100 likes | 121 Views
Privacy by Design – Principles of Privacy-Aware Ubiquitous Systems. Marc Langheinrich - Swiss Federal Institute of Technology, Zurich Whitney Hess. What we already know. Privacy is a matter of opinion It has always been a hot button issue ex: Who did you vote for? ex: Are you a virgin?
E N D
Privacy by Design –Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich - Swiss Federal Institute of Technology, Zurich Whitney Hess
What we already know Privacy is a matter of opinion It has always been a hot button issue ex: Who did you vote for? ex: Are you a virgin? Some people are willing to share, others aren’t
Technology = Privacy This is nothing new: • Photography exposes ppl w/o their permission • Telephones allow for wiretapping • Electronic data in central storages gives ppl easy access (Nazis finding Jews during WWII) • Credit cards, Internet
Influential Legislation US Privacy Art of 1974 - “fair information practices” • Openness and transparency - honest • Individual participation - verifiable • Collection limitation - frugal • Data quality - relevant • Use limitation - purposeful • Reasonable security - secure • Accountability - accountable
Influential Legislation EU Directive 95/46/EC of 1995 • Data only shared with non-EU countries if they have ample privacy protection • Subject of data must give consent to share it
Privacy limits technology Computer scientists don’t like privacy because it diminishes what technology is capable of achieving “Should I be knocked unconscious in a road traffic accident in New York – please let the ambulance have my medical record.”
Key questions • Is it feasible to enforce privacy laws? • Convenient tech outweighs loss of privacy? • What’s good for community outweighs good for individual? • We have equal access – eye for an eye?
Social Implications We’ve been over this… Live among computers Never know what they’re doing Constantly being watched/judged Help us remember/manage more info
Development Principles • Notice - let user know what’s going on • Choice & consent - let user turn off detection • Anonymity & pseudonymity - let user be detected w/o revealing identity • Proximity & locality - let user’s and device’s location implicitly indicate the appropriateness of detection and dissemination • Adequate security - encrypt transferred data as appropriate • Access & recourse - follow privacy regulations
How are these achieved? • How do we inform a user of system’s presence? • How will users tell system to stop looking at them? • How will users tell system that they want to be watched but not revealed? • How will systems understand “appropriateness” based on location of user and device? • How do we decide what data should be encrypted and what doesn’t need to be? • How do we inform user that we are taking privacy precautions? Are these precautions sufficient?