Personal Privacy Assistants

guineanscarletΗλεκτρονική - Συσκευές

27 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

85 εμφανίσεις

International Workshop Series on RFID, Tokyo, Japan

November 10, 2004

1

Personal Privacy Assistants

for RFID Users

Shin’ichi Konomi

University of Colorado, Boulder

konomi@cs.colorado.edu

International Workshop Series on RFID, Tokyo, Japan

November 10, 2004

2

RFID
: why important?

Network

People

& Things

RFID

International Workshop Series on RFID, Tokyo, Japan

November 10, 2004

3

Privacy problems

Network

People

& Things

International Workshop Series on RFID, Tokyo, Japan

November 10, 2004

4

Existing approaches


Killing tags


Faraday cage


Active jamming


Sophisticated tags


Blocker tags


Local computation


Information management


Social regulation

Mostly technologies for isolation

Network

People

& Things

International Workshop Series on RFID, Tokyo, Japan

November 10, 2004

5

What is privacy?


Traditional view


“the right to be left alone”



Alternative view

(Altman, 1975; Palen and Dourish, 2003)


“selective control of access to the self

(or to one’s group)”

International Workshop Series on RFID, Tokyo, Japan

November 10, 2004

6

Towards a

new class of privacy
-
enhancing technologies

Network

People

& Things

control

B. Technologies for boundary control

Network

People

& Things

A. Technologies for isolation

Network

People

& Things

Privacy problems

International Workshop Series on RFID, Tokyo, Japan

November 10, 2004

7

Breakdown of privacy regulation


Consumers’ activities
are interleaved with
scans


Invisible scans


Unintentional scans


Scans

announce
relationships among
people and things


Scans

trigger chains of
incoming and outgoing
information flows

Smart Shelf (Auto
-
ID Center, 2002)

“Who’s monitoring what?”

“Can I convey information to others?”

International Workshop Series on RFID, Tokyo, Japan

November 10, 2004

8

Reflexive interpretations of actions


Understanding and anticipating how one’s
actions and information appear to others


Important for a
ssessing the efficacy of withholding
and disclosing information




Technology support for reflexive interpretations


Self
-
traceability

of how one’s actions and information
are exposed to others over time (c.f. reflexive CSCW)

“How am I presenting myself to others?”

International Workshop Series on RFID, Tokyo, Japan

November 10, 2004

9

Traceability and identity


Companies
building better brand identities
by
making food traceability information (private
information) available to consumers



In contrast, consumers using supermarket
loyalty cards generally don’t have such
a sense
of control about their identities

International Workshop Series on RFID, Tokyo, Japan

November 10, 2004

10

Designing for privacy:

the feedback
-
control approach


Designing for privacy in multimedia, ubiquitous
computing environments
(Bellotti and Sellen, 1993)


Key issue:
appropriate feedback and control


Capture

Accessibility

Construction

Purposes

Existence of tags/readers,

Occurrences of scans,

Who?, What?, When?

Removing tags, Which
readers?, Anonymity
and pseudonymity

When and who accessed

my information on

RFID tags, readers,

and database records

Access control,

Authentication,

Encryption


Why? Privacy policies,

Inferred purposes

Social control with

technological support

(e.g., something like P3P)

Existence of database

records, Stored?,

Copied?, Integrated?

Where? How?


Modifying database

records, Restricting

operations, Permissions,

Supervision

International Workshop Series on RFID, Tokyo, Japan

November 10, 2004

11

Other dimensions of design space

Process

Practice

Cost

Contextual

factor

Default

setting

Pessimistic

Optimistic

Interactive

Feedback leads to

information overload

Control introduces

additional tasks

Social context

Cultural context

Reciprocal disclosure

“if I see you, you see me”

Protection by disclosure

“Still asleep


don’t disturb”

Many users

don’t change

default settings

Places

Activities

Personalization

hypocrisy ?

Support mechanisms

Ambient

media

Context
-
aware

user interfaces

Privacy critics

and agents

Context
-
aware

reuse

Privacy

policies

International Workshop Series on RFID, Tokyo, Japan

November 10, 2004

12


Contributions


Allows for dynamic, moment
-
by
-
moment assessment and control


Limitations


More RFID tags in the world, more cost for privacy regulation

Contributions and limitations

of the feedback
-
control approach

2004

Cognitive resources

of humans

RFID tags in the world



Important challenge:
usable and useful mechanisms for feedback & control

International Workshop Series on RFID, Tokyo, Japan

November 10, 2004

13

Privacy critics for RFID


Privacy critics

for using RFID


A type of intelligent agent that helps users manage complex
privacy control by providing feedback and suggestions as user
go about their ordinary tasks


Computer
-
based critics first proposed by Fischer et al. (1990)


Privacy critics for web browsing proposed by Ackerman and
Cranor (1999)



Critics give suggestions from different perspectives


Capture

critics


Construction

critics


Accessibility

critics


Purposes

critics


Reflexivity

critics

International Workshop Series on RFID, Tokyo, Japan

November 10, 2004

14

Personal privacy assistants (PPA)


A mobile appliance to view and control
all

incoming and
outgoing information about me

Network

People

& Things

control

PPA

Privacy boundary

Desirable hardware platforms

-

Wireless PDAs, Mobile phones,


or Smart wristwatches
with


integrated RFID readers

-

R/W RFID tags w/ cryptography;


communication range: 2
-
3m

“According to XXX,
disclosure of this scan
leads to severe privacy
risks such as...”

(Conceptual illustration)

International Workshop Series on RFID, Tokyo, Japan

November 10, 2004

15

PPA


Software architecture

Mobile User Interface

Contextual Information Management

Personal Database

Personal Area Networking

Privacy transactions

Disclosure granularity

Personal firewall

Critics (capture, construction, accessibility, purposes,
reflexivity
)

Semantics of scans

Reflexive datastore

Cryptography

Use of intermediary agent/agency

International Workshop Series on RFID, Tokyo, Japan

November 10, 2004

16

Integrating PPA into practices


“these different behaviors

(


mechanisms for
regulating privacy boundaries
) operate as a
unified system, amplifying, substituting, and
complementing one another”

(Altman, 1975)



Genres of disclosure

(Palen and Dourish, 2003)


Socially constructed patterns of privacy management


Expectations around representations


Integration into social practices

International Workshop Series on RFID, Tokyo, Japan

November 10, 2004

17

Conclusions and future work


Dynamic boundary control rather than
isolation



Requirements and architecture of personal
privacy assistants (PPA)


Feedback and control


Privacy critics



Still an early stage of research