communication between the PTD and service providers. Mobile Electronic (ME) architecture [10] ... the free email services have advertisements on their pages ...
PERSONALIZED VIEW OF PERSONAL INFORMATION KARI HEIKKINEN, JUHA EEROLA, PEKKA JÄPPINEN AND JARI PORRAS
Lappeenranta, University of Technology P. O. Box 21, FIN - 53850
Abstract: - In this paper the personal information is defined and analyzed with two different points of views. The analysis contains some statistics about the information that is requested by different types of services. Furthermore the information requested by the services is analyzed with the information gathered from Focus Group discussions concentrating on what personal information the users are willing to store on their personal trusted device and in what services and use situations the users are willing to use their personal information. These studies and analysis were carried out to find both user requirements for personal information management and user demand for ambient service provisioning. Key-Words: - Personalization, Privacy, Personal Information, Management and Handling
1 Introduction A lot of personal information about the users and their preferences are asked on the web-sites that purpose to provide personalized services. For example, according to LaRose et al. [1] , the collected information includes last name, credit card number, demographics, telephone number, street address etc., which all are very private and in some cases part of the user’s identity. The personal information is often understood as information that is owned by a given person, such as calendar notes, contact addresses of the friends and so on [2-4]. Bergman et al. [4] defined it through personal information management (PIM); it is the storage, organization, and retrieval by an individual for her/his own use. However, our approach in encompassing the personal information is different; let us define personal information as any information that is related to the individual person. Besides identifying information e.g. name and address, such information adds personal needs, user requirements, actions, context-aware information (i.e. situation), conformity information etc. to the definition of personal information. This definition is the basis of our personal information management.
The personal information management is built on both user requirement and user demand. The user requirement is interpreted so that user actively participates in the conceptualization of the technology so that the user requirement for learning the technology is minimized. The user demand is interpreted as personal information (need) that awaits its fulfillment. This is an important aspect, because the services are becoming more and more part of our daily lives (ambient). Furthermore, in ambient service environments, the services could be “floating” on the proximity of the users, e.g. digital aura [5] or PeerHood approaches [6]. The management of personalized service provisioning in such environment is not straightforward. For example, the flow of information without any filtering could be overwhelming. From user point of view, this filtering (and intelligence of doing it) is perhaps the most critical one. Therefore there is a need to find out what services, what personal information the users are willing to share with the surrounding services in order to encompass the service provisioning based on personal information. However, in order to capitalize user demand from technology point of view it is needed to analyze the elements in networks that enable the handling and management of personal information. The users have a device (e.g. personal trusted device [7, 8]) that they use
for the services. If the users control their personal information, they need an application (e.g. user interface) in their device. The devices are connected to the service mix via a set of network technology and the personal information management needs a system that can cope with the surrounding proximity through communication protocols. Our approach uses the personalization management system to enable the handling of personal information management in the ambient service environment. Such a system consists of user interface for personal information management designed to meet user requirements and user demand, personalization information management system (PIMS) [9] to provide personalization of the services (intelligence) and communication between the PTD and service providers. Mobile Electronic (ME) architecture [10] could provide the handling of personal information within the management system. Another relevant study, [11] supports the idea of using user device as personal information storage. Personal information management applicatio n could be stored i.e. in smartcard and thus providing
Personal Trusted Device
the users a security concept (e.g. [12]). Furthermore, personal information could be used as a building block for m-Commerce services through secure and mobile transaction solutions (e.g. [13]). In addition, the presentation of personal information plays a significant role and thus user modeling is an important feature (e.g. [14]). Figure 1 illustrates the role of the personal information in such service environment. It uses the personal information as a building block for service provisioning. The management application contains customization toolset for users to handle the presentation, use, maintenance etc. of their personal information in the manner user desires. This customization toolset is built on the issues of privacy (storaging of personal information) , trust (boundaries, levels), context (environment data), security (i.e. authentication) and personalization. The functionalities (such as skin selections, color settings, presentation options etc.) of the customization toolset are on purpose left out of this paper.
PTD P2P communication (PAN)
Customization toolset Handling of Community spesific information Maintaining the Balance of Personalization vs. Privacy Management of Personal and Service Spesific Information
Wireless Broadband Access
AP
Figure 1: Use of Personal Information on the Ambient Service Environment
2
Personal Information
As it has been discussed above, information concerning the user is collected and widely used by different services. In order to find
out what information is collected and what parts of that information is really personal, few studies, i.e. information collected in web services and user perspective on that information, were performed.
Table 2 shows magazines are the most interested about the user’s points of interests (as user preference). This is probably required to determine, which advertisements the user sees on the web page when browsing the news. Similarly the free email servic es have advertisements on their pages and thus points of interest are requested. Knowledge about user’s interest can also help the magazine to determine what kind of articles its readers might be interested about. This is likely the reason for requesting the customer’s sex. On the contrary there seems to be no reason why email services want to know the gender of the user.
2.1 What is collected on the web-sites? Users of different web based services have noticed that the use of different services usually requires some type of registration for the service. In minimum a user login and password need to be set. Usually, however, a lot of different information is required. Eerola [15] has studied over 100 web-sites that offer different services (see Table 2). In general an average of 5 mandatory fields of information and 7 optional fields of information were requested. Some results of this study are presented in Table 1 and Table 2. Table 1 presents the five most collected pieces of data. In most cases the name was a mandatory field, even though its validity cannot be checked. The necessity of the user’s postal address could also be challenged. It also seems to be quite rare to ask personal preferences even though such information could be used for the personalization or customization purposes.
Besides the information that is requested on the registration, the services gather customer information by following the customer behavior on the service. One famous service, where such an action is evident is the bookstore amazon.com. Information gathered this way is often considered as the property of company [16].
Table 2 presents the use of personal information in different web services. As Table 1: What Personal Information is collected (five most frequently asked)? Personal Information (total = 23 different info)
Sum of Web sites
Name Email Address Postal Code City Address
Mandatory
95 94 71 61 60
Free of Choice
87 84 59 44 45
8 10 12 17 15
Table 2: Web Service Types and Personal Information comparison sample?
Identi fication Sex Point of Interests
Help desk
Maga zines
Web shops
E-Mail Services
Web Auctions
100
90
100
100
100
0
70
20
90
0
60
10
50
2.2 What Users are willing to share? Based on Table 1, it is evident that the identifying information is seen valuable by the services. In many cases it is unclear for
Adult Pages
Web Games
MP3
Others
100
80
80
100
30
10
40
30
35
10
10
0
0
15
the customer for what the service needs such information. In order to understand what information users (customers) are willing to share we have to understand what makes the information personal from the user point of view.
This was studied through Focus Group discussions with real service users. Focus Groups are especially used in multidisciplinary research consortiums and projects to aid the design process. For example, Hestnes et al. [17] have used Focus Groups as part of their technological design. In [17], the Focus Groups are used to find the user needs. Therefore, the motivation for using Focus Groups in this study was to raise the level of acceptability and, if possible, to
speed the technology adoption by the users through fulfilling the emerging personal needs. Several Focus Groups were carried out to find out how the users see personal information and its handling. The main member demographics were: young people (aged 20-25, equally men and women), students of Bachelor of Science, whose main study was not technology-oriented.
Table 3: Transition and Key Questions on the Focus Groups Question
Category
Would You use personalization in daily routines (e.g. use situations, service discovery or actual use of service)? In what kind of services would You use personalization and In what kind of situations would You use personalization. Make a list on both cases! What kind of personal information would You be willing to hold and maintain in Your personal end-user device? Make a list! To who or whom (users, organizations etc.) would You be willing to share that personal information?
Transition
In the Focus Group study (see Table 3.) the participants of the study were asked to name what they see to be personal information. The members listed the following personal information in no particular order: • • •
• • • • • • • • •
Contact Information Personal likings , items and hobbies Diaries Way of life and shopping Dating information Public Services Respect List Curriculum Vitae Personal Health Membership information Databanks (i.e. pictures) Birthdays and similar kind of important dates of special people
It seems that the young students were quite delicate when listing items of personal information. Some of these are same as those asked in web services but some of them really fit into the definition of personal information. For example medical records
Transition Key Key
are definitely personal, but should be usable in critical situations. This will lead to the second question of situations where personal information should be used. The participants were asked to list services and situations where they would use personal information. The following services and situations were named: Services: • Gallup • Emergency Services, • Public Services, • Postal, pharmacy and bank services, • information services, • Product data at or outside the shop Use situations: • Finding the service or product, • Finding the perfect partner • When being lost • Special interest, i.e. music festivals
2.3 Analysis of the Studies These studies were carried out in order to find how the services see personal information and how the real users see personal information. Even though both address the same issue (personal information) the studies revealed that the services link it more to the identification of the user as a customer. The users, however, see personal information as more complex issue. However, some conclusions can be drawn from the studies. The web-sites generally concentrated on asking identification information (e.g. name) and linking that information to some other customer information (e.g. point of interests). This information is then used to personalize the service. These questions, from the user point of view, fail to meet some of the user requirements, such as clear value proposition, control of personal information and decentralized control. As the users see lot of the requested information as personal, the service providers should consider more closely, whether the requested information is actually needed or not. Possibility to provide information required for personalized service without disclosing the identity would be welcomed by the customers. Some studies, however, e.g. [18] show that by adding privacy statements on the web sites lower the reluctance of users giving the personal information and thus eases the clear value proposition problem. The two latter questions cannot be handled. However, in our personalization management overview the management application can deal with the questions of control of personal information and decentralized control. The Focus Groups provided a list of personal information the users are willing to store on their personal trusted device. The list above provides the main characteristics (major summary) of different personal information. The list could vary from person to person and thus the management of the personal information needs to be highly customized on the user device. The lists are used to provide customizable user interface for the personal information management. This also applies to the other question answers, namely services and use situations.
The services and use situation listed by the participants can also be compared to the results of the web study. Based on Focus Group discussion it seems that use situations depend heavily on the real need for some information, e.g. correct location of the given service. However, such kind of services requires more spesific personal information that is not (or is not relevant to ask) asked by the web services. The last question on the table asked persons, organizations or some trusted parties that could get the personal information. The general reply from the participants was the reluctance of giving the personal information. The participants were more conservative in this question. They could give the information in the similar manner than in everyday life, i.e. only to persons they know in real life. However, one interesting reply was the exception of the emergency. In the case of emergency (e.g. traffic accident), the personal information should be instantly given by the system. These answers to the Focus Group questions provided the default user interface for personal information management. However, the user can individually customize the user interface based on personal motives. The user can make the interface look like a frog (or some other personal pet), can customize the use of personalized information, presentation of personal information etc. The customization toolset questions will be carried out in the subsequent Focus Groups.
3 Conclusion In this paper an approach in defining personal information management was presented. The meaning and use of personal information was studied from two different points of views (service and user). These studies were analyzed from user centric point of view. The paper also illustrated a personalization management overview of ambient service provisioning based on personal information. It emphasized user-centricness in order to ease the user requirements of learning technology and thus raising the acceptability of technology. Furthermore, it purposes to capitalize the user demand through using personal information as a building block in personalized service
provisioning. The overview also purposes to enhance the privacy, because all personal information is located on the user device and thus enabling decentralized control of personal information. References: [1] LaRose, R. and Rifon, N., Your privacy is assured – of being invaded: Web sites with and without privacy seals, Proceedings of IADIS E-Society 2003 conference, pp. 63-72, at Lissabon, Portugal, 3-6 June, 2003. [2] Kammer, D., McNutt, G., Sense, B. and Bray, J. Bluetooth Application Developer's Guide" Syngress Publishing Inc., 2002 [3] Web-Page about Personal Information and its management, available at; http://xml.coverpages.org/SyncMLPIM.html, Accessed 30.8.2004. [4] Bergman, O., Boardman, R., Gwizdka, J. and Jones, W. Personal Information Management, CHI 2004 Special Interest Group, Proceedings of CHI 2004, at Vienna, Austria, 24-29 April, 2004. [5] Ferscha A., Hechinger M., Mayrhofer R., dos Santos Rocha M., Franz M. and Oberhauser, R., Digital Aura, Proceedings of Advances in Pervasive Computing, Video paper at Pervasive 2004 conference, at Vienna, Austria, 18-23 April, 2004, ISBN 3-85403-176-9. [6] Porras, J., Hiirsalmi, P. and Valtaoja, A., Peer-to-Peer Communication Approach for a Mobile Environment, Proceedings of the 37th. Hawaii International Conference on System Science (HICSS) – 2004, at Hawaii, USA, 5-11 January, 2004. [7] Weippl, E., Essmayr, W., Personal Trusted Devic es for Web Services: Revisiting Multilevel Security, Mobile Networks and Applications, pp. 151-157, Vol. 8, April 2003. [8] Porras J., Jäppinen P., Hiirsalmi P., Hämäläinen A. and, Koponen R., Personal Trusted Device in Personal Communications, to be presented in IEEE 1st ISWCS 2004 conference, at Mauritius, September 20-24, 2004. [9] Heikkinen K., Jäppinen P. and Porras J., Personalization Information Management
System with Bluetooth Communication, Proceedings of IASTED CST 2003, Cancun 19-21 May, Mexico. ISBN: 0-88986-349-0. [10] Jäppinen, P., ME Mobile Electronic Personality, Ph.D Thesis, Lappeenranta, University of Technology, Acta Universitatis Lappeenrantaensis 183, ISBN 951-764-902-9, 2004. [11] Jäppinen, P. and Porras J., Analyzing the attributes of personalization information affecting storage location, Proceedings of IADIS International Conference on E-Society (2003), pp. 48-55, at Lisbon, Portugal, 3-6 June 2003. [12] Oldenburg, S. and Cap, C., SmartCard-based Multi User Security Concept for Mobile Devices, Proceedings of the WSEAS ISA 2004, pp. CD-ROM, WSEAS Press, Miami, Florida, USA, April 21-23,2004, http://www.worldses.org/online/index.html [13] Milanovic, S. and Mastorakis, N., Building a Strategic m-Commerce Services Platform, Proceedings of the WSEAS ISA 2004, pp. CD-ROM, WSEAS Press, Miami, Florida, USA, April 21-23,2004, http://www.worldses.org/online/index.html [14] Sebastiano Pizzutilo, S., De Carolis , B., Antonio Petrone, A. and Cozzolongo, G., Personalizing Interaction in a Mobile Environment, Proceedings of the WSEAS AIKED 2004, pp. CD-ROM, WSEAS Press, Salzburg, Austria, February 13-15, 2004 http://www.worldses.org/online/index.html [15] Eerola, J., Erityyppisten Internetpalveluiden keräämien henkilötietojen analysointi (in finnish), Final report of Student Work, Lappeenranta University of Technology, Department of Computer Science, 2003. [16] Kasanoff,B., Making It Personal, Perseus Publishing, 2001. [17] Hestnes, B., Brooks, P., Heiestad, S. Mobile Eye-phone – a study of relevance,effectiveness and user-perceived suitability, Telenor R&D publications, Report 2/2004, 2004. [18] Eatman,J.L. and Nemati,H. The Impact of Web Site Privacy statement Characteristics on User Comfort Levels" in Proceedings of the IADIS Intenational conference e-society 2003, pp.56-62, June 2003.