Privacy Risks Emerging from the Adoption of Innocuous Wearable Sensors in the Mobile Environment
Authors - Andrew Raij, Animikh Ghosh, Santosh Kumar, and Mani Srivastava
Authors Bios - Andrew Raij is a Post Doctoral Fellow in the Wireless Sensors and Mobile Ad Hoc Networks Lab (WiSe MANet) at the University of Memphis and has a PhD from the University of Florida.
Animikh Ghosh is a Junior Research Associate at Infosys Technologies Ltd. and has a Masters of Computer Science from the University of Memphis.
Santosh Kumar is an Associate Professor at the University of Memphis and advises the WiSeMANet Lab.
Mani Srivastava is a Professor of Computer Science at UCLA and is also highly involved as an electrical engineer.
Venue - This paper was presented at the CHI '11 Proceedings of the 2011 annual conference on Human factors in computing systems.
Summary
Hypothesis - In this paper, researchers point out that mobile sensors used in the study of one's health may also be used in conjunction with machine learning algorithms, or just basic reasoning skills, to reveal private information that one does not wish to be known such as smoking or drinking habits. The study proposed by the researchers will evaluate how much individuals care about their private habits being made public. The hypothesis is that people do not want certain personal attributes, such as habits or health conditions, exposed in a way that other people can decode and potentially use against them, i.e. seemingly innocuous physiological data.
Content - The researchers developed a framework to better explain the scenarios being discussed in the paper and it consisted of measurements, behaviors, contexts, restrictions, abstractions, and privacy threats. Measurements are raw data that comes from sensors such as acclerometer readings and heart rates. Behaviors are actions the user performed that can be inferred from the measurements such as seizures. Contexts explain behaviors by observing the environment that the behavior occurred in such as time, place, and people that were nearby. Restrictions can be applied to all 3 of the previous elements and produce a limiting effect such as limiting access to accelerometer data or keeping the time private. Abstractions offer a way to restrict data to a desirable amount so as to have enough data to monitor whatever is being studied but leaving out other details. Privacy threats are harms that result from matching data to an identity.
methods for the 2 groups
Methods - The study had 3 goals: assess privacy concern of individuals before and after the study (when their data was at stake), use the framework to examine restrictions and abstractions, and assess how identification of the data affects the concern levels of participants. 66 participants were recruited for the study and divided into 2 groups. 1 group, Group NS, only filled out a privacy survey and the other, Group S, gave physiological, behavioral, and psychological data to a sensing device, the AutoSense, for 3 days with questionnaires throughout the study. Upon completion of the data collection participants viewed the data collected in a system called Aha visualization, developed for this study, that showed the data at different abstraction levels and responded to a privacy questionnaire knowing what was collected.
Results - Privacy concerns between Groups NS and S before the study were minimal but Group S after the study had significantly higher concerns and did not like the idea of someone having access to that data. The impact restrictions and abstractions had on the concerns showed what data is most sensitive when grouped with other data. For example, the highest concern level was shown when physical and temporal data was available making the times and locations of the user visible. Adding timestamps in general always increased concern. Participants also showed higher levels of concern when asked how they felt regarding releasing the data linked by identity to the general public compared to releasing the data anonymously.
Conclusion - The researchers conclude by saying they can conclude 3 things from this study: people don't properly analyze the risk of releasing data unless they have a stake in it, concern raises when physical and temporal data is connected together but can be reduced through restriction and abstraction, and people are willing to share their data (identifying or not) with researchers but not the general public.
Discussion
I think the researchers proved their hypothesis that people do not want certain information regarding tracking exposed to the public but interestingly only when they have a stake in the data being released. This study can be used by developers in the future in determining what data to keep sensitive and more importantly what to tell users so that they know exactly what is being recorded before consenting to anything.
No comments:
Post a Comment