Location Privacy Christopher Pride. Readings Location Disclosure to Social Relations: Why, When, and What People Want to Share Location Disclosure to.

Slides:



Advertisements
Similar presentations
Intercultural knowledge and language awareness
Advertisements

An Architecture for Privacy-Sensitive Ubiquitous Computing Jason I. Hong Group for User Interface Research Computer Science Division University of California.
Abertay.ac.uk ‘All that stuff I told them’ Ethical considerations for counselling and psychology students required to divulge personal information during.
1 Family-Centred Practice. What is family-centred practice? Family-centred practice is characterised by: mutual respect and trust reciprocity shared power.
An introduction to Child Protection and Safeguarding
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy MIT 15 TH November 2003 By Rakesh Kumar
Ethical and Social...J.M.Kizza 1 Module 5: Anonymity, Security, Privacy and Civil Liberties IntroductionAnonymitySecurityPrivacy Ethical and Social Issues.
Sex, Lies, or Kittens? Investigating the Use of Snapchat’s Self-Destructing Messages Franziska Roesner 1, Brian T. Gill 2, Tadayoshi Kohno 1 1 University.
C MU U sable P rivacy and S ecurity Laboratory Sensor-Based Interactions Kami Vaniea.
An empirical approach to valuing privacy Luc Wathieu Harvard Business School Harvard University Allan Friedman Kennedy School of Government Harvard University.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
1 On Protecting Private Information in Social Networks: A Proposal Bo Luo 1 and Dongwon Lee 2 1 The University of Kansas, 2 The Pennsylvania.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
INFO 310 User Centered Design. User centered design (Allen, 1996) Identify a user population Investigate the information needs of the user group Discover.
Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems Jason Hong Carnegie Mellon Jennifer Ng Carnegie Mellon Scott Lederer University.
Reference: [1] TeamSpace paper
Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:
SECURITY CONSIDERATIONS FOR COMPUTER PERSONNEL Tom Richards, Steve Guynes and Wayne Spence April 12, 2010.
Using Digital Credentials On The World-Wide Web M. Winslett.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
Thursday, July 8, 2004DIMACS Workshop, NJ Instant Messaging and Privacy Sameer Patil University of California, Irvine (& IBM T. J. Watson Research Center)
Understanding Networked Applications: A First Course Chapter 2 by David G. Messerschmitt.
RESEARCH METHODS Lecture 35. EXPERIMENTAL RESEARCH [CONTINUED]
Security and Privacy in Ubiquitous Computing. Agenda Project issues? Project issues? Ubicomp quick overview Ubicomp quick overview Privacy and security.
Information Systems Controls for System Reliability -Information Security-
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
Ethics in Business Research
Final Exam Part 1. Internet Regulation Internet regulation according to internet society states that it is about restricting or controlling certain pieces.
Diaries KSE966/986 Seminar - Fall 2012/Spring 2013 March 29, 2013 Uichin Lee.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
The Ethical Dimension of Collaboration Professor Simon Rogerson Centre for Computing and Social Responsibility De Montfort University, UK
Information Systems Security Computer System Life Cycle Security.
Privacy Sensitive Architecture for Psychiatric Behaviour Monitoring Service System Presenter: Rusyaizila Ramli (Ph.D student) Supervisors: Associate Professor.
Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
SWE 316: Software Design and Architecture – Dr. Khalid Aljasser Objectives Lecture 11 : Frameworks SWE 316: Software Design and Architecture  To understand.
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
Privacy of Home Energy Usage Data Jim Williams June 26, 2012 Jim Williams June 26, 2012.
©2010 John Wiley and Sons Chapter 6 Research Methods in Human-Computer Interaction Chapter 6- Diaries.
Social analysis and collateral impact of pervasive technologies CNIT - TN.
Data Protection & FOI Data Protection: Background Human Right to Privacy Unenumerated right under Irish Constitution Explicit right under European Convention.
Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology
D1 - 25/10/2015 The present document contains information that remains the property of France Telecom. The recipient’s acceptance of this document implies.
An Architecture for Privacy-Sensitive Ubiquitous Computing By Jason I-An Hong In MobiSYS ’04: Proceedings of the 2nd international conference on mobile.
CSC 104 December 13,2012. Internet Regulation: States that it is about restricting or controlling certain pieces of information. This consisting of censorship.
Approximate Information Flows: Socially-based Modeling of Privacy in Ubiquitous Computing Xiaodong Jiang Jason I. Hong James A. Landay G r o u p f o r.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
CSCE 548 Secure Software Development Security Operations.
Taking pride in cooperation Job van der Schalk,Tony Manstead Cardiff University, School of Psychology Martin Bruder University of Konstanz.
Paper III Qualitative research methodology. Objective 1.4 Discuss ethical considerations in qualitative research.
Citizen of Edmonton Findings: Edmonton Public School Board Preference Measurement April 14, 2008 Public Presentation EPSB Board Meeting.
Understand Audit Policies LESSON Security Fundamentals.
PRIVACY, LAW & ETHICS MBA 563. Source: eMarketing eXcellence Chaffey et al. BH Overview: Establishing trust and confidence in the online world.
PLEASE TAKE OUT YOUR OBSERVATION NOTES FROM LAST CLASS. WHAT PATTERNS OR GROUPS DO YOU SEE??
A Study of Context-Awareness: The Context Fusion Network, The Context Fabric Presented by Sangkeun Lee IDS Lab., Seoul National University Solar:
Privacy in the Age of Ubiquitous Computing Jason I. Hong Scott Lederer Jennifer Ng Anind K. Dey James A. Landay G r o u p f o r User Interface Research.
MANAGEMENT of INFORMATION SECURITY Third Edition C HAPTER 1 I NTRODUCTION TO THE M ANAGEMENT OF I NFORMATION S ECURITY If this is the information superhighway,
>>0 >>1 >> 2 >> 3 >> 4 >> Privacy and SNS in China Comundus-European Master of Arts in Media, Communication and Cultural Study Jin PENG the case of xiaonei.com.
Business Challenges in the evolution of HOME AUTOMATION (IoT)
Ethics. The branch of philosophy that involves systematizing, defending, and recommending concepts of right and wrong conduct Moral principles that govern.
The Context Fabric: An Infrastructure for Context-Aware Computing Jason I. Hong Group for User Interface Research, Computer Science Division University.
Understanding how to effectively reduce personal computer electricity consumption in an office setting Joshua Gluck, Gabrielle Wong-Parodi, Tamar Krishnamurti,
CRISIS COMMUNICATION and RISK MANAGEMENT
Privacy and Confidentiality in Research
CIS 349 Competitive Success/snaptutorial.com
CIS 349 Education for Service/snaptutorial.com
CIS 349 Teaching Effectively-- snaptutorial.com
NET 311 Information Security
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Children and Networks Suha Hajyahia Tareza Haddad.
Presentation transcript:

Location Privacy Christopher Pride

Readings Location Disclosure to Social Relations: Why, When, and What People Want to Share Location Disclosure to Social Relations: Why, When, and What People Want to Share by Sunny Consolvo, et al. Presenting Choices in Context: Approaches to Information Sharing Presenting Choices in Context: Approaches to Information Sharing by Jonathan Grudin and Eric Horvitz Wireless Location Privacy Protection Wireless Location Privacy Protection by Bill Schilit, Jason Hong, and Marco Gruteser Optional: Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Optional: Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing by Jason Hong, Jennifer Ng, Scott Lederer, and James Landay

Location Disclosure to Social Relations Overview Three Phases Three Phases Phase 1: Initial Interview Phase 1: Initial Interview Background Background Social network data for Phase 2 Social network data for Phase 2 Opinions on location disclosure Opinions on location disclosure Phase 2: Experience Sampling Method Phase 2: Experience Sampling Method Location requests accompanied by surveys over the course of 10 days Location requests accompanied by surveys over the course of 10 days Phase 3: Exit Interviews Phase 3: Exit Interviews Took a privacy classification survey Took a privacy classification survey Allowed modifications to the opinions given in Phase 1 Allowed modifications to the opinions given in Phase 1

Location Disclosure Study: Data Collection Single Request vs Standing Request Single Request vs Standing Request Location Precision Location Precision Refusal Messages Refusal Messages System Busy, I am Busy, Request Denied, System Busy, I am Busy, Request Denied, Current Activities Current Activities Nightly Voic Diary Nightly Voic Diary Two week Period Two week Period 10 Daily Location Requests 10 Daily Location Requests Only 16 participants All from non-technical position Equally split between male and female 2 Students 14 of 16 had an SO 4 had Children 11 Full time, 3 Part Time, 1 Housemaker All based in Seattle Area

Location Disclosure Study: Findings(1) What participants’ would disclose What participants’ would disclose More likely to give detailed information if any More likely to give detailed information if any Less specific information was given when details were likely to be less useful Less specific information was given when details were likely to be less useful Effect of the relationship of the requester to the participant Effect of the relationship of the requester to the participant Most likely to respond in the order: SO, Friends, Family, Co-Worker, Manager Most likely to respond in the order: SO, Friends, Family, Co-Worker, Manager Opinion of participant towards requester had an effect Opinion of participant towards requester had an effect Effect of where the requester lived relative to the participant Effect of where the requester lived relative to the participant Effect of the participant’s location when he received the request, Effect of the participant’s location when he received the request, Between 85%-70% response rate at most Between 85%-70% response rate at mostlocations. Co-workers and Managers much less likely Co-workers and Managers much less likely to Get a response outside of work.

Location Disclosure Study: Findings(2) Effect of the participant’s activity or mood when he received the request Effect of the participant’s activity or mood when he received the request Current Activity had definite effect Current Activity had definite effect Mood has some effect Mood has some effect Effect of the participant’s privacy classification Effect of the participant’s privacy classification Seemed to have very little correlation Seemed to have very little correlation Why participants rejected requests Why participants rejected requests Certain Times or Activities were not to be interrupted Certain Times or Activities were not to be interrupted When they were doing something that they didn’t want the requester to know about. When they were doing something that they didn’t want the requester to know about. What participants wanted to know about the locations of others What participants wanted to know about the locations of others Correlation between disclosure and desire to know location Correlation between disclosure and desire to know location Participants’ privacy and security concerns. Participants’ privacy and security concerns. Concern about Social implications of knowledge of location Concern about Social implications of knowledge of location Worried about what would happen if a third party used the technology to spy on them Worried about what would happen if a third party used the technology to spy on them

Location Disclosure Study: Decision Making Who is making the request (and how do I feel about that person right now) ? Why does the requester need to know? What would be most useful to the requester? Am I willing to disclose that? (Because if I am not willing to disclose what is useful, I will not disclose.) Is this similar to the decision process you would use? Is this similar to the decision process you would use?

Approach to Information Sharing(1) Pessimistic Pessimistic Privileges for Access set at Creation Privileges for Access set at Creation Most people don’t like to modify afterwards Most people don’t like to modify afterwards Knowledge of Proper permissions at creation is not certain Knowledge of Proper permissions at creation is not certain Optimistic Optimistic Allow access with monitoring Allow access with monitoring Use monitoring to disallow those that you don’t want to have access Use monitoring to disallow those that you don’t want to have access Problem – Cat is out of the bag Problem – Cat is out of the bag Interactive Interactive Requests for information arrive with 3 options: Requests for information arrive with 3 options: Grant Unconditional Access Grant Unconditional Access Grant One-Time Access Grant One-Time Access Deny Access Deny Access

Approach to Information Sharing(2) Applications: Applications: Calendaring Calendaring Parental Controls Parental Controls How well do these approaches apply to real time information such as Location? How well do these approaches apply to real time information such as Location?

Problems with Readily Available Location Information Economic Damage Economic Damage Spam Spam Social Ramifications Social Ramifications Reputation Harm Reputation Harm Misunderstandings Misunderstandings Other major Problems? Stalkers? Other major Problems? Stalkers?

Steps to protect Location Privacy Intermittent Connectivity Intermittent Connectivity User Interfaces User Interfaces Network Privacy Network Privacy These each have an associated problems. What are they? These each have an associated problems. What are they?

Privacy Analysis: Social and Organizational Context Who are the users of the system? Who are the users of the system? Who are the data sharers, the people sharing personal information? Who are the data sharers, the people sharing personal information? Who are the data observers, the people that see that personal information? Who are the data observers, the people that see that personal information? What kinds of personal information are shared? Under what circumstances? What kinds of personal information are shared? Under what circumstances? How does Ubicomp change what can be known? How does Ubicomp change what can be known? What information is known explicitly and implicitly? What information is known explicitly and implicitly? How often does the data change? How often does the data change? What is the value proposition for sharing personal information? What is the value proposition for sharing personal information? What does the sharing party gain? What does the sharing party gain?

Privacy Analysis: Social and Organizational Context(2) What are the relationships between data sharers and data observers? What are the relationships between data sharers and data observers? What is the relevant level, nature, What is the relevant level, nature, and symmetry of trust? What incentives do data observers have to protect data sharers’ personal information (or not, as the case may be)? What incentives do data observers have to protect data sharers’ personal information (or not, as the case may be)? Is there the potential for malicious data observers (e.g., spammers and stalkers)? Is there the potential for malicious data observers (e.g., spammers and stalkers)? What kinds of personal information are they interested in? What kinds of personal information are they interested in? Are there other stakeholders or third parties that might be directly or indirectly impacted by the system? Are there other stakeholders or third parties that might be directly or indirectly impacted by the system? Does this change the purpose of an existing technology? Does this change the purpose of an existing technology?

Privacy Analysis: Technology How is personal information collected? How is personal information collected? Who has control over the computers and sensors used to collect information? Who has control over the computers and sensors used to collect information? Network-Based, Network-Assisted, Client-Based Network-Based, Network-Assisted, Client-Based How is personal information shared? How is personal information shared? Is it opt-in or is it opt-out (or do data sharers even have a choice at all)? Is it opt-in or is it opt-out (or do data sharers even have a choice at all)? Do data sharers push personal information to data observers? Do data sharers push personal information to data observers? Or do data observers pull personal information from data sharers? Or do data observers pull personal information from data sharers? How much information is shared? How much information is shared? Is it discrete and one-time? Is it discrete and one-time? Is it continuous? Is it continuous? Ideally The Minimum amount of data to accomplish the task. Ideally The Minimum amount of data to accomplish the task.

Privacy Analysis: Technology(2) What is the quality of the information shared? What is the quality of the information shared? With respect to space, is the data at the room, building, street, or neighborhood level? With respect to space, is the data at the room, building, street, or neighborhood level? With respect to time, is it real-time, or is it several hours or even days old? With respect to time, is it real-time, or is it several hours or even days old? With respect to identity, is it a specific person, a pseudonym, or anonymous? With respect to identity, is it a specific person, a pseudonym, or anonymous? How long is personal data retained? How long is personal data retained? Where is it stored? Where is it stored? Who has access to it? Who has access to it?

Privacy Analysis: Risk Management The likelihood L that an unwanted disclosure of personal information occurs The likelihood L that an unwanted disclosure of personal information occurs The damage D that will happen on such a disclosure The damage D that will happen on such a disclosure Scale Scale The cost C of adequate privacy protection The cost C of adequate privacy protection Continual Cost to user and Development costs Continual Cost to user and Development costs In general situations where C <LD the privacy protections should be implemented In general situations where C <LD the privacy protections should be implemented

Privacy Analysis: Risk Management How does the unwanted disclosure take place? How does the unwanted disclosure take place? Is it an accident (for example, hitting the wrong button)? Is it an accident (for example, hitting the wrong button)? A misunderstanding (for example, the data sharer thinks they are doing one thing, but the system does another)? A misunderstanding (for example, the data sharer thinks they are doing one thing, but the system does another)? A malicious disclosure? A malicious disclosure? How much choice, control, and awareness do data sharers have over their personal information? How much choice, control, and awareness do data sharers have over their personal information? What kinds of control and feedback mechanisms do data sharers have to give them choice, control, and awareness? What kinds of control and feedback mechanisms do data sharers have to give them choice, control, and awareness? Are these mechanisms simple and understandable? Are these mechanisms simple and understandable? What is the privacy policy, and how is it communicated to data sharers? What is the privacy policy, and how is it communicated to data sharers? What are the default settings? What are the default settings? Are these defaults useful in preserving one’s privacy? Are these defaults useful in preserving one’s privacy? In what cases is it easier, more important, or more cost-effective to prevent unwanted disclosures and abuses? In what cases is it easier, more important, or more cost-effective to prevent unwanted disclosures and abuses? Detect disclosures and abuses? Detect disclosures and abuses? Are there ways for data sharers to maintain plausible deniability? Are there ways for data sharers to maintain plausible deniability? What mechanisms for recourse or recovery are there if there is an unwanted disclosure or an abuse of personal information? What mechanisms for recourse or recovery are there if there is an unwanted disclosure or an abuse of personal information? What are the ramifications of the disclosure? What are the ramifications of the disclosure?

Discussion Points Are there any questions that have been overlooked (Social, Technological, Risk Management)? Are there any questions that have been overlooked (Social, Technological, Risk Management)? How do these questions work alongside the Location Disclosure studies for a people locator? How do these questions work alongside the Location Disclosure studies for a people locator? Location Privacy is obviously important, are the current protection methodologies even going to sufficient? Location Privacy is obviously important, are the current protection methodologies even going to sufficient?

Group Work Split into groups and using the results of the first paper and its decision making process. Attempt to come up with a set of steps that a computer could make to automate as much of the decision making process as possible. Split into groups and using the results of the first paper and its decision making process. Attempt to come up with a set of steps that a computer could make to automate as much of the decision making process as possible. Decision Making Process: Decision Making Process: Who is making the request (and how do I feel about that person right now) ? Why does the requester need to know? What would be most useful to the requester? Am I willing to disclose that? (Because if I am not willing to disclose what is useful, I will not disclose.)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.