One inherent feature of pervasive computing environments is the need
to gather and process context information about real persons. Unfortunately, this
unavoidably affects persons¿ privacy to a large degree. Each time today a citizen
uses his cellular phone, his credit card or surf the web, he is leaving a trace that is
stored for some reason. In a pervasive sensing environment, however, the amount
of information collected is a) much larger than today and b) might be used to
reconstruct personal information with great accuracy. The question we address
in this paper is to control dissemination and flow of personal data across organizational,
as well as personal boundaries, i.e., to potential addressees of privacy
relevant information. This paper presents the User-Centric Privacy Framework
(UCPF). It aims at protecting a user¿s privacy based on the enforcement of privacy
preferences. They are expressed as a set of constraints over some set of
context information. To achieve the goal of cross-boundary control, we introduce
two novel abstractions, namely Transformations and Foreign Constraints, in order
to extend the possibilities of a user to describe his privacy protection criteria
beyond the current expressiveness ussually found today. Transformations are understood
as any process that the user may define over a specific piece of context.
This is a main building block for obfuscating or even plainly lie about the context
in question. Foreign Constraints are an important complementing extension because
they allow for modeling conditions defined on external users that are not the
tracked individual, but may influence disclosure of personal data to third parties.
We are confident that these two easy-to-use abstractions together with the general
privacy framework presented in this paper constitute a strong contribution to the
protection of the personal privacy in pervasive computing environments.
