Privacy: The Achilles Heel of Pervasive Computing?

t the heart of the ubiquitous computing vision lies an inherent contradiction. On the one hand, a computing environment must be highly knowledgeable about a user to conform to his or her needs and desires without explicit interaction—almost reading the user's mind. On the other hand, a system that is truly ubiquitous will encompass numerous users, physical regions, and service providers. At such large scale, perfect trust among all parties is an unattainable ideal. Trust boundaries thus represent seams of discontinuity in the fabric of pervasive computing. Privacy and security are already thorny problems in distributed systems. A variety of problems plague us, ranging from spam to identity theft. Pervasive computing provides many new avenues of attack. Mechanisms such as location tracking, smart spaces, and the use of sur-rogates require continuous monitoring of user actions. As a user becomes more dependent on a pervasive computing system , the system becomes more knowledgeable about that user's movements, behavior patterns, and habits. Exploiting this information is critical if the system is to be proactive and self-tuning. Yet this same build-up of detailed knowledge about a user represents a tempting target for the unscrupulous. Unless we can develop satisfactory solutions, the potential for serious loss of privacy might deter users from relying on a pervasive computing system. Establishing trust is a two-way problem. Just as users must be confident of their computing environment's trustwor-thiness, the infrastructure must be confident of a user's identity and authorization level before responding to requests. It is difficult to establish this mutual trust in a manner that is minimally intrusive. This will become a key requirement as pervasive computing moves from the lab to the real world. Without a reliable and accurate way to establish identity and authorization, service providers won't have incentives for deploying the infrastructures and services necessary for pervasive computing. At the same time, frequent demands for passwords or other proofs of authenticity from the user will destroy the essence of pervasive computing—namely, its ability to disappear into the user's subconscious. It is critical to develop techniques that balance these divergent requirements. I can think of at least three ways to begin the search for such techniques. A small step in the right direction would be to make users more aware of their current privacy exposure level. Just as a car's dashboard continuously provides information such as speed, fuel level, and outside temperatures, a hand-held …