1 / 19

Location Privacy

Location Privacy. Christopher Pride. Readings. Location Disclosure to Social Relations: Why, When, and What People Want to Share by Sunny Consolvo, et al. Presenting Choices in Context: Approaches to Information Sharing by Jonathan Grudin and Eric Horvitz

fwunder
Download Presentation

Location Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Location Privacy Christopher Pride

  2. Readings • Location Disclosure to Social Relations: Why, When, and What People Want to Share by Sunny Consolvo, et al. • Presenting Choices in Context: Approaches to Information Sharing by Jonathan Grudin and Eric Horvitz • Wireless Location Privacy Protection by Bill Schilit, Jason Hong, and Marco Gruteser • Optional: Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing by Jason Hong, Jennifer Ng, Scott Lederer, and James Landay

  3. Location Disclosure to Social Relations Overview • Three Phases • Phase 1: Initial Interview • Background • Social network data for Phase 2 • Opinions on location disclosure • Phase 2: Experience Sampling Method • Location requests accompanied by surveys over the course of 10 days • Phase 3: Exit Interviews • Took a privacy classification survey • Allowed modifications to the opinions given in Phase 1

  4. Single Request vs Standing Request Location Precision Refusal Messages System Busy, I am Busy, Request Denied, <lie> Current Activities Nightly Voicemail Diary Two week Period 10 Daily Location Requests Only 16 participants All from non-technical position Equally split between male and female 2 Students 14 of 16 had an SO 4 had Children 11 Full time, 3 Part Time, 1 Housemaker All based in Seattle Area Location Disclosure Study: Data Collection

  5. Location Disclosure Study:Findings(1) • What participants’ would disclose • More likely to give detailed information if any • Less specific information was given when details were likely to be less useful • Effect of the relationship of the requester to the participant • Most likely to respond in the order: SO, Friends, Family, Co-Worker, Manager • Opinion of participant towards requester had an effect • Effect of where the requester lived relative to the participant • Effect of the participant’s location when he received the request, • Between 85%-70% response rate at most locations. • Co-workers and Managers much less likely to Get a response outside of work.

  6. Location Disclosure Study:Findings(2) • Effect of the participant’s activity or mood when he received the request • Current Activity had definite effect • Mood has some effect • Effect of the participant’s privacy classification • Seemed to have very little correlation • Why participants rejected requests • Certain Times or Activities were not to be interrupted • When they were doing something that they didn’t want the requester to know about. • What participants wanted to know about the locations of others • Correlation between disclosure and desire to know location • Participants’ privacy and security concerns. • Concern about Social implications of knowledge of location • Worried about what would happen if a third party used the technology to spy on them

  7. Location Disclosure Study:Decision Making • Who is making the request (and how do I feel about that person right now)? • Why does the requester need to know? • What would be most useful to the requester? • Am I willing to disclose that? (Because if I am not willing to disclose what is useful, I will not disclose.) • Is this similar to the decision process you would use?

  8. Approach to Information Sharing(1) • Pessimistic • Privileges for Access set at Creation • Most people don’t like to modify afterwards • Knowledge of Proper permissions at creation is not certain • Optimistic • Allow access with monitoring • Use monitoring to disallow those that you don’t want to have access • Problem – Cat is out of the bag • Interactive • Requests for information arrive with 3 options: • Grant Unconditional Access • Grant One-Time Access • Deny Access

  9. Approach to Information Sharing(2) • Applications: • Calendaring • Parental Controls • How well do these approaches apply to real time information such as Location?

  10. Problems with Readily Available Location Information • Economic Damage • Spam • Social Ramifications • Reputation Harm • Misunderstandings • Other major Problems? Stalkers?

  11. Steps to protect Location Privacy • Intermittent Connectivity • User Interfaces • Network Privacy • These each have an associated problems. What are they?

  12. Privacy Analysis:Social and Organizational Context • Who are the users of the system? • Who are the data sharers, the people sharing personal information? • Who are the data observers, the people that see that personal information? • What kinds of personal information are shared? Under what circumstances? • How does Ubicomp change what can be known? • What information is known explicitly and implicitly? • How often does the data change? • What is the value proposition for sharing personal information? • What does the sharing party gain?

  13. Privacy Analysis:Social and Organizational Context(2) • What are the relationships between data sharers and data observers? • What is the relevant level, nature, and symmetry of trust? • What incentives do data observers have to protect data sharers’ personal information (or not, as the case may be)? • Is there the potential for malicious data observers (e.g., spammers and stalkers)? • What kinds of personal information are they interested in? • Are there other stakeholders or third parties that might be directly or indirectly impacted by the system? • Does this change the purpose of an existing technology?

  14. Privacy Analysis:Technology • How is personal information collected? • Who has control over the computers and sensors used to collect information? • Network-Based, Network-Assisted, Client-Based • How is personal information shared? • Is it opt-in or is it opt-out (or do data sharers even have a choice at all)? • Do data sharers push personal information to data observers? • Or do data observers pull personal information from data sharers? • How much information is shared? • Is it discrete and one-time? • Is it continuous? • Ideally The Minimum amount of data to accomplish the task.

  15. Privacy Analysis:Technology(2) • What is the quality of the information shared? • With respect to space, is the data at the room, building, street, or neighborhood level? • With respect to time, is it real-time, or is it several hours or even days old? • With respect to identity, is it a specific person, a pseudonym, or anonymous? • How long is personal data retained? • Where is it stored? • Who has access to it?

  16. Privacy Analysis:Risk Management • The likelihood L that an unwanted disclosure of personal information occurs • The damage D that will happen on such a disclosure • Scale • The cost C of adequate privacy protection • Continual Cost to user and Development costs • In general situations where C <LD the privacy protections should be implemented

  17. Privacy Analysis:Risk Management • How does the unwanted disclosure take place? • Is it an accident (for example, hitting the wrong button)? • A misunderstanding (for example, the data sharer thinks they are doing one thing, but the system does another)? • A malicious disclosure? • How much choice, control, and awareness do data sharers have over their personal information? • What kinds of control and feedback mechanisms do data sharers have to give them choice, control, and awareness? • Are these mechanisms simple and understandable? • What is the privacy policy, and how is it communicated to data sharers? • What are the default settings? • Are these defaults useful in preserving one’s privacy? • In what cases is it easier, more important, or more cost-effective to prevent unwanted disclosures and abuses? • Detect disclosures and abuses? • Are there ways for data sharers to maintain plausible deniability? • What mechanisms for recourse or recovery are there if there is an unwanted disclosure or an abuse of personal information? • What are the ramifications of the disclosure?

  18. Discussion Points • Are there any questions that have been overlooked (Social, Technological, Risk Management)? • How do these questions work alongside the Location Disclosure studies for a people locator? • Location Privacy is obviously important, are the current protection methodologies even going to sufficient?

  19. Group Work • Split into groups and using the results of the first paper and its decision making process. Attempt to come up with a set of steps that a computer could make to automate as much of the decision making process as possible. • Decision Making Process: • Who is making the request (and how do I feel about that person right now)? • Why does the requester need to know? • What would be most useful to the requester? • Am I willing to disclose that? (Because if I am not willing to disclose what is useful, I will not disclose.)

More Related