Understanding identity exposure in pervasive computing environments

Various miniaturized computing devices that store our identity information are emerging rapidly and are likely to become ubiquitous in the future. They allow private information to be exposed and accessed easily via wireless networks. When identity and context information is gathered by pervasive computing devices, personal privacy might be sacrificed to a greater extent than ever before. People whose information is targeted may have different privacy protection skills, awareness, and privacy preferences. In this research, we studied the following issues and their relations: (a) identity information that people think is important to keep private; (b) actions that people claim to take to protect their identities and privacy; (c) privacy concerns; (d) how people expose their identity information in pervasive computing environments; and (e) how our RationalExposure model can help minimize unnecessary identity exposure. We conducted the research in three stages, a comprehensive survey and two in-lab experiments. We built a simulated pervasive computing shopping system, called InfoSource. It consisted of two applications and our RationalExposure model. Our data show that identity exposure decisions depended on participants' attitudes about maintaining privacy, but did not depend on participants' concerns or security actions that they claimed to have taken. Our RationalExposure model did help the participants reduce unnecessary disclosures.

[1]  J. Freedman,et al.  Conceptions of Crowding. (Book Reviews: Crowding and Behavior; The Environment and Social Behavior. Privacy, Personal Space. Territory, Crowding) , 1975 .

[2]  Christopher Pollman Book Review: Documenting Individual Identity: The Development of State Practices in the Modern World by Jane Caplan and Torpey (eds.) , 2003, Journal of Information, Law and Technology.

[3]  Feng Zhu,et al.  Rational exposure: A game theoretic approach to optimize identity exposure in pervasive computing environments , 2009, 2009 IEEE International Conference on Pervasive Computing and Communications.

[4]  James A. Landay,et al.  An architecture for privacy-sensitive ubiquitous computing , 2004, MobiSys '04.

[5]  Colin Potts,et al.  Privacy practices of Internet users: Self-reports versus observed behavior , 2005, Int. J. Hum. Comput. Stud..

[6]  Charles J. Kacmar,et al.  Developing and Validating Trust Measures for e-Commerce: An Integrative Typology , 2002, Inf. Syst. Res..

[7]  Paul M. Schwartz,et al.  Privacy, Information, and Technology , 2006 .

[8]  P. Bonacich,et al.  The Development of Trust and Mistrust in Mixed-Motive Games , 1970 .

[9]  Roderick M. Kramer,et al.  Trust and distrust in organizations: emerging perspectives, enduring questions. , 1999, Annual review of psychology.

[10]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[11]  Lorrie Faith Cranor,et al.  Empirical models of privacy in location sharing , 2010, UbiComp.

[12]  Alessandro Acquisti,et al.  Privacy and rationality in individual decision making , 2005, IEEE Security & Privacy.

[13]  Jonathan Grudin,et al.  A study of preferences for sharing and privacy , 2005, CHI Extended Abstracts.

[14]  Marc Langheinrich,et al.  Encountering SenseCam: personal recording technologies in everyday life , 2009, UbiComp.

[15]  Yoram M. Kalman,et al.  Pauses and Response Latencies: A Chronemic Analysis of Asynchronous CMC , 2006, J. Comput. Mediat. Commun..

[16]  John Torpey,et al.  Documenting individual identity : the development of state practices in the modern world , 2001 .

[17]  Bettina Berendt,et al.  E-privacy in 2nd generation E-commerce: privacy preferences versus actual behavior , 2001, EC '01.

[18]  Colin Potts,et al.  Privacy policies as decision-making tools: an evaluation of online privacy notices , 2004, CHI.

[19]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[20]  Marc Langheinrich,et al.  Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems , 2001, UbiComp.

[21]  James A. Landay,et al.  Personal privacy through understanding and action: five pitfalls for designers , 2004, Personal and Ubiquitous Computing.

[22]  Daniel J. Solove The Digital Person , 2022 .

[23]  Paul Dourish,et al.  Unpacking "privacy" for a networked world , 2003, CHI '03.

[24]  Mark S. Ackerman,et al.  Privacy in e-commerce: examining user scenarios and privacy preferences , 1999, EC '99.

[25]  Alfred Kobsa,et al.  An empirical investigation of concerns of everyday tracking and recording technologies , 2008, UbiComp.

[26]  Leslie A. Baxter,et al.  Engaging theories in interpersonal communication : multiple perspectives , 2008 .

[27]  D. Lyon Surveillance society: Monitoring Everyday Life , 2001 .

[28]  Oliver Günther,et al.  Privacy in e-commerce: stated preferences vs. actual behavior , 2005, CACM.

[29]  Ponnurangam Kumaraguru,et al.  Privacy Indexes: A Survey of Westin's Studies , 2005 .

[30]  Marc Langheinrich,et al.  A Privacy Awareness System for Ubiquitous Computing Environments , 2002, UbiComp.

[31]  Latanya Sweeney,et al.  Computational disclosure control: a primer on data privacy protection , 2001 .

[32]  Roy H. Campbell,et al.  Towards Security and Privacy for Pervasive Computing , 2002, ISSS.

[33]  A. Soppera,et al.  Maintaining Privacy in Pervasive Computing — Enabling Acceptance of Sensor-based Services , 2022 .

[34]  Einar Snekkenes,et al.  Concepts for personal location privacy policies , 2001, EC '01.

[35]  Jeff Magee,et al.  Security Considerations for a Distributed Location Service , 1998, Journal of Network and Systems Management.

[36]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[37]  John Krumm,et al.  Location-aware computing comes of age , 2004, Computer.

[38]  Thomas A. Hemphill Electronic Commerce and Consumer Privacy: Establishing Online Trust in the U.S. Digital Economy , 2002 .

[39]  Jason I. Hong,et al.  End-User Privacy in Human-Computer Interaction , 2007, Found. Trends Hum. Comput. Interact..

[40]  Jennifer Healey,et al.  A Long-Term Evaluation of Sensing Modalities for Activity Recognition , 2007, UbiComp.

[41]  Deborah Estrin,et al.  Discovering semantically meaningful places from pervasive RF-beacons , 2009, UbiComp.

[42]  Tara Matthews,et al.  Location disclosure to social relations: why, when, & what people want to share , 2005, CHI.

[43]  Miriam J. Metzger Communication Privacy Management in Electronic Commerce , 2007, J. Comput. Mediat. Commun..

[44]  Paul Lukowicz,et al.  Dealing with sensor displacement in motion-based onbody activity recognition systems , 2008, UbiComp.

[45]  Martin J. Osborne,et al.  An Introduction to Game Theory , 2003 .