Presentation is loading. Please wait.

Presentation is loading. Please wait.

Approximate Information Flows: Socially-based Modeling of Privacy in Ubiquitous Computing Xiaodong Jiang Jason I. Hong James A. Landay G r o u p f o r.

Published byBrianna McCoy Modified over 9 years ago

Similar presentations

Presentation on theme: "Approximate Information Flows: Socially-based Modeling of Privacy in Ubiquitous Computing Xiaodong Jiang Jason I. Hong James A. Landay G r o u p f o r."— Presentation transcript:

1 Approximate Information Flows: Socially-based Modeling of Privacy in Ubiquitous Computing Xiaodong Jiang Jason I. Hong James A. Landay G r o u p f o r User Interface Research University of California Berkeley

2 Oct 01 20022 Designing for Privacy in Ubicomp What design goals? How to implement? Related work –Fair Information Practices, Westin, Langheinrich –Transparent Society, David Brin –Design Framework for Ubicomp, Bellotti and Sellen This work –How privacy is affected by more pragmatic forces Market, Social, Legal, Technical (Lessig) –Principle of Minimum Asymmetry –Approximate Information Flows (AIF) as a way of tying together asymmetry, privacy, and ubicomp systems

3 Oct 01 20023 Information Asymmetry Situations in which some actors hold private information relevant to everyone Akerlof (Nobel Prize 2001) Ex. Used cars and "Malfunctioning of Markets"

4 Oct 01 20024 Alice (Data Owner) $ $ $ Loc-based Advertiser (Data User) Map Service (Data Collector) Asymmetry in Ubicomp Large potential for asymmetries in information and power

5 Oct 01 20025 Forces on Privacy Privacy Social MarketLegal Technology Lessig, “Architecture of Privacy” Practical privacy shaped by four forces Asymmetry impedes Market, Social, and Legal How to build Technology to enable other forces?

6 Oct 01 20026 Operationalizing Privacy Technology Information Asymmetry MarketSocialLegal Privacy Values (Ex. FIP, Transparency) Approximate Information Flows: Describe and prescribe different levels of information asymmetry in ubicomp systems

7 Oct 01 20027 Principle of Minimum Asymmetry Minimize asymmetry of information between data owners and data collectors and data users, by: Minimizing quality & quantity of info going out Maximizing quality & quantity of info going back in Collectors / Users Owners Out In

8 Oct 01 20028 Minimizing Asymmetry in Ubicomp Alice (Data Owner) $ $ $ Loc-based Advertiser (Data User) Map Service (Data Collector) Reduce accuracy Anonymize Ask for consent Notify Log Aggregate Reduce accuracy

9 Oct 01 20029 Implications for Ubicomp Makes it easier to apply other forces –Market, ex. making informed decisions about personal data transactions –Social, ex. logging and notification to inform people about violations of social norms –Legal, ex. logs that serve as evidence for legal recourse Minimum asymmetry is a relative notion –Depends on the task, domain, and values

10 Oct 01 200210 Applying Minimum Asymmetry What are useful abstractions for thinking about and supporting minimum asymmetry? Approximate Information Flows –Where does the data live? –When does data flow to others? –What can people do to protect data?

11 Oct 01 200211 Where Does the Data Live? Information Spaces, tied to boundaries Privacy-sensitive data representation –Persistence, how long does data live? –Confidence, sensor property Ex. 95% vs 25% –Accuracy, usage property Ex. "Sweden" vs "Göteberg" vs "Draken Cinema" Basic privacy-sensitive operations –Read / Write –Promote / Demote: persistence, confidence, accuracy –Aggregate: composition, fusion (inference) –Permissions and Logging association all operations

12 Oct 01 200212 Example Usage of InfoSpaces Alice's InfoSpace Map Service InfoSpace Loc-based Advertiser InfoSpace Owner="Alice" Loc=“Draken Cinema" Confidence="85%" TTL="forever" Owner="xyzzy" Loc=“Göteberg" Confidence="80%" TTL="1 week" Notify=“alice@anon.com" Perm=“map service" Log

13 Oct 01 200213 When Does Data Flow to Others? Data Lifecycle Collection –The point when data is gathered –Ex. When Alice gets her location data (GPS) Access –The point when data is initially used –Ex. Map Service uses Alice’s location data Second use –Use and sharing of data after initial access –Ex. Location-based advertiser asks Map Service for location of Alice

14 Oct 01 200214 What Can People Do to Protect Data? Themes for Minimizing Asymmetry Prevent privacy violations from occurring –Ex. Anonymize Alice's data –Minimizing flow out Avoid potential privacy risks –Ex. Alice asks others if Map Service is reputable –Minimizing flow out & maximizing flow in Detect privacy violations if there are any –Ex. A third party audits what Map Service is doing –Maximizing flow in

15 Oct 01 200215 Approximate Information Flows Putting it all together Information spaces define “privacy zones” Incoming & outgoing flows for an InfoSpace determine its degree of asymmetry (Prevention, avoidance, detection) used to alter asymmetry for that InfoSpace Apply at (collection, access, second use)

16 Oct 01 200216 Minimizing Asymmetry at Different Times Avoid Prevent CollectionSecond UseAccess Themes for Minimizing Asymmetry Data Lifecycle Anonymization Pseudonymization P3P RBAC Location Support Privacy Mirrors Wearables User Interfaces for Feedback, Notification, and Consent Logging Detection Alice's InfoSpace Detect

17 Oct 01 200217 Current & Future Work Model for privacy control: decentralized info space with unified privacy tagging –IEEE Pervasive Computing, July/Sept, 2002 Integration into a context infrastructure Ways to translate end-user privacy prefs to system-level asymmetry-based policies

18 Oct 01 200218 Conclusions Asymmetry as a way of tying together Market, Legal, Social, and Technical forces Principle of Minimum Asymmetry Approximate Information Flows as a model for implementing minimum asymmetry –Information Spaces –Data Lifecycle –Themes for minimizing asymmetry Approximate Information Flows for analyzing and minimizing asymmetry in ubicomp systems

19 Xiaodong Jiang Jason I. Hong James A. Landay http://guir.berkeley.edu/groups/privacy G r o u p f o r User Interface Research University of California Berkeley Thanks to: John Canny Anind Dey Scott Lederer National Science Foundation ITR

Download ppt "Approximate Information Flows: Socially-based Modeling of Privacy in Ubiquitous Computing Xiaodong Jiang Jason I. Hong James A. Landay G r o u p f o r."

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
2 1.Client protection principles 2.Principle #6 in practice 3.The client perspective 4.Participant feedback 5.Tools for improving practice 6.Conclusion.

2 1.Client protection principles 2.Principle #6 in practice 3.The client perspective 4.Participant feedback 5.Tools for improving practice 6.Conclusion.
An Architecture for Privacy-Sensitive Ubiquitous Computing Jason I. Hong Group for User Interface Research Computer Science Division University of California.

An Architecture for Privacy-Sensitive Ubiquitous Computing Jason I. Hong Group for User Interface Research Computer Science Division University of California.
Overview of the Connecting for Health Common Framework Privacy and Confidentiality Workshop eHealth Initiative and Vanderbilt Center for Better Health.

Overview of the Connecting for Health Common Framework Privacy and Confidentiality Workshop eHealth Initiative and Vanderbilt Center for Better Health.
Privacy Management in Ubiquitous Computing Environment Jin Zhou Ho Geun An Priyanka Vanjani Kwane E. Welcher.

Privacy Management in Ubiquitous Computing Environment Jin Zhou Ho Geun An Priyanka Vanjani Kwane E. Welcher.
Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.

Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.
Continuous Compliance Assurance for Trusted Information Sharing: A Research Framework Bonnie W. Morris College of Business & Economics

Continuous Compliance Assurance for Trusted Information Sharing: A Research Framework Bonnie W. Morris College of Business & Economics
Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems Jason Hong Carnegie Mellon Jennifer Ng Carnegie Mellon Scott Lederer University.

Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems Jason Hong Carnegie Mellon Jennifer Ng Carnegie Mellon Scott Lederer University.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
March 13, 2004Securing Privacy Conference1 SENSOR NETWORKS & PRIVACY Pamela Samuelson, UC Berkeley, Securing Privacy Conference, March 13, 2004.

March 13, 2004Securing Privacy Conference1 SENSOR NETWORKS & PRIVACY Pamela Samuelson, UC Berkeley, Securing Privacy Conference, March 13, 2004.
An Architecture for Privacy-Sensitive Ubiquitous Computing Jason I. Hong HCI Institute Carnegie Mellon University James A. Landay Computer Science and.

An Architecture for Privacy-Sensitive Ubiquitous Computing Jason I. Hong HCI Institute Carnegie Mellon University James A. Landay Computer Science and.
Mobile Commerce and Ubiquitous Computing

Mobile Commerce and Ubiquitous Computing
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Contextual Integrity in PORTIA PI: Helen Nissenbaum Students: Timothy Weber & Michael Zimmer New York University In collaboration with: Sam Hawala (U.S.

Contextual Integrity in PORTIA PI: Helen Nissenbaum Students: Timothy Weber & Michael Zimmer New York University In collaboration with: Sam Hawala (U.S.
Location Privacy Christopher Pride. Readings Location Disclosure to Social Relations: Why, When, and What People Want to Share Location Disclosure to.

Location Privacy Christopher Pride. Readings Location Disclosure to Social Relations: Why, When, and What People Want to Share Location Disclosure to.
PRIVACY, TRUST, and SECURITY Bharat Bhargava (moderator)

PRIVACY, TRUST, and SECURITY Bharat Bhargava (moderator)
System Engineering Instructor: Dr. Jerry Gao. System Engineering Jerry Gao, Ph.D. Jan. 1999 - System Engineering Hierarchy - System Modeling - Information.

System Engineering Instructor: Dr. Jerry Gao. System Engineering Jerry Gao, Ph.D. Jan System Engineering Hierarchy - System Modeling - Information.
Keeping Ubiquitous Computing To Yourself: Privacy Protection in UbiComp Karim Adam Computing Research Centre The Open University.

Keeping Ubiquitous Computing To Yourself: Privacy Protection in UbiComp Karim Adam Computing Research Centre The Open University.
Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.

Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.
A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality 2014-06-10.

A Robust Health Data Infrastructure P. Jon White, MD Director, Health IT Agency for Healthcare Research and Quality

Similar presentations

Ads by Google