A privacy awareness system for ubiquitous computing environments

www.inf.ethz.ch/˜langhein Abstract. Protecting personal privacy is going to be a prime concern for the deployment of ubiquitous computing systems in the real world. With daunting Orwellian visions looming, it is easy to conclude that tamper-proof technical protection mechanisms such as strong anonymization and encryption are the only solutions to such privacy threats. However, we argue that such perfect protection for personal information will hardly be achievable, and propose instead to build systems that help others respect our personal privacy, enable us to be aware of our own privacy, and to rely on social and legal norms to protect us from the few wrongdoers. We introduce a privacy awareness system targeted at ubiquitous computing environments that allows data collectors to both announce and implement data usage policies, as well as providing data subjects with technical means to keep track of their personal information as it is stored, used, and possibly removed from the system. Even though such a system cannot guarantee our privacy, we believe that it can create a sense of accountability in a world of invisible services that we will be comfortable living in and interacting with.

Application diversity in open display networks

We envision that future public display networks will be more interactive and open to applications from third parties similar to what we already have with smartphones. This paper investigates the application landscape for interactive public displays aiming to understand what would be the design and usage space for this type of applications. In particular, we explore people’s perceptions and expectations regarding the diversity of applications that may emerge in future application ecosystems for public displays. We have devised a research methodology anchored on what is currently the rich and diverse range of applications in the mobile application market. We used a set of 75 mobile applications from Google Play application store and asked 72 participants about their relevance for public displays. The results showed that people had a clear preference for applications that disseminate content, and also that these preferences are affected by the type of location where the displays are deployed. These insights improve the understanding of the variables that may affect diversity in future display application ecosystems and inform the development of potential app stores in this context.Fundação para a Ciência e a Tecnologia (FCT

A good balance of costs and benefits: convincing a university administration to support the installation of an interactive multi-application display system on campus

Interactive digital signage systems allow passers-by to take (temporary) control of a public display in order to select content and applications of interest, or even upload content of their own. Not surprisingly, display owners are hesitant to embrace such interactivity, given the uncertainty of what will be shown on their displays. In this paper we summarize our experience of deploying an interactive multi-application display system in the context of a university environment, and in particular our engagements with display owners (i.e., university administration) in order to convince them and get their support for the installation and deployment of such a system. We present the results of semi-structured interviews with display owners regarding their motivations, needs, and concerns with respect to the deployment of such a system at our university. While one cannot generalize from our results, we nevertheless believe that our experiences offer helpful advice to developers of such systems (and/or researchers interested in designing and studying them) in order to aid them in successfully gathering the support of these important stakeholders

Longitude : a privacy-preserving location sharing protocol for mobile applications

Location sharing services are becoming increasingly popular. Although many location sharing services allow users to set up privacy policies to control who can access their location, the use made by service providers remains a source of concern. Ideally, location sharing providers and middleware should not be able to access users’ location data without their consent. In this paper, we propose a new location sharing protocol called Longitude that eases privacy concerns by making it possible to share a user’s location data blindly and allowing the user to control who can access her location, when and to what degree of precision. The underlying cryptographic algorithms are designed for GPS-enabled mobile phones. We describe and evaluate our implementation for the Nexus One Android mobile phone

Is Privacy Regulation Slowing Down Research on Pervasive Computing?

Privacy legislation has often been identified as a roadblock for advanced context-aware applications. The feedback collected from more than 150 researchers in pervasive computing reveals a different attitude. Has pervasive computing\u2019s privacy challenge been solved

Making GDPR Usable: A Model to Support Usability Evaluations of Privacy

We introduce a new model for evaluating privacy that builds on the criteria proposed by the EuroPriSe certification scheme by adding usability criteria. Our model is visually represented through a cube, called Usable Privacy Cube (or UP Cube), where each of its three axes of variability captures, respectively: rights of the data subjects, privacy principles, and usable privacy criteria. We slightly reorganize the criteria of EuroPriSe to fit with the UP Cube model, i.e., we show how EuroPriSe can be viewed as a combination of only rights and principles, forming the two axes at the basis of our UP Cube. In this way we also want to bring out two perspectives on privacy: that of the data subjects and, respectively, that of the controllers/processors. We define usable privacy criteria based on usability goals that we have extracted from the whole text of the General Data Protection Regulation. The criteria are designed to produce measurements of the level of usability with which the goals are reached. Precisely, we measure effectiveness, efficiency, and satisfaction, considering both the objective and the perceived usability outcomes, producing measures of accuracy and completeness, of resource utilization (e.g., time, effort, financial), and measures resulting from satisfaction scales. In the long run, the UP Cube is meant to be the model behind a new certification methodology capable of evaluating the usability of privacy, to the benefit of common users. For industries, considering also the usability of privacy would allow for greater business differentiation, beyond GDPR compliance.Comment: 41 pages, 2 figures, 1 table, and appendixe

Enabling Secure Secret Updating for Unidirectional Key Distribution in RFID-Enabled Supply Chains

A*Star SERC in Singapore5927/2009</p

Distributed Path Authentication for Dynamic RFID-Enabled Supply Chains

Part 12: Authentication and DelegationInternational audienceIn this paper, we propose a distributed path authentication solution for dynamic RFID-enabled supply chains to address the counterfeiting problem. Compared to existing general anti-counterfeiting solutions, our solution requires non sharing of item-level RFID information among supply chain parties, thus eliminating the requirement on high network bandwidth and fine-grained access control. Our solution is secure, privacy-preserving, and practical. It leverages on the standard EPCglobal network to share information about paths and parties in path authentication. Our solution can be implemented on standard EPC class 1 generation 2 tags with only 720 bits storage and no computational capability