Designing for Privacy in Ubiquitous Computing Environments

In an Ubiquitous Computing environment, sensors are actively collecting data, much of which can be very sensitive. Data will often be streaming at high rates (video and audio) and it must be dealt with in real-time. Protecting the privacy of users is of central importance. Effective solutions for controlling access to data in ubicomp settings remain to be developed. Dealing with these issues will be a central challenge for ubicomp for some time to come. Here we propose some simple design principles which address several of these issues. We illustrate them through the design of a smart room capture system we are building at Berkeley. The main design principle is “data discretion”: users should have access and control of data about them, and should be able to determine how it is used. In our implementation, the data discretion principle is enforced with cryptographic techniques. We show how data discretion supports both personal and collaborative uses. Unlike traditional ACL based access control systems, our scheme essentially embeds access rights of legitimate users in the data. We have implemented a prototype system in a Smart Room at Berkeley equipped with several cameras, and we give data throughput rates under various degrees of protection. Finally we describe ongoing work toward a trustworthy ubicomp environment whose discretion is realistically checkable.