This project addresses the acute privacy challenge of home-based health care based on ubiquitous computing, or ubicomp, where vulnerable populations risk enforced technological intimacy. It will employ the well-defined ""design for values"" method to create an innovative toolkit that can be used by our aging population, their caregivers, and designers to ensure privacy and autonomy in home-based ubicomp.
Ubiquitous computing integrates technology into our everyday environments, fundamentally altering privacy by creating continuous, detailed data flows. Ubicomp will result in an environment that is aware, active and responsive. It creates an aware environment through the pervasive distribution of sensors. It is active because sensor data are processed and examined. It is responsive in that the technology acts on the environment based on processed data. As ubicomp is networked, the data and decisions have the potential to be observed from any connected locale on the planet.
Design for privacy is complicated by the fact that privacy is a socially constructed value that differs significantly across environments and individuals. Currently, design for privacy requires a user who understands the social implications of ubicomp technology, demands a design that respects privacy, and articulates specific technical design requirements. Design for privacy also requires a ubicomp designer with mastery of privacy enhancing technologies, security mechanisms, and a profound understanding of privacy. Neither of these is a reasonable burden. This research will decrease the burdens for both parties.
This project will create a system for designing highly customized privacy¬-enhancing ubicomp. The privacy framework that consists of three integrated, complementary components. The first component is a participant tool for eliciting individual elder privacy concerns, making it easy for non-technical people to express privacy concerns. The second is a designer tool that translates elder concerns into technical choices or suggestions. The third is a privacy-enhancing code library for ubicomp sensors that vastly simplifies privacy-sensitive design, including data filtering, access control list creation, and integration of cryptographic privacy enhancing technologies.
The broader impacts of the project include: (1) development of multidisciplinary curriculum that will engage over 40 students in the research project; (2) a living laboratory to enable research and curricular activities in business, nursing, health and other disciplines; (3) expansion of the potential for privacy-enhanced home-based healthcare; (4) the development of tools to ensure that older people make their own choices about home monitoring and protection of their privacy and autonomy, and (5) a design tool and code library that enable ubicomp designers to easily embed appropriate privacy-enhancing and strong security-protecting mechanisms in home-based ubicomp without requiring expertise in privacy or security.
Privacy in Home-Based Ubicomp Objectives Our goal is to examine the acute privacy challenge of ubicomp home-based health care, where vulnerable populations risk enforced technological intimacy. We leveraged the well-defined design for values method and used an iterative design process to evaluate home-based ubicomp for elders. Most importantly we wanted to design systems where privacy controls were easy to use, and data flows were entirely transparent. We began with a set of proposed designs (actually mock-ups of the designs) and used these in focus groups. The attached photos show thoe mock-ups, including two versions of the ambient presence design. The focus groups provided guidance on selection and refinement of prototypes created to support aging at home. We selected a set of prototypes and built a privacy dashboard. The dashboard could be used to pause any or all of the systems. We set these up in the homes of elders, and interviewed them about the value of the prototypes. We asked them about the value of the technologies, and compared their reported use of the dashboard (i.e., expressed preferences) to their actual use (i.e., revealed preferences). Protoypes The beacon strip is the second photo. The caption describes the functionality. This allows individuals to ris ein the night without leaving on a light or turning on a light. This increases quality of sleep. The ambient objects connect places in two homes. While these technologies were not embraced by the focus groups, once in use they were highly valued. The trust cube provides an ambient indicator that is very difficult to subvert in comparision with in-browser communications. The system is privacy-aware with all data storage encrypted. The portal monitor is shown as a design, although a prototypes was built. The images are not compelling, as a cellular communication is difficult to visualize. Unlike the other protoypes, it depends on the cellular network not the Internet. Results There were not constant privacy preferences or postures. Much research tries to classify people in sets of those who are more or less concerned with privacy. We found that it was the the moment, the context, and the technology with every individual illustrating a range of privacy sensitivity. Elders are much more comfortable with data sent to a caregiver than to a vendor, even though the elder may be in a very real sense more anonymous to the vendor. Although they valued the connectivity of the ambient interactions and the potential safety increase in the technologies, elders used the dashboard to create periods where they were disconnected. The control of the technologies them more acceptable. We had findings we did not expect. These may be useful in other research areas and disciplines. While elders are concerned that technology may substitute for personal communication, we found that there was more communication with more technology, rather than less. Lack of technological expertise was no barrier to acceptance of the technologies, given the ability to mute or pause the dataflow provided by the dashboard. The use of videos to frame phishing and malware into familiar, physical risks was more effective than explanations, or technical descriptions. In particular, the videos showed not the details of the attack but rather the ability to defeat the attack: call the bank to check the facts, do not download software, or do not set up your account in administrator mode. We hope to move forward in three directions. We want to build technologies to allow elders to care for each other, which is called peer production or peer-to-peer. Previously we focused on caregivers rather than communities of friends. We are also working with elders in rural communities, where the ability to overcome distance with technology may be more valuable, but privacy may also be more valued. We are expanding our work with videos and other online threats.