Pers Ubiquit Comput (2009) 13:389390 DOI 10.

1007/s00779-008-0210-7

EDITORIAL

An update on privacy in ubiquitous computing

Published online: 21 October 2008 Springer-Verlag London Limited 2008

One of the editors of this special issue recently conducted an analysis of all major applications presented in the IEEE Pervasive Computing Magazine from 2003 to 2005. More than two-thirds of them had people as their main object of observation (rather than, say, ducks, bridges, or glaciers). In 90% of these human-focused applications, the observing person was not necessarily identical with the observed. Only about half of these applications allowed the people observed to even get feedback about (or insights into) their own behavior. In all other cases, third parties or machines were observing them without notice. These numbers illustrate why Ubicomp scholars regularly echo privacy as a key challenge for the adoption and ethical acceptability of smart environments. The unprecedented collection coverage, the invisibility of the collection process, the amount of data collected, and the envisioned system interconnectivity should motivate the community to consider built-in privacy to a much larger extent than this may have been the case in earlier computing eras. It is for this reason that Personal and Ubiquitous Computing pays attention to the subject of privacy at regular intervals. The last special issue on privacy was published in May 2005 (Vol. 9, No. 3). The goal of this issue is to update the community with respect to the latest ndings and developments surrounding privacy in Ubiquitous Computing. Unlike a normal call for papers, this special
S. Spiekermann (&) Institute of Information Systems, Humboldt University Berlin, Berlin, Germany e-mail: [email protected] M. Langheinrich Faculty of Informatics, University of Lugano, Lugano, Switzerland e-mail: [email protected]

issue builds on the results of the 5th International Workshop on Ubicomp Privacy1 at the 9th International Conference on Ubiquitous Computing (UbiComp 2007) in Innsbruck in September 2007. The workshop brought together a diversity of research angles, grouped around ve distinct themes: location privacy, RFID and sensor related privacy issues, consumer acceptance of RFID, and legal aspects of smart environments. This special issue presents the ve original articles from the invited experts at the workshop (including ourselves). The rst article by John Krumm offers a comprehensive but concise overview of location privacy: What is location privacy and how do people relate to it? How can location privacy be undermined? And what technical proposals exist to ensure computational location privacy? Krumm cites studies that show how people are generally not concerned about location privacy, and demonstrates how researchers have been able to link anonymized and obfuscated location tracks to the correct identity. While proposals exist to improve existing anonymization and obfuscation mechanisms, the article notes the still open issue of measuring the level of protection any such algorithms can offer. Norman Sadeh and his colleagues then illustrate the intricate usability issues inherent in providing location privacy in smart environments. An actual location tracking application developed and trialed at Carnegie Mellon University (Pittsburgh, USA) was used as an example. The application, called PeopleFinder, allows users to share their current location with friends and colleagues, based on a set of location disclosure rules, e.g., Jennifer can see my location with high accuracy only on weekdays. The authors were particularly concerned with the usability
1

See www.vs.inf.ethz.ch/events/uc07privacy/.

123

390

Pers Ubiquit Comput (2009) 13:389390

aspects of such privacy controls: How many rules did users create? How often were these adjusted? How useful did users perceive the given feedback? Three eld trials involving more than 60 participants showed that people have a hard time articulating effective privacy preferences, but that user feedback on how the application is used helps people to dene more accurate rules. The third article by Marc Langheinrich focuses on the issue of RFID privacy, a topic of high visibility in todays press, as several eld trials of tagged consumer products have already been (sometimes secretly ) conducted. Langheinrich briey summarizes the uses and threats of RFID technology, before enumerating todays proposals for preventing the unwanted readout and tracking of tagged consumer items. Short of wrapping tagged items into aluminum foil, only encryption seems to offer protection from unwanted readouts while preserving the option for post-sale use of such tags. However, Langheinrich notes that key management turns out to be the biggest issue in any of the solutions, especially given the potentially large number of thus encrypted items. Another important contribution is a section linking to related issues such as security of the underlying infrastructure or the current policy debate in Europe. Sarah Spiekermanns article then reects on a subset of these privacy enhancing technologies for RFID tagged items and investigates how they may be perceived by future consumers. She presents an empirical study with over 500 Germans that were invited to judge on RFID protection schemes as well as on the benets of future RFID services in retail. The result is that people appreciate

RFID services, but feel uncomfortable with complex privacy solutions. Rather than proting from RFID enabled after-sales services, the majority of participants preferred to kill tags at retail exits. Spiekermann concludes that the main reason for this preference is a general lack of trust in the true effectiveness of complex privacy technologies. Finally, Paul de Hert et al. give an extensive insight into the legal issues surrounding Ubiquitous Computing as they have been identied by the SWAMI project. SWAMI stands for Safeguards in a World of Ambient Intelligence. It was an interdisciplinary research effort funded by the European Commission. Based on a number of dark scenarios of what could go wrong in Ubiquitous Computing environments, the project identied the most important `shortcomings of current EU law and legal principles vis-a vis Ubiquitous Computing. The article provides a brief overview of the scenarios, summarizes the main legal issues identied, and then describes some key legal safeguards needed to enforce privacy and data protection in future smart environments. The ve contributions in this special issue can only provide a small view of the overall issues surrounding privacy in Ubiquitous Computing. However, we believe that they offer a vivid illustration of the challenges in the eld and the innovations put forward by its scholars. The focus on location privacy, RFID privacy, and current laws shows that privacy research cannot take place in a vacuum and stresses the need for realistic prototypes that allow researchers to investigate the actual behavior and the actual needs of those who we observe.

123