PRIMMA: Privacy Rights Management for Mobile Applications


The age of Ubiquitous Computing is approaching fast: most people in the UK over the age of 8 carry mobile phones, which are becoming increasingly sophisticated interactive computing devices. Location-based services are also increasing in popularity and sophistication. There are many tracking and monitoring devices being developed that have a range of potential applications, from supporting mobile learning to remote health monitoring of the elderly and chronically ill. However, do users actually understand how much of their personal information is being shared with others? In a recently released report from the UK Information Commissioner, we were warned that the UK in particular is ‘sleepwalking into a surveillance society’, as ordinary members of the public give up vast amounts of personal information with no significant personal or societal advantage gained. In general, there will be a trade off between usefulness of disclosing private information and the risk of it being misused.

Expected Outcomes

The overall objective of this project is to determine how users perceive privacy issues related to information they will generate in pervasive systems, and to develop a Privacy Rights Management (PRM) System to enable them to specify privacy controls which will be enforced by the system.

This work  addresses a number of research issues:

  • how do people perceive privacy in ubiquitous systems?
  • what types of privacy controls would people like to have when using ubiquitous systems?
  • how to develop privacy control tools that are easy to use via simple interfaces (e.g. mobile phones) as well as large screen devices?
  • how to detect and resolve inconsistencies in users’ privacy requirements?
  • what mechanisms can be used to automate privacy control in ubiquitous systems?

Specific research outcomes include:

  1. Requirements elicitation and analysis to determine how potential users perceive privacy of the information they  generate, what they would like to specify about how the information is used, what reassurance the system should offer with respect to privacy, and how they consider the system should manage their privacy.
  2. A generic PRM toolkit to allow people to specify and visualize their required privacy related to the information they generate, and to transform this into policies and programs that control the usage of the information.
  3. Algorithms and tools for automatically learning privacy policies based on context information and people’s specified privacy requirements.
  4. Tools for monitoring how people actually manage privacy in various applications, in order to determine if the privacy settings they use corresponds with stated perceptions about privacy.
  5. Large-scale evaluations across a wide demographic from OU students to validate the usability and performance of the PRM toolkit.

This is a joint project in collaboration with the Open University. For further details, see the project’s Website here.

Delicious Twitter Digg this StumbleUpon Facebook