Understanding privacy regulation in ubicomp interactions

Ubiquitous computing contains a huge promise for more intelligent services that are available anywhere and are able to dynamically adapt to the users’ current context. However, what necessarily follows such an environment is the compromising of the users’ privacy. We aim at analyzing this complex issue by applying and extending Altman’s theoretical privacy framework, well known in social sciences, to privacy in ubicomp. Altman understands privacy as a two-way interactive process, which makes the approach promising in analyzing ubicomp where people, devices and the environment interact with each other. We point out similarities between the existing model and the features of ubicomp environment, and verify the results by applying and analyzing the resulting extended framework to typical ubicomp use cases. Based on the analysis, we argue that privacy in ubicomp can be modeled similarly to privacy in general by extending the model to cover such factors as mediation and non-human actors.

A requirements taxonomy for reducing Web site privacy vulnerabilities

The increasing use of personal information on Web-based applications can result in unexpected disclosures. Consumers often have only the stated Web site policies as a guide to how their information is used, and thus on which to base their browsing and transaction decisions. However, each policy is different, and it is difficult—if not impossible—for the average user to compare and comprehend these policies. This paper presents a taxonomy of privacy requirements for Web sites. Using goal-mining, the extraction of pre-requirements goals from post-requirements text artefacts, we analysed an initial set of Internet privacy policies to develop the taxonomy. This taxonomy was then validated during a second goal extraction exercise, involving privacy policies from a range of health care related Web sites. This validation effort enabled further refinement to the taxonomy, culminating in two classes of privacy requirements: protection goals and vulnerabilities. Protection goals express the desired protection of consumer privacy rights, whereas vulnerabilities describe requirements that potentially threaten consumer privacy. The identified taxonomy categories are useful for analysing implicit internal conflicts within privacy policies, the corresponding Web sites, and their manner of operation. These categories can be used by Web site designers to reduce Web site privacy vulnerabilities and ensure that their stated and actual policies are consistent with each other. The same categories can be used by customers to evaluate and understand policies and their limitations. Additionally, the policies have potential use by third-party evaluators of site policies and conflicts.

A survey of RFID privacy approaches

A bewildering number of proposals have offered solutions to the privacy problems inherent in RFID communication. This article tries to give an overview of the currently discussed approaches and their attributes.

Trust, privacy, and legal protection in the use of software with surreptitiously installed operations: An empirical evaluation

The class of software which is “surreptitiously installed on a user’s computer and monitors a user’s activity and reports back to a third party on that behavior” is referred to as spyware “(Stafford and Urbaczewski in Communications of the AIS 14:291–306, 2004)”. It is a strategic imperative that software vendors, who either embed surreptitious data collection and other operations in legitimate software applications or whose software is unwittingly used as a delivery vehicle for surreptitious operations, understand users’ perceptions of trust, privacy, and legal protection of such software to remain competitive. This paper develops and tests a research model to explore application software users’ perceptions in the use of software with embedded surreptitious operations. An experiment was undertaken to examine whether the presence of spyware in application software impacts users’ perceptions and beliefs about trustworthiness of the application software, privacy control of the software vendor, United States legal protection, and overall trust of the software vendor. The results indicate users of software with spyware, versus users of software without spyware, have lower trust perceptions of a software vendor. Further examination of trustworthiness as a multi-dimensional construct reveals a software vendor’s competence in appropriately using private user information collected and the user’s belief that the vendor will abide by acceptable principles in information exchange are important influences in gaining users’ overall trust in a vendor. User trust in software utilization is critical for a software vendor’s success because without it, users may avoid a vendor’s software should the presence of spyware be discovered. Software vendors should respond to the strategic necessity to gain users’ trust. Vendors must institute proactive and protective measures to demonstrate that their software should be trusted. These protections could take the form of technological approaches or government legislation, or both.

Understanding and capturing people’s privacy policies in a mobile social networking application

A number of mobile applications have emerged that allow users to locate one another. However, people have expressed concerns about the privacy implications associated with this class of software, suggesting that broad adoption may only happen to the extent that these concerns are adequately addressed. In this article, we report on our work on PeopleFinder, an application that enables cell phone and laptop users to selectively share their locations with others (e.g. friends, family, and colleagues). The objective of our work has been to better understand people’s attitudes and behaviors towards privacy as they interact with such an application, and to explore technologies that empower users to more effectively and efficiently specify their privacy preferences (or “policies”). These technologies include user interfaces for specifying rules and auditing disclosures, as well as machine learning techniques to refine user policies based on their feedback. We present evaluations of these technologies in the context of one laboratory study and three field studies.

---

Is emotion relevant to requirements engineering?

This viewpoint argues that the introduction of most computer-based system to an organization transforms the organization and changes the work patterns of the system’s users in the organization. These changes interact with the users’ values and beliefs and trigger emotional responses which are sometimes directed against the software system and its proponents. A requirements engineer must be aware of these emotions.

---

Hitchcock’s (2001) treatment of singular and general causation

Hitchcock (2001a) argues that the distinction between singular and general causation conflates the two distinctions ‘actual causation vs. causal tendencies’ and ‘wide vs. narrow causation’. Based on a recent regularity account of causation I will show that Hitchcock’s introduction of the two distinctions is an unnecessary multiplication of causal concepts.

Evaluation of inter-organizational business process solutions: A conceptual model-based approach

Collaboration and coordination between organizations are necessary in today’s business environment, and are enabled by inter-organizational processes. Many approaches for the construction of such processes have been proposed in recent years. However, due to the lack of standard terminology it is hard to evaluate and select a solution that fits a specific business scenario. The paper proposes a conceptual model which depicts the nature of interaction between organizations through business processes under specific business requirements that emphasize the privacy and autonomy of the participating organizations. The model is generic, and relies on the generic process model (GPM) framework and on Bunge’s ontology. Being generic and theory-based, we propose to use the model as a basis for comparing and evaluating design and implementation-level approaches for inter-organizational processes. We demonstrate the evaluation procedure by applying it to three existing approaches.

End-to-end privacy control in service outsourcing of human intensive processes: A multi-layered Web service integration approach

With the recent adoption of service outsourcing, there have been increasing general demands and concerns for privacy control, in addition to basic requirement of integration. The traditional practice of a bulk transmission of the customers’ information to an external service provider is no longer adequate, especially in the finance and healthcare sectors. From our consultancy experience, application-to-application privacy protection technologies at the middleware layer alone are also inadequate to solve this problem, particularly when human service providers are heavily involved in the outsourced process. Therefore, we propose a layered architecture and a development methodology for enforcing end-to-end privacy control policies of enterprises over the export of personal information. We illustrate how Web services, augmented with updated privacy facilities such as Service Level Agreement (SLA), Platform for Privacy Preferences Project (P3P), and the P3P Preference Exchange Language (APPEL), can provide a suitable interoperation platform for service outsourcing. We further develop a conceptual model and an interaction protocol to send only the required part of a customer’s record at a time. We illustrate our approach for end-to-end privacy control in service outsourcing with a tele-marketing case study and show how the software of the outsourced call center can be integrated effectively with the Web services of a bank to protect privacy.

How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns

Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose them to implement minimal precautionary security measures. Several IT solutions (e.g., Privacy Enhancing Technologies, Access Control Infrastructure, etc.) have been proposed to address security and privacy issues. However, understanding why, and when such solutions have to be adopted is often unanswered because the answer comes only from a broader perspective, accounting for legal and organizational issues. Security engineers and legal experts should analyze the business goals of a company and its organizational structure and derive from there the points where security and privacy problems may arise and which solutions best fit such (legal) problems. The paper investigates the methodological support for capturing security and privacy requirements of a concrete health care provider.

Targets,drivers and metrics in software process improvement: Results of a survey in a multinational organization

This paper reports on a survey amongst software groups in a multinational organization. The survey was initiated by the Software Process Improvement (SPI) Steering Committee of Philips, a committee that monitors the status and quality of software process improvement in the global organization. The paper presents and discusses improvement targets, improvement drivers, and metrics, and the degree to that they are being recognized in the software groups. The improvement targets ‘increase predictability’ and ‘reduce defects’ are being recognized as specifically important, joined for Capability Maturity Model (CMM) level three groups by ‘increase productivity’ and ‘reduce lead time’. The set of improvement drivers that was used in the survey appears to be valid. Three improvement drivers that were rated highest were: ‘commitment of engineering management’, ‘commitment of development staff, and ‘sense of urgency’. Finally, it could be seen that metrics activity, both in size and in quality, increases significantly for CMM level three groups. However, no consensus regarding what metrics should be used can be seen.

Unpacking Tasks: The Fusion of New Technology with Instructional Work

This paper discusses how a new technology (designed to help pupils with learning about Shakespeare’s Macbeth) is introduced and integrated into existing classroom practices. It reports on the ways through which teachers and pupils figure out how to use the software as part of their classroom work. Since teaching and learning in classrooms are achieved in and through educational tasks (what teachers instruct pupils to do) the analysis explicates some notable features of a particular task (storyboarding one scene from the play). It is shown that both ‘setting the task’ and ‘following the task’ have to be locally and practically accomplished and that tasks can operate as a sense-making device for pupils’ activities. Furthermore, what the task ‘is’, is not entirely established through the teacher’s initial formulation, but progressively clarified through pupils’ subsequent work, and in turn ratified by the teacher.

Benchmarking quality measurement

This paper gives a simple benchmarking procedure for companies wishing to develop measures for software quality attributes of software artefacts. The procedure does not require that a proposed measure is a consistent measure of a quality attribute. It requires only that the measure shows agreement most of the time. The procedure provides summary statistics for measures of quality attributes of a software artefact. These statistics can be used to benchmark subjective direct measurement of a quality attribute by a company’s software developers. Each proposed measure is expressed as a set of error rates for measurement on an ordinal scale and these error rates enable simple benchmarking statistics to be derived. The statistics can also be derived for any proposed objective indirect measure or prediction system for the quality attribute. For an objective measure or prediction system to be of value to the company it must be ‘better’ or ‘more objective’ than the organisation’s current measurement or prediction capability; and thus confidence that the benchmark’s objectivity has been surpassed must be demonstrated. By using Bayesian statistical inference, the paper shows how to decide whether a new measure should be considered ‘more objective’ or whether a prediction system’s predictive capability can be considered ‘better’ than the current benchmark. Furthermore, the Bayesian inferential approach is easy to use and provides clear advantages for quantifying and inferring differences in objectivity.

Protecting business intelligence and customer privacy while outsourcing data mining tasks

Nowadays data mining plays an important role in decision making. Since many organizations do not possess the in-house expertise of data mining, it is beneficial to outsource data mining tasks to external service providers. However, most organizations hesitate to do so due to the concern of loss of business intelligence and customer privacy. In this paper, we present a Bloom filter based solution to enable organizations to outsource their tasks of mining association rules, at the same time, protect their business intelligence and customer privacy. Our approach can achieve high precision in data mining by trading-off the storage requirement. This research was supported by the USA National Science Foundation Grants CCR-0310974 and IIS-0546027.

---

Legal safeguards for privacy and data protection in ambient intelligence

To get the maximum benefit from ambient intelligence (AmI), we need to anticipate and react to possible drawbacks and threats emerging from the new technologies in order to devise appropriate safeguards. The SWAMI project took a precautionary approach in its exploration of the privacy risks in AmI and sought ways to reduce them. It constructed four “dark scenarios” showing possible negative implications of AmI, notably for privacy protection. Legal analysis of the depicted futures showed the shortcomings of the current legal framework in being able to provide adequate privacy protection in the AmI environment. In this paper, the authors, building upon their involvement in SWAMI research as well as the further advancement of EU privacy analysis, identify various outstanding issues regarding the legal framework that still need to be resolved in order to deal with AmI in an equitable and efficacious way. This article points out some of the lacunae in the legal framework and postulates several privacy-specific safeguards aimed at overcoming them.

---

Does Japan really have robot mania? Comparing attitudes by implicit and explicit measures

Japan has more robots than any other country with robots contributing to many areas of society, including manufacturing, healthcare, and entertainment. However, few studies have examined Japanese attitudes toward robots, and none has used implicit measures. This study compares attitudes among the faculty of a US and a Japanese university. Although the Japanese faculty reported many more experiences with robots, implicit measures indicated both faculties had more pleasant associations with humans. In addition, although the US faculty reported people were more threatening than robots, implicit measures indicated both faculties associated weapons more strongly with robots than with humans. Despite the media’s hype about Japan’s robot ‘craze,’ response similarities suggest factors other than attitude better explain robot adoption. These include differences in history and religion, personal and human identity, economic structure, professional specialization, and government policy. Japanese robotics offers a unique reference from which other nations may learn.

---

History and Status of Operations Support Systems

Operations Support Systems (OSS) have been a critical component of any telecommunications company’s business plan. In this paper we examine the history of OSS from the perspectives of maturing support for problem domains, enabling technologies, and system integration. Finally, we will look at the problems posed by the coming “everything over IP” networks, the changing communications provider landscape and the impact on operations support systems.

Hybrid ecologies: understanding cooperative interaction in emerging physical-digital environments

We consider the emergence of hybrid ecologies, which marry mixed reality environments and ubiquitous computing environments together to bridge the physical-digital divide. Hybrid ecologies are new class of digital ecology that merge multiple environments, physical and digital, together. Collaboration in these emerging environments is characterized by ‘fragmented interaction’ in that it is mediated by interaction mechanisms that are differentially distributed. Unpacking the collaborative nature of fragmented interaction requires that we uncover the ordinary interactional competences that users exploit to make differentially distributed mechanisms of interaction work and the distributed practices that articulate ‘seamful’ representations and provide for awareness and coordination.

Unified use case statecharts: case studies

This paper presents the results of case studies evaluating a method of unifying use cases (UCs) to derive a unified statechart model of the behavior of the domain of a proposed computer-based system. An evaluation of the unification method, the obtained statechart model of the domain, the method’s and model’s feedback on the UCs themselves, and how the method is used in requirements engineering practice was carried out by examining 58 software requirements specifications produced by 189 upper-year undergraduate and graduate students. The results of these studies independently confirm some of the benefits of building a unified SC mentioned in the works of Glinz; Whittle and Schumann; and Harel, Kugler, and Pnueli.

---

Personal privacy through understanding and action: five pitfalls for designers

To participate in meaningful privacy practice in the context of technical systems, people require opportunities to understand the extent of the systems alignment with relevant practice and to conduct discernible social action through intuitive or sensible engagement with the system. It is a significant challenge to design for such understanding and action through the feedback and control mechanisms of todays devices. To help designers meet this challenge, we describe five pitfalls to beware when designing interactive systems—on or off the desktop—with personal privacy implications. These pitfalls are: (1) obscuring potential information flow, (2) obscuring actual information flow, (3) emphasizing configuration over action, (4) lacking coarse-grained control, and (5) inhibiting existing practice. They are based on a review of the literature, on analyses of existing privacy-affecting systems, and on our own experiences in designing a prototypical user interface for managing privacy in ubiquitous computing. We illustrate how some existing research and commercial systems—our prototype included—fall into these pitfalls and how some avoid them. We suggest that privacy-affecting systems that heed these pitfalls can help users appropriate and engage them in alignment with relevant privacy practice.