participatory sensing through social networks: the tension between participation and privacy
DESCRIPTION
This paper corresponds to publication: I. Krontiris, F.C. Freiling, "Urban Sensing through Social Networks: The Tension between Participation and Privacy", International Tyrrhenian Workshop on Digital Communications (ITWDC), Island of Ponza, Italy, September 2010. https://pi1.informatik.uni-mannheim.de/filepool/publications/ITWDC_2010.pdfTRANSCRIPT
Participatory Sensing through Social Networks
The tension between Participation and Privacy
ITWDC6-8 September, 2010
I. Krontiris,
Chair of Mobile Business
Goethe University Frankfurt
F.C. Freiling,
Lehrstuhl Praktische Informatik I
University of Mannheim
Paper outline
What are the benefits and drawbacks of connecting social network
with participatory sensing?
We study this relation in 2 dimensions that conflict with each other:
Social translucence (visibility) and Privacy
Goal: Identify and discuss research challenges that arise in this new
setting.
Available Sensors Today
Light sensor
Proximity sensor
Orientation sensor
Microphone
Camera
GPS
Available Sensors Tomorrow
3-axis accelerometer
Proximity sensor
Digital compass
Pollution/air quality sensor
GSR “emotion sensor”
RFID/NFC
Microphone
Camera
GPS
External Sensors
NoiseTube
Architecture Overview
Research Questions
Share – How will collected data be shared? What practices of
individual ownership will be appropriate and how will privacy be
addressed? How can data best be shared with non-experts, urban
planers, decision and policy makers, etc.?
Change – What tools or frameworks best invite and encourage active
participation? What tools and techniques will facilitate the most
productive debate and ultimate positive social benefit?
Utilizing Social Networks
Benefit 1: Recruitment (getting people to join)
identify and reach well-suited participants for data collections based on their geographic availability as well as their interests and habits.
allow existing participants to invite their friends to join a group, or see what their friends are doing (which group they joined, in which groups they are most active), etc.
Utilizing Social Networks
Benefit 2: Participation (getting people to participate)
No direct benefits for participants. Why should those who can produce the sensing data take the time to engage in such interactions? Why should they wish to?
Sense of Community
1. Sense of efficacy: a sense that they have had some effect on the group.
Utilizing Social Networks
2. Recognition Reputation Points
a user, after submitting a report from his mobile phone, is given a reputation point.
reputation points are public and appear on the public profile of that user.
Utilizing Social Networks
Benefit 3: Acting on the data Not all data are equally useful / important People could also intentionally submit fault data
Pre-evaluation by the users
Example: A system that allows users to submit images of potholes on the street
location privacy
Privacy vs. Visibility
Anonymity Social Translucence
Knowing when a particular person was at a particular point in time can be used to infer a lot of personal information
Allow users to make their contributions visible to the online community
Research question
System model: Users submitting data are anonymous, but at the same
time they maintain a public profile in the social network, where they
provide details about themselves (e.g. reputation, etc.)
Is it possible to offer anonymity to the user, who submits sensing data
from the physical environment, while at the same time we maintain
properties connected with his public profile, like
Reputation and
User revocation?
\
Anonymity
Let’s assume we provide anonymity to protect user’s privacy
Data are anonymized
Hide network identifiers
Reputation
Giving reputation points to an anonymous user is not possible
Need two independent processes:
A pseudonymous user acquires reputation points (one-time pseudonym)
A known user updates its reputation in his public profile
Solution direction: Use e-cash systems
A pseudonymous user obtains e-coins from the bank for a report
submission, which corresponds to a reputation point
At a later point in time, the user logs-in using his public profile and
redeems the e-coin to increase his reputation.
Hard: Repetitions of this process should not be linkable!
User revocation
Before submit, user authenticates anonymously to the service provider
This encourages user misbehavior need for user revocation
Revocation depends on anonymous authentication mechanism: If use group signatures: A Trusted-Third-Party manages user accounts and has the
ability to revoke user’s anonymity at any time. No assurances that TTP is reliable!
If use e-cash: Anonymity is revoked if spent an e-coin twice
If use k-Times Anonymous Authentication: Anonymity is revoked if user authenticates
more than k times.
None of this appropriate. Need a d-strikes-out revocation system
When users are judged to have misbehaved d times, they are revoked by the system
Some protocols exist, but very expensive for power-limited mobile phones
Conclusions
Utilization of social networks could provide many benefits in urban sensing recruit more citizens in campaigns and boost their active
participation. Example: use of reputation systems
It is also important to preserve the anonymity of the users submitting data Anonymity makes it hard to revoke misbehaving users or compute
their accumulated reputation points
Acknowledgment: Thanks to Nicolas Maisonneuve for the inspiring conversations