PRiMMA: Privacy Rights Management for Mobile Applications

Lead Research Organisation: The Open University
Department Name: Computing

Abstract

The age of Ubiquitous Computing is approaching fast: most people in the UK over the age of 8 carry mobile phones, which are becoming increasingly sophisticated interactive computing devices. Location-based services are also increasing in popularity and sophistication. There are many tracking and monitoring devices being developed that have a range of potential applications, from supporting mobile learning to remote health monitoring of the elderly and chronically ill. However, do users actually understand how much of their personal information is being shared with others? In a recently released report from the UK Information Commissioner, we were warned that the UK in particular is 'sleepwalking into a surveillance society', as ordinary members of the public give up vast amounts of personal information with no significant personal or societal advantage gained. In general, there will be a trade off between usefulness of disclosing private information and the risk of it being misused. This project will investigate techniques for protecting the private information typically generated from ubiquitous computing applications from malicious or accidental misuse.The project will investigate privacy requirements across the general population for a specific set of ubiquitous computing technologies. These requirements will be used to produce a Privacy Rights Management (PRM) framework that enables users to specify privacy preferences, to help visualize them, to learn from the user's behaviour what their likely preferences are, and to enforce privacy policies. We will make use of a large cohort of over 1000 OU students with a broad range of ages and backgrounds, both for identifying requirements and for evaluating tools for privacy management. This work will address a number of research issues:* how do people perceive privacy in ubiquitous systems?* what types of privacy controls would people like to have when using ubiquitous systems?* how to develop privacy control tools that are easy to use via simple interfaces (e.g. mobile phones) as well as large screen devices?* how to detect and resolve inconsistencies in users' privacy requirements?* what mechanisms can be used to automate privacy control in ubiquitous systems?The PRM framework we produce to address these issues will integrate users' privacy policies with their personal information to control how information is used. This is analogous to Digital Rights Management (DRM), which often incorporates information such as 'digital watermarks' in the data being protected or encapsulates the data such that it is self protecting. By providing an analysis and learning system within the framework, we believe that we can produce a usable system that does not burden users with complex privacy rule sets. The project relates to the Memories for Life and Ubiquitous Computing Grand Challenges, both of which raise issues relating to PRM in mobile applications.

Publications

10 25 50
 
Description A number of different ways to study mobile privacy 'in the wild'.

An approach to translate empirical finings into software privacy requirements.
Exploitation Route Techniques developed can and are being used by researchers studies ubiquitous computing and privacy.
Sectors Digital/Communication/Information Technologies (including Software)

URL http://primma.open.ac.uk
 
Description Publications cited by other researchers. Contravision methodology used by others to do qualitative studies in the wild.
Sector Digital/Communication/Information Technologies (including Software),Education
Impact Types Cultural

Societal

 
Description Microsoft
Amount £50,000 (GBP)
Funding ID SEIF 2011 Award 
Organisation Microsoft Research 
Sector Private
Country Global
Start 04/2011 
 
Description Microsoft
Amount £50,000 (GBP)
Funding ID SEIF 2011 Award 
Organisation Microsoft Research 
Sector Private
Country Global
Start 04/2011 
End 05/2012