Article

Privacy risk models for designing privacy-sensitive ubiquitous computing systems

Authors:

Jennifer D. Ng,

James A. LandayAuthors Info & Claims

DIS '04: Proceedings of the 5th conference on Designing interactive systems: processes, practices, methods, and techniques

Pages 91 - 100

https://doi.org/10.1145/1013115.1013129

Published: 01 August 2004 Publication History

Abstract

Privacy is a difficult design issue that is becoming increasingly important as we push into ubiquitous computing environments. While there is a fair amount of theoretical work on designing for privacy, there are few practical methods for helping designers create applications that provide end-users with a reasonable level of privacy protection that is commensurate with the domain, with the community of users, and with the risks and benefits to all stakeholders in the intended system. Towards this end, we propose privacy risk models as a general method for refining privacy from an abstract concept into concrete issues for specific applications and prioritizing those issues. In this paper, we introduce a privacy risk model we have developed specifically for ubiquitous computing, and outline two case studies describing our use of this privacy risk model in the design of two ubiquitous computing applications.

References

[1]

MedicAlert. http://www.medicalert.org]]

[2]

United States v. Carroll Towing Co. 1947.]]

[3]

Adams, A. Multimedia Information Changes the Whole Privacy Ball Game. In Proceedings of Computers, Freedom, and Privacy. Toronto, Canada: ACM Press. pp. 25--32 2000.]]

[4]

Agre, P.E. and M. Rotenberg, Technology and Privacy: The New Landscape. Cambridge MA: MIT Press, 1997.]]

Digital Library

[5]

allnurses.com - Nursing Discussion Board for Nurses Archive, Nurse Tracking Devices: Whats Your Opinion? http://allnurses.com/forums/showthread/t-8012.html]]

[6]

AT&T, AT&T Wireless mMode - Find Friends. http://www.attwireless.com/mmode/features/findit/FindFriends/]]

[7]

Barkhuus, L. and A.K. Dey. Location-based services for mobile telephony: a study of users' privacy concerns. In Proceedings of INTERACT 2003, 9th IFIP TC13 International Conference on Human-Computer Interaction. pp. To appear 2003.]]

[8]

BBC News, Radio tags spark privacy worries. http://news.bbc.co.uk/1/hi/technology/3224920.stm]]

[9]

Bellotti, V. and A. Sellen. Design for Privacy in Ubiquitous Computing Environments. In Proceedings of The Third European Conference on Computer Supported Cooperative Work (ECSCW'93). Milan, Italy: Kluwer Academic Publishers 1993.]]

Digital Library

[10]

Brin, D., The Transparent Society. Reading, MA: Perseus Books, 1998.]]

[11]

Chung, E.S., J.I. Hong, J. Lin, M.K. Prabaker, J.A. Landay, and A. Liu. Development and Evaluation of Emerging Design Patterns for Ubiquitous Computing. In Proceedings of Designing Interactive Systems (DIS2004). Boston, MA. pp. To Appear 2004.]]

Digital Library

[12]

Doheny-Farina, S., The Last Link: Default = Offline, Or Why Ubicomp Scares Me, Computer-mediated Communication, vol. 1(6): pp. 18--20, 1994.]]

[13]

Etzioni, A., The Limits of Privacy. New York: Basic Books, 1999.]]

[14]

Feinman, J.M., Law 101. Oxford, England: Oxford University Press, 2000.]]

[15]

Felten, E., DRM, and the First Rule of Security Analysis. 2003. http://www.freedom-to-tinker.com/archives/000317.html]]

[16]

Garfinkel, S., Database Nation: The Death of Privacy in the 21st Century: O'Reilly & Associates, 2001.]]

Digital Library

[17]

Grudin, J., Groupware and Social Dynamics: Eight Challenges for Developers, Communications of the ACM, vol. 37(1): pp. 92--105., 1994.]]

Digital Library

[18]

Grudin, J. and E. Horvitz, Presenting choices in context: approaches to information sharing. 2003: Workshop on Ubicomp communities: Privacy as Boundary Negotiation. http://guir.berkeley.edu/pubs/ubicomp2003/privacyworkshop/papers.htm]]

[19]

Hackos, J.T. and J.C. Redish, User and Task Analysis for Interface Design. Hoboken, NJ: John Wiley & Sons, 1998.]]

Digital Library

[20]

Harper, R.H.R., Why Do People Wear Active Badges? Technical Report EPC-1993-120, Rank Xerox, Cambridge 1993.]]

[21]

Harter, A. and A. Hopper, A Distributed Location System for the Active Office. IEEE Network, 1994. 8(1).]]

Digital Library

[22]

Jiang, X., J.I. Hong, and J.A. Landay. Approximate Information Flows: Socially-based Modeling of Privacy in Ubiquitous Computing. In Proceedings of Ubicomp 2002. Göteborg, Sweden. pp. 176--193 2002.]]

Digital Library

[23]

Langheinrich, M. Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems. In Proceedings of Ubicomp 2001. Atlanta, GA. pp. 273--291 2001.]]

Digital Library

[24]

Lederer, S., J.I. Hong, A. Dey, and J.A. Landay, Personal Privacy through Understanding and Action: Five Pitfalls for Designers. Submitted to Personal and Ubiquitous Computing, 2004.]]

[25]

Lederer, S., J. Mankoff, and A. Dey, Towards a Deconstruction of the Privacy Space. 2003, Workshop on Privacy In Ubicomp 2003: Ubicomp communities: privacy as boundary negotiation. http://guir.berkeley.edu/pubs/ubicomp2003/privacyworkshop/papers/lederer-privacyspace.pdf]]

[26]

Lederer, S., J. Mankoff, and A.K. Dey. Who Wants to Know What When? Privacy Preference Determinants in Ubiquitous Computing. In Proceedings of Extended Abstracts of CHI 2003, ACM Conference on Human Factors in Computing Systems. Fort Lauderdale, FL. pp. 724--725 2003.]]

Digital Library

[27]

Lessig, L., Code and Other Laws of Cyberspace. New York NY: Basic Books, 1999.]]

Digital Library

[28]

Mackay, W.E. Triggers and barriers to customizing software. In Proceedings of ACM CHI '91 Human Factors in Computing Systems. New Orleans, LA 1991.]]

Digital Library

[29]

Marx, G., Identity and Anonymity: Some Conceptual Distinctions and Issues for Research, in Documenting Individual Identity: The Development Of State Practices In The Modern World, J. Caplan and J. Torpey, Editors. Princeton University Press, 2001.]]

[30]

Nielsen, J., Usability Engineering. Boston, MA: Academic Press. xiv + 358 pages, 1993.]]

Digital Library

[31]

Nodder, C., Say versus Do; building a trust framework through users' actions, not their words. 2003, Workshop on Ubicomp communities: privacy as boundary negotiation. http://guir.berkeley.edu/pubs/ubicomp2003/privacyworkshop/]]

[32]

Palen, L., Social, Individual and Technological Issues for Groupware Calendar Systems. CHI Letters: Human Factors in Computing Systems, CHI 99, 1999. 2(1): p. 17--24.]]

Digital Library

[33]

Palen, L. and P. Dourish, Unpacking "Privacy" for a Networked World. CHI Letters, 2003. 5(1): p. 129--136.]]

Digital Library

[34]

Povey, D. Optimistic Security: A New Access Control Paradigm. In Proceedings of 1999 New Security Paradigms Workshop 1999.]]

Digital Library

[35]

Saltzer, J.H. and M.D. Schroeder, The Protection of Information in Computer Systems. Proceedings of the IEEE, 1975. 63(9): p. 1278--1308.]]

[36]

Schilit, B.N., et al. Challenge: Ubiquitous Location-Aware Computing. In Proceedings of The First ACM International Workshop on Wireless Mobile Applications and Services on WLAN Hotspots (WMASH '03). San Diego, CA: ACM Press. pp. To Appear 2003.]]

Digital Library

[37]

Schilit, B.N., J.I. Hong, and M. Gruteser, Wireless Location Privacy Protection, Computer, vol. 36(12): pp. 135--137, 2003.]]

Digital Library

[38]

Sloane, L., Orwellian Dream Come True: A Badge That Pinpoints You, New York Times pp. 14, 1992.]]

[39]

Talbott, S., The Trouble with Ubiquitous Technology Pushers, or: Why We'd Be Better Off without the MIT Media Lab. 2000. http://www.oreilly.com/people/staff/stevet/netfuture/2000/Jan0600_100.html]]

[40]

van Duyne, D.K., J.A. Landay, and J.I. Hong, The Design of Sites: Principles, Processes, and Patterns for Crafting a Customer-Centered Web Experience. Reading, MA: Addison-Wesley, 2002.]]

Digital Library

[41]

Weiser, M., R. Gold, and J.S. Brown, The Origins of Ubiquitous Computing Research at PARC in the Late 1980s. IBM Systems Journal, 1999. 38(4): p. 693--696.]]

Digital Library

[42]

Westin, A.F., Privacy and Freedom. New York NY: Atheneum, 1967.]]

[43]

Whalen, J., You're Not Paranoid: They Really Are Watching You, Wired Magazine, vol. 3(3): pp. 95--85, 1995.]]

[44]

Woodruff, A. and P.M. Aoiki. How Push-to-Talk Makes Talk Less Pushy. In Proceedings of ACM SIGGROUP Conf. on Supporting Group Work (GROUP '03). Sanibel Island, FL. pp. 170--179 2003.]]

Digital Library

Cited By

Mei LLiu RYin ZZhao QJiang WWang SWang SLu KHe T(2024)mmSpyVR: Exploiting mmWave Radar for Penetrating Obstacles to Uncover Privacy Vulnerability of Virtual RealityProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36997728:4(1-29)Online publication date: 21-Nov-2024
https://dl.acm.org/doi/10.1145/3699772
Wairimu SIwaya LFritsch LLindskog S(2024)On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature ReviewIEEE Access10.1109/ACCESS.2024.336086412(19625-19650)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3360864
Alabsi MGill A(2024)A Systematic Review of Personal Information Sharing in Smart Cities: Risks, Impacts, and ControlsJournal of the Knowledge Economy10.1007/s13132-024-02126-1Online publication date: 24-Jun-2024
https://doi.org/10.1007/s13132-024-02126-1
Show More Cited By

Index Terms

Privacy risk models for designing privacy-sensitive ubiquitous computing systems

Recommendations

An architecture for privacy-sensitive ubiquitous computing
MobiSys '04: Proceedings of the 2nd international conference on Mobile systems, applications, and services

Privacy is the most often-cited criticism of ubiquitous computing, and may be the greatest barrier to its long-term success. However, developers currently have little support in designing software architectures and in creating interactions that are ...
Privacy protection by typing in ubiquitous computing systems

A novel privacy type system is proposed to protect the privacy of context information in ubiquitous computing systems.The subject reduction property of the proposed type system is formally established to guarantee that a well-typed process can only ...
Method for privacy requirements elicitation in ubiquitous computing
SBES '18: Proceedings of the XXXII Brazilian Symposium on Software Engineering

In today's world, technology is an increasingly greater part of daily life, especially in terms of data collection and sharing practices that may pose a risk to privacy. Users may not understand their privacy completely because within system development ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

DIS '04: Proceedings of the 5th conference on Designing interactive systems: processes, practices, methods, and techniques

August 2004

390 pages

ISBN:1581137877

DOI:10.1145/1013115

Conference Chairs:
David Benyon
Napier University
,
Paul Moody
IBM
,
Program Chairs:
Daniel Gruen
IBM
,
Irene McAra-McWilliam
Royal College of Art

Copyright © 2004 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 August 2004

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

DIS04

Sponsor:

SIGCHI

DIS04: Designing Interactive Systems 2004

August 1 - 4, 2004

MA, Cambridge, USA

Acceptance Rates

Overall Acceptance Rate 1,158 of 4,684 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

161
Total Citations
View Citations
4,651
Total Downloads

Downloads (Last 12 months)65
Downloads (Last 6 weeks)8

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mei LLiu RYin ZZhao QJiang WWang SWang SLu KHe T(2024)mmSpyVR: Exploiting mmWave Radar for Penetrating Obstacles to Uncover Privacy Vulnerability of Virtual RealityProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36997728:4(1-29)Online publication date: 21-Nov-2024
https://dl.acm.org/doi/10.1145/3699772
Wairimu SIwaya LFritsch LLindskog S(2024)On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature ReviewIEEE Access10.1109/ACCESS.2024.336086412(19625-19650)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3360864
Alabsi MGill A(2024)A Systematic Review of Personal Information Sharing in Smart Cities: Risks, Impacts, and ControlsJournal of the Knowledge Economy10.1007/s13132-024-02126-1Online publication date: 24-Jun-2024
https://doi.org/10.1007/s13132-024-02126-1
Huang JQian J(2023)irchiver: A Full-Resolution Personal Web Archive for Users and ResearchersProceedings of the 2023 Conference on Human Information Interaction and Retrieval10.1145/3576840.3578286(449-453)Online publication date: 19-Mar-2023
https://dl.acm.org/doi/10.1145/3576840.3578286
Haghighi NJörke MMohsen YCuadra ALanday J(2023)A Workshop-Based Method for Navigating Value Tensions in Collectively Speculated WorldsProceedings of the 2023 ACM Designing Interactive Systems Conference10.1145/3563657.3595992(1676-1692)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3563657.3595992
Chidziwisano GJalakasi M(2023)Understanding Women's Perspectives on Smart Home Security Systems in Patriarchal Societies of Malawi.Proceedings of the 2023 ACM Designing Interactive Systems Conference10.1145/3563657.3595971(1078-1092)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3563657.3595971
Gbongli K(2022)ASSESSING PERCEIVED RISK IN MOBILE MONEY ADOPTION UNDER COVID-19: A COMBINED SEM-ARTIFICIAL NEURAL NETWORK TECHNIQUESInternational Journal of Research -GRANTHAALAYAH10.29121/granthaalayah.v10.i1.2022.443410:1(69-95)Online publication date: 31-Jan-2022
https://doi.org/10.29121/granthaalayah.v10.i1.2022.4434
Jandl CWagner MMoser TSchlund S(2021)Reasons and Strategies for Privacy Features in Tracking and Tracing Systems—A Systematic Literature ReviewSensors10.3390/s2113450121:13(4501)Online publication date: 30-Jun-2021
https://doi.org/10.3390/s21134501
Dunbar JBascom EBoone AHiniker A(2021)Is Someone Listening?Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/34780915:3(1-23)Online publication date: 14-Sep-2021
https://dl.acm.org/doi/10.1145/3478091
Jin HShen HJain MKumar SHong J(2021)Lean Privacy Review: Collecting Users’ Privacy Concerns of Data Practices at a Low CostACM Transactions on Computer-Human Interaction10.1145/346391028:5(1-55)Online publication date: 20-Aug-2021
https://dl.acm.org/doi/10.1145/3463910
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents