Virtual Walls: Protecting Digital Privacy in Pervasive Environments

  • Apu Kapadia
  • Tristan Henderson
  • Jeffrey J. Fielding
  • David Kotz
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4480)


As pervasive environments become more commonplace, the privacy of users is placed at increased risk. The numerous and diverse sensors in these environments can record users’ contextual information, leading to users unwittingly leaving “digital footprints.” Users must thus be allowed to control how their digital footprints are reported to third parties. While a significant amount of prior work has focused on location privacy, location is only one type of footprint, and we expect most users to be incapable of specifying fine-grained policies for a multitude of footprints. In this paper we present a policy language based on the metaphor of physical walls, and posit that users will find this abstraction to be an intuitive way to control access to their digital footprints. For example, users understand the privacy implications of meeting in a room enclosed by physical walls. By allowing users to deploy “virtual walls,” they can control the privacy of their digital footprints much in the same way they control their privacy in the physical world. We present a policy framework and model for virtual walls with three levels of transparency that correspond to intuitive levels of privacy, and the results of a user study that indicates that our model is easy to understand and use.


Policy Language User Study Location Privacy Context Server Group Ownership 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barkhuus, L., Dey, A.: Location-based services for mobile telephony: a study of users’ privacy concerns. In: Proceedings of the 9th IFIP TC13 International Conference on Human-Computer interaction (INTERACT 2003), Zürich, Switzerland (Sep. 2003),
  2. 2.
    Barrera, M.H., Okai, J.M.: Digital correspondence: Recreating privacy paradigms. International Journal of Communications Law and Policy 1(3) (1999),
  3. 3.
    Beslay, L., Hakala, H.: Digital territory: Bubbles. Draft publication (2005),
  4. 4.
    Chen, G., Li, M., Kotz, D.: Design and implementation of a large-scale context fusion network. In: Proceedings of Mobiquitous 2004, Boston, MA, USA, Aug. 2004, pp. 246–255 (2004),
  5. 5.
    Christensen, J., et al.: Too much information. ACM Queue 4(6), 50–57 (2006)CrossRefGoogle Scholar
  6. 6.
    Cuellar, J.R., et al.: Geopriv requirements. RFC 3693 (Feb. 2004),
  7. 7.
    Dey, A.K.: Providing Architectural Support for Building Context-Aware Applications. PhD thesis, College of Computing, Georgia Institute of Technology (Dec. 2000)Google Scholar
  8. 8.
    Greenberg, S., Neustaedter, C., Elliot, K.: Time, Ownership and Awareness: The Value of Contextual Locations in the Home. In: Beigl, M., et al. (eds.) UbiComp 2005. LNCS, vol. 3660, pp. 251–268. Springer, Heidelberg (2005)Google Scholar
  9. 9.
    Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of MobiSys 2003, San Francisco, CA, USA, May 2003, pp. 31–42 (2003),
  10. 10.
    Hawkey, K., Inkpen, K.M.: Privacy gradients: exploring ways to manage incidental information during co-located collaboration. In: CHI ’05 Extended Abstracts on Human Factors in Computing Systems, Portland, OR, USA, Apr. 2005, pp. 1431–1434 (2005),
  11. 11.
    Henderson Jr., D.A., Card, S.K.: Rooms: the use of multiple virtual workspaces to reduce space contention in a window-based graphical user interface. ACM Transactions on Graphics 5(3), 211–243 (1986), CrossRefGoogle Scholar
  12. 12.
    Hengartner, U., Steenkiste, P.: Protecting access to people location information. In: Proceedings of the First International Conference on Security in Pervasive Computing, Boppard, Germany, Mar. 2003, pp. 25–38 (2003),
  13. 13.
    Hong, J.I., Landay, J.A.: An architecture for privacy-sensitive ubiquitous computing. In: Proceedings of MobiSys 2004, Boston, MA, USA, June 2004, pp. 177–189 (2004), doi:10.1145/990064.990087Google Scholar
  14. 14.
    Hudson, S.E., Smith, I.: Techniques for addressing fundamental privacy and disruption tradeoffs in awareness support systems. In: Proceedings of the 6th ACM Conference on Computer Supported Cooperative Work, Boston, MA, USA, Nov. 1996, pp. 248–257. ACM Press, New York (1996), Google Scholar
  15. 15.
    Iachello, G., et al.: Developing privacy guidelines for social location disclosure applications and services. In: Proceedings of the 2005 Symposium on Usable Privacy and Security, Pittsburgh, PA, USA (July 2005),
  16. 16.
    Langheinrich, M.: Privacy by design - principles of privacy-aware ubiquitous systems. In: Abowd, G.D., Brumitt, B., Shafer, S. (eds.) UbiComp 2001. LNCS, vol. 2201, pp. 273–291. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Langheinrich, M.: A Privacy Awareness System for Ubiquitous Computing Environments. In: Borriello, G., Holmquist, L.E. (eds.) UbiComp 2002. LNCS, vol. 2498, pp. 237–245. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  18. 18.
    Borriello, G., Lester, J., Choudhury, T.: A Practical Approach to Recognizing Physical Activities. In: Fishkin, K.P., et al. (eds.) PERVASIVE 2006. LNCS, vol. 3968, pp. 1–16. Springer, Heidelberg (2006)Google Scholar
  19. 19.
    Myles, G., Friday, A., Davies, N.: Preserving privacy in environments with location-based applications. IEEE Pervasive Computing 2(1), 56–64 (2003), CrossRefGoogle Scholar
  20. 20.
    Price, B.A., Adam, K., Nuseibeh, B.: Keeping ubiquitous computing to yourself: A practical model for user control of privacy. International Journal of Human-Computer Studies 63(1-2), 228–253 (2005), CrossRefGoogle Scholar
  21. 21.
    Ranganathan, A., Al-Muhtadi, J., Campbell, R.H.: Reasoning about uncertain contexts in pervasive computing environments. IEEE Pervasive Computing 3(2), 62–70 (2004)CrossRefGoogle Scholar
  22. 22.
    Sastry, N., Shankar, U., Wagner, D.: Secure verification of location claims. In: Proceedings of the ACM Workshop on Wireless Security, San Diego, CA, USA, Sep. 2003, pp. 1–10. ACM Press, New York (2003), CrossRefGoogle Scholar
  23. 23.
    Schneier, B.: Your vanishing privacy. The Star Tribune, p. 1AA (Mar. 05, 2006)Google Scholar
  24. 24.
    Sommer, P.: Digital Footprints: Assessing Computer Evidence. Criminal Law Review, 61–78 (Dec. 1998),
  25. 25.
    Tapia, E.M., Philipose, M., Choudhury, T.: Building Reliable Activity Models Using Hierarchical Shrinkage and Mined Ontology. In: Fishkin, K.P., et al. (eds.) PERVASIVE 2006. LNCS, vol. 3968, pp. 17–32. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
    Wickramasuriya, J., et al.: Privacy protecting data collection in media spaces. In: Proceedings of the 12th Annual ACM International Conference on Multimedia, Oct. 2004, pp. 48–55. ACM Press, New York (2004), CrossRefGoogle Scholar
  27. 27.
    Wieffering, E.: Protecting your digital footprints. The Star Tribune, p. 1D (Nov. 07,1999)Google Scholar

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Apu Kapadia
    • 1
  • Tristan Henderson
    • 2
  • Jeffrey J. Fielding
    • 1
  • David Kotz
    • 1
  1. 1.Department of Computer Science, Dartmouth College, Hanover, NH 03755USA
  2. 2.School of Computer Science, University of St Andrews, St Andrews, KY16 9SXUK

Personalised recommendations