PRiMMA: Privacy Rights Management for Mobile Applications

The age of Ubiquitous Computing is approaching fast: most people in the UK over the age of 8 carry mobile phones, which are becoming increasingly sophisticated interactive computing devices. Location-based services are also increasing in popularity and sophistication. There are many tracking and monitoring devices being developed that have a range of potential applications, from supporting mobile learning to remote health monitoring of the elderly and chronically ill. However, do users actually understand how much of their personal information is being shared with others? In a recently released report from the UK Information Commissioner, we were warned that the UK in particular is 'sleepwalking into a surveillance society', as ordinary members of the public give up vast amounts of personal information with no significant personal or societal advantage gained. In general, there will be a trade off between usefulness of disclosing private information and the risk of it being misused. This project will investigate techniques for protecting the private information typically generated from ubiquitous computing applications from malicious or accidental misuse.The project will investigate privacy requirements across the general population for a specific set of ubiquitous computing technologies. These requirements will be used to produce a Privacy Rights Management (PRM) framework that enables users to specify privacy preferences, to help visualize them, to learn from the user's behaviour what their likely preferences are, and to enforce privacy policies. We will make use of a large cohort of over 1000 OU students with a broad range of ages and backgrounds, both for identifying requirements and for evaluating tools for privacy management. This work will address a number of research issues:* how do people perceive privacy in ubiquitous systems?* what types of privacy controls would people like to have when using ubiquitous systems?* how to develop privacy control tools that are easy to use via simple interfaces (e.g. mobile phones) as well as large screen devices?* how to detect and resolve inconsistencies in users' privacy requirements?* what mechanisms can be used to automate privacy control in ubiquitous systems?The PRM framework we produce to address these issues will integrate users' privacy policies with their personal information to control how information is used. This is analogous to Digital Rights Management (DRM), which often incorporates information such as 'digital watermarks' in the data being protected or encapsulates the data such that it is self protecting. By providing an analysis and learning system within the framework, we believe that we can produce a usable system that does not burden users with complex privacy rule sets. The project relates to the Memories for Life and Ubiquitous Computing Grand Challenges, both of which raise issues relating to PRM in mobile applications.