Is Privacy Regulation Slowing Down or Enabling the Wide Adoption of Pervasive Systems?
In the last years we have witnessed large scale data privacy violations mostly due to security issues or to unauthorised use and communication of personal data. Among many events, millions of Yahoo e-mail accounts and Facebook private profiles were violated. Mobile and pervasive technology and services have a role in this scenario, since they introduce new devices with possible hardware and software security holes, new communication protocols, new types of personal data, and a new scale for the amount of data being collected. Location data of individuals collected through mobile devices is a natural example, and video imaging and speech collected in our homes by smart appliances and toys is another.
Solicited by large scale privacy violations and public concern amplified by the news, regulators in most countries have taken action in revising legal obligations related to data privacy. The EU has approved in 2016 the new General Data Protection Regulation (GDPR) that is being enforced since May 2018, Japan has taken similar steps with the amended Act on the Protection of Personal Information, the US has a regulation fragmented by sector and state, but for example California passed in June 2018 a new data privacy law that has a very GDPR feel.
As a consequence, industry has been forced to invest a significant amount of money and resources in making their systems and products compliant to the regulation and in changing the design, production and test processes of their products. This will inevitably have an impact on the type of services that will be offered, on their cost, and on the timing of their appearance on the market. While the value of investing in security is usually well understood, investing in privacy is often seen only as a cost, specially by small and medium size companies.
Considering user needs, sociological studies report that users are indeed very concerned about their digital personal data being misused. On the other hand economic studies show that users are ready to provide consent without looking closely at the terms, based on minimal reward in terms of money or service. Leveraging on this fact, on the challenge of implementing effective privacy protection techniques, and on the argument that the massive exchange and use of digital personal data is a natural evolution of our social norms, there is a shared opinion against a strict privacy regulation in favor of a more rapid evolution and time to market of pervasive systems.
There are of course different opinions in favor of the regulation. Among them a) the role of institutions in protecting individuals, especially when they are unaware of potential threats to their basic rights; b) the availability of privacy enhancing technology resulting from decades of research; and c) the fact that the compliance of the products should convince a large number of potential users that are now worried about their privacy to adopt the technology and use the services.
The panel at PerCom is the opportunity to discuss these issues among researchers that design the mobile and pervasive systems possibly going to the market in the near future. The panelists include experts in privacy enhancing technologies applied to mobile and pervasive systems as well as researchers with experience in designing and deploying pervasive systems.
Claudio Bettini is full professor in the Computer Science department at Università degli Studi di Milano, where he leads the EveryWare laboratory. He received his PhD in Computer Science from the University of Milan in 1993. He has been for more than a decade, an affiliate research professor at the Center for Secure Information Systems at George Mason University, VA. His research interests cover the areas of data management in mobile and pervasive computing, data privacy and security, context-awareness and context reasoning, temporal and spatio-temporal data management. He acted as PI and co-PI of research projects on data privacy both in the US and in the EU. He is a member of the steering committee of IEEE PerCom and he has been associate editor of the Pervasive and Mobile Computing Journal, The VLDB Journal, and the IEEE Transactions on Knowledge and Data Engineering. He is a co-editor of the Springer Handbook of Mobile Data Privacy.
Salil Kanhere received his M.S. and Ph.D. degrees, both in Electrical Engineering from Drexel University, Philadelphia, USA. He is currently a Professor in the School of Computer Science and Engineering at UNSW Sydney, Australia. He is also a conjoint researcher at CSIRO Data61 and serves on the advisory board for two technology start-ups. His research interests include Internet of Things, pervasive computing, blockchain, crowdsourcing, data analytics, privacy and security. He has published over 200 peer-reviewed articles and delivered over 30 tutorials and keynote talks on these topics. His research has been featured on ABC News Australia, Forbes, IEEE Spectrum, Wired, ZDNET, Computer World, Medium, MIT Technology Review and other media outlets. Salil regularly serves on the organizing committee of a number of IEEE and ACM international conferences. He is on the Editorial Board of Elsevier's Pervasive and Mobile Computing and Computer Communications. Salil is a Senior Member of both the IEEE and the ACM. He is a recipient of the Alexander von Humboldt Research Fellowship.
Marc Langheinrich is full professor in the Faculty of Informatics at the Università della Svizzera Italiana (USI) in Lugano, Switzerland. His research focuses on privacy in mobile and pervasive computing systems, in particular with a view towards social compatibility. Marc is a member of the Steering Committee of the UbiComp conference series, and chairs the IoT conference Steering Committee. He has been a General Chair or Program Chair of most major conferences in the field, including Ubicomp, PerCom, Pervasive, and the IoT conference, and currently serves as the Editor-in-Chief for IEEE Pervasive Magazine. Marc holds a Ph.D. from ETH Zürich, Switzerland. He can be reached at firstname.lastname@example.org.
Archan Misra is Professor, and the Associate Dean of Research, in the School of Information Systems at Singapore Management University (SMU). Archan holds a Ph.D. in Electrical and Computer Engineering from the University of Maryland at College Park in May 2000. Over a 20-year research career spanning both academics and industry (at IBM Research and Bellcore), Archan has worked extensively on problems spanning wireless networking, mobile & pervasive computing and urban sensing. He currently directs SMU’s Center for Applied Smart-Nation Analytics (CASA), which cooperates with public agencies in implementing advanced Smart Nation services in Singapore. Through his leadership of SMU’s LiveLabs testbed platform, Archan has developed and deployed multiple pervasive computing applications, such as campus & city-scale mobile crowdsourcing and indoor location analytics. His current research interests lie in systems-oriented research in the areas of low-power wearable & IoT sensing, real-time socio-physical urban analytics and mobile crowdsourcing. Archan chaired the IEEE Computer Society's Technical Committee on Computer Communications (TCCC) from 2005-2007.
Delphine Reinhardt is a full professor and head of the Computer Security and Privacy group at the University of Göttingen. Before moving to Göttingen in January 2018, she was an assistant professor at Rheinische Friedrich-Wilhelms-Universität Bonn in Germany from 2014 to 2017, leading the “Privacy and Security in Ubiquitous Computing” group at the Institute of Computer Science. She was also associated to the Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE) during that time. Delphine completed her doctoral degree in computer science (with distinction) on privacy in participatory sensing in 2013 at Technische Universität Darmstadt and the Center for Advanced Security Research Darmstadt (CASED). Since 2009, she holds a double-degree in electrical engineering from TU Darmstadt and Ecole Nationale Supérieure de l'Electronique et ses Applications (ENSEA), France.