such excuses, privacy might never be incorporated into mobile and pervasive systems. If privacy is believed to be impossible, someone else’s problem, trivial, or not needed, it will remain an afterthought without proper integration into the algorithms, implementations, and processes surrounding mobile and pervasive computing systems. This is likely to have substantial impact on the adoption and perception of those technologies. Furthermore, privacy laws and regulation around the world require technologists to pay attention to and mitigate privacy implications of their systems.
The prime target audience of this lecture are hence researchers and practitioners working in mobile and pervasive computing who want to better understand and account for the nuanced privacy implications of the technology they are creating, in order to avoid falling for the fallacies above. A deep understanding of potential privacy implications will help in addressing them early on in the design of new systems.
At the same time, researchers working in the areas of privacy and security in general—but without a background in mobile and pervasive systems—might want to read this lecture in order to learn about the core properties and the specific privacy challenges within the mobile and pervasive computing domains. Last but not least, graduate and undergraduate students interested in the area might want to read this synthesis lecture to get an overview and deeper understanding of the field.
1If one uses a store-issued credit card, even that extra step disappears.
2Amazon Echo is an example of a class of wireless “smart” speakers that listen and respond to voice commands (see https://www.amazon.com/echo/); Google Home is a similar product from Google (see https://store.google.com/product/google_home).
3All major smartphone platforms support such voice commands since 2015: Apple’s Siri, Google Assistant, and Microsoft Cortana.
4Samsung TVs and the Xbox One were early devices that supported always-on voice recognition [Hern, 2015].
5At CES 2017, multiple companies presented voice-activated home and kitchen appliances powered by Amazon Alexa and multiple car manufactures announced integration of Amazon Alexa or Google Assistant into their new models [Laughlin, 2017].
CHAPTER 2
Understanding Privacy
In order to be able to appropriately address privacy issues and challenges in mobile and pervasive computing, we first need to better understand why we—as individuals and as society—might want and need privacy. What does privacy offer? How does privacy affect our lives? Why is privacy necessary? Understanding the answers to these questions naturally helps to better understand what “privacy” actually is, e.g., what it means to “be private” or to “have privacy.” Only by examining the value of privacy, beyond our maybe intuitive perception of it, will we be able to understand what makes certain technology privacy invasive and how it might be designed to be privacy-friendly.
Privacy is a complex concept. Robert C. Post, Professor of Law and former dean of the Yale Law School, states that “[p]rivacy is a value so complex, so entangled in competing and contradictory dimensions, so engorged with various and distinct meanings, that I sometimes despair whether it can be usefully addressed at all” [Post, 2001]. In this chapter, we aim to untangle the many perspectives on and motivations for privacy. In order to better understand both the reasons for—and the nature of—privacy, we examine privacy from three perspectives. A first understanding comes from a historical overview of privacy, in particular from a legal perspective. Privacy law, albeit only one particular perspective on privacy, certainly is the most codified incarnation of privacy and privacy protections. Thus, it lends itself well as a starting point. Privacy law also has a rich history, with different approaches in different cultures and countries. The legal understanding of privacy has also changed substantially over the years, often because of technological advances. As we discussed in Chapter 1, technology and privacy are tightly intertwined, as technological innovations often tend to “change the playing field” in terms of making certain data practices and incursions on privacy possible that weren’t possible before. Our historic overview hence also includes key moments that prompted new views on what privacy constitutes.
Our second perspective on privacy then steps back from the codification of privacy and examines arguments for and against privacy—the motivation for protecting or curtailing privacy. This helps us to not only understand why we may want privacy, but also what we might lose without privacy. Is privacy something valuable worth incorporating into technology?
With both the historic backdrop and privacy motivations in mind, we then present contemporary conceptualizations of privacy. We will see that there are many views on what privacy is, which can make it difficult to understand what someone is referring to when talking about “privacy.” Precision is important when discussing privacy, in order to ensure a common understanding rather than arguing based on diverging perspectives on what privacy is or ought to be. The discussion of different conceptualizations and understandings of privacy is meant to help us evaluate the often nuanced privacy implications of new technologies.
2.1 CODIFYING PRIVACY
There is certainly no lack of privacy definitions—in fact, this whole chapter is about defining privacy in one way or another. However, at the outset, we take a look at definitions of privacy that have received broader societal support, i.e., by virtue of being actually enshrined in law. This is not meant as legal scholarship, but rather as an overview to what are considered fundamental aspects of privacy worth protecting.
2.1.1 HISTORICAL ROOTS
Privacy is hardly a recent fad. Questions of privacy have been in the focus of society for hundreds of years. In fact, references to privacy can already be found in the Bible, e.g., in Luke 12(2–3): “What you have said in the dark will be heard in the daylight, and what you have whispered in the ear in the inner rooms will be proclaimed from the roofs” [Carroll and Prickett, 2008]. The earliest reference in common law1 can be traced back to the English Justices of the Peace Act of 1361, which provided for the arrest of eavesdroppers and peeping toms [Laurant, 2003]. In 1763, William Pitt the Elder, at that time a member of the English parliament, framed in his speech on the Excise Bill the privacy of one’s home as follows [Brougham, 1839]:
The poorest man may in his cottage bid defiance to all the forces of the Crown. It may be frail—it’s roof may shake—the wind may blow through it—the storm may enter—the rain may enter—but the King of England cannot enter!—all his forces dare not cross the threshold of the ruined tenement.
One of the earliest explicit definitions of privacy came from the later U.S. Supreme Court Justice Louis Brandeis and his colleague Samuel Warren. In 1890, the two published the essay “The Right to Privacy” [Warren and Brandeis, 1890], which created the basis for privacy tort law2 in the U.S. legal system. They defined privacy as “the right to be let alone.” The fact that this definition is so often quoted can probably be equally attributed to it being the first legal text on the subject and being easily memorizable. While it encompasses in principle all of the cases mentioned previously, such as peeping toms, eavesdroppers, and trespassers, it is still a very limited definition of privacy. Warren and Brandeis’ defintion focuses on only one particular “benefit” of privacy: solitude. As we will see later in this chapter, privacy has other benefits beyond solitude.
Probably the most interesting aspect of Warren and Brandeis’ work from today’s perspective is what
