University Mobile Commerce Lab,My
Campus Project (http//www.cs.cmu.edu/sadeh/myca
mpus.htm)
13
(No Transcript)
14
1 Introduction_Definition

• Location Based Service is the Killer
  Application
• Worldwide market for LBS market to be 18.5
  billion to 20 billion by 2005 to 2006

Figure 2. HTTP flow of location-based request
15
2 Issues_Informational Privacy
Informational Privacy focus on the manner and
extent to which persons can control how
information about them is
16
2 Issues_Collection

• Should users of Location-enabled devices be
  informed when location tracking is in use? Should
  they be permitted to turn it off? Should an
  opt-in or opt-out approach be used? What factors
  will determine these answers?

17
2 Issues_Retention

• Should users of Location-enabled devices be
  permitted to control the storage of location
  information?
• Should location information as stored be
  personally identifiable, or should the user have
  options to preserve degrees of anonymity?
• What legal protection should a persons
  historical location information have against
  unreasonable search and seizure?
• Should there be other controls governing aspects
  of stored location information, such as verifying
  accuracy, specifying retention periods, requiring
  particular levels of security, etc.?

18
2 Issues_Usage

• Does the use of location information by a second
  party such as a communications carrier, even if
  not disclosed to third parties, create the
  potential for unfair advantage for those carriers
  or abusive use of the information by those
  carriers?
• To what extent should users of locationenabled
  services be allowed to choose their own level of
  identifiability/anonymity?

19
2 Issues_Disclosure

• What level of disclosure control should be
  dictated by government regulation? By the
  affected individual customers, users, etc.? By
  other parties?

20
3 Regualtion

• Interventions that can enhance privacy-protection
  may be technological or socio-political in nature
  including the following
• legislation
• voluntary good business practice agreements
• technology-based privacy enhancing mechanisms
• education for both consumer and the industry

21
First order effects of the key institutional
context
22
3 Regualtion_Issues (1)

• What governmental legislation and regulation is
  appropriate to assure citizens rights of privacy
  in an era of location-aware mobile devices?
• Will non-governmental, voluntary standards be
  sufficiently strong and sufficiently accepted by
  industry and consumers to be effective?
• Will industry/trade group standards be
  sufficiently strong and sufficiently accepted by
  industry and consumers to be effective?

23
3 Regualtion_Issues (2)

• Will advocacy/public interest groups be capable
  of sufficiently monitoring the location-aware
  industries, and sufficiently effective in
  protecting the publics interests?
• Will consumers demand, and will suppliers
  provide, privacy-related capabilities, features,
  and policies with their products and services
  that are sufficiently strong and accepted to be
  effective?

24
4 Adoptation Model with Privacy Concerns
25
4 Adoptation Model
26
5. Archi_Confab Privacy Toolkit

• Hard to analyze privacy
• Analysis of end-user needs for ubicomp privacy
• Interviews, surveys, postings on message boards
• Hard to implement privacy-sensitive systems
• Confab toolkit for privacy-sensitive ubicomp apps
• Capture, processing and presentation of personal
  info
• Focus on location privacy
• Evaluation thru building apps
• Location-enhanced messenger
• Location-enhanced web proxy

27
An HCI Perspective on Privacy

• The problem, while often couched in terms of
  privacy, is really one of control. If the
  computational system is invisible as well as
  extensive, it becomes hard to know
• what is controlling what
• what is connected to what
• where information is flowing
• how it is being used

• Empower people so they can
• choose to share
• the right information
• with the right people or services
• at the right time

The Origins of Ubiquitous Computing Research at
PARC in the Late 1980s Weiser, Gold, Brown
28
End-User Privacy Needs

• Lots of speculation about ubicomp privacy, little
  data
• Published Sources
• Examined papers describing usage of ubicomp
  systems
• Examined existing and proposed privacy protection
  laws
• Surveys and Interviews
• Analyzed survey data of 130 people on ubicomp
  privacy prefs
• Interviewed 20 people on location-based services
• Existing Systems
• Analyzed postings on nurse message board on
  locator systems

29
Summary of End-User Privacy Needs

• Clear value proposition
• Simple and appropriate control and feedback
• Plausible deniability
• Limited retention of data
• Decentralized control
• Special exceptions for emergencies

Alices Location
Bobs Location
30
Confab Toolkit for Privacy-Sensitive Ubicomp

• Confab for privacy-sensitive ubicomp apps
• Cover end-user privacy needs
• Provide solid technical foundation for
  privacy-sensitive ubicomp
• A toolkit needs to support all three of these
  layers
• Must capture, store, process, share in
  privacy-sensitive manner

but not help developers process it safely or
provide visibility to end-users
I might present choices well to users
Presentation
Infrastructure
but not have control over how the info was
acquired or processed
I might acquire information privately
Physical / Sensor
31
Past Work Addresses at Most One Layer

• Today, building privacy-sensitive apps would have
  to be done in an ad hoc manner

Presentation
P3P, Privacy Mirrors
Infrastructure
ParcTab System, Context Toolkit
Physical / Sensor
Cricket Location Beacons, Active Bats
32
Confab High-Level Architecture

• Capture, store, and process personal data on my
  computer as much as possible (laptops and PDAs)
• Provide greater control and feedback over sharing

Loc
Name
My Computer
InfoSpace Data Store
App
33
Physical / Sensor LayerIntels Place Lab
Location Source

• Determine location via local database of WiFi
  Access Points
• Unique WiFi MAC Address -gt Latitude, Longitude
• Periodically update your local copy

• Works indoors and
• in urban canyons
• Works with encrypted nodes
• No special equipment
• Privacy-sensitive
• Rides the WiFi wave

34
PlaceLab Data at SF Bay Area
SF Bay Area 60000 Nodes (4 Megs)
35
PlaceLab Data at UC Berkeley
University of California Berkeley
Berkeley Campus 1000 Nodes
36
Confab Architecture
My Computer
Loc
Name
InfoSpace Data Store
Tourguide
How to make users aware of and be able to
control the flow of personal info?
37
Presentation Layer Notifications

• Notification UI when others request your location
  (pull)
• Default is always unknown (plausible
  deniability)

38
Presentation Layer PlaceBar

• PlaceBar UI used when you send to others (push)
• If you give me city location, I can offer
  events, museum lines

39
Confab Architecture
My Computer
Loc
Name
InfoSpace Data Store
Tourguide
How to control personal info once it leaves your
computer?
40
Privacy Tags

• Digital Rights Management for Privacy
• Like adding note to email, Please dont forward
• Notify address - notify-abc_at_cs.berkeley.edu
• Time to live - 5 days
• Max number of sightings - last 5 sightings of my
  location
• Provide libraries for making it easy for app
  developers
• Requires non-technical solutions for deployment
• Market support thru TrustE, Consumer Reports
• Legal support thru data retention laws

41
Putting it Together 1Location-Enhanced Messenger
42
Putting it Together 1Location-Enhanced Messenger
43
Putting it Together 2Location-Enhanced Web Proxy

• Auto-fills location information on existing web
  sites

PageModification URL http//www.starbucks.com/ tx
tCity CityName txtState RegionCode txtZip ZIPCo
de
MapQuest
Starbucks
44
Putting it Together 2Location-Enhanced Web Proxy

• Location-aware web sites
• Different content based on your current location

45
6 Reference (1)

• Junglas, I.A. Spitzmuller, C.A Research Model
  for Studying Privacy Concerns Pertaining to
  Location-Based ServicesSystem Sciences, 2005.
  HICSS '05. Proceedings of the 38th Annual Hawaii
  International Conference on 03-06 Jan. 2005
  Page(s)180b - 180b
• Robert P. Minch,Privacy Issues in Location-Aware
  Mobile Devices,Proceedings of the 37th Annual
  Hawaii International Conference on System
  Sciences (HICSS'04) - Track 5 p. 50127b

46
6 Reference (2)

• Grace Ng-Kruelle, Paul A. Swatman, Douglas S.
  Rebne, Felix Hampe,The Price of Convenience
  Privacy and Mobile Commerce,Forthcoming
  Quarterly Review of Electronic Commerce
• Jason I. Hong,James A. Landay,An architecture for
  privacy-sensitive ubiquitous computing,published
  in Proceedings of the 2nd international
  conference on Mobile systems, applications, and
  services table of contents
• Jason I. Hong,An Architecture for
  Privacy-Sensitive Ubiquitous Computing,
  www.cs.cmu.edu/jasonh/presentations/confab-mobisy
  s-jun2004.ppt