Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Privacy Overview and Issues
Feb 23, 2016
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
Privacy
Overview and Issues
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
2Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Concern
“Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual what Judge Cooley calls the right “to be left alone”. … modern enterprise and invention have, through invasions upon his privacy, subject him to mental pain and distress, far greater than could be inflicted by mere bodily injury.”
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
3Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Concern
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
4
Promise and PerilService Threat
Web
e-commerceemailsocial networkingnews, entertainmentsearchelectronic medical recordsrecommendations
identity theftspampfishingunwanted correlationprivacy incursiondenial of serviceviruses, worms, …
Ubiquitous systems
context awarenesslocation awarenesspervasive servicessmart objects
loss of privacy, anonymityelectronic stalkinginvasive monitoringloss of control
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
5Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
A view of the future?
http://www.aclu.org/pizza/images/screen.swf
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
6Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Privacy
Motivations for privacy protection empowerment: control the dissemination of
information about oneself (identity theft) utility: protection against nuisance (spam) dignity: freedom from unsubstantiated suspicion
(surveillance of public spaces) regulating agent: checks and balances on power
(unauthorized wiretaps)
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
7Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Undermining privacy
Trespass of presumed “personal borders” natural (walls, doors,…) social (confidentiality within social groups) spatial/temporal (isolation of activities in different places or
times) ephemeral: (expectation of forgetting/disposal)
“the potential to create an invisible and comprehensive surveillance network”
Privacy impacted by ability to monitor ability to search
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
8Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Security Traditionally about confidentiality, integrity, availability (CIA) of
information Threat vs. risk assessment Focus on system artifacts (access control policies, cryptography)
Privacy “The right of the individual to decide what information about
himself should be communicated to others and under what circumstances” (Westin, Privacy and Freedom, 1970.)
About context, purpose/intention, and obligation related to disclosed information
Traditional focus on personally identifying information (PII)
Privacy vs Security
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
9Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Unique challenges of privacy/security
Security is not the user’s primary goalMust be usable by a wide range of individuals
with differing skills setsHigher risk associated with failure of security
applications than for other application typesNeed for updates to account for changes in law,
organizational practices, or personal preferences.
Karat, C.-M., J. Karat, and C. Brodie, Editorial: why HCI research in privacy and security is critical now. International Journal of Human-Computer Studies, 2005. 63(1-2): p. 1-4.
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
10Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Nature of Privacy
A “boundary regulation process” of accessibility depending on “context” (Altman)
A “personal adjustment process” (Westin) balancing the desire for privacy against the desire to interact in the context of social norms and their environment
A distinction (Solove) between access control (regulating access to information about oneself) and risk management (reducing likelihood of unintended/undesired usage)
Preferences (Westin’s classifications)– Fundamentalists (15-25%)– Pragmatists (40-60%)– Unconcerned (15-25%)
Katie Shilton, “Four Billion Little Brothers? Privacy, mobile phones, and ubiquitous computing,” CACM November, 2009.
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
11Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Altman’s view “the selective control of access to the self”
• Dynamic dialectic process (boundary regulation)• Optimization• Multi-mechanism
Varies by culture and social relationships
Boundary Regulation
Irwin Altman
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
12Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Boundaries (not independent) Disclosure (what is reveled)
• Disclosure required to participate in network world• Increased access to third-party disclosures and aggregation complicates control
Identity (self vs. others)• Mediation (technology complicates recipient design and reflexive interpretability of action )• Information persistence (loss of ability to control representations of self)
Temporality ( orientation toward past/future events) Genres of disclosure
“regularly reproduced arrangements of people, technology and practice that yield identifiable and socially meaningful styles of interaction”
Conclusion Dynamic: “privacy management is a dynamic response to circumstance rather than a static enforcement of
rules” Dialectic: “privacy management is…a resolution of tensions not just between people but between their
internal conflicting requirements” Situated: “when considering privacy concerns…the whole of the social and institutional setting in which
technologies are deployed should be considered”
In a networked world
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
13Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
New media
New media affords new communication possibilities and new privacy concerns
IM/SMS Teens showed varying privacy behaviors (caution against assumption
of standard preferences) Unobtrusive nature of text messaging supports “environmental
privacy” (limited interruption of the activity in the physical space) Sharing of information
• Greater with closer acquaintances• Depends on purpose of disclosure
Shared displays Accidental disclosure Concern is magnified by
• Sensitivity of information• Relation to onlookers• Onlookers control of display
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
14Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
New media
Media spaces Physical spaces (offices, work areas) enhanced
with multimedia or video recording technology• Videoconferencing• Always-on audio/video between/among locations
Important privacy design considerations• Symmetry• Opt-out control• Purposefulness: acceptance of privacy risks based on
perceived value (a value proposition judgment)
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
15Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
New media
Sensors, RFID Concerns
• Loss of control of collected data• Uncertainty of technologies utility
Trust (elderly interviewees regarding home-based monitoring)• Accept potential privacy invasion based on trust in those controlling the technology• Judgment of value proposition for increased safety
Location disclosure Effected more by who was asking more than the current location Tracking/disclosure seen as more invasive than location-based configuration (e.g.,
ringtone volume control) Concerns affected by
• Trust in service provider• Oversight of regulatory agencies
Precision • “blurring” of current location less used than anticipated• Instead users either did not respond or provide information they believed was most
useful to recipient
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
16Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Smart objects
Enabling technologies low-power processors with integrated sensors and
wireless communication remote identification of objects precise localization of objects
Smart everyday objects attached processing “introspection” capability ability to respond in context-sensitive manner creating “ambient intelligence” (smart without
actually being intelligent)
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Click to edit Master title style
17Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science
Other risks
Reliability manageability of such a scale of interacting devices; continue to
meet requirements? predictability (unanticipated consequences?) dependability in the face of service interruptions
Delegation of control content: who attests to the veracity of information conveyed by
a smart object? system control: will our cars drive the way the insurance
company prefers? accountability: who is responsible for economic or legally
significant actions taken by a smart object?