Location privacy policy management system

The advance in wireless communication and positioning systems has permitted development of a large variety of location-based services that, for example, can help people easily locate family members or find nearest gas station or restaurant. As location-based services become more and more popular, concerns are growing about the misuse of location information by malicious parties. In order to preserve location privacy, many efforts have been devoted to preventing service providers from determining users\u27 exact locations. Few works have sought to help users manage their privacy preferences; however management of privacy is an important issue in real applications. This work developed an easy-to-use location privacy management system. Specifically, it defines a succinct yet expressive location privacy policy constructs that can be easily understood by ordinary users. The system provides various policy management functions including policy composition, policy conflict detection, and policy recommendation. Policy composition allows users to insert and delete policies. Policy conflict detection will automatically check conflict among policies whenever there is any change. The policy recommendation system will generate recommended policies based on users\u27 basic requirements in order to reduce users\u27 burden. A system prototype has been implemented and evaluated in terms of both efficiency and effectiveness --Abstract, page iii

Supporting Location Privacy Management through Feedback and Control

Participation in modern, socially-focused digital systems involves a large degree of privacy management, i.e. controlling who may access what information under what circumstances. Effective privacy management (control) requires that mobile systems’ users be able to make informed privacy decisions as their experience and knowledge of a system progresses. By informed, we mean users be aware of the actual information flow. Moreover, privacy preferences vary across the context and it is hard to define privacy policy that reflects the dynamic nature of our lives. This research explores the problem of supporting awareness of information flow and designing usable interfaces for maintaining privacy policies ad-hoc. We borrow from the world of Computer Supported Collaborative Work (CSCW) and propose to incorporate social translucence, a design approach that “supports coherent behaviour by making participants and their activities visible to one another”. We use the characteristics of social translucence, namely visibility, awareness and accountability in order to introduce social norms in spatially dispersed systems. Our research is driven by two questions: (1) how can artifacts from real world social interaction, such as responsibility, be embedded into mobile interaction; and (2) can systems be designed in which both privacy violations and the burden of privacy management is minimized. The contributions of our work are: (1) an implementation of Buddy Tracker, privacy-aware location-sharing application based on the social translucence; (2) the design and evaluation of the concept of real-time feedback as a means of incorporating social translucence in location-sharing scenarios; and finally (3) a novel interface for ad-hoc privacy management called Privacy-Shake. We explore the role of real-time feedback for privacy management in the context of Buddy Tracker. Informed by focus group discussions, interviews, surveys and two field trials of Buddy Tracker we found that when using a system that provided real-time feedback, people were more accountable for their actions and reduced the number of unreasonable location requests. From our observations we develop concrete design guidelines for incorporating real-time feedback into information sharing applications in a manner that ensures social acceptance of the technology

Designing a Publish-Substrate for Privacy/Security in Pervasive Environments

The emergence of a multitude of technologies for tracking locations is leading to the design of pervasive location-tracking environments. In order to explore issues in the design of such environments, the University of Michigan is deploying a network of location sensors in a number of buildings. Managing privacy is expected to be a significant concern for acceptance of such pervasive environments. This paper outlines an initial design of a publish-subscribe communication substrate for controlled distribution of sensor data. We describe our prototype as well as a privacy-aware location-tracking application built on top of the system. The focus of this paper is on policy management so as to provide means for allowing users to control distribution of data tagged with their ID to other users and services. The paper shows how a wide variety of policies can be specified in the system and points out directions for future work

Implanting Life-Cycle Privacy Policies in a Context Database

Ambient intelligence (AmI) environments continuously monitor surrounding individuals' context (e.g., location, activity, etc.) to make existing applications smarter, i.e., make decision without requiring user interaction. Such AmI smartness ability is tightly coupled to quantity and quality of the available (past and present) context. However, context is often linked to an individual (e.g., location of a given person) and as such falls under privacy directives. The goal of this paper is to enable the difficult wedding of privacy (automatically fulfilling users' privacy whishes) and smartness in the AmI. interestingly, privacy requirements in the AmI are different from traditional environments, where systems usually manage durable data (e.g., medical or banking information), collected and updated trustfully either by the donor herself, her doctor, or an employee of her bank. Therefore, proper information disclosure to third parties constitutes a major privacy concern in the traditional studies

Trust-based model for privacy control in context aware systems

In context-aware systems, there is a high demand on providing privacy solutions to users when they are interacting and exchanging personal information. Privacy in this context encompasses reasoning about trust and risk involved in interactions between users. Trust, therefore, controls the amount of information that can be revealed, and risk analysis allows us to evaluate the expected benefit that would motivate users to participate in these interactions. In this paper, we propose a trust-based model for privacy control in context-aware systems based on incorporating trust and risk. Through this approach, it is clear how to reason about trust and risk in designing and implementing context-aware systems that provide mechanisms to protect users' privacy. Our approach also includes experiential learning mechanisms from past observations in reaching better decisions in future interactions. The outlined model in this paper serves as an attempt to solve the concerns of privacy control in context-aware systems. To validate this model, we are currently applying it on a context-aware system that tracks users' location. We hope to report on the performance evaluation and the experience of implementation in the near future

Empowering users to control their privacy in context-aware system through interactive consent

Context-aware systems adapt their behaviour based on the context a user is in. Since context is potentially privacy sensitive information, users should be empowered to control how much of their context they are willing to share, under what conditions and for what purpose. We propose an interactive consent mechanism that allows this. It is interactive in the sense that users are asked for consent when a request for their context information is received. Our interactive consent mechanism complements a more traditional pre-configuration approach. We describe the architecture, the implementation of our interactive consent mechanism and a use case

Economic location-based services, privacy and the relationship to identity

Mobile telephony and mobile internet are driving a new application paradigm: location-based services (LBS). Based on a person’s location and context, personalized applications can be deployed. Thus, internet-based systems will continuously collect and process the location in relationship to a personal context of an identified customer. One of the challenges in designing LBS infrastructures is the concurrent design for economic infrastructures and the preservation of privacy of the subjects whose location is tracked. This presentation will explain typical LBS scenarios, the resulting new privacy challenges and user requirements and raises economic questions about privacy-design. The topics will be connected to “mobile identity” to derive what particular identity management issues can be found in LBS