Development of a Privacy Addendum for Open Source Licenses: Value Sensitive Design in Industry

  • Batya Friedman
  • Ian Smith
  • Peter H. KahnJr.
  • Sunny Consolvo
  • Jaina Selawski
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4206)


Drawing on Value Sensitive Design, we developed a workable privacy addendum for an open source software license that not only covers intellectual property rights while allowing software developers to modify the software (the usual scope of an open source license), but also addresses end-user privacy. One central innovation of our work entails the integration of an informed consent model and a threat model for developing privacy protections for ubiquitous location aware systems. We utilized technology that provided a device’s location information in real-time: Intel’s POLS, a “sister” system to Intel’s Place Lab. In January 2006, POLS was released under a license combining the substantive terms of the Eclipse Public License together with this privacy addendum. In this paper, we describe how we developed the privacy addendum, present legal terms, and discuss characteristics of our design methods and results that have implications for protecting privacy in ubiquitous information systems released in open source.


Open Source Sensitive Design Application Developer Legal Term Identifiable Information 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ackerman, M., Darrell, T., Weitzner, D.J.: Privacy in context. Human-Computer Interaction 16, 167–176 (2001)CrossRefGoogle Scholar
  2. 2.
    Atkins, D., Austein, R.: Threat Analysis of the Domain Name System (retrieved March 30, 2006) (2004), from:
  3. 3.
    Boyle, M., Edwards, C., Greenberg, S.: The effects of filtered video on awareness and privacy. In: Proceedings of CSCW 2000, pp. 1–10. ACM Press, New York (2000)CrossRefGoogle Scholar
  4. 4.
    Borriello, G., Brunette, W., Hall, M., Hartung, C., Tangney, C.: Reminding about tagged objects using passive rFIDs. In: Davies, N., Mynatt, E.D., Siio, I. (eds.) UbiComp 2004. LNCS, vol. 3205, pp. 36–53. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Consolvo, S., Roessler, P., Shelton, B.E.: The careNet display: Lessons learned from an in home evaluation of an ambient display. In: Davies, N., Mynatt, E.D., Siio, I. (eds.) UbiComp 2004. LNCS, vol. 3205, pp. 1–17. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Consolvo, S., Smith, I.E., Matthews, T., LaMarca, A., Tabert, J., Powledge, P.: Location Disclosure to Social Relations: Why, When, & What People Want to Share. In: Proceedings of CHI 2005, pp. 81–90. ACM Press, New York (2005)Google Scholar
  7. 7.
    Cranor, L.F., Garfinkel, S.: Security and usability: Designing secure systems that people can use. O’Reilly, Cambridge (2005)Google Scholar
  8. 8.
    Felten, E.: DRM, and the First Rule of Security Analysis. Freedom to Tinker (retrieved March 30, 2006) (2003), from:
  9. 9.
    Friedman, B. (ed.): Human Values and the Design of Computer Technology. Cambridge University Press and CSLI New York Stanford University (1997)Google Scholar
  10. 10.
    Friedman, B., Felten, E., Millett, L.I.: Informed Consent Online: A Conceptual Model and Design Principles. CSE Technical Report 00-12-02. Department of Computer Science and Engineering, University of Washington, Seattle, Washington (2000)Google Scholar
  11. 11.
    Friedman, B., Howe, D.C., Felten, E.: Informed consent in the Mozilla browser: Implementing value-sensitive design. In: Proc of HICSS 2002 Abstract, CD-ROM of full-paper, OSPE101, p. 247. IEEE Computer Society, Los Alamitos (2002)Google Scholar
  12. 12.
    Friedman, B., Kahn Jr, P.H.: Human values, ethics, & design. In: Jacko, J., Sears, A. (eds.) Handbook of human-computer interaction, pp. 1177–1201. Lawrence Erlbaum Associates, Mahwah (2003)Google Scholar
  13. 13.
    Friedman, B., Kahn Jr, P.H., Borning, A.: Value Sensitive Design & information systems. In: Zhang, P., Galletta, D. (eds.) Human-computer interaction in management information systems: Foundations. M. E. Sharpe, Armonk (in press)Google Scholar
  14. 14.
    Friedman, B., Kahn Jr, P.H., Hagman, J., Severson, R.L., Gill, B.: The Watcher and The Watched: Social Judgements about Privacy in a Public Place. Human-Computer Interaction (in press)Google Scholar
  15. 15.
    Friedman, B., Lin, P., Miller, J.: Informed Consent by Design. In: Cranor, L., Garfinkel, S. (eds.) Designing Secure Systems that People Can Use, pp. 495–521. O’Reilly & Associates, Cambridge (2005)Google Scholar
  16. 16.
    Goecks, J., Mynatt, E.D.: Leveraging Social Networks for Information Sharing. In: Proceedings of CSCW 2004, pp. 328–331 (2004)Google Scholar
  17. 17.
    Goldberg, Y.: Practical Threat Analysis for the Software Industry. (retrieved March 30, 2006) (2005), from:
  18. 18.
    Grinter, R.E., Smetters, D.K.: Three Challenges for Embedding Security into Applications HCISEC Workshop at CHI 2003, Fort Lauderdale, Florida (2003) (retrieved March 30, 2006) (2003), from:
  19. 19.
    Hill, R., Myagmar, S., Campbell, R.: Threat Analysis of GNU Software Radio. In: Proc. of WWC 2005, Palo Alto, CA (2005)Google Scholar
  20. 20.
    Hudson, S.E., Smith, I.: Techniques for addressing fundamental privacy & disruption tradeoffs in awareness support systems. In: Proceedings of CSCW 1996, pp. 248–257 (1996)Google Scholar
  21. 21.
    Hull, R., Kumar, B., Lieuwen, D., Patel-Schneider, P.F., Sahuguet, A., Varadarajan, S., Vyas, A.: Enabling Context-Aware and Privacy-Conscious User Data Sharing. In: Proceedings of MDM 2004, pp. 187–198 (2004)Google Scholar
  22. 22.
    Iachello, G., Smith, I., Consolvo, S., Abowd, G.D., Hughes, J., Howard, J., Potter, F., Scott, J., Sohn, T., Hightower, J., LaMarca, A.: Control, deception, and communication: Evaluating the deployment of a location-enhanced messaging service. In: Beigl, M., Intille, S.S., Rekimoto, J., Tokuda, H. (eds.) UbiComp 2005. LNCS, vol. 3660, pp. 213–231. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Iachello, G., Smith, I.E., Consolvo, S., Chen, M., Abowd, G.D.: Developing Privacy Guidelines for Social Location Disclosure Applications and Services. In: Proceedings of SOUPS 2005, pp. 65–76. ACM Press, New York (2005)CrossRefGoogle Scholar
  24. 24.
    Jancke, G., Venolia, G.D., Grudin, J., Cadiz, J.J., Gupta, A.: Linking Public Spaces: Technical & Social Issues. In: Proceedings of CHI 2001, Seattle, WA, pp. 530–537 (2001)Google Scholar
  25. 25.
    Jiang, X., Hong, J.I., Landay, J.A.: Approximate information flows: Socially-based modeling of privacy in ubiquitous computing. In: Borriello, G., Holmquist, L.E. (eds.) UbiComp 2002. LNCS, vol. 2498, pp. 176–193. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  26. 26.
    LaMarca, A., Chawathe, Y., Consolvo, S., Hightower, J., Smith, I., Scott, J., Sohn, T., Howard, J., Hughes, J., Potter, F., Tabert, J., Powledge, P.S., Borriello, G., Schilit, B.N.: Place lab: Device positioning using radio beacons in the wild. In: Gellersen, H.-W., Want, R., Schmidt, A. (eds.) PERVASIVE 2005. LNCS, vol. 3468, pp. 116–133. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  27. 27.
    Langheinrich, M.: Privacy by design–Principles of privacy-aware ubiquitous systems. In: Abowd, G.D., Brumitt, B., Shafer, S. (eds.) UbiComp 2001. LNCS, vol. 2201, pp. 273–291. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  28. 28.
    Lederer, S., Hong, J.I., Dey, A.K., Landay, J.A.: Personal Privacy through Understanding & Action: 5 Pitfalls for Designers. Personal & Ubiquitous Computing 8(6), 440–454 (2004)CrossRefGoogle Scholar
  29. 29.
    Meler, J.D., Mackman, A., Dunner, N., Vasireddy, S., Escamilla, R., Murukan, A.: Threat modeling. In: Improving Web Application Security: Threats and Countermeasures (2003)Google Scholar
  30. 30.
    Palen, L., Dourish, P.: Unpacking “privacy” for a networked world. In: Proceedings of CHI 2003, pp. 129–136 (2003)Google Scholar
  31. 31.
    Patil, S., Lai, J.: Who gets to know what when: configuring privacy permissions in an awareness application. In: Proceedings CHI 2005, Portland, OR, USA, pp. 101–110 (2005)Google Scholar
  32. 32.
    Schoeman, F. (ed.): Philosophical Dimensions of Privacy: An Anthology. Cambridge University Press, Cambridge (1984)Google Scholar
  33. 33.
    Warren, S.D., Brandeis, L.D.: The Right to Privacy. Harvard Law Review 4(5) (1890)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Batya Friedman
    • 1
  • Ian Smith
    • 2
  • Peter H. KahnJr.
    • 3
  • Sunny Consolvo
    • 2
  • Jaina Selawski
    • 4
  1. 1.Information SchoolUniversity of WashingtonSeattleUSA
  2. 2.Intel ResearchSeattleUSA
  3. 3.Department Of PsychologyUniversity of WashingtonSeattleUSA
  4. 4.Intel CorporationSanta ClaraUSA

Personalised recommendations