An Architecture for Privacy-Sensitive Ubiquitous Computing
journal contributionposted on 01.01.2005, 00:00 by Jason I-An Hong
Privacy is easily the most often-cited criticism of ubiquitous computing (ubicomp), and may be the greatest barrier to its long-term success. However, developers currently have little support in designing system architectures and in creating interactions that are effective in helping end-users manage their privacy. This dissertation provides three key contributions towards ameliorating this problem. The first contribution is an extensive analysis of end-user privacy needs, which were gathered through a variety of techniques, including interviews, surveys, synthesis of previously reported experiences with ubiquitous computing, as well as examination of proposed and existing data privacy laws. The second contribution is an analysis of interaction design for ubicomp privacy. Informed by examining over 40 different user interfaces for privacy, we describe common user interface pitfalls as well as ways of avoiding those pitfalls. The third contribution is a system architecture that embodies the two analyses above. We present Confab, a toolkit that facilitates the construction of privacysensitive ubicomp applications by providing a customizable framework for capturing, processing, and sharing personal information in a privacy-sensitive manner. From a system architecture perspective, Confab emphasizes two key ideas.The first is separating ubicomp applications into the physical / sensor layer, the infrastructure layer, and the presentation layer, with each of these being responsible for managing and providing privacy protection for different aspects of the flow of personal information. The second key idea is to structure the system so that endusers have personal information captured, stored, and processed on their computers as much as possible, and are provided better user interfaces for managing the flow of personal information to others. Confab currently comes with extensions specifically for managing location privacy in applications built within this framework. We also present an evaluation of this toolkit based on building three applications and performing user studies of those applications.