Newman had the right idea: with a communication infrastructure, the end users aren’t alone in leveraging control over the information they communicate. Intermediaries have just as much control as the creators and the intended recipients. This might be true for mail, and it’s increasingly becoming an issue with the internet.
The most visible privacy issues have been raised with the introduction of social networking: Facebook’s Beacon being one of the most infamous, with Facebook secretly collecting your online activities to generate targeted advertisements. More recently, software designed to control and monitor children’s internet usage was revealed to actually transmit all internet activity, including instant messages, back to the companies that designed the programs. The list of abuses and potential abuses goes on and on and will only get worse. The introduction of cloud computing and the shift to thin clients mean that third parties are handling more and more personal data. The more opportunities others are given to handle our personal information, preferences, photos, browsing habits, and documents, the more opportunities exist for the abuse of that control.
Social networking and the monitoring of internet habits is only the tip of the iceberg. The social networking concept is quickly moving beyond the confines of the Internet and integrating itself with the physical world. The concepts of participatory sensing, body sensor networks, and smart homes/offices will see the introduction of internet-linked sensors placed everywhere. Cameras and microphones will soon be on every street corner. Temperature, humidity, and other energy monitoring sensors will be commonplace in every home, all linked to the internet. Even now, most cell phones come equipped with GPS, accelerometers, and microphones, allowing for activity recognition and localization. This “information saturation” will allow any developer to design an application that makes all kinds of weird discoveries: with body sensor networks and smart phones, rush hour traffic can be monitored in real time, local nightlife hotspots can be easily discovered, and suggestions can be made on how to save energy based on water and electricity usage in your home.
While the integration of the internet into the real world sounds cool, imagine what someone could do if your sensing information got into the wrong hands. Would you really want your health insurance company to know your heart rate or blood pressure at any time of day? Would you really want everyone to know that you waste the most water out of everyone who lives on your block? Would you want a crazed stalker to know where you were at any moment or to learn your daily activities or routines?
Privacy and security is going to be an increasing concern as sensor networks become more commonplace and integrated with the internet. While I was at UVA two weeks ago, Prof. John Stankovic mentioned that security and privacy in sensor networks is a huge problem and unfortunately, little is being done in this area.
A recent article by a UCLA student illustrated some of the problems with participatory sensing and presented some general solutions. Disclaimer: as part of the lead-in on her article, she says: “the developers I work with might say [my research area] is about telling them what they should be doing—which I must admit is the goal of this article.” When someone says they know better than you, it’s time to run, not walk, to the nearest exit. That said, I do agree with some of the things she says. The author argues that a general framework should be designed for all participatory sensing applications that allow for user privacy management. The frameworks should allow a user to easily understand how the systems work and how to control the release to the outside world of personal sensor data and inferences. Ultimately, the author argues that data generated by a sensor network that you own is yours to control and distribute. Third parties must respect the wishes of the content generators.
The author doesn’t go into fine-grained detail about how to ensure the preservation of an end user’s privacy wishes. I could imagine some kind of CA could help verify that those third parties which access a user’s content/sensor data are who they say they are. Some kind of feedback mechanism could allow a user to see where his or her sensor data went and how it was used. If a third party abused a user’s data, the CA certificate could be revoked, effectively tarnishing the reputation of that third party. Most likely, encryption would have to be introduced to ensure nobody but the permitted third parties could access a user’s data. Unfortunately, encryption is very energy and bandwidth heavy for low power wireless sensors.
We all know the wrong way to go about privacy with the experiences of Facebook and its tacked-on privacy measures. Initially, Facebook provided little privacy controls with no framework at all to allow a user to control access to his or her information. Even now, the privacy controls for Facebook are hard to access and even harder to understand what they do. A user has no fine-grained control over adjust who can access what content and exactly how your information is being shared with third party applications and advertisers. A comprehensive and user-oriented privacy framework installed from the ground up would help stop the mishaps that are common with social networking. Such a framework would come into its own with the increase in participatory sensing.
On that note, it’s time to get a few cell phones and start a participatory sensing application of my own to provide motivation for some research problems. The possibilities are limitless and I can throw privacy to the wind (for now). Unfortunately, as the author of the ACM article mentioned: researchers and developers don’t think about privacy, they think about research problems and cool applications. In a small-scale research environment, the information is mine to control since I control the sensors, the application, and the release of any data or inferences from the data. But, if anything were to be released into the wild and become popular, a framework for end user privacy control would be indispensable. I certainly don’t want some nutcase knowing when and where I’m sleeping.
Recent Comments