Presentation is loading. Please wait.

Presentation is loading. Please wait.

Location Privacy Christopher Pride. Readings Location Disclosure to Social Relations: Why, When, and What People Want to Share Location Disclosure to.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Location Privacy Christopher Pride. Readings Location Disclosure to Social Relations: Why, When, and What People Want to Share Location Disclosure to."— Presentation transcript:

1 Location Privacy Christopher Pride

2 Readings Location Disclosure to Social Relations: Why, When, and What People Want to Share Location Disclosure to Social Relations: Why, When, and What People Want to Share by Sunny Consolvo, et al. Presenting Choices in Context: Approaches to Information Sharing Presenting Choices in Context: Approaches to Information Sharing by Jonathan Grudin and Eric Horvitz Wireless Location Privacy Protection Wireless Location Privacy Protection by Bill Schilit, Jason Hong, and Marco Gruteser Optional: Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Optional: Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing by Jason Hong, Jennifer Ng, Scott Lederer, and James Landay

3 Location Disclosure to Social Relations Overview Three Phases Three Phases Phase 1: Initial Interview Phase 1: Initial Interview Background Background Social network data for Phase 2 Social network data for Phase 2 Opinions on location disclosure Opinions on location disclosure Phase 2: Experience Sampling Method Phase 2: Experience Sampling Method Location requests accompanied by surveys over the course of 10 days Location requests accompanied by surveys over the course of 10 days Phase 3: Exit Interviews Phase 3: Exit Interviews Took a privacy classification survey Took a privacy classification survey Allowed modifications to the opinions given in Phase 1 Allowed modifications to the opinions given in Phase 1

4 Location Disclosure Study: Data Collection Single Request vs Standing Request Single Request vs Standing Request Location Precision Location Precision Refusal Messages Refusal Messages System Busy, I am Busy, Request Denied, System Busy, I am Busy, Request Denied, Current Activities Current Activities Nightly Voicemail Diary Nightly Voicemail Diary Two week Period Two week Period 10 Daily Location Requests 10 Daily Location Requests Only 16 participants All from non-technical position Equally split between male and female 2 Students 14 of 16 had an SO 4 had Children 11 Full time, 3 Part Time, 1 Housemaker All based in Seattle Area

5 Location Disclosure Study: Findings(1) What participants’ would disclose What participants’ would disclose More likely to give detailed information if any More likely to give detailed information if any Less specific information was given when details were likely to be less useful Less specific information was given when details were likely to be less useful Effect of the relationship of the requester to the participant Effect of the relationship of the requester to the participant Most likely to respond in the order: SO, Friends, Family, Co-Worker, Manager Most likely to respond in the order: SO, Friends, Family, Co-Worker, Manager Opinion of participant towards requester had an effect Opinion of participant towards requester had an effect Effect of where the requester lived relative to the participant Effect of where the requester lived relative to the participant Effect of the participant’s location when he received the request, Effect of the participant’s location when he received the request, Between 85%-70% response rate at most Between 85%-70% response rate at mostlocations. Co-workers and Managers much less likely Co-workers and Managers much less likely to Get a response outside of work.

6 Location Disclosure Study: Findings(2) Effect of the participant’s activity or mood when he received the request Effect of the participant’s activity or mood when he received the request Current Activity had definite effect Current Activity had definite effect Mood has some effect Mood has some effect Effect of the participant’s privacy classification Effect of the participant’s privacy classification Seemed to have very little correlation Seemed to have very little correlation Why participants rejected requests Why participants rejected requests Certain Times or Activities were not to be interrupted Certain Times or Activities were not to be interrupted When they were doing something that they didn’t want the requester to know about. When they were doing something that they didn’t want the requester to know about. What participants wanted to know about the locations of others What participants wanted to know about the locations of others Correlation between disclosure and desire to know location Correlation between disclosure and desire to know location Participants’ privacy and security concerns. Participants’ privacy and security concerns. Concern about Social implications of knowledge of location Concern about Social implications of knowledge of location Worried about what would happen if a third party used the technology to spy on them Worried about what would happen if a third party used the technology to spy on them

7 Location Disclosure Study: Decision Making 1. 1. Who is making the request (and how do I feel about that person right now) ? 2. 2. Why does the requester need to know? 3. 3. What would be most useful to the requester? 4. 4. Am I willing to disclose that? (Because if I am not willing to disclose what is useful, I will not disclose.) Is this similar to the decision process you would use? Is this similar to the decision process you would use?

8 Approach to Information Sharing(1) Pessimistic Pessimistic Privileges for Access set at Creation Privileges for Access set at Creation Most people don’t like to modify afterwards Most people don’t like to modify afterwards Knowledge of Proper permissions at creation is not certain Knowledge of Proper permissions at creation is not certain Optimistic Optimistic Allow access with monitoring Allow access with monitoring Use monitoring to disallow those that you don’t want to have access Use monitoring to disallow those that you don’t want to have access Problem – Cat is out of the bag Problem – Cat is out of the bag Interactive Interactive Requests for information arrive with 3 options: Requests for information arrive with 3 options: Grant Unconditional Access Grant Unconditional Access Grant One-Time Access Grant One-Time Access Deny Access Deny Access

9 Approach to Information Sharing(2) Applications: Applications: Calendaring Calendaring Parental Controls Parental Controls How well do these approaches apply to real time information such as Location? How well do these approaches apply to real time information such as Location?

10 Problems with Readily Available Location Information Economic Damage Economic Damage Spam Spam Social Ramifications Social Ramifications Reputation Harm Reputation Harm Misunderstandings Misunderstandings Other major Problems? Stalkers? Other major Problems? Stalkers?

11 Steps to protect Location Privacy Intermittent Connectivity Intermittent Connectivity User Interfaces User Interfaces Network Privacy Network Privacy These each have an associated problems. What are they? These each have an associated problems. What are they?

12 Privacy Analysis: Social and Organizational Context Who are the users of the system? Who are the users of the system? Who are the data sharers, the people sharing personal information? Who are the data sharers, the people sharing personal information? Who are the data observers, the people that see that personal information? Who are the data observers, the people that see that personal information? What kinds of personal information are shared? Under what circumstances? What kinds of personal information are shared? Under what circumstances? How does Ubicomp change what can be known? How does Ubicomp change what can be known? What information is known explicitly and implicitly? What information is known explicitly and implicitly? How often does the data change? How often does the data change? What is the value proposition for sharing personal information? What is the value proposition for sharing personal information? What does the sharing party gain? What does the sharing party gain?

13 Privacy Analysis: Social and Organizational Context(2) What are the relationships between data sharers and data observers? What are the relationships between data sharers and data observers? What is the relevant level, nature, What is the relevant level, nature, and symmetry of trust? What incentives do data observers have to protect data sharers’ personal information (or not, as the case may be)? What incentives do data observers have to protect data sharers’ personal information (or not, as the case may be)? Is there the potential for malicious data observers (e.g., spammers and stalkers)? Is there the potential for malicious data observers (e.g., spammers and stalkers)? What kinds of personal information are they interested in? What kinds of personal information are they interested in? Are there other stakeholders or third parties that might be directly or indirectly impacted by the system? Are there other stakeholders or third parties that might be directly or indirectly impacted by the system? Does this change the purpose of an existing technology? Does this change the purpose of an existing technology?

14 Privacy Analysis: Technology How is personal information collected? How is personal information collected? Who has control over the computers and sensors used to collect information? Who has control over the computers and sensors used to collect information? Network-Based, Network-Assisted, Client-Based Network-Based, Network-Assisted, Client-Based How is personal information shared? How is personal information shared? Is it opt-in or is it opt-out (or do data sharers even have a choice at all)? Is it opt-in or is it opt-out (or do data sharers even have a choice at all)? Do data sharers push personal information to data observers? Do data sharers push personal information to data observers? Or do data observers pull personal information from data sharers? Or do data observers pull personal information from data sharers? How much information is shared? How much information is shared? Is it discrete and one-time? Is it discrete and one-time? Is it continuous? Is it continuous? Ideally The Minimum amount of data to accomplish the task. Ideally The Minimum amount of data to accomplish the task.

15 Privacy Analysis: Technology(2) What is the quality of the information shared? What is the quality of the information shared? With respect to space, is the data at the room, building, street, or neighborhood level? With respect to space, is the data at the room, building, street, or neighborhood level? With respect to time, is it real-time, or is it several hours or even days old? With respect to time, is it real-time, or is it several hours or even days old? With respect to identity, is it a specific person, a pseudonym, or anonymous? With respect to identity, is it a specific person, a pseudonym, or anonymous? How long is personal data retained? How long is personal data retained? Where is it stored? Where is it stored? Who has access to it? Who has access to it?

16 Privacy Analysis: Risk Management The likelihood L that an unwanted disclosure of personal information occurs The likelihood L that an unwanted disclosure of personal information occurs The damage D that will happen on such a disclosure The damage D that will happen on such a disclosure Scale Scale The cost C of adequate privacy protection The cost C of adequate privacy protection Continual Cost to user and Development costs Continual Cost to user and Development costs In general situations where C <LD the privacy protections should be implemented In general situations where C <LD the privacy protections should be implemented

17 Privacy Analysis: Risk Management How does the unwanted disclosure take place? How does the unwanted disclosure take place? Is it an accident (for example, hitting the wrong button)? Is it an accident (for example, hitting the wrong button)? A misunderstanding (for example, the data sharer thinks they are doing one thing, but the system does another)? A misunderstanding (for example, the data sharer thinks they are doing one thing, but the system does another)? A malicious disclosure? A malicious disclosure? How much choice, control, and awareness do data sharers have over their personal information? How much choice, control, and awareness do data sharers have over their personal information? What kinds of control and feedback mechanisms do data sharers have to give them choice, control, and awareness? What kinds of control and feedback mechanisms do data sharers have to give them choice, control, and awareness? Are these mechanisms simple and understandable? Are these mechanisms simple and understandable? What is the privacy policy, and how is it communicated to data sharers? What is the privacy policy, and how is it communicated to data sharers? What are the default settings? What are the default settings? Are these defaults useful in preserving one’s privacy? Are these defaults useful in preserving one’s privacy? In what cases is it easier, more important, or more cost-effective to prevent unwanted disclosures and abuses? In what cases is it easier, more important, or more cost-effective to prevent unwanted disclosures and abuses? Detect disclosures and abuses? Detect disclosures and abuses? Are there ways for data sharers to maintain plausible deniability? Are there ways for data sharers to maintain plausible deniability? What mechanisms for recourse or recovery are there if there is an unwanted disclosure or an abuse of personal information? What mechanisms for recourse or recovery are there if there is an unwanted disclosure or an abuse of personal information? What are the ramifications of the disclosure? What are the ramifications of the disclosure?

18 Discussion Points Are there any questions that have been overlooked (Social, Technological, Risk Management)? Are there any questions that have been overlooked (Social, Technological, Risk Management)? How do these questions work alongside the Location Disclosure studies for a people locator? How do these questions work alongside the Location Disclosure studies for a people locator? Location Privacy is obviously important, are the current protection methodologies even going to sufficient? Location Privacy is obviously important, are the current protection methodologies even going to sufficient?

19 Group Work Split into groups and using the results of the first paper and its decision making process. Attempt to come up with a set of steps that a computer could make to automate as much of the decision making process as possible. Split into groups and using the results of the first paper and its decision making process. Attempt to come up with a set of steps that a computer could make to automate as much of the decision making process as possible. Decision Making Process: Decision Making Process: 1. 1. Who is making the request (and how do I feel about that person right now) ? 2. 2. Why does the requester need to know? 3. 3. What would be most useful to the requester? 4. 4. Am I willing to disclose that? (Because if I am not willing to disclose what is useful, I will not disclose.)

Download ppt "Location Privacy Christopher Pride. Readings Location Disclosure to Social Relations: Why, When, and What People Want to Share Location Disclosure to."

Similar presentations

Intercultural knowledge and language awareness

Intercultural knowledge and language awareness
An Architecture for Privacy-Sensitive Ubiquitous Computing Jason I. Hong Group for User Interface Research Computer Science Division University of California.

An Architecture for Privacy-Sensitive Ubiquitous Computing Jason I. Hong Group for User Interface Research Computer Science Division University of California.
Abertay.ac.uk ‘All that stuff I told them’ Ethical considerations for counselling and psychology students required to divulge personal information during.

Abertay.ac.uk ‘All that stuff I told them’ Ethical considerations for counselling and psychology students required to divulge personal information during.
1 Family-Centred Practice. What is family-centred practice? Family-centred practice is characterised by: mutual respect and trust reciprocity shared power.

1 Family-Centred Practice. What is family-centred practice? Family-centred practice is characterised by: mutual respect and trust reciprocity shared power.
An introduction to Child Protection and Safeguarding www.worcester.ac.uk.

An introduction to Child Protection and Safeguarding
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy MIT 15 TH November 2003 By Rakesh Kumar

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy MIT 15 TH November 2003 By Rakesh Kumar
Ethical and Social...J.M.Kizza 1 Module 5: Anonymity, Security, Privacy and Civil Liberties IntroductionAnonymitySecurityPrivacy Ethical and Social Issues.

Ethical and Social...J.M.Kizza 1 Module 5: Anonymity, Security, Privacy and Civil Liberties IntroductionAnonymitySecurityPrivacy Ethical and Social Issues.
Sex, Lies, or Kittens? Investigating the Use of Snapchat’s Self-Destructing Messages Franziska Roesner 1, Brian T. Gill 2, Tadayoshi Kohno 1 1 University.

Sex, Lies, or Kittens? Investigating the Use of Snapchat’s Self-Destructing Messages Franziska Roesner 1, Brian T. Gill 2, Tadayoshi Kohno 1 1 University.
C MU U sable P rivacy and S ecurity Laboratory Sensor-Based Interactions Kami Vaniea.

C MU U sable P rivacy and S ecurity Laboratory Sensor-Based Interactions Kami Vaniea.
An empirical approach to valuing privacy Luc Wathieu Harvard Business School Harvard University Allan Friedman Kennedy School of Government Harvard University.

An empirical approach to valuing privacy Luc Wathieu Harvard Business School Harvard University Allan Friedman Kennedy School of Government Harvard University.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
1 On Protecting Private Information in Social Networks: A Proposal Bo Luo 1 and Dongwon Lee 2 1 The University of Kansas, 2 The Pennsylvania.

1 On Protecting Private Information in Social Networks: A Proposal Bo Luo 1 and Dongwon Lee 2 1 The University of Kansas, 2 The Pennsylvania.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
INFO 310 User Centered Design. User centered design (Allen, 1996) Identify a user population Investigate the information needs of the user group Discover.

INFO 310 User Centered Design. User centered design (Allen, 1996) Identify a user population Investigate the information needs of the user group Discover.
Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems Jason Hong Carnegie Mellon Jennifer Ng Carnegie Mellon Scott Lederer University.

Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems Jason Hong Carnegie Mellon Jennifer Ng Carnegie Mellon Scott Lederer University.
Reference: [1] TeamSpace paper

Reference: [1] TeamSpace paper
Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:

Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:
SECURITY CONSIDERATIONS FOR COMPUTER PERSONNEL Tom Richards, Steve Guynes and Wayne Spence April 12, 2010.

SECURITY CONSIDERATIONS FOR COMPUTER PERSONNEL Tom Richards, Steve Guynes and Wayne Spence April 12, 2010.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

Similar presentations

Ads by Google