Article

An architecture for privacy-sensitive ubiquitous computing

Authors:
Jason I. Hong

University of California at Berkeley. Berkeley, CA

University of California at Berkeley. Berkeley, CA
View Profile

,
James A. Landay

University of Washington, Seattle, WA

University of Washington, Seattle, WA
View Profile

MobiSys '04: Proceedings of the 2nd international conference on Mobile systems, applications, and servicesJune 2004Pages 177–189https://doi.org/10.1145/990064.990087

Published:06 June 2004Publication History

MobiSys '04: Proceedings of the 2nd international conference on Mobile systems, applications, and services

Pages 177–189

ABSTRACT

Privacy is the most often-cited criticism of ubiquitous computing, and may be the greatest barrier to its long-term success. However, developers currently have little support in designing software architectures and in creating interactions that are effective in helping end-users manage their privacy. To address this problem, we present Confab, a toolkit for facilitating the development of privacy-sensitive ubiquitous computing applications. The requirements for Confab were gathered through an analysis of privacy needs for both end-users and application developers. Confab provides basic support for building ubiquitous computing applications, providing a framework as well as several customizable privacy mechanisms. Confab also comes with extensions for managing location privacy. Combined, these features allow application developers and end-users to support a spectrum of trust levels and privacy needs.

References

AllNurses.com. http://allnurses.com/]]Google Scholar
Directive 95/46/EC. http://europa.eu.int/ISPO/legal/en/dataprot/directiv/directiv.html]]Google Scholar
MedicAlert. http://www.medicalert.org]]Google Scholar
Abowd, G.D., C.G. Atkeson, J. Hong, S. Long, R. Kooper, and M. Pinkerton, Cyberguide: A Mobile Context-Aware Tour Guide. Baltzer/ACM Wireless Networks 1997. 3(5): p. 421--433.]] Google ScholarDigital Library
Adams, A. Multimedia Information Changes the Whole Privacy Ball Game. In Proceedings of Computers, Freedom, and Privacy. Toronto, Canada: ACM Press. pp. 25--32 2000.]] Google Scholar
Addlesee, M., R. Curwen, S.H. Newman, P. Steggles, A. Ward, and A. Hopper, Implementing a Sentient Computing System. IEEE Computer 2001. 34(8): p. 50--56.]] Google ScholarDigital Library
AT&T, AT&T Wireless mMode - Find Friends. http://www.attwireless.com/mmode/features/findit/FindFriends/]]Google Scholar
Barkhuus, L. and A.K. Dey. Location-based services for mobile telephony: a study of users' privacy concerns. In Proceedings of INTERACT 2003, 9th IFIP TC13 International Conference on Human-Computer Interaction. pp. To appear 2003.]]Google Scholar
Bellotti, V. and A. Sellen. Design for Privacy in Ubiquitous Computing Environments. In Proceedings of The Third European Conference on Computer Supported Cooperative Work (ECSCW'93). Milan, Italy: Kluwer Academic Publishers 1993.]] Google ScholarDigital Library
Beresford, A. and F. Stajano, Location Privacy in Pervasive Computing, IEEE Pervasive Computing, vol. 2(1): pp. 46--55, 2003.]] Google ScholarDigital Library
Brin, D., The Transparent Society. Reading, MA: Perseus Books, 1998.]]Google Scholar
Brown, P.J. and G.J.F. Jones, Context-aware Retrieval: Exploring a New Environment for Information Retrieval and Information Filtering. Personal and Ubiquitous Computing 2001. 5(4): p. 253--263.]] Google ScholarDigital Library
Burrell, J., G.K. Gay, K. Kubo, and N. Farina. Context-Aware Computing: A Test Case. In Proceedings of Ubicomp 2002. Göteborg, Sweden. pp. 1--15 2002.]] Google ScholarDigital Library
Cadiz, J. and A. Gupta, Privacy Interfaces for Collaboration. Technical Report MSR-TR-2001-82, Microsoft Research, Redmond, WA 2001.]]Google Scholar
Castro, P. and R. Muntz, Managing Context for Smart Spaces. IEEE Personal Communications 2000. 5(5).]]Google Scholar
Chen, G. and D. Kotz. Context Aggregation and Dissemination in Ubiquitous Computing Systems. In Proceedings of Fourth IEEE Workshop on Mobile Computing Systems and Applications. pp. 105--114 2002.]] Google ScholarDigital Library
Crowley, J.L., J. Coutaz, G. Rey, and P. Reignier. Perceptual Components for Context Aware Computing. In Proceedings of Ubicomp 2002. Göteborg, Sweden. pp. 117--134 2002.]] Google ScholarDigital Library
Cuellar, J., J. John B. Morris, D. Mulligan, J. Peterson, and J. Polk, Geopriv requirements (Internet Draft). 2003, IETF. http://www.ietf.org/internet-drafts/draft-ietf-geopriv-reqs-04.txt]] Google ScholarDigital Library
Davies, N., S.P. Wade, A. Friday, and G.S. Blair. Limbo: A tuple space based platform for adaptive mobile applications. In Proceedings of The International Conference on Open Distributed processing / Distributed Platforms (ICODP/ICDP '97). pp. 291--302 1997.]] Google ScholarDigital Library
Dey, A.K., D. Salber, and G.D. Abowd, A Conceptual Framework and a Toolkit for Supporting the Rapid Prototyping of Context-Aware Applications. Human-Computer Interaction (HCI) Journal 2001. 16(2-3): p. 97--166.]]Google Scholar
Doheny-Farina, S., The Last Link: Default = Offline, Or Why Ubicomp Scares Me, Computer-mediated Communication, vol. 1(6): pp. 18--20, 1994.]]Google Scholar
Edwards, J., Location Privacy Protection Act of 2001. http://www.techlawjournal.com/cong107/privacy/location/s1164is.asp]]Google Scholar
Edwards, W.K., M.W. Newman, J.Z. Sedivy, T.F. Smith, and S. Izadi. Challenge: Recombinant Computing and the Speakeasy Approach. In Proceedings of Eighth ACM International Conference on Mobile Computing and Networking (MobiCom 2002). pp. 279--286 2002.]] Google ScholarDigital Library
Espinoza, F., P. Persson, A. Sandin, H. Nyström, E. Cacciatore, and M. Bylund. GeoNotes: Social and Navigational Aspects of Location-Based Information Systems. In Proceedings of Ubicomp 2001. Atlanta, GA. pp. 2--17 2001.]] Google ScholarDigital Library
Falk, J., P. Ljungstrand, S. Björk, and R. Hansson. Pirates: Proximity-Triggered Interaction in a Multi-Player Game. In Proceedings of Human Factors in Computing Systems: CHI 2001 (Extended Abstracts). pp. 119--120 2001.]] Google ScholarDigital Library
Federal Communications Commission, Enhanced 911. http://www.fcc.gov/911/enhanced/]]Google Scholar
Frelinghuysen, R., Wireless Privacy Protection Act of 2003. http://www.theorator.com/bills108/hr71.html]]Google Scholar
Garfinkel, S., Database Nation: The Death of Privacy in the 21st Century: O'Reilly & Associates, 2001.]] Google ScholarDigital Library
Geocaching. http://www.geocaching.com/]]Google Scholar
Grimm, R., J. Davis, E. Lemar, A. Macbeth, S. Swanson, T. Anderson, B. Bershad, G. Borriello, S. Gribble, and D. Wetherall, Programming for pervasive computing environments. Technical Report UW-CSE-01-06-01, University of Washington Department of Computer Science and Engineering, Seattle, WA 2001.]]Google Scholar
Griswold, W.G., P. Shanahan, S.W. Brown, and R. Boyer, ActiveCampus - Experiments in Community-Oriented Ubiquitous Computing. Technical Report CS2003-0765, Computer Science and Engineering, UC San Diego 2003.]]Google Scholar
Grudin, J., Desituating Action: Digital Representation of Context. Human-Computer Interaction (HCI) Journal 2001. 16(2-4).]]Google Scholar
Grudin, J. and E. Horvitz, Presenting choices in context: approaches to information sharing. 2003: Workshop on Ubicomp communities: Privacy as Boundary Negotiation. http://guir.berkeley.edu/pubs/ubicomp2003/privacyworkshop/papers.htm]]Google Scholar
Gruteser, M. and D. Grunwald. Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking. In Proceedings of The First International Conference on Mobile Systems, Applications, and Services (MobiSys 2002) 2002.]] Google ScholarDigital Library
Harper, R.H.R., Why Do People Wear Active Badges? Technical Report EPC-1993-120, Rank Xerox, Cambridge 1993.]]Google Scholar
Heer, J., A. Newberger, C. Beckmann, and J.I. Hong. liquid: Context-Aware Distributed Queries. In Proceedings of Fifth International Conference on Ubiquitous Computing: Ubicomp 2003. Seattle, WA: Springer-Verlag. pp. 140--148 2003.]]Google ScholarCross Ref
Hindus, D., S.D. Mainwaring, N. Leduc, A.E. Hagström, and O. Bayley, Casablanca: Designing Social Communication Devices for the Home. CHI Letters (Human Factors in Computing Systems: CHI 2001), 2001. 3(1): p. 325--332.]] Google ScholarDigital Library
Hong, J.I., G. Boriello, J.A. Landay, D.W. McDonald, B.N. Schilit, and J.D. Tygar. Privacy and Security in the Location-enhanced World Wide Web. In Proceedings of Fifth International Conference on Ubiquitous Computing: Ubicomp 2003 (Workshop on Ubicomp Communities: Privacy as Boundary Negotiation). Seattle, WA 2003.]]Google Scholar
IBM Corporation, Enterprise Privacy Authorization Language (EPAL 1.1). http://www.zurich.ibm.com/security/enterprise-privacy/epal/Specification/]]Google Scholar
Jiang, X., N.Y. Chen, J.I. Hong, K. Wang, L.A. Takayama, and J.A. Landay. Siren: Context-aware Computing for Firefighting. In Proceedings of The Second International Conference on Pervasive Computing (Pervasive 2004). Vienna, Austria. pp. To Appear 2004.]]Google ScholarCross Ref
Jiang, X., J.I. Hong, and J.A. Landay. Approximate Information Flows: Socially-based Modeling of Privacy in Ubiquitous Computing. In Proceedings of Ubicomp 2002. Göteborg, Sweden. pp. 176--193 2002.]] Google ScholarDigital Library
Johanson, B., A. Fox, and T. Winograd, The Interactive Workspaces Project: Experiences with Ubiquitous Computing Rooms. IEEE Pervasive Computing 2002. 1(2): p. 67--74.]] Google ScholarDigital Library
Kaasinen, E., User Needs for Location-aware Mobile Services. Personal and Ubiquitous Computing 2003. 7(1): p. 70--79.]] Google ScholarDigital Library
Kaasinen, E., User Needs for Location-aware Mobile Services. Personal and Ubiquitous Computing 2003. 7(1): p. 70--79.]] Google ScholarDigital Library
Korba, L. and S. Kenny. Towards Meeting the Privacy Challenge: Adapting DRM. In Proceedings of 2002 ACM Workshop on Digital Rights Management. Washington DC, USA 2002.]]Google Scholar
Lamming, M. and M. Flynn. Forget-me-not: Intimate computing in support of human memory. In Proceedings of FRIEND 21: International Symposium on Next Generation Human Interfaces. Meguro Gajoen, Japan. pp. 125--128 1994.]]Google Scholar
Langheinrich, M. A Privacy Awareness System for Ubiquitous Computing Environments. In Proceedings of Ubicomp 2002. Goteberg, Sweden. pp. 237-245 2002.]] Google ScholarDigital Library
Langheinrich, M. Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems. In Proceedings of Ubicomp 2001. Atlanta, GA. pp. 273-291 2001.]] Google ScholarDigital Library
Lederer, S., J. Mankoff, and A.K. Dey. Who Wants to Know What When? Privacy Preference Determinants in Ubiquitous Computing. In Proceedings of Extended Abstracts of CHI 2003, ACM Conference on Human Factors in Computing Systems. Fort Lauderdale, FL. pp. 724--725 2003.]] Google ScholarDigital Library
Lessig, L. The Architecture of Privacy. In Proceedings of Taiwan NET'98. Taipei, Taiwan 1998.]]Google Scholar
Mayor, M., New Wireless Device Could Rescue Firefighters. 2001. http://www.wirelessnewsfactor.com/perl/story/9134.html]]Google Scholar
Nagel, K., C.D. Kidd, T. O'Connell, A. Dey, and G.D. Abowd. The Family Intercom: Developing a Context-Aware Audio Communication System. In Proceedings of Ubicomp 2001. Atlanta, GA. pp. 176--183 2001.]] Google ScholarDigital Library
Olsen, D.R., S. Jefferies, T. Nielsen, W. Moyes, and P. Frederickson, Cross-modal Interaction using XWeb. CHI Letters, The 13th Annual ACM Symposium on User Interface Software and Technology: UIST 2000 2000. 2(2): p. 191--200.]] Google ScholarDigital Library
OnStar. http://www.onstar.com/]]Google Scholar
Palen, L. and P. Dourish, Unpacking "Privacy" for a Networked World. CHI Letters (Human Factors in Computing Systems: CHI 2003), 2003. 5(1): p. 129--136.]] Google ScholarDigital Library
Pascoe, J. The Stick-e Note Architecture: Extending the Interface Beyond the User. In Proceedings of International Conference on Intelligent User Interfaces. pp. 261--264 1997.]] Google ScholarDigital Library
Povey, D. Optimistic Security: A New Access Control Paradigm. In Proceedings of 1999 New Security Paradigms Workshop 1999.]] Google ScholarDigital Library
Priyantha, N.B., A. Chakraborty, and H. Balakrishnan. The Cricket Location-Support System. In Proceedings of MobiCom 2000: The Sixth Annual International Conference on Mobile Computing and Networking. Boston, Massachusetts: ACM Press. pp. 32--43 2000.]] Google ScholarDigital Library
Rhodes, B. and T. Starner. The Remembrance Agent: A Continuously Running Automated Information Retrieval System. In Proceedings of The First International Conference on The Practical Application of Intelligent Agents and Multi Agent Technology (PAAM '96). London, UK. pp. 487--495 1996.]]Google Scholar
Román, M., C.K. Hess, R. Cerqueira, A. Ranganathan, R.H. Campbell, and K. Nahrstedt, Gaia: A Middleware Infrastructure to Enable Active Spaces. IEEE Pervasive Computing 2002. 1(4): p. 74--83.]] Google ScholarDigital Library
Schilit, B.N., A Context-Aware System Architecture for Mobile Distributed Computing, Unpublished PhD, Columbia University, 1995. http://seattleweb.intel-research.net/people/schilit/schilit-thesis.pdf]] Google ScholarDigital Library
Schilit, B.N., N.I. Adams, and R. Want. Context-Aware Computing Applications. In Proceedings of Workshop on Mobile Computing Systems and Applications. Santa Cruz, CA: IEEE Computer Society, December 1994 1994.]]Google ScholarDigital Library
Schilit, B.N., G. Borriello, W.G. Griswold, D. McDonald, A. Lamarca, J. Hong, E. Lazowska, A. Balachandran, and V. Iverson. Challenge: Ubiquitous Location-Aware Computing. In Proceedings of The First ACM International Workshop on Wireless Mobile Applications and Services on WLAN Hotspots (WMASH '03). San Diego, CA: ACM Press. pp. To Appear 2003.]] Google ScholarDigital Library
Sloane, L., Orwellian Dream Come True: A Badge That Pinpoints You, New York Times pp. 14, 1992.]]Google Scholar
Spreitzer, M. and M. Theimer. Providing location information in a ubiquitous computing environment. In Proceedings of Fourteenth ACM Symposium on Operating System Principles. Asheville, NC: ACM Press, December 1993.]] Google ScholarDigital Library
Sweeney, L., k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems 2002. 10(5): p. 557--570.]] Google ScholarDigital Library
Talbott, S., The Trouble with Ubiquitous Technology Pushers, or: Why We'd Be Better Off without the MIT Media Lab. 2000. http://www.oreilly.com/people/staff/stevet/netfuture/2000/Jan0600_100.html]]Google Scholar
Want, R., A. Hopper, V. Falcão, and J. Gibbons, The Active Badge Location System. ACM Transactions on Information Systems 1992. 10(1): p. 91--102.]] Google ScholarDigital Library
Weiser, M., R. Gold, and J.S. Brown, The Origins of Ubiquitous Computing Research at PARC in the Late 1980s. IBM Systems Journal 1999. 38(4): p. 693--696.]] Google ScholarDigital Library
Westin, A.F., Privacy and Freedom. New York NY: Atheneum, 1967.]]Google Scholar
Whalen, J., You're Not Paranoid: They Really Are Watching You, Wired Magazine, vol. 3(3): pp. 95--85, 1995.]]Google Scholar

Index Terms

An architecture for privacy-sensitive ubiquitous computing

Recommendations

Privacy risk models for designing privacy-sensitive ubiquitous computing systems
DIS '04: Proceedings of the 5th conference on Designing interactive systems: processes, practices, methods, and techniques

Privacy is a difficult design issue that is becoming increasingly important as we push into ubiquitous computing environments. While there is a fair amount of theoretical work on designing for privacy, there are few practical methods for helping ...
Read More
Keeping ubiquitous computing to yourself: a practical model for user control of privacy
Special isssue: HCI research in privacy and security is critical now

As with all the major advances in information and communication technology, ubiquitous computing (ubicomp) introduces new risks to individual privacy. Our analysis of privacy protection in ubicomp has identified four layers through which users must ...
Read More
Privacy protection by typing in ubiquitous computing systems

A novel privacy type system is proposed to protect the privacy of context information in ubiquitous computing systems.The subject reduction property of the proposed type system is formally established to guarantee that a well-typed process can only ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
MobiSys '04: Proceedings of the 2nd international conference on Mobile systems, applications, and services
June 2004
294 pages
ISBN:1581137931
DOI:10.1145/990064
General Chairs:
Guruduth S. Banavar
IBM Research
,
Willy Zwaenepoel
EPFL
,
Program Chairs:
Doug Terry
Microsoft Research
,
Roy Want
Intel Research
Copyright © 2004 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 6 June 2004
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
confab
location
privacy
toolkit
ubiquitous computing
Qualifiers
- Article
Conference

Acceptance Rates
MobiSys '04 Paper Acceptance Rate22of162submissions,14%Overall Acceptance Rate274of1,679submissions,16%
More
Upcoming Conference
MOBISYS '24

Sponsor:

sigmobile

The 22nd Annual International Conference on Mobile Systems, Applications and Services

June 3 - 7, 2024

Minato-ku, Tokyo , Japan
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 378
  Total Citations
  View Citations
- 4,774
  Total Downloads
- Downloads (Last 12 months)53
- Downloads (Last 6 weeks)5
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

An architecture for privacy-sensitive ubiquitous computing

MobiSys '04: Proceedings of the 2nd international conference on Mobile systems, applications, and services

ABSTRACT

References

Cited By

Index Terms

Recommendations

Privacy risk models for designing privacy-sensitive ubiquitous computing systems

Keeping ubiquitous computing to yourself: a practical model for user control of privacy

Privacy protection by typing in ubiquitous computing systems