personal privacy in ubiquitous personal privacy in
play

Personal Privacy in Ubiquitous Personal Privacy in Ubiquitous - PowerPoint PPT Presentation

May 10, 2023 •338 likes •794 views

Personal Privacy in Ubiquitous Personal Privacy in Ubiquitous Computing Marc Langheinrich Institute for Pervasive Computing Institute for Pervasive Computing ETH Zurich, Switzerland Approaches to Ubicomp Privacy Disappearing Computer

  1. Personal Privacy in Ubiquitous Personal Privacy in Ubiquitous Computing Marc Langheinrich Institute for Pervasive Computing Institute for Pervasive Computing ETH Zurich, Switzerland

  2. Approaches to Ubicomp Privacy Disappearing Computer Troubadour Project (10/02 - 05/03) Disappearing Computer Troubadour Project (10/02 05/03) � Promote Absence of Protection as User Empowerment Promote Absence of Protection as User Empowerment � „ It's maybe about letting them find their own ways of cheating ” � Make it Someone Elses Problem � „For [my colleague] it is more appropriate to think about [security and privacy] issues. It’s not really the case in my case ” � Insist that “Good Security” will Fix It � „All you need is really good firewalls “ � Conclude it is Incompatible with Ubiquitous Computing C l d it i I tibl ith Ubi it C ti � „I think you can't think of privacy... it's impossible , because if I do it, I have troubles with finding [a] Ubicomp future” it, I have troubles with finding [a] Ubicomp future 11/29/2007 Personal Privacy in Ubiquitous Computing 2

  3. Today‘s Topics � What is Privacy and Why Should We Want It? � What is Privacy and Why Should We Want It? � How do Future Smart Environments Challenge � H d F t S t E i t Ch ll Existing Solutions? � How Less Security Can (Sometimes) Increase y Privacy � Results of ETH/Hitachi-SDL cooperation 2006 p 11/29/2007 Personal Privacy in Ubiquitous Computing 3

  4. What is Privacy? � „The right to be let alone. � The right to be let alone “ � Louis Brandeis, 1890 (Harvard Law Review) � „The desire of people to choose freely Louis D Brandeis 1856 - 1941 Louis D. Brandeis, 1856 1941 h d i f l t h f l under what circumstances and to what extent they will expose t t th ill themselves, their attitude and their b h behavior to others.“ i t th “ � Alan Westin („Privacy And Freedom“, 1967) Alan Westin Prof Emeritus Columbia University Prof. Emeritus, Columbia University 11/29/2007 Personal Privacy in Ubiquitous Computing 4

  5. Why Privacy? � Reasons for Privacy � Reasons for Privacy � Free from Nuisance � Intimacy Intimacy � Free to Decide for Oneself � By Another Name... B A th N � Data Protection � Informational Self-Determination Privacy isn‘t just about keeping secrets – y j p g data exchange and transparency are key issues! 11/29/2007 Personal Privacy in Ubiquitous Computing 5

  6. “But I’ve Got Nothing to Hide!” Do you? � Arson Near Youth House Niederwangen � Arson Near Youth House Niederwangen � At scene of crime: Migros-tools � Court ordered disclosure of all 133 Court ordered disclosure of all 133 consumers who bought items on their supermarket loyalty card (8/2004) their supermarket loyalty card (8/2004) � (Arsonist not yet found) � “Give me six lines written by the most Give me six lines written by the most honorable of men, and I will find an excuse in them to hang him” excuse in them to hang him Armand Jean du Plessis, 1585-1642 d d l 8 6 (a.k.a. Cardinal de Richelieu) 11/29/2007 Personal Privacy in Ubiquitous Computing 6

  7. Ubicomp Privacy Implications � Data Collection � Data Collection � Scale (everywhere, anytime) � Manner (inconspicuous, invisible) Manner (inconspicuous invisible) � Motivation (context!) � Data Types D t T � Observational instead of factual data � Data Access � “The Internet of Things” 11/29/2007 Personal Privacy in Ubiquitous Computing 7

  8. How do we achieve privacy? How do we achieve privacy? 11/29/2007 Personal Privacy in Ubiquitous Computing 8

  9. Privacy – Not Just a Recent Fad � Justices Of The Peace Act (England 1361) Justices Of The Peace Act (England, 1361) � Sentences for Eavesdropping and Peeping Toms � � „The poorest man may in his cottage bid defiance to all The poorest man may in his cottage bid defiance to all the force of the crown. It may be frail; its roof may shake; … – but the king of England cannot enter; all his forces … but the king of England cannot enter; all his forces dare not cross the threshold of the ruined tenement“ � William Pitt the Elder (1708-1778) ( 7 77 ) � First Data Protection Law in the World in Hesse 1970 � 11/29/2007 Personal Privacy in Ubiquitous Computing 9

  10. The Fair Information Principles (FIP) � Drawn up by the OECD 1980 Drawn up by the OECD, 1980 � “Organisation for economic cooperation and development” � Voluntary guidelines for member states y g � Goal: ease transborder flow of goods (and information!) � Five Principles (simplified) Openness Collection Limitation 1. 4. Data access and control Data subject’s consent 2. 5. Data security 3. � Core principles of most modern privacy laws � Implication: Technical solutions must support FIP 11/29/2007 Personal Privacy in Ubiquitous Computing 10

  11. 1. Challenge: Openness � No Hidden Data Collection! No Hidden Data Collection! � Legal requirement in many countries � Established Means: Privacy Policies Established Means: Privacy Policies � Who, what, why, how long, etc. ... � How to Publish Policies in Smart Environments? How to Publish Policies in Smart Environments? � Is a poster enough? A paragraph of fine print? � Too Many Transactions? � Too Many Transactions? � Countless announcements an annoyance 11/29/2007 Personal Privacy in Ubiquitous Computing 11

  12. 2. Challenge: Access & Control � Identifiable Data Must be Accessible � Identifiable Data Must be Accessible � Users can review, change, sometimes delete � C ll � Collectors Must be Accountable t M t b A t bl � Privacy-aware storage technology � When Does Sensor Data Become Identifiable? � Even anonymized data can identify people (AOL case) � Who to Ask? How to Verify? How to Display? � Who was reading me when? Is this really my trace? g y y 11/29/2007 Personal Privacy in Ubiquitous Computing 12

  13. 3. Challenge: Data Security � Traditional Approach: Centralistic Authentication Traditional Approach: Centralistic Authentication � Powerful centralized system with known user list � Plan for worst case scenario (powerful attacker) � Numerous, Spontaneous Interactions � How do I know who I communicate with, who to trust? � How much extra time does “being secure” take? h d “b ” k ? � Complex Real-World Situations � Access to my medical data in case of emergency? Access to my medical data in case of emergency? � Context-Dependent Security? � Based on battery power data type location situation � Based on battery power, data type, location, situation 11/29/2007 Personal Privacy in Ubiquitous Computing 13

  14. 4. Challenge: Data Minimization � Only collect as much information as needed � Only collect as much information as needed � No in-advance data collection for future uses � B � Best: use anonymous/pseudonymous data t / d d t � No consent, security, access needed � How much data is needed for becoming “smart”? � No useless data in smart environments (context!) � Sometimes one cannot hide! � Sensor data (biometrics) hard to anonymize ( ) y 11/29/2007 Personal Privacy in Ubiquitous Computing Slide 14

  15. 5. Challenge: Consent � Participation Requires Explicit Consent � Participation Requires Explicit Consent � Usually a signature or pressing a button � True Consent Requires True Choice True Consent Requires True Choice � More than „take it or leave it“, needs alternatives � How to Ask “On The Fly”? How to Ask On The Fly ? � The mobile phone as a background agent (legal issues?) � Consenting to What? � Consenting to What? � Do I understand the implications? � Do I have options? D I h ti ? 11/29/2007 Personal Privacy in Ubiquitous Computing 15

  16. Ubicomp Challenges to Security & Privacy 1. 1 How to inform subjects about data How to inform subjects about data collections? 2 2. How to provide access to stored data? How to provide access to stored data? 3. How to ensure confidentiality, integrity, and authenticity (w/o alienating user)? h i i ( li i )? 4. How to minimize data collection? 5. How to obtain consent from data subjects? 11/29/2007 Personal Privacy in Ubiquitous Computing 16

  17. Public Concern over Unauthorized RFID Access 11/29/2007 Personal Privacy in Ubiquitous Computing 17

  18. Unauthorized RFID Access – Implications Pa Passport : Name: John Doe Nationality: USA Visa for: Isreal Visa for: Isreal Wi Wig Our focus: Consumer items atories Modell #2342 Material: Polyester Juels, RSA Labora ork (c) 2006 Ari J Ti Tiger T Tanga : Manufacturer: Woolworth Washed: 736 RFID-Man” Artwo Vi Viagra ra : Wallet llet Manufacturer: Pfitzer :Contents: 370 Euro :Contents: 370 Euro Original “R Extra Large Package Disability Card: #2845 11/29/2007 Personal Privacy in Ubiquitous Computing 18

  19. Killing Consumer Item RFID Tags � „Dead Tags Tell No Tales Dead Tags Tell No Tales“ � Permanently deactivate tag at checkout � Hard Kill Hard Kill � Cut tag antenna or „fry“ circuit � Soft Kill Soft Kill Metro RFID De-Activator � Needs password to prevent unauthorized killing � Both Approaches Require Consumer Action � Also voids any post-sales benefits (returns, services, …) y p ( , , ) 11/29/2007 Personal Privacy in Ubiquitous Computing 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Personal Privacy in Ubiquitous Computing Computing Marc Langheinrich Institute for Pervasive

Personal Privacy in Ubiquitous Computing Computing Marc Langheinrich Institute for Pervasive

Personal Privacy in Ubiquitous Computing March 11, 2008 Personal Privacy in Ubiquitous Computing Computing Marc Langheinrich Institute for Pervasive Computing ETH Zurich, Switzerland Approaches to Ubicomp Privacy Disappearing Computer

532 views • 23 slides
Personal Security and Privacy in Personal Security and Privacy in Ubiquitous Computing Marc

Personal Security and Privacy in Personal Security and Privacy in Ubiquitous Computing Marc

Personal Security and Privacy in Personal Security and Privacy in Ubiquitous Computing Marc Langheinrich Institute for Pervasive Computing Institute for Pervasive Computing ETH Zurich, Switzerland Approaches to Security & Privacy in

749 views • 39 slides
Personal Privacy in Ubiquitous Computing Marc Langheinrich ETH Zurich

Personal Privacy in Ubiquitous Computing Marc Langheinrich ETH Zurich

Personal Privacy in Ubiquitous Computing Marc Langheinrich ETH Zurich http://www.inf.ethz.ch/~langhein/ Univ. of Lancaster Visit Whats Up? Univ. of Lancaster Visit ! What Is Privacy, Anyway? Privacy Definitions Privacy Motivation

1.01k views • 52 slides
Personal Privacy in Ubiquitous Computing Marc Langheinrich ETH Zurich, Switzerland

Personal Privacy in Ubiquitous Computing Marc Langheinrich ETH Zurich, Switzerland

Personal Privacy in Ubiquitous Computing Marc Langheinrich ETH Zurich, Switzerland http://www.inf.ethz.ch/~langhein/ IT-University, Gteborg Whats Up? IT-University, Gteborg ! What is privacy, anyway? Privacy definitions

709 views • 45 slides
PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

Marc Langheinrich: Privacy in Ubiquitous Computing 5/29/2010 Todays Menu PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches COMPUTING Definitions Challenges 1. History and legal aspects 1.

264 views • 13 slides
Personal Privacy in Ubiquitous Computing Marc Langheinrich ETH Zurich

Personal Privacy in Ubiquitous Computing Marc Langheinrich ETH Zurich

Personal Privacy in Ubiquitous Computing Marc Langheinrich ETH Zurich http://www.inf.ethz.ch/~langhein/ UK-Ubinet Summer School Privacy Excuses UK-Ubinet Summer School Optimists: All you need is really good firewalls.

1.32k views • 75 slides
Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Industrial perspectives on Cryptography A. Esterle - ENISA Antwerp 29 May 2008 www.enisa.europa.eu Web and privacy Privacy and protection of personal data specific purpose (to collect and process it) subject

732 views • 7 slides
Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data

Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data

Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data Protecting Personal Data Privacy & Security Project HIPAA: What it is Health Insurance Portability and Accountability Act of 1996 Also known as

445 views • 26 slides
Measuring Individual Privacy In the Context of Personal Health Big Data Cinnamon S. Bloss, Ph.D

Measuring Individual Privacy In the Context of Personal Health Big Data Cinnamon S. Bloss, Ph.D

Measuring Individual Privacy In the Context of Personal Health Big Data Cinnamon S. Bloss, Ph.D Assistant Professor University of California, San Diego cbloss@eng.ucsd.edu @CinnamonBloss Justice Scalias Privacy Legacy Privacy of the

641 views • 39 slides
CS 525M Mobile and Ubiquitous Computing: The Wi Fi Privacy Ticker: Improving Awareness &

CS 525M Mobile and Ubiquitous Computing: The Wi Fi Privacy Ticker: Improving Awareness &

CS 525M Mobile and Ubiquitous Computing: The Wi Fi Privacy Ticker: Improving Awareness & Control of Personal Information Exposure on Wi Fi Shengwen Han Computer Science Dept. Worcester Polytechnic Institute (WPI) 1 Abstract

375 views • 24 slides
There is a lot of personal information. There are lots of inappropriate photos. Your privacy

There is a lot of personal information. There are lots of inappropriate photos. Your privacy

There is a lot of personal information. There are lots of inappropriate photos. Your privacy settings are weak. There are people you dont know. Its safe, private and secure. Only post photos you want everyone to see. Keep your personal

481 views • 6 slides
PRIVACY BILL CHANGES: WHATS NEW? WHAT STAYS THE SAME? John Edwards Privacy Commissioner

PRIVACY BILL CHANGES: WHATS NEW? WHAT STAYS THE SAME? John Edwards Privacy Commissioner

PRIVACY BILL CHANGES: WHATS NEW? WHAT STAYS THE SAME? John Edwards Privacy Commissioner WHERE WE ARE PRIVACY ACT 1993 Principle 1 - 4: Collection of personal information Principle 5: Storage and security of personal information Principle

276 views • 13 slides
Tips and Tricks to enhancing transparency in personal information management Victorian Privacy

Tips and Tricks to enhancing transparency in personal information management Victorian Privacy

Tips and Tricks to enhancing transparency in personal information management Victorian Privacy Network Meeting 10 April 2019 Presentation by Melanie Casley www.salingerprivacy.com.au The cause of so much confusion Back to Basics Privacy

388 views • 19 slides
Compliance Workshop Privacy & Security Protecting Personal Information & SNAP Program

Compliance Workshop Privacy & Security Protecting Personal Information & SNAP Program

3/27/2015 Compliance Workshop Privacy & Security Protecting Personal Information & SNAP Program Considerations August 14, 2014 Presentation by: Jennifer L. Cox, J.D. Cox & Osowiecki, LLC Hartford, Connecticut 1 Todays Privacy &

475 views • 24 slides
Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by

Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by

Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by Design ETH Zurich, Switzerland www.inf.ethz.ch/~langhein Ubicomp 2001, Atlanta Contents Ubicomp 2001, Atlanta ! Privacy primer Does privacy

680 views • 22 slides
Your Presentation You Where Youre From Date of Presentation What is privacy? What is

Your Presentation You Where Youre From Date of Presentation What is privacy? What is

Your Presentation You Where Youre From Date of Presentation What is privacy? What is personal data? What is sensitive personal data? Images and videos Short about Security Privacy VS Security Need a balance while benefiting from

367 views • 21 slides
From Resilience-Building to Resilience-Scaling Technologies Michel Bantre Content ! Resilient

From Resilience-Building to Resilience-Scaling Technologies Michel Bantre Content ! Resilient

From Resilience-Building to Resilience-Scaling Technologies Michel Bantre Content ! Resilient building technologies ! Ubiquity ! One example ! The scaling challenge ! Conclusion 2 Resilience-Building Technologies (1) Current state !

349 views • 13 slides
Ubiquitous Computing CPSC 581 - Fall 2015 The Computer for the 21st Century Mark Weiser, 1991

Ubiquitous Computing CPSC 581 - Fall 2015 The Computer for the 21st Century Mark Weiser, 1991

Ubiquitous Computing CPSC 581 - Fall 2015 The Computer for the 21st Century Mark Weiser, 1991 The most profound technologies are those that disappear. They weave themselves into at the fabric of everyday life until they are

861 views • 38 slides
UbiBus: Ubiquitous Computing to Help Blind People in Public Transport M.Bantre, P.Couderc,

UbiBus: Ubiquitous Computing to Help Blind People in Public Transport M.Bantre, P.Couderc,

UbiBus: Ubiquitous Computing to Help Blind People in Public Transport M.Bantre, P.Couderc, J.Pauty and M.Becus INRIA Rennes (France) Ambient Computing and Embedded Systems Group Goal Ubiquitous computing to provide spontaneous

452 views • 6 slides
Designing APIs for 150 Million Orders Matt Fewer Senior Software Developer @mattyfew Michele

Designing APIs for 150 Million Orders Matt Fewer Senior Software Developer @mattyfew Michele

Designing APIs for 150 Million Orders Matt Fewer Senior Software Developer @mattyfew Michele Angioni Senior Software Developer @MicheleAngioni Key numbers for Takeaway.com Key numbers for Takeaway.com Q3 2019 41.6 million orders

1.25k views • 66 slides
For Quantum and Reversible From Interval . . . Computing, Intervals Are Case of Fuzzy

For Quantum and Reversible From Interval . . . Computing, Intervals Are Case of Fuzzy

Need for Quantum . . . Need for Reversible . . . Need to Take . . . When Is This Data . . . For Quantum and Reversible From Interval . . . Computing, Intervals Are Case of Fuzzy Uncertainty Intervals are Ubiquitous More Appropriate Than A

446 views • 29 slides
Ubiquitous Machine Learning Prof. Dr. Stefan Wrobel Ubiquitous Machine Learning Fraunhofer IAIS:

Ubiquitous Machine Learning Prof. Dr. Stefan Wrobel Ubiquitous Machine Learning Fraunhofer IAIS:

Ubiquitous Machine Learning Prof. Dr. Stefan Wrobel Ubiquitous Machine Learning Fraunhofer IAIS: Intelligent Analysis and Information Systems 230 people: scientists, project engineers, technical and administrative staff, students

754 views • 20 slides
The case for ubiquitous transport level encryption Andrea Bittau, Mike Hamburg, Mark Handley,

The case for ubiquitous transport level encryption Andrea Bittau, Mike Hamburg, Mark Handley,

The case for ubiquitous transport level encryption Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford. What would it take to encrypt all the traffic on the Internet, by default, all the time? Crypto 101

728 views • 55 slides
International Workshop / Special Session on Adaptivity and Personalization in Ubiquitous

International Workshop / Special Session on Adaptivity and Personalization in Ubiquitous

International Workshop / Special Session on Adaptivity and Personalization in Ubiquitous Learning System s Sabine Graf Kinshuk National Central University Athabasca University Taiwan Canada sabine.graf@ieee.org kinshuk@ieee.org Schedule

830 views • 18 slides

More recommend