Explore Diverse Techniques for Privacy Control
Problem Summary
Users face significant challenges in managing their privacy settings across various smart devices and applications. Traditional privacy management models are often cumbersome, leading to user fatigue, reduced awareness, and inadequate privacy protection. This is particularly problematic for vulnerable populations such as the elderly, who may struggle with complex decision-making processes and cognitive overload.
Rationale
Employing diverse techniques can make privacy management more intuitive and less burdensome for users. By visualising data collection through Augmented Reality (AR), users can gain better awareness of their privacy risks. Tangible interfaces allow for more natural and less intrusive interactions with privacy settings. Meanwhile, human-centred artificial intelligence (HCAI) reduces the cognitive demands on users by learning and applying expert preferences, ensuring that privacy management is both effective and user-friendly. Integrating these methods can lead to more robust privacy protection and greater user satisfaction.
Solution
To address these challenges, employing diverse techniques such as augmented reality (AR), tangible user interfaces, and human-centred artificial intelligence (HCAI) can significantly enhance privacy control. AR can provide intuitive visual representations of privacy settings, making it easier for users to understand and manage their data. Tangible interfaces offer a more engaging and accessible way to interact with privacy settings, reducing the cognitive load. HCAI leverages expert user preferences and adaptive algorithms to automate and simplify privacy management, ensuring that even vulnerable users can maintain control over their privacy.
Elahi et al. [1] proposed a Human-Centered Artificial Intelligence (HCAI) approach to enhance the privacy protection of elderly app users in smart cities. The authors address the limitations of the privacy self-management model, which increases the cognitive load on elderly users. They introduce two participatory privacy protection algorithms (PPPA-I and PPPA-II) to determine optimal privacy settings for Ambient Assisted Living (AAL) apps and manage runtime permission requests. These algorithms leverage expert user preferences and soft set theory to handle multi-criteria decision-making under uncertainty, ultimately reducing the cognitive burden on elderly users while ensuring robust privacy protection.
Mehta et al. [2] introduced the Privacy Care framework, a tangible interaction system for managing privacy in ubiquitous computing (UbiComp) environments. Traditional GUI-based privacy management tools are often considered intrusive, socially disruptive, and cumbersome. To address these issues, the Privacy Care framework integrates tangible and embodied interactions to offer a more seamless and natural user experience in everyday settings.
The framework focuses on two core elements: Awareness and Control. These are supported by three interrelated interaction principles: Direct, Ready-to-Hand, and Contextual. "Direct" refers to intuitive interactions through familiar metaphors. "Ready-to-Hand" emphasises the importance of non-intrusive, ad hoc management that transitions smoothly between the periphery and centre of the user's attention. "Contextual" involves customisation and configurability to suit individual user needs.
Fernandez et al. [3] introduced PARA, an augmented reality (AR) privacy management system for smart devices in IoT ecosystems. The PARA system addresses the challenge of user privacy in environments populated with smart devices by providing an intuitive way to manage privacy preferences through AR visualisation. The authors argue that traditional privacy management solutions are insufficient as they fail to inform users about privacy risks adequately and lack interactive support for managing them.
The PARA system uses AR to contextualise data disclosure and improve user awareness of privacy threats. When users point their smartphones at a smart device, PARA displays the collected data types and allows users to control data collection in real time. This interface enables users to explore and adjust privacy settings dynamically.
Kandappu, Subbaraju and Xu [4] explored the balance between reminiscability and privacy in visual life-logging systems for older adults. Using wearable cameras, life-logging systems capture continuous images to help elderly individuals recall their past experiences, enhancing their quality of life. However, these systems pose significant privacy risks by inadvertently capturing sensitive information and social ties. The authors propose obfuscation strategies that selectively obscure parts of images to protect privacy while maintaining reminiscability. The PrivacyPrimer framework leverages a web-based agent to assess privacy risks and apply appropriate obfuscation, reducing the likelihood of privacy breaches while preserving the utility of the images for memory recall. This approach demonstrates a significant privacy-utility trade-off, with a modest reduction in reminiscability scores but substantial improvements in privacy protection.
Platforms: mobile devices, smart devices
Example
AR privacy management interface (PARA) interface - filter for the face [3]. (See enlarged)
From right to left and top to bottom: PrivacyPrimer example of blurring (medium and high) and masking (medium and high) [4]. (See enlarged)
Use cases
- Simplifying privacy management by reducing cognitive load and automating complex decisions.
- Embedding diverse privacy control techniques in IoT devices to ensure users can manage their privacy seamlessly across various interconnected devices and platforms.
- Implementing contextual and adaptive privacy controls that adjust based on the user’s environment, activities, and changing privacy needs.
Pros
- The approach aims to make privacy management more accessible and less demanding for users who may struggle with traditional models, integrating seamlessly into their daily routines [1][2]. Results indicate that when an appropriate privacy control channel is available, users are more likely to move beyond default settings, enabling fine-grained privacy management and filters for smart devices. This leads to increased privacy perceptions and a greater desire to control privacy [3]. Additionally, the PrivacyPrimer platform allows users to obfuscate parts of life-log images without significantly compromising reminiscability, demonstrating a robust privacy-utility tradeoff with only a modest reduction in reminiscability scores but a significant enhancement in privacy [4].
Cons
- Privacy management in ubiquitous computing environments is inherently complex due to the multidimensionality of "access" and the dynamic context. Users often need detailed information to assess potential privacy imbalances, requiring a privacy management system that offers focused, contextual, and engaging interactions. Such a system must be direct and readily available throughout the user's daily routine [2]. The proposed model in [4] primarily addresses privacy threats to life-loggers from implicit inferences made by service providers using visual cues but falls short in tackling explicit threats like bystander privacy and potentially malicious actions by service providers. While assisted privacy management can reduce the perceived control of Ambient Assisted Living (AAL) users over their privacy, it balances this by providing manual adjustment options for those with adequate privacy awareness and skills [1]. Lastly, current AR metaphors may produce overly visual alerts, though designing comforting visuals was beyond the study's scope [3].
Privacy Choices
Considering the design space for privacy choices [5], this guideline can be applied in the following dimensions:
- Contextualised
It emphasises using innovative interaction techniques like AR to offer context-specific privacy choices, helping users make more informed decisions based on the current context.
- Multiple choices
The guideline promotes providing users with various options to manage their privacy, such as different levels of access and control.
- Context-aware
Contextual information can be leveraged to present privacy choices at the most relevant times based on user behaviour and environmental factors.
- Personalised
Using HCAI, the guideline can offer personalised privacy choices, presenting options tailored to individual user preferences and behaviours.
- Just in time
Techniques like AR can provide just-in-time privacy choices, prompting users to make decisions when data collection or other relevant actions are about to occur.
- Combined
The guideline supports combining multiple modalities (e.g., visual AR displays with haptic feedback) to enhance the user experience and effectiveness of privacy management.
- Haptic and other sensory
Tangible interfaces may involve haptic feedback, making privacy management more intuitive and engaging.
- Visual
AR and other visual methods are key components that provide clear visual representations of privacy choices.
- Enforcement
The discussed solutions emphasise immediate and effective implementation of user privacy choices, whether through real-time AR interfaces, tangible manipulations, or automated AI adjustments.
- Presentation
The guideline focuses on presenting privacy choices in user-friendly ways through AR and tangible interfaces, making it easier for users to understand and manage their privacy settings.
- Public
For smart city applications, public channels like signage or kiosks could be used to inform and manage privacy choices for passers-by or incidental users.
- Primary
The guideline encourages embedding privacy choices directly into the interaction with the system (e.g., through AR interfaces on smart devices).
Control
The guideline empowers users with various innovative techniques to manage their privacy settings. This aligns with the definition of Control, which includes the ability for the data subject to provide consent for data collection and processing, opt-out of data collection, make self-determined decisions on data sharing, and actively influence how their data is handled [6]. Other related privacy attributes:
The guideline addresses the balance between functionality and privacy by providing intuitive and user-friendly ways to manage privacy settings without sacrificing the usability of the applications.
The guideline discusses innovative techniques like augmented reality and tangible interfaces and helps make managing privacy settings more transparent to users. This ensures that users can better understand how their data is handled, aligning with the proactive distribution of information to users and the demonstration of privacy practices.
References
[1] Haroon Elahi, Aniello Castiglione, Guojun Wang, and Oana Geman (2021). A human-centered artificial intelligence approach for privacy protection of elderly App users in smart cities. Neurocomputing, 444, pp.189-202. https://doi.org/10.1016/j.neucom.2020.06.149
[2] Vikram Mehta, Daniel Gooch, Arosha Bandara, Blaine Price, and Bashar Nuseibeh (2021). Privacy Care: A Tangible Interaction Framework for Privacy Management. ACM Trans. Internet Technol. 21, 1, Article 25 (February 2021), 32 pages. https://doi.org/10.1145/3430506
[3] Carlos Bermejo Fernandez, Lik Hang Lee, Petteri Nurmi, and Pan Hui. PARA: Privacy Management and Control in Emerging IoT Ecosystems using Augmented Reality. In Proceedings of the 2021 International Conference on Multimodal Interaction (ICMI '21). Association for Computing Machinery, New York, NY, USA, 2021, 478–486. https://doi.org/10.1145/3462244.3479885
[4] Thivya Kandappu, Vigneshwaran Subbaraju, and Qianli Xu (2021). PrivacyPrimer: Towards Privacy-Preserving Episodic Memory Support For Older Adults. Proc. ACM Hum.-Comput. Interact. 5, CSCW2, Article 306 (October 2021), 32 pages. https://doi.org/10.1145/3476047
[5] Yuanyuan Feng, Yaxing Yao, and Norman Sadeh (2021). A Design Space for Privacy Choices: Towards Meaningful Privacy Control in the Internet of Things. In CHI Conference on Human Factors in Computing Systems (CHI ’21), May 8–13, 2021, Yokohama, Japan. ACM, New York, NY, USA, 16 pages. https://doi.org/10.1145/3411764.3445148
[6] Susanne Barth, Dan Ionita, and Pieter Hartel (2022). Understanding Online Privacy — A Systematic Review of Privacy Visualizations and Privacy by Design Guidelines. ACM Comput. Surv. 55, 3, Article 63 (February 2022), 37 pages. https://doi.org/10.1145/3502288