Proactive Data Sharing to Enhance Privacy in Ubicomp Environments

Discussions about privacy often assume an antagonistic relationship between those who collect data and those about whom data is collected. Those who collect data (the data consumers) want the greatest possible access to data, whereas those about whom data is collected (the data producers) want privacy to the greatest possible extent. Much work on privacy has consequently been devoted to designing tools and protocols that allow data producers to safeguard their data from the prying hands of data consumers. More recently, work predicated on some amount of trust between data producers and consumers offers tools for negotiating privacy [10], or recognizes that negotiations of privacy boundaries should not consist only of a defensive posture biased toward minimum disclosure [8]. We propose to heal the relationship between data producers and consumers even further, and take the position that in ubicomp environments, privacy can be facilitated by collaboration. Indeed, we argue that in ubicomp scenarios, the best response to data consumers’ desire for information is for data producers to voluntarily provide the data desired. In a nutshell, the argument goes as follows. The data that is most valuable to data consumers is typically simple, specific, well-defined and not very sensitive from the view-point of privacy. A typical example may be the time you spend inside a store, the brand of coffee you drink or your favorite color for clothes. Unfortunately, it is often not possible to collect this valuable data directly. Instead, data consumers must rely on monitoring equipment (audio, video or other sensors) that produce mountains of raw data from which a few nuggets of valuable data can be extracted, distilled or aggregated. This process is expensive, inefficient and produces as by-product vast amounts of raw data that is useless to many data consumers, yet that may represent a serious threat to the privacy of data producers. This privacy threat could be avoided simply if data producers were to share data about themselves voluntarily and directly with data consumers. Indeed, voluntary sharing of data would eliminate the incentive for data consumers to set up and operate ubiquitous monitoring systems that gather the same information inefficiently. The privacy of consumers may be enhanced overall, since no extra data would then be collected other than what the data consumers were interested in. In other words, our response to organizations’ desire for information is simply to give them the information they want, and only that information, thus preempting the collection of raw data that would be more damaging to privacy. The following examples illustrate our approach: