Richard Chow

Is This Thing On?: Crowdsourcing Privacy Indicators for Ubiquitous Sensing Platforms

We are approaching an environment where ubiquitous computing devices will constantly accept input via audio and video channels: kiosks that determine demographic information of passersby, gesture controlled home entertainment systems and audio controlled wearable devices are just a few examples. To enforce the principle of least privilege, recent proposals have suggested technical approaches to limit third-party applications to receiving only the data they need, rather than entire audio or video streams. For users to make informed privacy decisions, applications will still need to communicate what data they are accessing and indicators will be needed to communicate this information. We performed several crowdsourcing experiments to examine how potential users might conceptualize and understand privacy indicators on ubiquitous sensing platforms.

HCI in Business: A Collaboration with Academia in IoT Privacy

The Internet of Things (IoT) integrates communication capabilities into physical objects to create a ubiquitous and multi-modal network of information and computing resources. The promise and pervasiveness of IoT ecosystems has lured many companies, including Intel, to devote resources and engineers to participate in the future of IoT. This paper describes a joint effort from Intel and two collaborators from academia to address the problem of IoT privacy.

What can i do here? IoT service discovery in smart cities

The vision of smart cities and IoT is an environment blanketed with interconnected, software-enabled devices. Unlike software installed on personal devices, however, people may not know about services in the environment, or may not even be the intended users. People lack a unified way to discover software services in a smart city infrastructure, and the current device-centric approach to IoT is inconsistent with the growing network and software services associated with these devices. In this paper we outline changes needed in the current IoT framework to shift to a service model for IoT. We describe how, similar to users of a personal computing device, users can define their preferences, install services, and manage the data that is generated and consumed by services. In this framework, service preferences provide a basis for proper service discovery. As an illustration of the proposed model, we provide modifications to the well established Auto-ID Object Name Service and Physical Markup Language architecture to demonstrate how a practical system can support the concept of IoT services and discovery.

Differential data analysis for recommender systems

We present techniques to characterize which data contributes most to the accuracy of a recommendation algorithm. Our main technique is called differential data analysis. The name is inspired by other sorts of differential analysis, such as differential power analysis and differential cryptanalysis, where insight comes through analysis of slightly differing inputs. In differential data analysis we chunk the data and compare results in the presence or absence of each chunk. We apply differential data analysis to two datasets and three different attributes. The first attribute is called user hardship. This is a novel attribute, particularly relevant to location datasets, that indicates how burdensome a data point was to achieve. The second and third attributes are more standard: timestamp and user rating. For user rating, we confirm previous work concerning the increased importance to the recommender of high and low user ratings.

Language-Based Hypervisors

We describe how to build a Language-Based Hypervisor (LBH) that can run untrusted applications (or modules) inside secure containers within a single language runtime instance. The LBH allows execution of untrusted code at a fine-grained level while controlling access to APIs, data, and resources. The LBH and untrusted applications are written in the same language and run together as one process on top of a single language interpreter or runtime. We use JavaScript as an example and describe how LBH can be implemented at the language level without modification to the runtime itself.

Albatross: A Privacy-Preserving Location Sharing System

We describe an architecture and a trial implementation of a privacy-preserving location sharing system called Albatross. The system protects location information from the service provider and yet enables fine-grained location-sharing. One main feature of the system is to protect an individuals social network structure. The pattern of location sharing preferences towards contacts can reveal this structure without any knowledge of the locations themselves. Albatross protects locations sharing preferences through protocol unification and masking. Albatross has been implemented as a standalone solution, but the technology can also be integrated into location-based services to enhance privacy.

The Last Mile for IoT Privacy

The last mile in Internet of Things (IoT) privacy is to give users a unified way to discover and be notified about the privacy properties of IoT services. A conceptual privacy stack that would build a communication bridge between IoT systems and end users is described.

User Attitudes Towards Browsing Data Collection

Web browsing data is the foundation of online advertising and can also be used to understand behavioral patterns of web users. This data, however, has also been the source of pervasive privacy concerns. In this paper we probed the sources of the underlying privacy concerns. Through user studies, we investigated the level of concern with URL collection compared to higher-level profiling into interest or preference categories. Consistent with intuition and industry practice, our results indicate that most users do indeed find URLs much more sensitive than the profiles built from them. Interestingly, however, we found that a great challenge in this area is comprehension of what categorization actually means, which is essential to properly make privacy decisions when services collect categories rather than URLs. This paper also investigated whether certain categories may also be a source of privacy concern. We tested sensitivity of a range of categories. Most categories were considered sensitive by relatively few users, and the categories deemed sensitive followed a power-law distribution.

A Machine Learning Approach to SDL

Security Risk Assessments (SRA) play a key role in the Security Development Lifecycle (SDL). At an early stage of the project, the SRA helps allocate security resources and identifies SDL requirements and activities. In this paper, we present key findings from a machine learning approach toward the SRA that seeks to learn from a database of previous product security risk assessments and associated requirements and activities. This approach has been implemented and adopted by product teams across our organization.

Data Handling in the Smart Grid: Do We Know Enough?

Data privacy in the smart grid is an important requirement for consumers. Central to the data privacy issue is the handling of energy-usage data, in particular, data retention, aggregation and anonymization. Government and industry groups have formulated various policies in this area, mostly based on fair information practice principles. This paper argues that the current policy-level work is insufficient – scientific work is needed to fully develop and implement privacy policies. A research agenda is proposed that balances the advantages of fine-grained energy-usage data with the associated privacy risks. For comparison purposes, the paper describes analogous policies and implementations related to telecommunications, web search and medical data.