Abstract
Smart personal assistants are regarded as a promise to solve the problems related to the information overload faced by users in information-rich environments. Such systems make use of user data together with context information to present useful content that may help the user to perform desired actions. However, malicious use of this data could harm the privacy of the user. This work aims to propose a data management model capable of protecting the user from possible abuses in the use of collected data. Based on this idea, this work presents an analysis of the main personal assistants available for use today, and a survey on the predisposition of users to share personal information. Through this study, a privacy-driven management model was proposed and verified by a focus group composed by software engineering students.
You have full access to this open access chapter, Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
The popularization of smartphones has instigated the development of increasingly interactive applications. This fact is confirmed by a study published by Qualcomm [20], leading manufacturer of processors for smartphones, on the habits of mobile users in the main markets in Latin America. The study is part of an initiative to measure the degree of adoption, assimilation and use of information and communication technologies in society and showed that Brazilians have a strong acceptance of entertainment and banking services, as well as social networks. However, it makes clear that there are still large gaps to be fulfilled with the development of new applications. A niche of this market are context-aware applications, which, according to Weiser [26], can help to overcome the problem of information overload. Myers [19] argues that there has been a significant effort in both academia and industry to develop smart personal assistants (SPAs) to manage our increasingly complex, information-rich and communicative work environments. These assistants make use of software capable of analyzing information about the environment in which the user is inserted, and so can seamlessly perform the necessary actions to interact with the environment and the user [5].
According to Carberry [8], by observing the actions of a person with the use of software agents, it is possible to deduce its plans. The recognition of such aspects can improve the effectiveness of context-aware applications and make them more interactive. However, although the recognition of has ben a research topic extensively studied, it is not an easy task, and many open problems remain. A great difficulty for agents is to recognize the very context in which the user and his device is inserted. There is also the issue that the recognition of plans must be managed immediately to deal with possible changes of context [9].
For the recognition of the user plans, the mobile devices are omnipresent, observing the user in his private life all the time in an invasive way. In addition, user’s data is collected and handled by plan recognition systems occurs in a worrying way, as there is no transparency in the management of such data by service providers, what makes the user susceptible to malicious use of such information. As Vecchiato [22] points out, there is a lack of work focusing on security issues during the extraction, manipulation and dissemination of this data. The occurrence of security breaches can further aggravate privacy issues by malicious use of the data.
Therefore, this work discusses ways to guide the development of a model for non-invasive data management, that is, to assure that the management of the user’s data for the recognition of plans does not disrespect or invade his privacy, considering that he may not want that some pieces of information are accessed by personal assistants. This research was developed in the scope of the architecture proposal Devices, Environments and Social Networks Integration Architecture (DESIA). DESIA allows the manipulation of sensitive context data from sensors and mobile devices and includes emerging technologies such as social networks, cloud computing and software echosystems, emphasizing security and privacy, fundamental aspects not always covered by other architectures [17, 22].
Hence, we propose a privacy-driven data management model, i.e., a model capable of ensuring that SPAs do not commit abuses on the use of the user data collected. For the execution of this study, we conducted a survey with potential SPAs users, which made possible to propose a privacy solution for the users of these platforms. In addition, this article presents in detail the theoretical foundations that serve as the basis for this research. Moreover, we performed an analysis of the main SPAs available for use in the market. This paper brings the complete analysis of the data of the survey conducted with smartphone users, presenting the main requirements listed through the research. Finally, the model resulting from the principles raised from the research with users of a focus group is exposed.
2 Theoretical Framework
Ubiquitous or ubiquitous computing does not just mean being able to take devices anywhere, but allowing them to be present everywhere intrinsically, connected to the same network and making use of equally ubiquitous systems. Thus, for instance, with the use of ubiquitous computing, a computer that has the information about in which room it is located can adapt its behavior in a significant way [26].
To acquire information, these ubiquitous systems can make use of software agents who can sense the environment as they are deployed through sensors. Through the input of data by these sensors, the agents are also able to change the environment in which they are deployed [5]. However, despite all the agents’ ability to observe the environment, they need directions to be able to make changes in the environment intelligently. These directions begin with the recognition of the actions that the user performs over time to reach a given goal [8].
The recognition of these actions, called “user plans recognition”, is the main driver of any smart personal assistant, since without this ability the assistant will not be able to propose intelligent solutions to the user. As Gong reports [12], a smart personal assistant is the implementation of a computer interface with a social intelligence that would come from the agent’s ability to be curious, effective, adaptive, and appropriate in interactions with the user. The implementation of a smart personal assistant involves receiving data from the user or from a software application used by the user, which allows the extraction of information and data and the processing of this information together with the profile of the user to produce an appropriate response to him.
On the other hand, due to this idea of intrinsic pervasiness to the operation of ubiquitous computing in smart personal assistants, there is a social problem embedded in this idea: the lack of privacy. Although these systems are extremely useful, your information in the wrong hands can become a problem for the user. Government officials and marketers, for instance, could make an unpleasant use of this information [26].
We can understand privacy as a condition that preserves intimate life, personal affairs and chores. In this way, the privacy of the user is a condition that aims to protect his data and personal information in scenarios related directly or not to the use of some system. Kapadia [16] states that, in order to ensure respect for his privacy, users should be in control of how their data and personal information are transferred to third parties.
In Brazil, as a guarantee for the user’s privacy rights, a law commonly known as the Internet Civil Landmark was issued on April 24, 2014. This law guarantees the full exercise of the right of access to the Internet, safeguarding the right to privacy. It reinforces that the possession of personal data and the private communications by organizations providing Internet services, must respect and preserve the privacy, honor and image of the user or third parties involved in the use of such services [7].
Although ubiquitous computing may pose a risk to the user’s privacy, the growing demand for systems that address the problem of information overload makes the paradigm “anywhere, anytime” the new challenge for designing and implementing the next generation of information systems. Hence, ubiquitous access to such information systems requires new concepts, models, methodologies and assistive technologies to fully exploit their potential [23].
3 Methodology
To develop this research, we conducted a literature review in the study area and conducted two qualitative studies. The first study dealt with an analysis of profiles of user personal assistants and the second one consisted in a focus group with students of Computer Science. The literature review focused on the areas of Human-Computer Interaction and Artificial Intelligence. We reviewed articles on agents, methods of recognizing plans, privacy policies and smart personal assistants. Due to the difficulty of finding works that explored the capabilities of a Smart Personal Assistant (SPA) an analysis of the main SPAs present in the market was carried out.
The three assistants covered in this survey were selected because they are directly related to the three mobile operating systems with the biggest share on the market – Android, iOS and Windows Phone –, respectively Google Now, Siri and Cortana. To analyse the respectives SPAs, we consulted the descriptions of the functionalities and terms of use provided by each company. For a post-analysis, we elaborated a questionnaire composed of 21 questions, one discursive and the other multiple choice, which was applied to smartphone users who had smart personal assistants or not. The questionnaire was answered by 11 people invited to participate in the survey due to their differences in the use of smartphones and their social profiles. The questionnaire raised the complete profile of each participant by asking questions about the level of education, age and training area. The name of each participant was not collected to preserve their anonymity.
Based on the data collected in the survey, an analysis of privacy profiles was performed by assessing users’ willingness to allow personal data sharing with smart personal assistants and their knowledge of those applications. In the next step, we elaborated a privacy-driven data management model based on the needs and fears of the surveyed users, using smart personal assistants that met the users’ privacy profiles.
We validated the proposed model through a focus group study [3] with Computer Science students of the Federal University of Mato Grosso (UFMT). We divided the activities into 4 stages. In the first stage, each participant fulfilled a consent form for the participation in the focus group and a questionnaire to evaluate each profile and each subgroup. In the second step, the participants watched an explanation on smart personal assistants, the current SPA scenario and the model for data management proposed. Then the participants were divided into three subgroups for discussion, each group having a copy of the proposed model to evaluate the positive and negative aspects of its use. In the final stage, a collective discussion was opened to present their verifications of the proposed model. The result of this verification was essential for the construction of the privacy solutions that this work suggests.
4 Smart Personal Assistant Technologies
Smart personal assistants are still not very common systems and little used by lay users in technology. In today’s generation of smartphones, three smart personal assistants stand out: Siri developed by Apple, Google Now developed by Google and Cortana developed by Microsoft [25]. All of them make use of ubiquitous computing and ambient intelligence concepts because they are connected to several other information services that permeate the environments that the users meet [2].
4.1 Siri
At its debut in 2010, Siri was able to connect to 42 different web services that were used to create a single response formed from the best information available from these sources. He was also able to make reservations at restaurants, buy tickets and even call a taxi, without having to open any other application [6].
The idea of its creators was that Siri was an autonomous tool that could anticipate the intentions of the user and make the information available before the user requested it. Siri could anticipate the frustration of a delayed flight by bringing in alternative flight information and other means of transportation such as train travel or car rental information. However, its creators have never been able to develop these functionalities [6].
4.2 Microsoft Cortana
Cortana had its debut in smartphones in 2014 and aimed to position itself as a personal digital assistant that could help the user to organize their daily tasks, managing meetings, reminders and other activities of the user’s daily life.
To manage this information, Microsoft talked to several high-level personal assistants and found that they kept a notebook with notes on all the key information and personal interests of those they attended. The simple idea of having a notebook with personal key information has inspired Microsoft to create a virtual notebook for Cortana that stores personal information and anything that Cortana can see and use. The first time the user uses Cortana, it formulates basic questions to learn about the user’s personal interests such as name, gastronomic preferences, or favorite movie types, for example. However, the user can always tell Cortana that something is not right and that it should not have access to that data.
4.3 Google Now
As part of the Android 4.1 update in 2012, Google introduced its virtual personal assistant for Android smartphones, Google Now [13]. It is a virtual personal assistant that provides information to the user via cards of the search-engine application, based on search history data, location, calendar events, and user-provided information such as favorite team, place of work, place of residence, and so on. Access to these data aims to provide more relevant information to the user [15].
At the first use of Google search-engine application, the user is asked if he wants to activate Google Now. From them on, the cards appear automatically when the wizard tries to guess what information the user will need at a given moment [5]. To provide this information, Google Now runs discreetly in the background of the Operating System, collecting and synthesizing records of searches, calendar, event locations, and travel patterns to inform and alert the user through notifications or cards in the search application [24].
Thus, Google has designed a distinctive technological line. On the one hand, there are virtual assistants who make inquiries and actions through user requests, on the other hand there is Google Now, which provides information without the need for user requests. It was rated by The Verge as the first virtual assistant that actually anticipates user needs [4].
4.4 Comparison Among SPAs
Table 1 presents a comparison among smart personal assistants. This comparison shows that Google Now is more proactive while Siri behaves in a reactive way. Like Google Now, Cortana also has a more proactive behavior.
One disadvantage of Siri before the others is that it only runs on one platform, while Google Now is present on both its Android and iOS, while Cortana is the only one that runs on smartphones and desktops simultaneously.
4.5 Terms of Use
Siri’s terms of use [1] state that by using Siri, everything the user says will be recorded and sent to Apple so that audio information is converted into text and user requests are processed. The device may also send other information such as user name, nickname, and user contact relations, as well as song names stored on the device. At the end of the term of user, it is advised that the location of the iOS device “may also be sent to Apple” at the time the user places an order to Siri [1].
Not unlike Apple, Microsoft [18] also alerts users in their terms of use that when any voice command feature is used, he agrees that Microsoft will record and collect the voice inputs, and that the data will be used in accordance with the Windows Phone privacy policy. The Windows Phone privacy policy states that “we collect certain information to enable the features and services offered on the phone to perform the requested or authorized transactions and to display customized content and advertisements in accordance with your interests and preferences” [18]. The terms of use also state the user grants permission to Cortana to collect his current availability and share that information with others. He also grants permissions to Cortana to communicate with others on his behalf automatically.
The Google Now terms of use [13], informs the user that his Google account data and calendars are used to help him with his day-to-day activities, and that it stores information about the use of Google Search, Google Maps and other Google services, including user location and other data associated with Chrome history, websites, and applications. The terms of use also tell the user about device data that is stored by Google, such as contacts, calendars, alarms, music, movies, books, and other content. User location history is also stored, even when a product from Google is not being used. The terms make it clear that location information can also be used by any Google application and service, including ads that are displayed to the user.
4.6 Comparison Among Terms of Use
By comparing the terms of use of each smart personal assistant, it is possible to realize that Siri accesses user data only during its use, while Google Now and Cortana are always sharing information. All assistants collect personal data and store voice input data. Only Google Now accesses device data (Table 2).
5 User’s Privacy Perception
In order to better understand the profile of the users of smart personal systems and smartphones, a qualitative survey was carried out with 11 people between August 6, 2015 and October 4, 2015. A questionnaire was answered by them to collect their views on data privacy in the smartphone as well as their intentions to use a smart personal assistant.
Google Now was presented to them as an example of a smart personal assistant. In this analysis, only smartphone users were able to contribute with their opinions, as the idea of data collection and privacy for people who do not use smartphones on a dayly basis would be too abstract.
The questionnaire had 21 questions distributed among 3 sets of questions: questions about demographic data, questions about the use of smartphones, and questions about opinions on privacy during the use of smartphones.
5.1 Demographic Data
The participants of the research have different background, 5 of them have already graduated, while 4 are undergraduate students. Among the participants with higher level, the courses of Information Systems, Pharmacy, Journalism and Administration stand out. All participants have ages varying between 20 to 35 years. Most participants are between 21 and 24 years old. Among the members of the research, 7 are men and 4 are women. All participants have smartphones and profiles on Facebook that, from 8 responses, was considered the social network where participants most provide personal information. The second most accessed social network is Instagram, which is used by 7 participants. Android operating system is the most used by participants, 6 of them. Other 5 participants use iOS. None of them, however, use the Microsoft’s operating system.
5.2 Apps and Smartphone Use
On the use of mobile apps, all participants said they use Whatsapp. The second most widely used application was Waze, chosen by 5 participants. Thirdly, the Google Now and Siri applications are used by 3 participants, each. Of these, only 3 participants said they had already read some terms of use of the listed applications. In the case, only Whatsapp has had its term of use read by the users.
5.3 Data Privacy
Participants were also asked about automated reading of e-mails from Google and only 3 participants reported not knowing about this operation, 8 said they would like to turn off it. When informed that when interrupting the reading of e-mails, services like Google Now would be less accurate, only 1 participant informed that he would change his opinion and keep the reading of e-mails working.
Asked about allowing an assistant to read information on social networks, location, browsing history, e-mail content, chat content, and application usage on the smartphone, 3 participants informed that they would not allow a personal assistant to have access to any of this information.
The permission to share the location was the one that had more positive responses. As for the other information, most of the users showed resistance to share them. None of the users said that they would allow the sharing of complete informations of chat applications or e-mails content.
5.4 Smart Personal Assistants
After being exposed to a simple concept of what a smart personal assistant is and the method of operating such systems, participants were asked if they considered such methods invasive. All participants responded yes and 9 of them also agreed that the current methods would be less invasive if there were some legislation that protected the privacy of shared data. Among the participants, 9 would also consider it less invasive if it was possible to have a more accurate control of the shared information. Only one participant said that even if there was specific legislation or if it was possible to control what information to share, he would still consider the methods invasive.
At the end of the survey, participants were asked about the impact that the information in the survey brought to the intended use of applications on the mobile phone. Six of them said they would continue to use the apps the way they already used them. One participant said that he would try out some of the applications cited in the survey. One participant said that he would continue to not use these applications and 3 said that after learning about the information in the survey, they would decrease the use of those applications.
5.5 Requirements Derived from the Survey
Based on the analysis of the results, it was possible to define some requirements that a privacy-driven data management model must meet. Thus, this section presents the following requirements:
-
1.
Work together with messaging applications, since messaging applications are very much used in smartphones;
-
2.
Be transparent in the use of personal user data, since the vast majority of users are not aware of what happens to their data, because they do not read the terms of use;
-
3.
Provide confidence to the user during data collection, since users are not comfortable with the operation of agents;
-
4.
Provide transparency and control of shared data, as users are afraid to share personal data to private companies;
-
5.
Provide information based on location data, since it is among the information that users are less afraid to share with the use of systems;
-
6.
Give users the power to choose, since they consider invasive the methods of data acquisition;
-
7.
Act in accordance with the laws that govern the right to privacy of the user, since the great majority of users considered that personal agents would be less invasive if there was legislation that regulated the use of the data;
-
8.
Be considered non-invasive so that the use of personal assistants may increase.
5.6 Assumptions for the Model
Based on the requirements presented in the previous section, we define here that for the model to meet the requirements, it must:
-
Allow the user to view all data collected by the system and give it the power to discard any data collected, to meet requirements 2, 3 and 7 of the previous topic;
-
Provide ways to configure the presentation of collected data, to meet requirements 4 and 7;
-
Indicate to the user the information that the system can infer and configure when this information will be presented, to meet requirements 5 and 6.
These assumptions were used to shape the components of the model, so that it implements a data management with privacy.
6 Privacy-Driven Data Management Model
According to [11], the goal of creating a model is to achieve simplified representation of the real world through abstraction. To do this, one must select some real-world characteristics that must be represented by the system. A good model has the same properties of the portion of reality that it attempts to represent. Since a model is a simplification, it can be studied and manipulated to find solutions to related real world problems.
For this reason and based on the concepts obtained through the literature review, the analysis of the existing applications, the survey with users, and the legislation in force, a model was elaborated to be less invasive, since it takes into account the user preferences and is protected by privacy principles.
6.1 Model Validation
For a more in-depth analysis that enabled the elaboration of a verified and less invasive model, another research was carried out, this time presenting a previously elaborated model for a focus group composed only of Computer Science students from the Federal University of Mato Grosso. The 14 people focus group was gathered to verify the model capacity, technical acceptance, and potential to support a non-invasive smart personal assistant system.
The focus group activity began with the application of a questionnaire with 8 questions to collect the profile of the participants. As for the use of social networks, the participants presented a very similar profile. The three most used social networks among the participants were Facebook with 100%, LinkedIn with 50% and Instagram with 35.7% participation.
After the application of the questionnaire, the students were presented with information about smart personal assistants in which the main assistants available on the market and some of their terms of use were mentioned. At the end of the presentation, the proposed model was presented to the students.
Then, the students were randomly divided into 3 groups composed of 4 participants each. The groups were given the task of listing positive and negative aspects of the presented model. After 45 min of discussion, positive and negative considerations were presented by all groups.
Positive Aspects
As for the positive aspects, the groups praised the model’s ability to customize the data to be shared for each user profile. The ability for full control of smart assistants by the user has made the survey participants more confident and secure about the availability and use of their personal information.
Negative Aspects
Each group also presented suggestions for model improvement. The most common concern among the groups was with the amount of information indexed in the user’s data repository and the impact that this would have on the consumption of the smartphone’s storage capacity. To improve the understanding of the focus group participants, it was explained that the data repository only uses data present in the storage of other systems, serving only as a data library. This explanation given to the participants was used to fine-tune the definition of the data repository.
6.2 Model Description
This section presents the privacy-driven data management model for implementing smart personal assistants in ubiquitous devices (see Fig. 1), resulting from the verification by the focus group.
Privacy-driven data management model for smart personal assistants
The model was designed to have a high level of abstraction, in order to facilitate discussions about the direct impacts to the user and not to be analyzed in the systems development and implementation contexts. However, Sect. 6.3 presents a view of the model in a layered architecture.
It is worth noting that this model idealizes a smart personal assistant with a proactive approach, in which the assistant anticipates the intentions of the user. In this way, the model can be used in smart personal assistants who already have a similar approach.
Data Acquisition
Data acquisition will be done through software agents that will apply data mining techniques to detect user information from the use of other applications. The agents will also find data through device sensors and index that information found in component called User Data Repository.
User Data Repository – UDR
The User Data Repository (UDR) can be understood as an index of all data encountered by agents during data acquisition. To allow transparency of data usage by the personal assistant, the idea of an information repository is based on the idea used in Cortana’s notebook. The difference in the model proposed in this work is that, in addition to checking and managing the basic information such as user name, home and work place, the user can check and manage all the data found by agents such as: browsing history, travel data, calendar events, etc.
For instance: during data acquisition, agents can collect personal information from the user. The user, when consulting the indexed information in the UDR, decided to exclude the information from his place of work, since it is not in the interest of the plan recognition that the smart personal assistant considers such data for the inference of information. This data will then be hidden from the smart personal assistant, allowing full control of the information managed by the assistant.
Dynamic Privacy Policy Guidelines – DPPG
The Dynamic Privacy Policy Guidelines (DPPG) is a component that allows the user to manage the availability of the data to be shared with the back end for inference of information. Through the DPPG the user defines in which moments, places and situations a given data, indexed in the RDU, will be available to be sent to the back end service by the User Approved Information Model.
For instance, when the user is interested in a shorter route to go home after work, the personal assistant will be able to send the data of his location to the back end service for a period of time – for half-hour beginning 15 min before the end of the user’s office hours and ending 15 min after that.
In the example, the DPPG will be configured to permit the use of location data if the user is in the workplace for a period of half an hour, beginning 15 min prior to the set time of office. This will allow the information to only leave the device if the user needs a route suggestion with less traffic to get home. If the user is in another situation, outside the workplace, at lunchtimes, etc., the information about his location will not be shared.
User Approved Information Model – UAIM
The User Approved Information Model (UAIM) is the component that sets the information patterns, to be inferred by the recognition of plans carried out by the back end service. This component allows the user to configure what information he wants to receive. It is also the component responsible for informing the user which data will be used to infer the selected information pattern. By considering that information inference is the product of the plan recognition process, UAIM is the main product directory generated by the plan recognition system.
Its communication with the back end occurs only when the information display rules are met, and the data managed by the DPPG is available for inference of information. Thus, the use of the device data network will occur only at useful times to the user, so that uninterrupted data transmission does not occur.
For instance, the user will inform UAIM that he wants to receive information about airfare values. The user will be asked if he agrees to share the search history data and the city in which he is located, so that the back end service is aware of the user’s destinations and can determine the route the user will follow to make his trip in the best way possible. The user will consent to sharing browsing history only when he is at home.
Back End
The back end service is responsible for inferencing information by recognizing user plans from their personal data. It receives from UAIM the type of information that it must complete and the personal data of the user, necessary to carry out the recognition of plans. After recognizing the user’s plans, it sends to UAIM the useful information understood.
For instance, the moment the user arrives at the airport during a trip, the back end service will be informed about the user’s location, e-mail content and information on the best way to go to a hotel. Thus, during the recognition of plans, the back end service will recognize that the user will go to the hotel when leaving the airport. Thus, the service will consult information about the city that the user is in to decide what will be the best way to reach the hotel. After consultation, the information will be transmitted to the smart personal assistant to be displayed to the user.
Note that in the described example, UAIM is configured to inform the back end service about the user’s best interest in getting to a hotel when traveling, and DPPG allows the sharing of location data and e-mails content when the user’s current location is different from the city in which he resides. Thus, the service provider will have access to the user data only when the user intends to obtain a return by giving up his data.
Information Presentation Interface – IPI
The Information Presentation Interface (IPI) is the component of the system that communicates with the user to allow him to configurate the other components. The IPI presents information resulting from the plan recognition process performed by the back end service and received by UAIM.
This paper does not propose to discuss the ideal interface for communication with the user, but as an example of interaction it is suggested the presentation of the result of the plan recognition and the cards in use. The sequence of steps below demonstrates the interaction process between the user and the smart personal assistant:
-
1.
Demonstrate the card to the user. During the first use of the smart personal assistant, the system must show the user the information template that will be present on the card (see Fig. 2A). The system should also inform which data types indexed in the UDR will require sharing permission to perform the plan recognition.
Fig. 2. 
Smart personal assistant interface
-
2.
Request the data to use the card. If the user decides to use the card, an explicit data access request will be made for the full functioning of the smart personal assistant (see Fig. 2B). The system will obey the legal requirements regarding its responsibility in obtaining the user’s data. By agreeing to the request, the user will be performing the configuration and management of the personal data in the DPPG.
-
3.
Send data to the back end service to perform data processing. The system must send the data provided to the back end service that performs the recognition of the user’s plans and provides the inference information.
-
4.
Receive the information inferred by the backend service. In the same way that the data is sent for the back end plan recognition service, the inferred information must be sent to the SPA on the user’s device.
-
5.
Present in card information inferred by the back-end service. The SPA should present the card with the information to the user (see Fig. 2C). The presentation can be done in both the application and the notification system of the device.
In this example, one can note how privacy issues can be associated with the internet legal requirements, moreover, how the SPA places the user at the center of decisions by shaping their functioning according to the user’s consent profile.
6.3 Layered Architecture
This section presents a view of the proposed model in a layered architecture (see Fig. 3), since this method allows to identify the main structural components of the system and the relationship between them.
Layered architecture of the proposed model
In a layered architecture “each layer only depends on the features and services offered by the layer immediately below it” [21]. Thus, it is an ideal way to present the proposal of an architecture for the model exposed in this work. We divided our proposal in 6 main layers:
-
1.
The personal user data can be found by means of sensors present in the device and by applications that use the data;
-
2.
Using agents, the UDR performs the process of data discovery and performs the indexation of this data, which becomes available for the above layer;
-
3.
The DPPG classifies the data into available or unavailable for inference of information. The data classified as available is available for the next layer;
-
4.
The UAIM selects the available data and sends it to the back end service;
-
5.
The back end service performs the information inferecing with the data provided by the UAIM and returns useful information to the user;
-
6.
The IPI receives the information generated by the back end service from the UAIM, thus finalizing the data flow.
In the sequence presented above, each component of the model serves the component in the layer immediately below with information and the other lower components do not have to interact with the components above.
7 Conclusion
The frequent and increasingly assiduous use of smartphones and mobile applications by people is clear. With this research, it is possible to conclude that certain users are not comfortable with the method of data acquisition and the operation of agents as invasively as it is done, even though there is legislation that regulates the use of their personal data. The absence of the ability for users to control their information before sharing makes the use of smart personal assistants a risk. If the method of data acquisition were to be less invasive, the use of these assistants would be more responsible and perhaps even more frequent.
From this study, we could propose a privacy-driven data management model that will allow the most fearful user that shares his personal data to be satisfied with the flexibility and possibility of setting privacy attributes of the smart personal assistants. With smart personal assistants implemented under this model, the user will be able to define in which moments, places and situations a certain data will be available to be sent to the service of plans recognition, all for a determined time-space and defined by the user.
The main peculiarity of the model proposed in this work is the concern with the privacy of the user and the transparent way in which personal data is maintained and analyzed by the system. The proposed model, as well as the model present in today’s smart personal assistants, does not limit the omnipresence of ubiquitous computing, but in contrast, it allows the data collected by the ubiquitous devices to be controlled by the user, thus preventing the user from being vulnerable to malicious use of such data.
On the other hand, what limits the model is the lack of knowledge about the information that the user intends to receive. The model requires that, during the implementation, a library of information already exists to be displayed to this user. Another limitation of the model is the amount of information that will be sent to the plan recognition system, since the recognition of plans may be hampered by the fact that the configurations permit the sharing of few data, when in fact a larger set of data would be necessary to increase the knowledge of the system about the user with support of machine learning techniques. However, it is expected that with the application of a non-invasive model, users will adopt these assistants more frequently, increasing the amount of data collected by the system.
As a future work, a smart personal assistant implementation will be carried out following the privacy-driven management data model presented here with a more refined study of data mining techniques for acquiring user data. During implementation, the suggestions listed by the focus group will be applied such as: using a colloquial language in the description of the terms of use and making the data privacy settings grouped by categories of information available. We also identified as objects of study for future work, the analysis of communicability in the stages of configuring the system and the accomplishment of a study of the main information that a user is interested in receiving.
References
Apple Inc. iOS License Agreement (2012). http://www.apple.com/legal/sla/docs/ios6.pdf. Accessed 18 Apr 2016
Baljak, V., et al.: S-CLAIM: an agent-based programming language for AmI, a smart-room case study. Procedia Comput. Sci. 10, 30–37 (2012). Elsevier
Barbour, R.: Grupos focais. Artmed, Porto Alegre (2009). (in Portuguese)
Bohn, D.: Google Now: behind the predictive future of search. The Verge, 29 October 2012. http://www.theverge.com/2012/10/29/3569684/googlenowandroid42know-ledgegraphneuralnetworks. Accessed 04 Nov 2015
Bordini, R.H., Hübner, J.F., Wooldridge, M.: Programming Multi-agent Systems in AgentSpeak Using Jason, vol. 8. Wiley, Hoboken (2007)
Bosker, B.: The inside story of siri’s origins and why she could overshadow the iphone. The Huffington Post, 22 January 2013. http://www.huffingtonpost.com/2013/01/22/siri-do-engine-apple-iphone_n_2499165.html. Accessed 27 Oct 2015
Brasil, Lei no. 12.965, 23 April 2014. Marco Civil da Internet. Brasília, DF, 24 April 2014. (in Portuguese). http://www.planalto.gov.br/ccivil_03/_ato2011-2014/2014/lei/l12965.htm. Accessed 10 Apr 2016
Carberry, S.: Techniques for plan recognition. User Model. User-Adap. Interact. 11(1–2), 31–48 (2001)
Chaouche, A.C., El Fallah Seghrouchni, A., Ilié, J.M., Saïdouni, D.E.: Smart agent foundations: from planning to spatio‐temporal guidance. Enablers Smart Cities 33–63 (2016)
Finger, T., Maciel, C.: A comparative study on the architecture of social networks facing users great demand. IEEE Lat. Am. Trans. 10(1), 1208–1214 (2012). (Revista IEEE America Latina)
Gigch, J.P.V.: System Design Modeling and Metamodeling. Springer Science & Business Media, New York (2013)
Gong, L.: Intelligent personal assistants. Google Patents. US Patent App. 10/158,213 (2002)
Google Inc. Termos de Serviço do Google (2014). https://www.google.com/policies/terms/. Accessed 18 Apr 2016
Hauswald, J., et al.: Sirius: an open end-to-end voice and vision personal assistant and its implications for future warehouse scale computers. In: Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 223–238. ACM (2015)
Ingraham, N.: Google Now: search based on time and location. The Verge, 20 June 2012. http://www.theverge.com/2012/6/27/3120727/googlenowtimelocationsearch. Accessed 04 Nov 2015
Kapadia, A., Henderson, T., Fielding, J.J., Kotz, D.: Virtual walls: protecting digital privacy in pervasive environments. In: LaMarca, A., Langheinrich, M., Truong, K.N. (eds.) Pervasive 2007. LNCS, vol. 4480, pp. 162–179. Springer, Heidelberg (2007). doi:10.1007/978-3-540-72037-9_10
Maciel, C., de Souza, P.C., Viterbo, J., Mendes, F.F., El Fallah Seghrouchni, A.: A multi-agent architecture to support ubiquitous applications in smart environments. In: Koch, F., Meneguzzi, F., Lakkaraju, K. (eds.) Agent Technology for Intelligent Mobile Services and Smart Societies. CCIS, vol. 498, pp. 106–116. Springer, Heidelberg (2015)
Microsoft. Política de privacidade do Windows R Phone 8.1 (2015). (in Portuguese). http://www.windowsphone.com/pt-br/legal/wp8/windows-phone-8-1-privacy-statement. Accessed 18 Apr 2016
Myers, K., et al.: An intelligent personal assistant for task and time management. AI Mag. 28(2), 47 (2007)
Romer, R.: Qualcomm divulga dados de sua primeira pesquisa sobre conectividade no Brasil Canaltech, 18 March 2014. (in Portuguese). http://corporate.canaltech.com.br/noticia/qualcomm/Qualcomm-divulga-dados-de-sua-primeira-pesquisa-sobre-conectividade-no-Brasil/. Accessed 18 Apr 2016
Sommerville, I.: Software Engineering. Pearson, Upper Saddle River (2011)
Vecchiato, D., et al.: Using agents towards providing security on a context-aware architecture. In: Proceedings of the 1st International Workshop on Agents and CyberSecurity, p. 10. ACM (2014)
Viterbo, J., et al.: Ambient Intelligence: Management of Distributed and Heterogeneous Context Knowledge. CRC Studies in Informatics Series, pp. 1–44. Chapman & Hall (2008)
Ward, J.: Google Now. Popular Science, 15 November 2012. http://www.popsci.com/gadgets/article/201211/googlenow. Accessed 04 Nov 2015/16/17
Warren, T.: The story of Cortana, Microsoft’s Siri killer. The Verge, 02 April 2014. http://www.theverge.com/2014/4/2/5570866/cortanawindowsphone81digitalassistant. Accessed 28 Oct 2015
Weiser, M.: The computer for the 21st century. Sci. Am. 265(3), 94–104 (1991). Nature Publishing Group
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Nogueira, D.M., Maciel, C., Viterbo, J., Vecchiato, D. (2017). A Privacy-Driven Data Management Model for Smart Personal Assistants. In: Tryfonas, T. (eds) Human Aspects of Information Security, Privacy and Trust. HAS 2017. Lecture Notes in Computer Science(), vol 10292. Springer, Cham. https://doi.org/10.1007/978-3-319-58460-7_49
Download citation
DOI: https://doi.org/10.1007/978-3-319-58460-7_49
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-58459-1
Online ISBN: 978-3-319-58460-7
eBook Packages: Computer ScienceComputer Science (R0)