research-article

Personal data vaults: a locus of control for personal data streams

Authors:

Deborah Estrin,

Ramesh GovindanAuthors Info & Claims

Co-NEXT '10: Proceedings of the 6th International COnference

Article No.: 17, Pages 1 - 12

https://doi.org/10.1145/1921168.1921191

Published: 30 November 2010 Publication History

Abstract

The increasing ubiquity of the mobile phone is creating many opportunities for personal context sensing, and will result in massive databases of individuals' sensitive information incorporating locations, movements, images, text annotations, and even health data. In existing system architectures, users upload their raw (unprocessed or filtered) data streams directly to content-service providers and have little control over their data once they "opt-in".

We present Personal Data Vaults (PDVs), a privacy architecture in which individuals retain ownership of their data. Data are routinely filtered before being shared with content-service providers, and users or data custodian services can participate in making controlled data-sharing decisions. Introducing a PDV gives users flexible and granular access control over data. To reduce the burden on users and improve usability, we explore three mechanisms for managing data policies: Granular ACL, Trace-audit and Rule Recommender. We have implemented a proof-of-concept PDV and evaluated it using real data traces collected from two personal participatory sensing applications.

References

[1]

Freereversegeo. www.freereversegeo.com.

[2]

Google health. https://www.google.com/health.

[3]

Microsoft healthvault. http://www.healthvault.com.

[4]

Mysql - couchdb performance comparison. http://metalelf0dev.blogspot.com/2008/09/mysql-couchdb-performance-comparison.html.

[5]

oauth. http://oauth.net/.

[6]

X.509. http://en.wikipedia.org/wiki/X.509.

[7]

R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin. Persona: An online social network with user-defined privacy. In SIGCOMM, 2009.

Digital Library

[8]

M. M. Breunig, H. P. Kriegel, R. T. Ng, and J. Sander. Lof: Identifying density-based local outliers. In ACM SIGMOD, 2000.

Digital Library

[9]

J. Burke, D. Estrin, M. Hansen, A. Parker, N. Ramanathan, S. Reddy, and M. Srivastava. Participatory sensing. In ACM Sensys WSW Workshop, 2006.

[10]

C. Cornelius, A. Kapadia, D. Kotz, D. Peebles, M. Shin, and N. Triandopoulos. Anonysense: privacy-aware people-centric sensing. In MobiSys '08: Proceeding of the 6th international conference on Mobile systems, applications, and services, pages 211--224, New York, NY, USA, 2008. ACM.

Digital Library

[11]

R. Cceres, L. Cox, H. Lim, A. Shakimov, and A. Varshavsky. Virtual individual servers as privacy-preserving proxies for mobile devices. In Proc. of 1st ACM SIGCOMM Workshop on Networking, Systems, and Applications on Mobile Handhelds (MobiHeld), 2009.

Digital Library

[12]

D. K. D. Anthony and T. Henderson. Privacy in locationaware computing environments. In Pervasive Computing, 2007.

Digital Library

[13]

P. Dutta, P. Aoki, N. Kumar, A. Mainwaring, C. Myers, W. Willett, and A. Woodruff. Common Sense: Participatory Urban Sensing Using a Network of Handheld Air Quality Monitors (demonstration). In Proc. SenSys, 2009.

Digital Library

[14]

S. E. Miluzzo, N. D. Lane and A. Campbell. Cenceme injecting sensing presence into social networking applications. In Proc. of EuroSSC, 2007.

Digital Library

[15]

G. H. et al. Physical, social and experiential knowledge in pervasive computing environments. In Pervasive Computing, 2007.

Digital Library

[16]

J. F. Froehlich, M. Y. Chen, and et al. Myexperience: a system for in situ tracing and capturing of user feedback on mobile phones. In ACM MobiSys, 2007.

Digital Library

[17]

R. K. Ganti, N. Pham, Y. Tsai, and T. F. Abdelzaher. Poolview: Stream privacy for grassroots participatory sensing. In Sensys, 2008.

Digital Library

[18]

S. Gaonkar, J. Li, R. R. Choudhury, L. Cox, and A. Schmidt. Micro-blog: sharing and querying content through mobile phones and social participation. In Proceedings of MobiSys, 2005.

Digital Library

[19]

S. Guha, K. Tang, and P. Francis. Noyb: Privacy in online social networks. In WOSP 08: Proceedings of the First Workshop on Online Social Networks, 2009.

Digital Library

[20]

J. Hicks, N. Ramanathan, D. Kim, M. Monibi, J. Selsky, M. Hansen, and D. Estrin. Andwellness: An open mobile system for activity and experience sampling. In Proc. of Wireless Health, 2010.

Digital Library

[21]

B. Hoh and et al. Enhancing security and privacy in traffic-monitoring systems. In IEEE Pervasive Computing, 2006.

Digital Library

[22]

B. Hoh, M. Gruteser, R. Herring, J. Ban, D. Work, J. Herrera, and et al. Virtual trip lines for distributed privacy-preserving traffic monitoring. In Proceeding of the 6th international conference on Mobile systems, applications, and services, 2008.

Digital Library

[23]

J. I. Hong and J. A. Landay. An architecture for privacy-sensitive ubiquitous computing. In Proceeding of the 6th international conference on Mobile systems, applications, and services, 2004.

Digital Library

[24]

J. Horey, M. M. Groat, S. Forrest, and F. Esponda. Anonymous data collection in sensor networks. In Proceedings of the 4th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, 2007.

Digital Library

[25]

J. Kang, W. Welbourne, B. Stewart, and G. Borriello. Extracting places from traces of locations. In Mobile Computing and Communications Review, 2005.

Digital Library

[26]

J. Krumm. Inference Attacks on Location Tracks. Lecture Notes in Computer Science, 4480:127, 2007.

Digital Library

[27]

M. Y. Mun, S. Reddy, K. Shilton, N. Yau, and et al. Peir, the personal environmental impact report, as a platform for participatory sensing systems research. In Mobisys, 2009.

Digital Library

[28]

H. Nissenbaum. Privacy as contextual integrity. In Washington Law Review, 2004.

[29]

A. Parker, S. Reddy, and et al. Network System Challenges in Selective Sharing and Verification for Personal, Social, and Urban-ScaleSensingApplications. In HotNets, 2006.

[30]

J. Ryder, B. Longstaff, S. Reddy, and D. Estrin. Ambulation: A tool for monitoring mobility patterns over time using mobile phones. In Social Computing with Mobile Phones Workshop at IEEE SocialCom, 2009.

Digital Library

[31]

S. Seong, J. Seo, M. Nasielski, D. Sengupta, S. Hangal, and et al. PrPl: A Decentralized Social Networking Infrastructure. In ACM Workshop on Mobile Cloud Computing and Services: Social Networks and Beyond, 2010.

Digital Library

[32]

K. Shilton, J. Burke, D. Estrin, M. Hansen, R. Govindan, and J. Kang. Designing the personal data stream: Enabling participatory privacy in mobile personal sensing. In The 37th Research Conference on Communication, Information and Internet Policy (TPRC), 2009.

[33]

A. Tootoonchian, S. Saroiu, Y. Ganjali, and A. Wolman. Lockr: Better privacy for social networks. In CoNEXT, 2009.

Digital Library

[34]

C. Zhou, D. Frankowski, P. Ludford, S. Shekhar, and L. Terveen. Discovering personal gazetteers: an interactive clustering approach. In ACM GIS, 2004.

Digital Library

Cited By

Clos JMcClaughlin EBarnard PTom TYajaman S(2024)LOOM: a Privacy-Preserving Linguistic Observatory of Online MisinformationProceedings of the Second International Symposium on Trustworthy Autonomous Systems10.1145/3686038.3686062(1-9)Online publication date: 16-Sep-2024
https://dl.acm.org/doi/10.1145/3686038.3686062
Wang BGarcia LSrivastava M(2024)PrivacyOracle: Configuring Sensor Privacy Firewalls with Large Language Models in Smart Built Environments2024 IEEE Security and Privacy Workshops (SPW)10.1109/SPW63631.2024.00028(239-245)Online publication date: 23-May-2024
https://doi.org/10.1109/SPW63631.2024.00028
Liu Y(2023)Discussion on the Balance of Intellectual Property Interests under Big DataAcademic Journal of Management and Social Sciences10.54097/ajmss.v2i2.68132:2(1-4)Online publication date: 16-Apr-2023
https://doi.org/10.54097/ajmss.v2i2.6813
Show More Cited By

Index Terms

Personal data vaults: a locus of control for personal data streams
1. Information systems
  1. Information retrieval
  2. Information storage systems

Recommendations

Personal information privacy: implications for MIS managers
Online consumer privacy concerns and willingness to provide personal data on the internet

Our research examines the manner in which web users choose between participation in the internet economy and protection of their personal data. We study the influence of various contextual elements (e.g., the privacy policies posted on sites) and ...
An analytical framework for online privacy research

An analytical framework is suggested for interdisciplinary online privacy research.Websites managers views and knowledge is a neglected topic in privacy research.Websites managers indicate that their own websites do not violate users privacy.The younger ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

Co-NEXT '10: Proceedings of the 6th International COnference

November 2010

349 pages

ISBN:9781450304481

DOI:10.1145/1921168

Conference Chairs:
Jaudelice de Oliveira
Drexel University
,
Maximilian Ott
NICTA, Australia
,
Program Chairs:
Tim Griffin
University of Cambridge
,
Muriel Medard
Massachusetts Institute of Technology

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 November 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

Co-NEXT '10

Sponsor:

SIGCOMM

Co-NEXT '10: Conference on emerging Networking EXperiments and Technologies

November 30 - December 3, 2010

Pennsylvania, Philadelphia

Acceptance Rates

Overall Acceptance Rate 198 of 789 submissions, 25%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

98
Total Citations
View Citations
1,246
Total Downloads

Downloads (Last 12 months)67
Downloads (Last 6 weeks)9

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Clos JMcClaughlin EBarnard PTom TYajaman S(2024)LOOM: a Privacy-Preserving Linguistic Observatory of Online MisinformationProceedings of the Second International Symposium on Trustworthy Autonomous Systems10.1145/3686038.3686062(1-9)Online publication date: 16-Sep-2024
https://dl.acm.org/doi/10.1145/3686038.3686062
Wang BGarcia LSrivastava M(2024)PrivacyOracle: Configuring Sensor Privacy Firewalls with Large Language Models in Smart Built Environments2024 IEEE Security and Privacy Workshops (SPW)10.1109/SPW63631.2024.00028(239-245)Online publication date: 23-May-2024
https://doi.org/10.1109/SPW63631.2024.00028
Liu Y(2023)Discussion on the Balance of Intellectual Property Interests under Big DataAcademic Journal of Management and Social Sciences10.54097/ajmss.v2i2.68132:2(1-4)Online publication date: 16-Apr-2023
https://doi.org/10.54097/ajmss.v2i2.6813
Sim JKim BJeon KJoo MLim JLee JChoo K(2023)Technical Requirements and Approaches in Personal Data ControlACM Computing Surveys10.1145/355876655:9(1-30)Online publication date: 16-Jan-2023
https://dl.acm.org/doi/10.1145/3558766
Li QLi ZZheng ZWu FTang SZhang ZChen G(2023)Capitalize Your Data: Optimal Selling Mechanisms for IoT Data ExchangeIEEE Transactions on Mobile Computing10.1109/TMC.2021.311338722:4(1988-2000)Online publication date: 1-Apr-2023
https://doi.org/10.1109/TMC.2021.3113387
Fernández MJaimunk JThuraisingham B(2023)A Privacy-Preserving Architecture and Data-Sharing Model for Cloud-IoT ApplicationsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.320472020:4(3495-3507)Online publication date: 1-Jul-2023
https://doi.org/10.1109/TDSC.2022.3204720
Khapre SDhasarathan CT. PGoundar S(2022)Blockchain-Based Data Market (BCBDM) Framework for Security and PrivacyResearch Anthology on Convergence of Blockchain, Internet of Things, and Security10.4018/978-1-6684-7132-6.ch010(162-180)Online publication date: 8-Jul-2022
https://doi.org/10.4018/978-1-6684-7132-6.ch010
Barnett SBrand NOdom WAndres K(2022)Exploring Data Intermediaries as Infrastructure for a Human-Centric Data Economy: Speculations & Critical ReflectionsNordic Human-Computer Interaction Conference10.1145/3546155.3547286(1-20)Online publication date: 8-Oct-2022
https://dl.acm.org/doi/10.1145/3546155.3547286
Drozdowicz MGanzha MPaprzycki M(2022)Semantic Access Control for Privacy Management of Personal Sensing in Smart CitiesIEEE Transactions on Emerging Topics in Computing10.1109/TETC.2020.299697410:1(199-210)Online publication date: 1-Jan-2022
https://doi.org/10.1109/TETC.2020.2996974
Santhanam PDang HShan ZNeamtiu I(2022)Scraping Sticky Leftovers: App User Information Left on Servers After Account Deletion2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833720(2145-2160)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833720
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents