Privacy and Ubiquitous Computing

1
Privacy and Ubiquitous Computing
Jason I. Hong
2
Ubicomp Privacy is a Serious Concern

• Active Badge could tell when you were in the
  bathroom, when you left the unit, and how long
  and where you ate your lunch. EXACTLY what you
  are afraid of.
• allnurses.com

3
Why is Ubicomp Privacy Hard?

• Characteristics
• Real-time, distributed
• Invisibility of sensors
• Potential scale
• What data? Who sees it?
• Design Issues
• No control over system
• No feedback, cannot act appropriately
• You think you are in one context, actually in
  many
• No value proposition

4
Why is Ubicomp Privacy Hard?

• Devices becoming more intimate
• Call record, SMS messages
• Calendar, Notes, Photos
• History of locations, People nearby,
  Interruptibility
• With us nearly all the time
• Portable and automatic diary
• Accidental viewing, losing device, hacking
• Protection from interruptions
• Calls at bad times, other peoples (annoying)
  calls
• Projecting a desired persona
• Accidental disclosures of location, plausible
  deniability

5
Exploring Ubicomp at CMU

• People Finder
• Sensor Andrew
• inTouch
• Better awareness and messaging for small groups
• Contextual Instant Messaging
• Control and feedback mechanisms for ubicomp
  privacy

6
Contextual Instant Messaging

• Facilitate coordination and communication by
  letting people request contextual information via
  IM
• Interruptibility (via SUBTLE toolkit)
• Location (via Place Lab WiFi positioning)
• Active window
• Developed a custom client and robot on top of AIM
• Client (Trillian plugin) captures and sends
  context to robot
• People can query imbuddy411 robot for info
• howbusyis username
• Robot also contains privacy rules governing
  disclosure

7
Control Setting Privacy Policies

• Web-based specification of privacy preferences
• Users can create groups andput screennames into
  groups
• Users can specify what each group can see

8
Control System Tray

• Coarse grain controls plus access to privacy
  settings

9
Feedback Notifications
10
Feedback Social Translucency
11
Feedback Offline Notification
12
Feedback Summaries
13
Feedback Audit Logs
14
Evaluation

• Recruited fifteen people for four weeks
• Selected people highly active in IM (ie
  undergrads ?)
• 120 buddies, 1580 messages / week (sent and
  received)
• 3.3 groups created per person
• Notified other parties of imbuddy411 service
• Update AIM profile to advertise
• Would notify other parties at start of
  conversation

15
Results of Evaluation

• 321 queries
• 1 query / person / day
• 61 distinct screennames, 15 repeat users
• 67 interruptibility, 175 location, 79 active
  window
• Added Stalkerbot near end of study
• A stranger making 2 queries per person per day

16
Results Controls

• Controls easy to use (4.5 / 5, s0.7)
• I really liked the privacy settings the way
  they are. I thought they were easy to use,
  especially changing between privacy settings.
• I felt pretty comfortable with using it because
  you can just easily modify the privacy settings.
• However, can be lots of effort
• Its time consuming, if you have a long
  buddylist, to set up for each person.
• Asked for more location disclosure levels
• Around or near a certain place

17
Results Comfort Level

• Comfort level good (4 / 5, s0.9)
• 12 participants noticed stalkerbot, 3 didnt
  until debriefing
• However, no real concerns
• Reasoned that our stalkerbot was a buddy or old
  friend
• Also confident in their privacy control settings
• I know they wont get any information, because I
  set to the default so they wont be able to see
  anything.

18
Results Appropriateness of Disclosures

• Mostly appropriate (2.47 / 5, where 3 is
  appropriate)
• Useful information for requester? Right level of
  info?
• Two people increased privacy settings, one after
  experimentation, other after too many requests
  from specific person
• However, more complaints about accuracy
• Ex. Left a laptop in a room to get food, person
  wasnt there

19
Results Usefulness of Feedback

• Bubble notification, 1.6 / 6 (s0.6)

20
Results Usefulness of Feedback

• Bubble notification, 1.6 / 6 (s0.6)
• Disclosure log, 1.8 (s1.3)

21
Results Usefulness of Feedback

• Bubble notification, 1.6 / 6 (s0.6)
• Disclosure log, 1.8 (s1.3)
• Mouse-over notification, 3.7 (s1.0)
• Offline statistic notification, 4 (s1.4)
• Social translucency Trillian tooltip popup, 4.8
  (s1.1)
• Peripheral red-dot notification, 5.4 (s0.7)

22
Discussion
23
Discussion

• Scaling up notifications
• 1 query / person / day, but just one app, not a
  lot of users
• Pointing out anomalies more useful
• Disclosure log not used heavily
• Though people liked knowing that it was there
  just in case
• Surprisingly few concerns about privacy
• No user expressed strong privacy concerns
• Feature requests were all non-privacy related
• If low usage, due to not enough utility, not due
  to privacy
• Does this mean our privacy is good enough, or is
  this because of users attitudes and behaviors?

24
Better understanding of attitudes and behaviors
towards privacy

• Westin identified three clusters of people wrt
  attitudes toward commercial entities
• Fundamentalists (25)
• Unconcerned (10)
• Pragmatists (65)
• We need something like this for ubicomp
• But for personal privacy rather than for
  commercial entities
• With more fine-grained segmentation
• Fundamentalists include techno-libertarians and
  luddites
• Pragmatists include too busy, not enough value,
  profiling
• Better segmentation would help us understand if
  our privacy is good enough for specific audience

25
Understanding Adoption

• Need to tie attitudes and behavior with adoption
  models

Teens
26
Understanding Adoption

• Crafting better value propositions
• Ubiquitous computing and a focus on technology
  really scared the bejeezus out of people
• Invisible computing and a focus on how it helps
  people, far more palatable

27
(No Transcript)
28
Understanding Adoption

• Crafting better value propositions
• Ubiquitous computing and a focus on technology
  really scared the bejeezus out of people
• Invisible computing and a focus on how it helps
  people, far more palatable
• Finding and supporting existing practices
• Already using IM, familiar metaphor, adding a few
  more features, rather than asking people to take
  a large step
• Better deployment models

29
End-User Privacy in HCI

• 137 page article surveying privacy in HCI and
  CSCW
• Forthcoming in the new Foundations and Trends
  journal, in a few weeks

30
Acknowledgements

• NSF Cyber Trust CNS-0627513
• NSF IIS CNS-0433540
• ARO DAAD19-02-0389
• Motorola
• Nokia Research
• Skyhook

• Gary Hsiesh
• Wai-yong Low
• Karen Tang

31
Open Challenges
32
Lessons Thus Far
33
Lessons Thus Far
34
Lessons Thus Far
35
(No Transcript)
36
Results of First Evaluation

• Total of 242 requests for contextual information
• 53 distinct screen names, 13 repeat users

37
Results of First Evaluation

• 43 privacy groups, 4 per participant
• Groups organized as class, major, clubs,gender,
  work, location, ethnicity, family
• 6 groups revealed no information
• 7 groups disclosed all information
• Only two instances of changes to rules
• In both cases, friend asked participant to
  increase level of disclosure

38
Results of First Evaluation

• Likert scale survey at end
• 1 is strongly disagree, 5 is strongly agree
• All participants agreed contextual information
  sensitive
• Interruptibility 3.6, location 4.1, window 4.9
• Participants were comfortable using our controls
  (4.1)
• Easy to understand (4.4) and modify (4.2)
• Good sense of who had seen what (3.9)
• Participants also suggested improvements
• Notification of offline requests
• Better summaries (User x asked for location 5
  times today)
• Better notifications to reduce interruptions
  (abnormal use)

39
Whats Hard about Ubicomp Privacy?

• Easier to store lots of data
• More kinds of data being collected
• Easier to distribute
• More sensors, real-time
• More devices
• Easier to search
• More intimate

40
Five Challenges

• Better ways of helping end-users manage their
  privacy
• A better understanding of peoples attitudes and
  behaviors towards privacy
• A privacy toolbox
• Better organizational support
• Understanding adoption