1 / 10

Privacy by Design – Principles of Privacy-Aware Ubiquitous Systems

Privacy by Design – Principles of Privacy-Aware Ubiquitous Systems. Marc Langheinrich - Swiss Federal Institute of Technology, Zurich Whitney Hess. What we already know. Privacy is a matter of opinion It has always been a hot button issue ex: Who did you vote for? ex: Are you a virgin?

johnlpeterson
Download Presentation

Privacy by Design – Principles of Privacy-Aware Ubiquitous Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy by Design –Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich - Swiss Federal Institute of Technology, Zurich Whitney Hess

  2. What we already know Privacy is a matter of opinion It has always been a hot button issue ex: Who did you vote for? ex: Are you a virgin? Some people are willing to share, others aren’t

  3. Technology = Privacy This is nothing new: • Photography exposes ppl w/o their permission • Telephones allow for wiretapping • Electronic data in central storages gives ppl easy access (Nazis finding Jews during WWII) • Credit cards, Internet

  4. Influential Legislation US Privacy Art of 1974 - “fair information practices” • Openness and transparency - honest • Individual participation - verifiable • Collection limitation - frugal • Data quality - relevant • Use limitation - purposeful • Reasonable security - secure • Accountability - accountable

  5. Influential Legislation EU Directive 95/46/EC of 1995 • Data only shared with non-EU countries if they have ample privacy protection • Subject of data must give consent to share it

  6. Privacy limits technology Computer scientists don’t like privacy because it diminishes what technology is capable of achieving “Should I be knocked unconscious in a road traffic accident in New York – please let the ambulance have my medical record.”

  7. Key questions • Is it feasible to enforce privacy laws? • Convenient tech outweighs loss of privacy? • What’s good for community outweighs good for individual? • We have equal access – eye for an eye?

  8. Social Implications We’ve been over this… Live among computers Never know what they’re doing Constantly being watched/judged Help us remember/manage more info

  9. Development Principles • Notice - let user know what’s going on • Choice & consent - let user turn off detection • Anonymity & pseudonymity - let user be detected w/o revealing identity • Proximity & locality - let user’s and device’s location implicitly indicate the appropriateness of detection and dissemination • Adequate security - encrypt transferred data as appropriate • Access & recourse - follow privacy regulations

  10. How are these achieved? • How do we inform a user of system’s presence? • How will users tell system to stop looking at them? • How will users tell system that they want to be watched but not revealed? • How will systems understand “appropriateness” based on location of user and device? • How do we decide what data should be encrypted and what doesn’t need to be? • How do we inform user that we are taking privacy precautions? Are these precautions sufficient?

More Related