Systematic Design for Privacy in Ubicomp

In designing ubiquitous computing (ubicomp) systems the common practice is to select a framing of privacy from the range of definitions, and to use that to inform design. Yet this framing may not be the choice made by those who will interact with the design. We propose utilizing the design for values approach in order to leverage the complexity of privacy to improve designs. In design for values, also called value-sensitive design, every party that interacts with a system participates in developing a values statement. Design for values conceives of participants in ubicomp as stakeholders rather than as users and designers, while acknowledging that the interaction between different parties is limited by domain-specific knowledge. To support value-sensitive design in ubicomp and enhance the construction of a values statement, the paper presents an abbreviated overview of the various legal and philosophical constructs of privacy. In summary, this paper discusses privacy in ubicomp as a design, social, technical, and policy issue; outlines research challenges presented by the technical and social dimensions of using sensor networks as a monitoring technology; offers a survey of the possible definitions of privacy; and justifies the need for a methodology for designing for privacy in ubicomp.