It is easy to imagine that a future populated with an ever-increasing number of mobile and pervasive devices that record our minute goings and doings will significantly expand the amount of information that will be collected, stored, processed, and shared about us by both corporations and governments. The vast majority of this data is likely to benefit us greatly—making our lives more convenient, efficient, and safer through custom-tailored services that anticipate what we need, where we need it, and when we need it. But beneath all this convenience, efficiency, and safety lurks the risk of losing control and awareness of what is known about us in the many different contexts of our lives. Eventually, we may find ourselves in a situation like Rivera or Lyons, where something we said or did will be misinterpreted and held against us, even if the activities were perfectly innocuous at the time. Even more concerning, while in the examples we discussed privacy implications manifested as an explicit harm, more often privacy harms manifest as an absence of opportunity, which may go unnoticed even though it may substantially impact our lives.
1.1 LECTURE GOALS AND OVERVIEW
In this book we dissect and discuss the privacy implications of mobile and pervasive computing technology. For this purpose, we not only look at how mobile and pervasive computing technology affects our expectations of—and ability to enjoy—privacy, but also look at what constitutes “privacy” in the first place, and why we should care about maintaining it.
A core aspect is the question: what do we actually mean when we talk about “privacy?” Privacy is a term that is intuitively understood by everyone, but at the same time the actual meaning may differ quite substantially—among different individuals, but also for the same individual in different situations [Acquisti et al., 2015]. In the examples we discussed above, superficially, the hinging problems were the interpretation or misinterpretation of facts (Robert Rivera allegedly being an alcoholic and Philip Lyons being wrongfully accused of arson, based on their respective shopping records), but ultimately the real issue is the use of personal information for purposes not foreseen (nor authorized) originally. In those examples, privacy was thus about being “in control”—or, more accurately, the loss of control—of one’s data, as well as the particular selection of facts known about oneself. However, other—often more subtle—issues exist that may rightfully be considered “privacy issues” as well. Thus, in this Synthesis Lecture we first closely examine the two constituents of the problem—privacy (Chapter 2) and mobile and pervasive computing technology (Chapter 3)—before discussing their intersection and illustrating the resulting challenges (Chapter 4). We finally discuss how those privacy challenges can potentially be addressed in the design of mobile and pervasive computing technologies (Chapter 5), and conclude with a summary of our main points (Chapter 6).
1.2 WHO SHOULD READ THIS
When one of the authors of this lecture was a Ph.D. student (some 15 years ago), he received a grant to visit several European research projects that worked in the context of a large EU initiative on pervasive computing—the “Disappearing Computer Initiative” [Lahlou et al., 2005]. The goal of this grant was to harness the collective experience of dozens of internationally renowned researchers that spearheaded European research in the area, in order to draft a set of “best practices” for creating future pervasive services with privacy in mind. In this respect, the visits were a failure: almost none of the half a dozen projects visited had any suggestions for building privacy-friendly pervasive systems. However, the visits surfaced an intriguing set of excuses why, as computer scientists and engineers working in the area, privacy was of no concern to them.
1. Some researchers found it best if privacy concerns (and their solutions) would be regulated socially, not technically: “It’s maybe about letting [users of pervasive technology]find their own ways of cheating.”
2. A large majority of researchers found that others where much more qualified (and required) to think about privacy: “For [my colleague] it is more appropriate to think about [security and privacy] issues. It’s not really the case in my case.”
3. Another large number of researchers thought of privacy issues simply as a problem that could (at the end) be solved trivially: “All you need is really good firewalls.”
4. Several researchers preferred not to think about privacy at all, as this would interfere with them building interesting systems: “I think you can’t think of privacy… it’s impossible, because if I do it, I have troubles with finding [a] Ubicomp future.”
With such excuses, privacy might never be incorporated into mobile and pervasive systems. If privacy is believed to be impossible, someone else’s problem, trivial, or not needed, it will remain an afterthought without proper integration into the algorithms, implementations, and processes surrounding mobile and pervasive computing systems. This is likely to have substantial impact on the adoption and perception of those technologies. Furthermore, privacy laws and regulation around the world require technologists to pay attention to and mitigate privacy implications of their systems.
The prime target audience of this lecture are hence researchers and practitioners working in mobile and pervasive computing who want to better understand and account for the nuanced privacy implications of the technology they are creating, in order to avoid falling for the fallacies above. A deep understanding of potential privacy implications will help in addressing them early on in the design of new systems.
At the same time, researchers working in the areas of privacy and security in general—but without a background in mobile and pervasive systems—might want to read this lecture in order to learn about the core properties and the specific privacy challenges within the mobile and pervasive computing domains. Last but not least, graduate and undergraduate students interested in the area might want to read this synthesis lecture to get an overview and deeper understanding of the field.
1If one uses a store-issued credit card, even that extra step disappears.
2Amazon Echo is an example of a class of wireless “smart” speakers that listen and respond to voice commands (see https://www.amazon.com/echo/); Google Home is a similar product from Google (see https://store.google.com/product/google_home).
3All major smartphone platforms support such voice commands since 2015: Apple’s Siri, Google Assistant, and Microsoft Cortana.
4Samsung TVs and the Xbox One were early devices that supported always-on voice recognition [Hern, 2015].
5At CES 2017, multiple companies presented voice-activated home and kitchen appliances powered by Amazon Alexa and multiple car manufactures announced integration of Amazon Alexa or Google Assistant into their new models [Laughlin, 2017].
CHAPTER 2
Understanding Privacy
In order to be able to appropriately address privacy issues and challenges in mobile and pervasive computing, we first need to better understand why we—as individuals and as society—might want and need privacy. What does privacy offer? How does privacy affect our lives? Why is privacy necessary? Understanding the answers to these questions naturally helps to better understand what “privacy” actually is, e.g., what it means to “be private” or to “have privacy.” Only by examining the value of privacy, beyond our maybe intuitive perception of it, will we be able to understand what makes certain technology privacy invasive and how it might be designed to be privacy-friendly.
Privacy