Is GDPR the Ultimate solution to privacy and transparency issues in UbiComp or IoT Systems(Part 2)

Review of existing design principles relevant to privacy problem in UbiComp

Having UbiComp solutions successfully making into market comes with its own challenges. As stated by M. Satyanarayanan [5], the challenges cut across variety of disciplines such as human computer interaction, Intelligent agents and Artificial intelligence which are directly related to UbiComp at different levels. To solve some of the major issues would therefore require diverse knowledge and research from related fields in addition to knowledge about Ubiquitous Computing. The issue of privacy and transparency is the main focus of this paper and therefore this section will evaluate how implementation of known properties of a UbiComp system brings about the challenge of privacy and possible existing schemes that intend to solve the problem.

Facts about privacy in technology-based solutions and UbiComp Systems.

Privacy is considered as a human right, laws and regulations governing privacy varies in different countries across the world, an example is the most recently implemented GDPR regulation by European Union. Countries such as US have specific regulation implemented around the subject and is treated as a legal requirement, but still no clear protection strategies have been put in place to ensure that users’ privacy is indeed not infringed, especially with the emergence of modern technologies such Ubicomp solutions. In reality, users tend to trust solutions that guarantee privacy and need assurance that their information will be transported securely and stored safely in storage systems. Companies on the other hand tend to avoid losing customers’ trust in their products which could lead to damage of reputation hence loss in revenue by having proper privacy policies in place. There still exists companies that don’t have privacy policies in place because of the cost that comes with the process of re-engineering existing systems and network infrastructure to support for services that adhere to privacy regulations. For instance, to incorporate a design that gives users right to access data stored in the systems or to have a strategy that allows users to be aware of when and what data of them is being captured and how it will be used in the future requires investments in terms of time and money which is costly.

Research work by Satyanarayanan [5] identified privacy as an issue with several research concerns unanswered. One main challenge that realised during the analysis is the ability for designers to strike a balance between seamless behaviour as a desired property of Ubicomp Solution and provision of transparency about users’ information. Transparency is an element of privacy which requires owners of information be informed about what the collector will do with the data, who the recipients will be and for how long the recipients will retain the data, on the other hand, seamlessness requires that unobtrusiveness property together with adaptation strategies be observed. Adaptation strategies rely on users’ personal data to customize and provide services according to preference or need. To incorporate these two properties in a Ubicomp solution there must be administration of the right dose of sending requests for permission to users or sending alert concerning a privacy breach. Bellotti and Sellen[6] suggest a design framework which intends to counteract the general privacy problem through design which provides feedback and control during data processing.

A set of Ubicomp or IoT solutions offer free services in exchange of users’ data. This information is collected and used to tailor users’ preferences but also often sold to third party data vendors who then decide on how to use the data. Such actions may lead to policies that previously guaranteed anonymity and privacy to no longer apply to the new data possessor, eventually information about same individual is gathered from different sources and merged hence breach of user privacy. An example of most commonly use metaphor with Ubicomp or IoT technologies described a situation where a user would want to buy an item online for use and the system having learned about the user gives a suggestion that his time of death is near and would not live longer enough to use the item. Technology solutions such as encryption however try to combat privacy issues, it’s still a challenge to guarantee that breach will never happen since the data is handled by humans and machines. Most times trade-offs have to be made, for instance users have to allow to be watched through surveillance cameras for security reasons, or have the system learn them to provide better customized service.

Properties that affect privacy as an issue in UbiComp systems

As existing solutions strive to incorporate properties that a UbiComp system is expected to possess, there is emergence of challenges that come with it. This section describes properties that are specifically affected with such in relation to the issue of privacy.

- Invisibility: There is an urge to implement UbiComp solutions that possess invisibility property. Successful implementation of this feature makes it challenging for users to know when their digital footprints are being collected since seamlessness requires interaction between computers be invisible hence less opportunity is given to users to decide if they want their data collected. The same problem arises with the issue of continuous monitoring by recording devices such cameras in public places or audio recording devices as users are sometimes not aware when they are under surveillance or lack control of information being recorded. The design framework Bellotti and Sellen[6] can be used in different ways to counteract this and many other problems as mentioned below.

First, recording devices should inform users on when and what information is being captured and who will the recipients will be. Users be allowed to give consent before information is stored into the system. Processing devices should inform the user what will happen to the information once captured. They should be informed of any third-party people or APIs that will access their data and how it will be used. To provide users with enough control of their data, authors suggest that there should be a mechanism by which users can choose to erase the data or revoke any privileges assigned to it. The authors also suggest that the system should inform users of the purpose for which their data is being collected and to provide users with a control mechanism to restrict usage.

Evaluation on this framework is that there are systems that have implemented such features, web solutions give users choice to revoke or have their data deleted through a link sent via email when broadcast messages are sent. It’s difficult for third parties to grant users control over their data since they mostly operate on back end services on a distributed environment whose target clients are other businesses. Other solutions completely depend on user data to function and most main functions fail to work if permission to data is not granted. In such cases, users have no otherwise than to trade off their privacy for better service. The framework provides some viable design principles, but others are difficult to implement due to the way a UbiComp or IoT systems work in real world.

- Intelligence: Most UbiComp or IoT systems rely on sensors to capture data from the environment and make decision based on clues picked. To capture this precise information, the camera-based solution should use cameras with high resolution and the aggregation algorithm should get enough data to learn from in order to perform classification. More UbiComp solutions incorporate advanced learning techniques from fields such as machine learning and artificial intelligence to easily pick clues from non-precise data to make conclusions. Though such Implementations have proven to be successful, the downside is that machines end up learning about users, more than users know about themselves, which is considered a privacy problem.

- Heterogeneity: It can be a complex process to design and develop a UbiComp system while still ensuring that the systems provides privacy on users’ information. Most UbiComp solutions use algorithms and protocols that can adapt dynamically depending on the varying needs of users. For instance, Ubicomp solution that is an IoT mobile app will require special kind of communication protocols such as MTTQ that are known for low energy consumption. In addition, the solution operates on different network dynamics, depending on what its designed for, for instance it can use client-server network model or peer to peer architecture. Most client server applications rely on cloud service provides to offer storage and other services like real time data processing. This means that there is an additional third party involved in handling user data. The systems have various stages of data processing, first there is human to machine where users’ can fill in information about themselves and second part is computer to computer interactions where machines must communicate with each other to finish a task collaborate, retrieve users’ preference or borrow knowledge about the user for other purposes. A mobile app solution for instance connects to the server through weather or traffic API to retrieve information or the main server which periodically receives data from physical sensors to save them in the public database to be accessed by APIs of solutions that are interested in the data.

It is evident that data is no longer handled by a single entity in a UbiComp environment, information collected must pass through various stages right from sensing, to processing and finally presentation of context to either the user or other entities, in the process there is high likely hood of privacy on users’ data to be breached.

- Inclusiveness:

Much effort has been directed to UbiComp works because researchers and developers feel that unlike web solution which partly provides real world solutions, UbiComp solutions is inclusive of all real-world life activities. For instance, web solution such as GPS can provide tracking services, through cookies and filtering, web stores can tailor preferences to users, publish subscribe systems lets user choose which topics of interests he would like to get news on. UbiComp solution on the other hand provides all-inclusive package, which includes both people’s activities and events that happen in the environment, a good example is shown in figure 1, which shows solutions ranging from transportation, smart homes, healthcare, large industry deployments to energy, infrastructure and many others.

The hype about emergence of UbiComp and/or IoT systems has been going on for a while, businesses and people fear to be left behind, hence many solutions have sprung up, some for the good course others to be part of the wave. Great works of researchers and designers in UbiComp society have led to fulfilment of some of Weiser’s [1] and other early researchers visions about ubiquitous computing. However, one challenge is that as almost all eyes focus on getting better and smarter solutions, users of this solutions end up trusting them so much for instance they use smart store or work cards, recording and sensing devices without knowledge of all the risks that come with such solutions, as a result users give away information about them unknowingly and later suffer from privacy problems and lack of control when their data gets used in a manner that they don’t like. Is GDPR the ultimate solution for UbiComp privacy challenges?