privacy by design – principles of privacy-aware ubiquitous systems marc langheinrich - swiss...
TRANSCRIPT
Privacy by Design –Principles of Privacy-Aware
Ubiquitous Systems
Marc Langheinrich - Swiss Federal Institute of Technology, Zurich
Whitney Hess
What we already know
Privacy is a matter of opinion
It has always been a hot button issue
ex: Who did you vote for?
ex: Are you a virgin?
Some people are willing to share, others aren’t
Technology = Privacy
This is nothing new:• Photography exposes ppl w/o their permission• Telephones allow for wiretapping• Electronic data in central storages gives ppl easy
access (Nazis finding Jews during WWII)• Credit cards, Internet
Influential Legislation
US Privacy Art of 1974 - “fair information practices”
• Openness and transparency - honest• Individual participation - verifiable• Collection limitation - frugal• Data quality - relevant• Use limitation - purposeful• Reasonable security - secure• Accountability - accountable
Influential Legislation
EU Directive 95/46/EC of 1995• Data only shared with non-EU countries if
they have ample privacy protection• Subject of data must give consent to share it
Privacy limits technology
Computer scientists don’t like privacy because it diminishes what technology is capable of achieving
“Should I be knocked unconscious in a road traffic accident in New York – please let the ambulance have my medical record.”
Key questions
• Is it feasible to enforce privacy laws?
• Convenient tech outweighs loss of privacy?
• What’s good for community outweighs good for individual?
• We have equal access – eye for an eye?
Social Implications
We’ve been over this…Live among computers
Never know what they’re doing
Constantly being watched/judged
Help us remember/manage more info
Development Principles
• Notice - let user know what’s going on• Choice & consent - let user turn off detection• Anonymity & pseudonymity - let user be detected w/o
revealing identity• Proximity & locality - let user’s and device’s location
implicitly indicate the appropriateness of detection and dissemination
• Adequate security - encrypt transferred data as appropriate
• Access & recourse - follow privacy regulations
How are these achieved?
• How do we inform a user of system’s presence?• How will users tell system to stop looking at them?• How will users tell system that they want to be
watched but not revealed?• How will systems understand “appropriateness”
based on location of user and device?• How do we decide what data should be encrypted
and what doesn’t need to be?• How do we inform user that we are taking privacy
precautions? Are these precautions sufficient?