Organizers

Johann Schrammel
(CURE)
schrammel@cure.at
www.cure.at

Christina Hochleitner 
(CURE)
hochleitner@cure.at
www.cure.at

Manfred Tscheligi
(CURE & University of Salzburg)
tscheligi@cure.at
www.cure.at

 

cure 06

Privacy, Trust and Interaction in the Internet of Things

 

 

This workshop addresses topics of increasing importance in the emerging area of the Internet of Things (IoT): privacy, trust and related interaction concepts.  The aim of the workshop is to bring together experts from different relevant areas to cover the complexity of the questions involved and to provide a forum for developing new ideas and approaches on how to address some of the major challenges in the field considering both a scientific and an industrial viewpoint. The workshop targets to identify the most pressing open questions in the field and to develop a research agenda for trusted and privacy-respecting computing in the internet of things. Special attention within the workshop is given on whether and how experiences with privacy and trust from related areas (such as e.g. ubiquitous computing) can be applied to the IoT, where existing conceptualizations need to be extended or modified and where radically new concepts are required.

Workshop Description

The Internet of Things (IoT) is an umbrella term covering a number of different base technologies aimed at linking physical objects and their virtual representation with the goal to utilize this link for improved service and interaction concepts [3]. The IoT approach combines concepts and paradigms informed by Ambient Intelligence, Ubiquitous Computing, Sensor Networks, Grid Computing, Service-oriented architectures and Mobile Communications, to name only the most important.

Even though the IoT is still a vision and far from being a reality, more and more aspects of it become already tangible. For example, objects are equipped on large scale with RFID-tags for logistics purposes, formerly stand-alone devices become connected to the net such as e.g. alarm clocks being linked to the users' private calendar, and the "smart home" knows where a user left his glasses.

This vision of the IoT shows that there are vast potentials for benefiting the users. Looking a little closer into potential effects and implications of such scenarios it becomes immediately evident that there are serious privacy, trust and related interaction issues that need to be addressed to allow taking full advantage of the potentials of the IoT. For example, being able to find a specific book within your library at once is a nice feature. However, providing others the possibility to know, analyze and interpret when you were reading which book might be far less desirable.

Motivation

The main motivation for the workshop is to address the IoT from three specific viewpoints: privacy, trust and interaction.

Privacy issues have been researched and discussed in many related areas e.g. [3][4][5], with the field of ubiquitous computing being the closest. In the IoT however new sets of potentially sensitive data becomes available through profiling of the "things", and questions regarding what this data is telling about the user and who should be allowed to see and use this information have to be raised. The key issue is how one is being read (and interpreted in a possibly mismatching context) by someone else [4]. Another new dimension of privacy aspects in the internet of things is the vast amount of objects and data that has to be dealt with. Whereas the related ubicomp scenarios typically only deal with selected subsets of actions and dedicated devices in the IoT literally everything (no matter how intelligent or dumb) in the users environment needs to be considered with regard to privacy aspects. Due to the amount and hiddenness of information new dimensions of complexity in the formulation of privacy concepts, the engineering of privacy policies, and the management of information privacy both for data processors and users emerge. Research has shown that the - compared to the vision of the IoT rather unspecific - information on social networking sites has the potential for severe consequences, and that users have difficulties to correctly understand and interpret possible long-term effects of their behavior [1]. Therefore even more severe problems and consequences have to be expected for a wide-scale application of IoT-concepts.

Closely related to these privacy issues is the question on how a basic level of trust can be supported and achieved within the IoT. Little is known on how models of trust that are formed both in interaction in human society and in the context of desktop computing can be transformed towards the IoT, and which specific difficulties, misconceptions and challenges might arises, and how they can be accounted for from a design perspective. Currently, trust is often anchored in a strict technological context, which is easily misinterpreted by humans and miscommunicated by system vendors and owners. Therefore within the workshop we want to further develop the understanding of relevant factors for the perception and formation of trust in the context of the IoT.

Another specifically challenging aspect of the IoT is that only very limited feedback and interaction possibilities are available to communicate the current status of the system and the data exchange. Due to the pervasive and ubiquitous nature of the everyday objects they only can be enhanced with little information bits, thereby making it extremely challenging to communicate complex patterns of data transmission and privacy status. The typical communication bandwidth of an object within the IoT might be one bit: on or off, possibly displayed by use of a LED or similar means. Here the question is how much (status) information regarding privacy issues can be communicated with such restricted possibilities, and what other means to keep user informed and aware of what's going on can be utilized in the IoT context.  

Objectives

In detail the workshop addresses the following questions and objectives:

Participants

The workshop is intended for:

Number of Participants will be limited to 20 participants that will be selected to represent diverse perspectives and papers will be selected by relevance and likelihood of stimulating and contributing to discussion.

References
  1. Acquisti, A., Grossklags, J. Privacy Attitudes and Privacy Behaviour, in Camp, J. and Lewis, R. (Eds.) Economics of Information Security, 2004, Springer, Vol. 12, New York, NY, 165-178, Ch. 13.

  2. Fritsch, Lothar. (2008) Profiling and Location-Based Services, in: M. Hildebrandt und S. Gutwirth (Eds.): Profiling the European Citizen - Cross-Disciplinary Perspectives, April 2008, Dordrecht, Springer Netherlands, pp. 147-160.

  3. Gershenfeld, N., Krikorian, R., Cohen, D. The Internet of Things. Scientific American, 2004, 291, 76-81.

  4. Hildebrandt, M. (2010): An Ecosystem of Legal and Technological Protections, on: Trusted e-services for the citizen session, ICT Event 2010, Brussels

  5. Langheinrich, M. Privacy in Ubiquitous Computing, in: John Krumm (ed.): Ubiquitous Computing, Chapman & Hall / CRC Press, Sep. 2009

  6. Maghiros, L., Punie, Y., Delaitre, S., Hert, P.D., Gutwirth, S., Schreurs, W., Moscibroda, A., Friedewald, M., Linden, R., Wright, D., Vildjiounaite, E., and P. Alahuhta (2006). "Safeguards in a world of ambient intelligence." Intelligent Environments. Vol. 2. Intelligent Environments. Athens: IEEE Computer Society, 2006.

Workshop Agenda

We propose a one-day workshop with break-out sessions, alternated with a moderated group discussion. The workshop will start with an introduction to the workshop topic, followed by a brief exercise aimed making the workshop topics directly tangible. Participants are asked to bring a 'thing' (or a picture of a 'thing') from their everyday environment and to shortly describe both a positive and a negative scenario with regard to the workshop topics involving the selected object. Together with this participants provide very short introductory presentations (around 5 minutes) to get familiar with each other and the topic they are working on. After that, the organizers present the common themes of the submitted position papers, grouping them into different sessions. The different groups will then discuss their topic during a break-out session, creating a list of discussed items, open issues and drawn conclusions. The organizers will actively interact with the audience to stimulate discussion around the workshop topic. The last part of the workshop will be devoted to produce a final poster to be shared with the broader AmI community.

The planning of the workshop is as follows:

Call for Papers

The workshop on Privacy, Trust and Interaction in the Internet of Things (IoT) will be a forum for multi-disciplinary discussion on how to best address the privacy and trust related challenges of the IoT and to develop new ideas and approaches on how to tackle them both from a scientific and an industrial viewpoint. The one-day workshop will include break-out sessions on specific sub-topics, followed by a group discussion, resulting in a research agenda.

Submissions are invited on the following topics:

This workshop wants to bring together practitioners and researchers from different domains interested in the workshop context. We will select participants with academic and industrial backgrounds based upon the relevance, insightfulness, and originality of their submissions.

Submissions are expected in the form of a position paper (no longer than 4 pages) discussing ideas, facts, situations, methods, procedures or results focused on the workshop topic areas. The submission should be written using Springer LNCS format: http://www.springer.com/computer/lncs?SGWID=0-164-6-793341-0. Full papers will be collected in a Springer CCIS volume: http://www.springer.com/series/7899. Submissions should be sent by email to hochleitner@cure.at.

At least one author of accepted papers needs to register for the workshop and for one day of the conference itself.

IMPORTANT DATES

The workshop is supported by the FP7 Framework Project uTRUSTit.

More information about the full conference programme, registration and venue can be found at the AMI'11 website: http://www.ami-11.org/