Privacy-Respecting Location-Based Service Infrastructures: A Socio-Technical Approach to Requirements Engineering

Article excerpt


This article presents an approach for the design of location-based information systems that support privacy functionality. Privacy-enhancing technology (PET) has been available for a considerable amount of time. New online applications and infrastructures for mobile and ubiquitous use have been installed. This has been done without usage of available PET, although they are favored by data protection experts. Designers of location-based services (LBS) create infrastructures for business or application specific purposes. They have profit-oriented views on the rationale for PET deployment. Finally, users have requirements that might be neither on the PET community's nor on the business people's agenda. Many disciplines provide knowledge about the construction of community-spanning information systems. The challenge for designers of infrastructures and applications is to find a consensus that models all stakeholders' interests - and takes advantage all involved community's knowledge.

This paper groups LBS stakeholders into a framework based onto a sociological knowledge construct called "boundary object". For this purpose, a taxonomical analysis of publications in the stakeholder communities is performed. Then the paper proposes a socio-technical approach. Its goal is to find a suitable privacy design for a LBS infrastructure based on the boundary object. Topics for further interdisciplinary research efforts are identified and proposed for discussion.

Key words: Privacy design, location, mobile infrastructures, requirements engineering, boundary objects.

1 Introduction

The purpose of this work is to show how to design mobile communication infrastructures in a way that they respect privacy and fulfill user and operator requirements. In particular, the process focuses on the interdisciplinary feasibility of the resulting infrastructure with respect to the business model.

Information systems cross one more border into our personal and private lives by measuring our personal context. In providing context-based, situation-dependant services, human beings are being equipped with technology measuring their daily lives to provide computerized services to them. One kind of context information collected and used in such services is a person's location, determined through the position of the person's mobile telephone. Location-based services (LBS) based on wireless networks can position users with their mobile equipment. LBS business models are seen as an important application for mobile operators and the online services industry. A new challenge is the ubiquity of the infrastructure. By positioning a mobile phone, users can be tracked and profiled all day in all places with network coverage. This poses new service opportunities, but also creates a new class of risk towards privacy. Now many service providers can track an individual, while the existing data protection laws were drafted for protection against centralized infrastructures. As an approach to the privacy dilemma, cryptographers and data protection specialists suggest the use of privacy-enhancing technology (PET). PET development has been technology-centric, detached from business requirements and cost-of-ownership. With the deployment of ubiquitous infrastructures, the analysis and deployment of privacy-friendly infrastructures might stimulate adoption of the new applications against strong privacy concerns that are being voiced by researchers and privacy advocates.

This text presents a process about how design a privacy-friendly on-line infrastructure. This process is to be used for information infrastructure development. The example for such information systems will be LBS. The focus of my analysis is the intersection of economic theory, system design and PET to create information systems that have the properties of privacy-friendliness, efficiency, and value creation. In Figure 1, the steps of the design process are introduced. …