Presence, Privacy and Service Personalization CFP PrivSec WG Launch August 19, 2005

1
Presence, Privacy and Service PersonalizationCFP
PrivSec WG Launch August 19, 2005

• Edward Mitukiewicz
• France Telecom (RD/ILAB/BOS)

2
Outline

• Assorted musings to facilitate future CFP PrivSec
  WG discussions
  
• Focused on the complexities of managing
  privacy-aware presence
  
• Limited to a few illustrative examples based on
  some lessons from a particular prototyping
  project and ideas from recently published
  research papers
• NOT an attempt to
• Develop a general problem statement and/or
  comprehensive issue list (albeit doing this
  and/or describing the current landscape seems to
  be a good idea!)
• Consider broader topics of trust/identity
  management e.g., in the context of collecting,
  mining, distributing and protecting sensitive
  personal data

3
Privacy Management Current Practices

• Multiple, uncoordinated control points
  difficult to manage
  
• Call handling preferences call waiting divert
  or accept
  
• Messaging specific options IM
• Device controls on/off, sounds/alerts
• Control settings preferences, cookies, tokens
• Integrated policy-based solutions too complex
  for the user
  
• Who do you want to communicate with and under
  what circumstances
  
• How do you want to communicate when and where
• What information should be shared with whom under
  what circumstances
  
• Which policy should be activated when

4
Personalization Opportunities Risks

• Users like service personalization, but want
  control over
  
• What, how and when relevant data is collected,
  processed and published
  
• How such data is used e.g., ONLY to provide a
  better service
  
• Service providers recognize the added value
  potential of personalization enabled by the
  availability of data on user interactions with
  services
• Conversion of such data into usable information
  is difficult e.g., integration of bits and
  pieces of data from multiple sources
  
• Using that info to provide a better user
  experience usually requires
  
• Compliance with the applicable regulations
• User consent often limited to a specific and
  context dependent purpose

5
Presence and Privacy See What?

• Value of presence grows with the richness and
  reliability of the available data (see/be seen
  before you communicate )
  
• e.g., location, availability and communication
  preferences
  
• Information disclosure restrictions and
  preferences (e.g., only to authorized parties
  and only the minimum required) considering
  
• Granularity of the available data access to all
  vs. certain subsets
  
• Exact vs. blurred responses
• Requestor specific vs. one-size-fits-all
  responses
  
• Personalization requirements add more
  complexities

6
User Location Intel Study (CHI2005)

• Users tend to share their location info
  selectively
  
• Users decisions depended on who was requesting
  the location info, why the requester wanted it,
  and what level of detail would be most useful
  
• Study participants were typically willing to
  disclose either the most useful detail or nothing
  about their location
  
• Privacy control becomes a critical issue in the
  development of location-aware communications
  
• Users want to stay in control of their location
  information the challenge is to enable them to
  do this effectively
  
• Privacy management has to help users to disclose
  location in order to facilitate interpersonal
  interactions without raising any fears of being
  monitored

Source Intel Research Consolvo et al.
http//guir.berkeley.edu/pubs/chi2005/p486-consolv
o.pdf
7
Privacy Preferences More Studies

• Peoples willingness to share information seems
  to depend primarily on who they are sharing it
  with
  
• Same privacy preferences are more likely to be
  applied to the same inquirer in different
  situations than to different inquirers in the
  same situation this could help to reduce the
  underlying complexities and simplify the UI
• Clustering might help to specify and refine over
  time what users wish to share with whom in what
  situation
  
• Information items AND peoples views of others
  they wish to share certain types of information
  with tend to cluster into a manageable set of
  categories

Sources UCalBerkely and UofMich/Microsoft
Research http//guir.berkeley.edu/pubs/chi2003/l
ederer-chi03.pdf http//research.microsoft.com/h
orvitz/privacy_CHI2005.pdf
8
Presence and Privacy Illustrative Example

• Combining address book info with inferences
  based on users location, calendar and context
  aware privacy policies could allow for some
  see before you communicate and be seen
  enhancements
• Although such presence-aware privacy controls
  might help users to decide if, when and how
  others can see their location and/or communicate,
  user interface complexity becomes a problem

Your friends are there
Friend Tracker
You are here
Source
9
Privacy Management Design Pitfalls

• Obscuring potential or actual information flow
• Users should understand the extent of a systems
  potential for disclosure e.g., privacy
  implication of Low vs. High settings? AND
  
• what information is actually being disclosed to
  whom e.g., browser cookies?
  
• Emphasizing configuration over action
• Designs should not require excessive
  configuration to manage privacy!
  
• Lacking coarse-grained control
• Designs should not forgo a top-level mechanism
  for halting/resuming disclosure e.g., simple
  mechanism for excluding the current purchase from
  a shopping profile
• Inhibiting existing practice
• Designs should not inhibit users from
  transferring established social practice to
  emerging technologies e.g., support for a
  social nuance there could be value in keeping
  the caller ignorant of the reason for not
  answering the phone

Source UCB Scott Lederer et al.
http//www.cs.cmu.edu/jasonh/publications/puc2004
-five-pitfalls.pdf
10
thanks!