Marc Langheinrich

Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems

This paper tries to serve as an introductory reading to privacy issues in the field of ubiquitous computing. It develops six principles for guiding system design, based on a set of fair information practices common in most privacy legislation in use today: notice, choice and consent, proximity and locality, anonymity and pseudonymity, security, and access and recourse. A brief look at the history of privacy protection, its legal status, and its expected utility is provided as a background.

A Privacy Awareness System for Ubiquitous Computing Environments

Protecting personal privacy is going to be a prime concern for the deployment of ubiquitous computing systems in the real world. With daunting Orwellian visions looming, it is easy to conclude that tamper-proof technical protection mechanisms such as strong anonymization and encryption are the only solutions to such privacy threats. However, we argue that such perfect protection for personal information will hardly be achievable, and propose instead to build systems that help others respect our personal privacy, enable us to be aware of our own privacy, and to rely on social and legal norms to protect us from the few wrongdoers. We introduce a privacy awareness system targeted at ubiquitous computing environments that allows data collectors to both announce and implement data usage policies, as well as providing data subjects with technical means to keep track of their personal information as it is stored, used, and possibly removed from the system. Even though such a system cannot guarantee our privacy, we believe that it can create a sense of accountability in a world of invisible services that we will be comfortable living in and interacting with.

Unintrusive customization techniques for Web advertising

Most online advertisement systems in place today use the concept of consumer targeting: each user is identified and, according to his or her system setup, browsing habits and available off-line information, categorized in order to customize the advertisements for highest user responsiveness. This constant monitoring of a users online habits, together with the trend to centralize this data and link it with other databases, continuously nurtures fears about the growing lack of privacy in a networked society. In this paper, we propose a novel technique of adapting online advertisement to a users short term interests in a non-intrusive way. As a proof-of-concept we implemented a dynamic advertisement selection system able to deliver customized advertisements to users of an online search service or Web directory. No user-specific data elements are collected or stored at any time. Initial experiments indicate that the system is able to improve the average click-through rate substantially compared to random selection methods.

Social, Economic, and Ethical Implications of Ambient Intelligence and Ubiquitous Computing °

Visions of ambient intelligence and ubiquitous computing involve integrating tiny microelectronic processors and sensors into everyday objects in order to make them “smart.” Smart things can explore their environment, communicate with other smart things, and interact with humans, therefore helping users to cope with their tasks in new, intuitive ways. Although many concepts have already been tested out as prototypes in field trials, the repercussions of such extensive integration of computer technology into our everyday lives are difficult to predict. This contribution is a first attempt to classify the social, economic, and ethical implications of this development.

Living in a World of Smart Everyday Objects—Social, Economic, and Ethical Implications

ABSTRACT Visions of Pervasive Computing and ambient intelligence involve integrating tiny microelectronic processors and sensors into everyday objects in order to make them “smart.” Smart things can explore their environment, communicate with other smart things, and interact with humans, therefore helping users to cope with their tasks in new, intuitive ways. Although many concepts have already been tested out as prototypes in field trials, the repercussions of such extensive integration of computer technology into our everyday lives are difficult to predict. This article is a first attempt to classify the social, economic, and ethical implications of this development.

Open Display Networks: A Communications Medium for the 21st Century

Open public display networks could emerge as a new communications medium for the 21st century, but this transformation can only occur if the technology moves from its current, closed model to a new, open one.

Privacy and trust issues with invisible computers

A set of designer guidelines from the European Union offers the first step in building privacy-aware systems.

Scanning with a purpose: supporting the fair information principles in RFID protocols

Todays RFID protocols that govern the communication between RFID readers and tags are solely optimized for performance, but fail to address consumer privacy concerns by appropriately supporting the fair information practices. In this paper we propose a feature set that future privacy-aware RFID protocols should include in order to support the fair information principles at the lowest possible level – the air interface between readers and tags – and demonstrate that the performance impact of such an extension would be within acceptable limits. We also outline how this feature set would allow consumer interest groups and privacy-concerned individuals to judge whether an RFID reader deployment complies with the corresponding regulations through the use of a watchdog tag.

A survey of RFID privacy approaches

A bewildering number of proposals have offered solutions to the privacy problems inherent in RFID communication. This article tries to give an overview of the currently discussed approaches and their attributes.

Back-of-device authentication on smartphones

This paper presents BoD Shapes, a novel authentication method for smartphones that uses the back of the device for input. We argue that this increases the resistance to shoulder surfing while remaining reasonably fast and easy-to-use. We performed a user study (n=24) comparing BoD Shapes to PIN authentication, Android grid unlock, and a front version of our system. Testing a front version allowed us to directly compare performance and security measures between front and back authentication. Our results show that BoD Shapes is significantly more secure than the three other approaches. While performance declined, our results show that BoD Shapes can be very fast (up to 1.5 seconds in the user study) and that learning effects have an influence on its performance. This indicates that speed improvements can be expected in long-term use.