Presentation is loading. Please wait.

Presentation is loading. Please wait.

Participatory Privacy in Urban Sensing Katie Shilton, Jeff Burke, Deborah Estrin, Mark Hansen, Mani B. Srivastava MODUS 2008: April 21, 2008.

Similar presentations

Presentation on theme: "Participatory Privacy in Urban Sensing Katie Shilton, Jeff Burke, Deborah Estrin, Mark Hansen, Mani B. Srivastava MODUS 2008: April 21, 2008."— Presentation transcript:

1 Participatory Privacy in Urban Sensing Katie Shilton, Jeff Burke, Deborah Estrin, Mark Hansen, Mani B. Srivastava MODUS 2008: April 21, 2008

2 Talked to your IRB today? Respect Beneficence Justice 2 Broad principles balance risk & discovery for many kinds of investigations. Are there principles like this for urban sensing? Confidentiality Informed consent Statement of risks

3 Investigations by the public Close to individuals & intermixed in daily life. Wide-spread ability to collect & share data. Pilots: PEIR CBE 3 Participatory sensing: Campaigns to help people gather data, make case

4 Influences Participatory sensing Community-based participatory research (CBPR) Participatory action research (PAR) [1, 2] Participatory design (PD) [3] 4 Privacy Contextual privacy [4] Information ethics [5-7]

5 Participatory Privacy Regulation 5 System Designers Campaign Groups Participants Decision about boundaries Trust & commitment Process of system design and use

6 Where privacy regulation fits 6 Control over capture Control over resolution Control over sharing Control over retention Decision about boundaries Participation Campaign goals Instrument design Data collection Data analysis

7 Technical approaches to privacy Existing toolbox includes: Privacy warning, notification, or feedback systems [8- 10]; User control over data sharing [11]; Identity management systems [12] ; Selective retention systems [8]; Encryption, privacy-enhancing technologies [13]; Statistical anonymization of data [4]; Data retention or its opposite, ‘forgetting’ [14, 15]. 7

8 Participatory privacy regulation design guidelines 1. Participant primacy 2. Participatory design 3. Participant autonomy 4. Minimal, auditable information 5. Synergy between policy & technology 8

9 Design guideline 1: participant primacy Feature examples: Data visualization, interfaces (where did I go today?) Alerts and reminders (it’s 9 pm: turn sensing off!) 9 Challenges: Legible interfaces Developing effective alert mechanisms that do not disrupt data collection or annoy participants Help users take role, responsibilities of investigators

10 Design guideline 2: participatory design Customizable features: Data representation (can you see our houses?) Selective sharing (share only with campaign leaders) Retention, reuse (we don’t need data after Jan 1, 2009) 10 Challenges: Flexible systems to adjust capture, storage, representation of data. Flexibility achieved early in the design process. Customize systems to campaign needs

11 Design guideline 3: participant autonomy Feature examples: Discretion tools (replace this trip with ‘average’ trip) Selective retention (delete from 9 to 10 am) 11 Challenges: Building discretion tools Analyzing incomplete and/or falsified data Logging use of discretion tools Enabling participants to negotiate privacy context

12 Design guideline 4: minimal, auditable information Feature examples: Parsimonious sensors (collect location using only cell tower triangulation) Processing close to source Audit mechanisms (log who accesses data) 12 Challenges: Designing systems that support and benefit from minimal data collection. Building auditing mechanisms viewable, legible, useable by participants. Parsimonious capture, watchdogs

13 Design guideline 5: synergy between policy & technology Achieved through: Sharing responsibility Discussing problems best addressed by policy vs. technology. 13 Challenges: Authoring policy to support technology Designing technology to support policy. Software and hardware can’t do everything

14 In the future: evaluation How well do these principles – and resultant software – work? Meet design challenges: negotiating policy, building discretion tools, audit mechanisms, etc. Log data: measuring use of the privacy regulation features Interviews: evaluating participant trust of systems Participant observation: determining when and why participants feel boundary or identity sensitivities; evaluating whether systems adequately address these sensitivities Participant critique: of design methods, software, and conclusions 14

15 Conclusions Participation over restriction Balance between privacy and participation enables sensing systems to reach research, empowerment, documentary potential. 15 Participation in restriction Enables participants to limit sensing according to their needs, values.

16 Citations [1] M. Cargo and S. L. Mercer, "The value and challenges of participatory research: strengthening its practice," Annual Review of Public Health, vol. 29, 2008. [2] E. Byrne and P. M. Alexander, "Questions of ethics: Participatory information systems research in community settings," in SAICSIT Cape Winelands, South Africa, 2006, pp. 117-126. [3] S. Pilemalm and T. Timpka, "Third generation participatory design in health informatics - making user participation applicable to large-scale information system projects," Journal of Biomedial Informatics, 2007 (in press) [4] H. Nissenbaum, "Privacy as contextual integrity," Washington Law Review, vol. 79, pp. 119–158, 2004. [5] J. Waldo, H. S. Lin, and L. I. Millett, Engaging privacy and information technology in a digital age. Washington, D.C.: The National Academies Press, 2007. [6] L. Palen and P. Dourish, "Unpacking "privacy" for a networked world," in CHI 2003. vol. 5 Ft. Lauderdale, FL: ACM, 2003, pp. 129-136. [7] J. E. Cohen, "Privacy, Visibility, Transparency, and Exposure," University of Chicago Law Review, vol. 75, 2008. [8] G. R. Hayes, E. S. Poole, G. Iachello, S. N. Patel, A. Grimes, G. D. Abowd, and K. N. Truong, "Physical, social and experiential knowledge in pervasive computing environments," Pervasive Computing, vol. 6, pp. 56-63, 2007. 16

17 Citations cont. [9] M. S. Ackerman and L. Cranor, "Privacy critics: UI components to safeguard users‘ privacy," in Conference on Human Factors in Computing Systems CHI’99: ACM Publications, 1999, pp. 258-259. [10] D. H. Nguyen and E. D. Mynatt, "Privacy mirrors: understanding and shaping socio- technical ubiquitous computing systems," Georgia Institute of Technology GIT-GVU-02-16, 2002. [11] D. Anthony, D. Kotz, and T. Henderson, "Privacy in location-aware computing environments," Pervasive Computing, vol. 6, pp. 64-72, 2007. [12] S. Patil and J. Lai, "Who gets to know what when: configuring privacy permissions in an awareness application," in SIGCHI Conf. Human Factors in Computing Systems (CHI 05) Portland, Oregon: ACM Press, 2005, pp. 101–110. [13] H. Burkert, "Privacy-enhancing technologies: Typology, critique, vision," in Technology and privacy: The new landscape, P. E. Agre and M. Rotenberg, Eds. Cambridge, MA and London: The MIT Press, 1998, pp. 125-142. [14] L. Bannon, "Forgetting as a feature, not a bug: the duality of memory and implications for ubiquitous computing," CoDesign, vol. 2, pp. 3-15, 2006. [15] J.-F. Blanchette and D. G. Johnson, "Data retention and the panoptic society: the social benefits of forgetfulness," The Information Society, vol. 18, 2002. 17

Download ppt "Participatory Privacy in Urban Sensing Katie Shilton, Jeff Burke, Deborah Estrin, Mark Hansen, Mani B. Srivastava MODUS 2008: April 21, 2008."

Similar presentations

Ads by Google