Privacy and Proportionality

Over the past several years, the press, trade publications and academic literature have reported with increasing frequency on the social concerns caused by ubiquitous computingInformation Technology (IT) embedded in artifacts, infrastructure and environments of daily life. Designers and researchers of ubiquitous computing (ubicomp) technologies have spent considerable efforts to address these concerns, which include privacy and data protection issues, information security and personal safety. Yet, designing successful ubicomp applications is still an unreliable and expensive endeavor, in part due to imperfect understanding of how technology is appropriated, the lack of effective design tools and the challenges of prototyping these applications in realistic conditions. I introduce the concept of proportionality as a principle able to guide design of ubiquitous computing applications and specifically to attack privacy and security issues. Inspired by the principle, I propose a design process framework that assists the practitioner in making reasoned and documented design choices throughout the development process. I validate the design process framework through a quantitative design experiment vis--vis other design methods. Furthermore, I present several case studies and evaluations to demonstrate the design methods effectiveness and generality. I claim that the design method helps to identify some of the obstacles to the acceptance of ubiquitous computing applications and to translate security and privacy concerns into research questions in the design process. I further discuss some of the inquiry and validation techniques that are appropriate to answer these questions.Ph.D.Committee Chair: Abowd, Gregory D.; Committee Member: Dourish, Paul; Committee Member: Edwards, Warren Keith; Committee Member: Goodman, Seymour; Committee Member: Rannenberg, Ka

An Evaluation Of The Comprehensibility and Usability Of a Design Method For Ubiquitous Computing Applications

We have recently proposed a design process framework that assists the practitioner in tackling the privacy and security issues of ubiquitous computing (ubicomp) applications during their development. In this report, we discuss a design study to evaluate the comprehensibility and usability of the design method. The study was conducted with six graduate students at our institution. Students were given the option of using the design method for completing a semester-long design exercise of a ubiquitous computing application of their choice. Researchers analyzed their written deliverables using quantitative metrics and conducted follow-up interviews. Results suggest that the design method is comprehensible and usable by inexperienced designers. Participants commented that the method might help especially in the design of exploratory applications with diverging stakeholders, broadening the coverage of the design process and generating stronger rationales for design decisions

A Token-based Access Control Mechanism for Automated Capture and Access Systems in Ubiquitous Computing

We discuss the problems related to access control in automated capture and access systems, which capture, store and retrieve information gathered through sensors in physical environments. We discuss several unique requirements that set capture and access apart from traditional information processing systems, and that make existing access control approaches such as role-based access control (RBAC) and digital rights management (DRM) unsuitable for this domain. Drawing from access control theory research, we devise an access control system that satisfies these requirements. Further, we describe its implementation within an existing capture and access system, and discuss emergent issues relating to retention time, rights management and information sharing. We argue that some traditional security requirements might not in fact be appropriate when applied to environmental captured information, due to the perceptual and social characteristics of such data. Finally, we provide an example of how this access control architecture might fit in a capture and access system composed of mobile devices

Design by Proportionality: Applying Data Protection Authorities ’ Practice to Ubicomp Design

We recently proposed the concept of proportionality as a principle able to guide the design of ubiquitous computing applications and improve their acceptance. Inspired by the principle, we proposed a design process framework that assists the practitioner in making reasoned and documented design choices throughout the development process. We claim that the design method may increase the coverage of security and privacy requirements analysis and improve design quality. As initial evidence of the design method’s effectiveness and generality, we discuss a pilot design exercise that has been conducted with graduate students at our institution

Developing Privacy Guidelines for Social Location Disclosure Applications and Services

In this article, we describe the design process of Reno, a location-enhanced, mobile coordination tool and person finder. The design process included three field experiments: a formative Experience Sampling Method (ESM) study, a pilot deployment and an extended user study. These studies were targeted at the significant personal security, privacy and data protection concerns caused by this application. We distil this experience into a small set of guidelines for designers of social mobile applications and show how these guidelines can be applied to a different application, called Boise. These guidelines cover issues pertaining to personal boundary definition, control, deception and denial, and group vs. individual communication. We also report on lessons learned from our evaluation experience, which might help practitioners in designing novel mobile applications, including the choice and characterization of users for testing security and privacy features of designs, the length of learning curves and their effect on evaluation and the impact of peculiar deployment circumstances on the results of these finely tuned user studies

handheld

design and evaluation of a mobile location-awar

Prototyping and sampling experience to evaluate ubiquitous computing privacy in the real world

We developed an inquiry technique, which we called “paratype,” based on experience prototyping and eventcontingent experience sampling, to survey people in reallife situations about ubiquitous computing (ubicomp) technology. We used this tool to probe the opinions of the conversation partners of users of the Personal Audio Loop, a memory aid that can have a strong impact on their privacy. We present the findings of this study and their implications, specifically the need to broaden public awareness of ubicomp applications and the unfitness of traditional data protection guidelines for tackling the privacy issues of many ubicomp applications. We also point out benefits and methodological issues of paratypes and discuss why they are particularly fit for studying certain classes of mobile and ubicomp applications