1. An Architecture for Privacy-Sensitive Ubiquitous Computing Jason I. Hong Group for User Interface Research Computer Science Division University of California at Berkeley James A. Landay DUB Group Computer Science and Engineering University of Washington MobiSys'04, Boston “the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others” Chen, Wei-Chia

2. What are the previous solutions? An Architecture for Privacy-Sensitive Ubiquitous Computing

3. What are the previous solutions? Anonymity or secret; strangers Sharing information with others who know one’s identity Weiser: Control (Facebook) An Architecture for Privacy-Sensitive Ubiquitous Computing

4. Does privacy need an architecture? An Architecture for Privacy-Sensitive Ubiquitous Computing

5. Problem For end-user: concerned about systems that centralize data For developers: acquiring context data from a variety of sources, refining and storing that context data, and retrieving and using context data. Ad hoc and multilayer-communication An Architecture for Privacy-Sensitive Ubiquitous Computing

6. Previous Work Addresses at most one layer An Architecture for Privacy-Sensitive Ubiquitous Computing PresenceP3P, Privacy Mirror InfrastructureParcTab System, Context Toolkit Physical/SensorsCricket Location Beacons, Active Bats

7. Confab: System Requirements A decentralized architecture, local devices owned by that end-user A range of mechanisms for control and feedback by end-users Deniability Emergencies An Architecture for Privacy-Sensitive Ubiquitous Computing Alice’s Location Bob’s Location

8. Architecture Highlight: Focusing more on location than on other forms of contextual information An Architecture for Privacy-Sensitive Ubiquitous Computing

9. Architecture elements Personal InfoSpace Personal InfoSpace LocName App Source Sensors My Computer Tuple: the basic unit of infoSpace InfoSpace: network-addressable logical storage units that store context data about those entities

10. Confab’s Data Model An Architecture for Privacy-Sensitive Ubiquitous Computing 2 1 Decentralized Control mechanism Deniability Emergencies Context data types

11. Data Model An Architecture for Privacy-Sensitive Ubiquitous Computing Decentralized Control mechanism Deniability Emergencies

12. Programming Model An Architecture for Privacy-Sensitive Ubiquitous Computing

13. Personal InfoSpace Personal InfoSpace LocName App On Operators Source Sources Out OperatorsIn Operators My Computer Check access policies Check privacy tag Notify on incoming data Check access policies Check privacy tags Notify on outgoing data Invisible mode Add privacy tag Interactive Garbage Collect Periodic Reports Coalesce Decentralized Control mechanism Deniability Emergencies

14. Evaluation: BEARS Emergency Response Servic An Architecture for Privacy-Sensitive Ubiquitous Computing Decentralized Control mechanism Deniability Emergencies Making continuous location queries, as well as making updates to both the trusted third-party and to the building server

15. Confab provides application developers with a framework and a suite of mechanisms for building privacy-sensitive applications. Operators : within an end-user’s infospace to help control the flow of personal information, and can be customized. Service descriptions : used by applications to describe at what granularity and at what rate the data is needed. An Architecture for Privacy-Sensitive Ubiquitous Computing Summary of data model and programming model

16. Confab toolkit for facilitating construction of privacy-sensitive ubicomp applications “Use technology correctly to enhance life. It is important that people have a choice in how much information can be disclosed than the technology is useful.” An Architecture for Privacy-Sensitive Ubiquitous Computing Conclusion + Privacy at physical, infrastructure, and presentation layers + Push architecture towards local capture, processing, storage + Couple w/ better UIs for greater choice, control, and feedback