Ethics and Information Technology

, Volume 16, Issue 1, pp 27–41 | Cite as

Surveillance in ubiquitous network societies: normative conflicts related to the consumer in-store supermarket experience in the context of the Internet of Things

  • Jenifer Sunrise WinterEmail author
Original Paper


The Internet of Things (IoT) is an emerging global infrastructure that employs wireless sensors to collect, store, and exchange data. Increasingly, applications for marketing and advertising have been articulated as a means to enhance the consumer shopping experience, in addition to improving efficiency. However, privacy advocates have challenged the mass aggregation of personally-identifiable information in databases and geotracking, the use of location-based services to identify one’s precise location over time. This paper employs the framework of contextual integrity related to privacy developed by Nissenbaum (Privacy in context: technology, policy, and the integrity of social life. Stanford University Press, Stanford, 2010) as a tool to understand citizen response to implementation IoT-related technology in the supermarket. The purpose of the study was to identify and understand specific changes in information practices brought about by the IoT that may be perceived as privacy violations. Citizens were interviewed, read a scenario of near-term IoT implementation, and were asked to reflect on changes in the key actors involved, information attributes, and principles of transmission. Areas where new practices may occur with the IoT were then highlighted as potential problems (privacy violations). Issues identified included the mining of medical data, invasive targeted advertising, and loss of autonomy through marketing profiles or personal affect monitoring. While there were numerous aspects deemed desirable by the participants, some developments appeared to tip the balance between consumer benefit and corporate gain. This surveillance power creates an imbalance between the consumer and the corporation that may also impact individual autonomy. The ethical dimensions of this problem are discussed.


Privacy Surveillance Internet of Things Framework of contextual integrity Radio-frequency identification (RFID) Location-based services (LBS) 



The author wishes to thank the reviewers of this article. The author also wishes to thank the participants who took part in this study and the National Science Foundation Team for Research in Ubiquitous Secure Technology (TRUST) Women’s Institute for Summer Enrichment. Preliminary findings of this study were published by the author in the Proceedings of the Pacific Telecommunications Council Annual Conference. Honolulu, Hawai‘i. January, 2012. “Privacy and the emerging Internet of Things: Using the framework of contextual integrity to inform policy.”


  1. Acquisti, A. (2010 December 1). The economics of personal data and the economics of privacy. Joint Working Party for Information Security and Privacy (WPISP) and Working Party on the Information Economy (WPIE) Roundtable, background paper 3. Paris: Organisation for Economic Co-operation and Development (OECD).Google Scholar
  2. Acquisti, A., Gross, R., & Stutzman, F. (2011). Faces of Facebook: Privacy in the age of augmented reality. Black Hat 2011. Retrieved on December 11, 2011 from
  3. Albanesius, C. (2011 May 10). Senator has ‘serious doubts’ about privacy of Google, Apple location apps. PC Magazine. Retrieved on June 8, 2011 from,2817,2385150,00.asp.
  4. Angwin, J., & Stecklow, S. (2010 October 12). ‘Scrapers’ did deep for data on Web. The Wall Street Journal. Retrieved on October 20, 2010 from
  5. Ashton, K. (22 June 2009). That ‘Internet of Things’ thing. RFID Journal. Accessed from on May 11, 2010.
  6. Barnett, E. (11 Jan 2010). Facebook’s Mark Zuckerberg says privacy is no longer a ‘social norm’. The Telegraph. Retrieved on March 10, 2010 from
  7. Beck, U. (1992). Risk society: Towards a new modernity. London: Sage.Google Scholar
  8. Bennett, C. J. (2008). The privacy advocates: Resisting the spread of surveillance. Cambridge, MA: The MIT Press.Google Scholar
  9. “China working on unified national Internet of Things strategic plan.” (2010 July 5). TMCnews. Retrieved on August 10, 2010 from
  10. Christakos, H. A., & Mehta, S. N. (2002). Annual review of law and technology. Berkeley Technology Law Journal, , 473.Google Scholar
  11. Clarke, R. (1988). Information technology and dataveillance. Communications of the ACM, 31(5), 498–512.CrossRefGoogle Scholar
  12. Daly, E. (2010). Personal autonomy in the travel panopticon. Ethics and Information Technology, 12, 97–108.CrossRefGoogle Scholar
  13. Denning, T., Borning, A. Friedman, B. Gill, B. Kohno, T., & Maisel, W. (2010). Patients, pacemakers, and implantable defibrillators: Human values and security for wireless implantable medical devices. In Proceedings of CHI 2010 conference on human factors in computing systems (pp. 917–926). New York: Association for Computing Machinery.Google Scholar
  14. DePaulo, B. M., & Kashy, D. A. (1998). Everyday lies in close and casual relationships. Journal of Personality and Social Psychology, 74(1), 63–79.CrossRefGoogle Scholar
  15. Dourish, P., & Bell, G. (2011). Divining a digital future: Mess and mythology in ubiquitous computing. Cambridge, MA: The MIT Press.CrossRefGoogle Scholar
  16. Duhigg, C. (2012 February 16). How companies learn your secrets. The New York Times Magazine. Retrieved February 17, 2012 from:
  17. Dworkin, R. (1986). Law’s empire. Cambridge, MA: Harvard University Press.Google Scholar
  18. European Commission & Information Society and Media. (2008). Internet of Things in 2020: Roadmap for the future. European technology platform on smart systems integration. Version 1.1 (27 May, 2008).Google Scholar
  19. Federal Trade Commission. (2010 December 1). FTC staff issues privacy report, offers framework for consumers, businesses, and policymakers. Retrieved on November 24, 2011 from
  20. Federal Trade Commission. (2011 November 21). FTC announces agenda, panelists for facial recognition workshop. Retrieved on November 24, 2011 from
  21. Federal Trade Commission. (2012 March 26). Protecting consumer privacy in an era of rapid change: Recommendations for businesses and policymakers. Washington, DC: Federal Trade Commission. Retrieved on March 27, 2012, from
  22. Floridi, L. (2005). The ontological interpretation of informational privacy. Ethics and Information Technology, 2005(7), 185–200.CrossRefGoogle Scholar
  23. Friedman, B. (2008). Value Sensitive Design. In D. Schular (Ed.), Liberating voices: A pattern language for communication revolution (pp. 366–368). Cambridge, MA: The MIT Press.Google Scholar
  24. Friedman, B., & Nissenbaum, H. (1996). Bias in computer systems. ACM Transactions on Information Systems, 14(3), 330–347.CrossRefGoogle Scholar
  25. Glenn, J. (2009). Scenarios. In J. C. Glenn & T. J. Gordon (Eds.), Futures research methodologyVersion 3.0. AC/UNU Millennium Project. Washington: American Council for the UN University.Google Scholar
  26. Haggerty, K. D., & Ericson, R. V. (2006). The new politics of surveillance and visibility. In K. D. Haggerty & R. V. Ericson (Eds.), The new politics of surveillance and visibility (pp. 3–25). Toronto: University of Toronto Press.Google Scholar
  27. Hildner, L. (2006). Defusing the threat of RFID: Protecting consumer privacy through technology-specific legislation at the state level. Harvard Civil Rights-Civil Liberties Law Review, 41, 133–176.Google Scholar
  28. Hill, K. (2012 February 16). How Target figured out a teen girl was pregnant before her father did. Forbes.
  29. International Telecommunication Union. (2005). Privacy and Ubiquitous Network Societies: Background paper. In ITU Workshop on Ubiquitous Network Societies, April 6–8, 2005. Geneva: International Telecommunication Union.Google Scholar
  30. Internet of Things Conference Organizing Committee. (2010). Internet of Things. Retrieved on March 17, 2010, from
  31. Keller, J. (2011 September 29). Cloud-powered facial recognition is terrifying. The Atlantic Monthly. Retrieved on October 1, 2011, from
  32. Kling, R. (2000). Learning about information technologies and social change: The contribution of social informatics. The Information Society, 16(3), 217–232.CrossRefGoogle Scholar
  33. Lyon, D. (2002). Surveillance as social sorting: Computer codes and mobile bodies. In D. Lyon (Ed.), Surveillance as social sorting: Privacy, risk and automated discrimination (pp. 14–30). London, UK: Routledge.Google Scholar
  34. Lyon, D. (2006). The search for surveillance theories. In D. Lyon (Ed.), Theorizing surveillance: The panopticon and beyond (pp. 3–20). Portland, OR: Willand.Google Scholar
  35. Marx, G. T. (2006). Varieties of personal information as influences on attitudes towards surveillance. In K. D. Haggerty & R. V. Ericson (Eds.), The new politics of surveillance and visibility (pp. 79–110). Toronto: University of Toronto Press.Google Scholar
  36. Microsoft. (2013, June 6). Privacy by design: How Xbox One and the new Kinect sensor put you in control. Retrieved on June 6, 2013 from:
  37. Moor, J. H. (2008). Why we need better ethics for emerging technologies. In J. van den Hoven & J. Weckert (Eds.), Information technology and moral philosophy (pp. 26–39)., Cambridge studies in philosophy and public policy Cambridge: Cambridge University Press.Google Scholar
  38. Neumann, P. G., & Weinstein, L. (2006). Risks of RFID. Communications of the ACM, 49(5), 136.CrossRefGoogle Scholar
  39. Nissenbaum, H. (2010). Privacy in context: Technology, policy, and the integrity of social life. Stanford, CA: Stanford University Press.Google Scholar
  40. nViso. (2011). Technology. Retrieved on October 11, 2011 from
  41. O’Connor, M. C. (2011 April 6). European Commission issues framework for measuring and mitigating RFID’s privacy impact. RFID Journal. Retrieved on April 6, 2011 from
  42. Pommeranz, A., Detweiler, C., Wiggers, P., & Jonker, C. (2011). Elicitation of situated values: Need for tools to help stakeholders and designers to reflect and communicate. Ethics and Information Technology,. doi: 10.1007/s10676-011-9282-6.Google Scholar
  43. Schwartz, P. (1996). The art of the long view: Planning for the future in an uncertain world. New York: Currency Doubleday.Google Scholar
  44. Schwartz, P. M., & Solove, D. (2011). The PII problem: Privacy and a new concept of personally identifiable information. New York University Law Review, 86, 1814–1894.Google Scholar
  45. Solove, D. (2011). Nothing to hide: The false tradeoff between privacy and security. New Haven, CT: Yale University Press.Google Scholar
  46. Stahl, B. C. (2004). Information, ethics, and computers: The problem of autonomous moral agents. Minds and Machines, 14(1), 67–83.CrossRefGoogle Scholar
  47. Turow, J. (2006). Cracking the consumer code: Advertisers, anxiety and surveillance in the digital age. In K. D. Haggerty & R. V. Ericson (Eds.), The new politics of surveillance and visibility (pp. 279–307). Toronto: University of Toronto Press.Google Scholar
  48. van den Hoven, M. J. (1997). Privacy and the varieties of moral wrong-doing in an information age. Computers and Society, 27(3), 33–37.CrossRefGoogle Scholar
  49. Weber, R. H., & Weber, R. (2010). Internet of Things: Legal perspectives. Berlin: Springer.CrossRefGoogle Scholar
  50. Winseck, D. (2003). Netscapes of power: Convergence, network design, walled gardens, and other strategies of control in the information age. In D. Lyon (Ed.), Surveillance as social sorting: Privacy, risk and digital discrimination (pp. 176–198). New York: Routledge.Google Scholar
  51. Winter, J. S. (2008). Emerging policy problems related to ubiquitous computing: Negotiating stakeholders’ visions of the future. Knowledge, Technology & Policy, 21, 191–203.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2013

Authors and Affiliations

  1. 1.School of CommunicationsUniversity of Hawai‘i at MānoaHonoluluUSA

Personalised recommendations