Privacy

Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science

Click to edit Master title style

Privacy

Overview and Issues



2Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science

Concern

“Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual what Judge Cooley calls the right “to be left alone”. … modern enterprise and invention have, through invasions upon his privacy, subject him to mental pain and distress, far greater than could be inflicted by mere bodily injury.”




Concern



4

Promise and PerilService Threat

Web

e-commerceemailsocial networkingnews, entertainmentsearchelectronic medical recordsrecommendations

identity theftspampfishingunwanted correlationprivacy incursiondenial of serviceviruses, worms, …

Ubiquitous systems

context awarenesslocation awarenesspervasive servicessmart objects

loss of privacy, anonymityelectronic stalkinginvasive monitoringloss of control




A view of the future?

http://www.aclu.org/pizza/images/screen.swf

http://www.aclu.org/pizza/images/screen.swf




Privacy

Motivations for privacy protection empowerment: control the dissemination of

information about oneself (identity theft) utility: protection against nuisance (spam) dignity: freedom from unsubstantiated suspicion

(surveillance of public spaces) regulating agent: checks and balances on power

(unauthorized wiretaps)




Undermining privacy

Trespass of presumed “personal borders” natural (walls, doors,…) social (confidentiality within social groups) spatial/temporal (isolation of activities in different places or

times) ephemeral: (expectation of forgetting/disposal)

“the potential to create an invisible and comprehensive surveillance network”

Privacy impacted by ability to monitor ability to search




Security Traditionally about confidentiality, integrity, availability (CIA) of

information Threat vs. risk assessment Focus on system artifacts (access control policies, cryptography)

Privacy “The right of the individual to decide what information about

himself should be communicated to others and under what circumstances” (Westin, Privacy and Freedom, 1970.)

About context, purpose/intention, and obligation related to disclosed information

Traditional focus on personally identifying information (PII)

Privacy vs Security




Unique challenges of privacy/security

Security is not the user’s primary goalMust be usable by a wide range of individuals

with differing skills setsHigher risk associated with failure of security

applications than for other application typesNeed for updates to account for changes in law,

organizational practices, or personal preferences.

Karat, C.-M., J. Karat, and C. Brodie, Editorial: why HCI research in privacy and security is critical now. International Journal of Human-Computer Studies, 2005. 63(1-2): p. 1-4.




Nature of Privacy

A “boundary regulation process” of accessibility depending on “context” (Altman)

A “personal adjustment process” (Westin) balancing the desire for privacy against the desire to interact in the context of social norms and their environment

A distinction (Solove) between access control (regulating access to information about oneself) and risk management (reducing likelihood of unintended/undesired usage)

Preferences (Westin’s classifications)– Fundamentalists (15-25%)– Pragmatists (40-60%)– Unconcerned (15-25%)

Katie Shilton, “Four Billion Little Brothers? Privacy, mobile phones, and ubiquitous computing,” CACM November, 2009.




Altman’s view “the selective control of access to the self”

• Dynamic dialectic process (boundary regulation)• Optimization• Multi-mechanism

Varies by culture and social relationships

Boundary Regulation

Irwin Altman




Boundaries (not independent) Disclosure (what is reveled)

• Disclosure required to participate in network world• Increased access to third-party disclosures and aggregation complicates control

Identity (self vs. others)• Mediation (technology complicates recipient design and reflexive interpretability of action )• Information persistence (loss of ability to control representations of self)

Temporality ( orientation toward past/future events) Genres of disclosure

“regularly reproduced arrangements of people, technology and practice that yield identifiable and socially meaningful styles of interaction”

Conclusion Dynamic: “privacy management is a dynamic response to circumstance rather than a static enforcement of

rules” Dialectic: “privacy management is…a resolution of tensions not just between people but between their

internal conflicting requirements” Situated: “when considering privacy concerns…the whole of the social and institutional setting in which

technologies are deployed should be considered”

In a networked world




New media

New media affords new communication possibilities and new privacy concerns

IM/SMS Teens showed varying privacy behaviors (caution against assumption

of standard preferences) Unobtrusive nature of text messaging supports “environmental

privacy” (limited interruption of the activity in the physical space) Sharing of information

• Greater with closer acquaintances• Depends on purpose of disclosure

Shared displays Accidental disclosure Concern is magnified by

• Sensitivity of information• Relation to onlookers• Onlookers control of display




New media

Media spaces Physical spaces (offices, work areas) enhanced

with multimedia or video recording technology• Videoconferencing• Always-on audio/video between/among locations

Important privacy design considerations• Symmetry• Opt-out control• Purposefulness: acceptance of privacy risks based on

perceived value (a value proposition judgment)




New media

Sensors, RFID Concerns

• Loss of control of collected data• Uncertainty of technologies utility

Trust (elderly interviewees regarding home-based monitoring)• Accept potential privacy invasion based on trust in those controlling the technology• Judgment of value proposition for increased safety

Location disclosure Effected more by who was asking more than the current location Tracking/disclosure seen as more invasive than location-based configuration (e.g.,

ringtone volume control) Concerns affected by

• Trust in service provider• Oversight of regulatory agencies

Precision • “blurring” of current location less used than anticipated• Instead users either did not respond or provide information they believed was most

useful to recipient




Smart objects

Enabling technologies low-power processors with integrated sensors and

wireless communication remote identification of objects precise localization of objects

Smart everyday objects attached processing “introspection” capability ability to respond in context-sensitive manner creating “ambient intelligence” (smart without

actually being intelligent)




Other risks

Reliability manageability of such a scale of interacting devices; continue to

meet requirements? predictability (unanticipated consequences?) dependability in the face of service interruptions

Delegation of control content: who attests to the veracity of information conveyed by

a smart object? system control: will our cars drive the way the insurance

company prefers? accountability: who is responsible for economic or legally

significant actions taken by a smart object?

Privacy

Documents

master title style4promise

master title style5

privacy protectionempowerment

privacy vs securityfall

social confidentiality

information pii

dissemination of information

risk assessmentfocus