"Digital Living 2010: Sensors, Privacy, and Trust"
David Kotz, Dartmouth College

Digital technology plays an increasing role in everyday life, and 
this trend is only accelerating.  Consider daily life five years from 
now, in 2010:  we will each be surrounded by far more digital 
devices, mediating far more activities in our work, home, and play; 
the boundary between cyberspace and physical space will fade as 
sensors and actuators allow computers to be aware of, and control, 
the physical environment; and the devices in our life become 
increasingly (and often invisibly) interconnected with each other and 
with the Internet.   Furthermore, the increasingly pervasive reach of 
the Internet enables a blurring of work life and home life, and 
private life and public life, as people conduct their professional 
and personal business from anywhere, any time.

Today's typical home user, with a personal computer and a DSL 
connection, is already incapable of managing the security of their 
system and the privacy of their activities online, against the 
onslaught of worms and spyware and attempts to abuse user's trust 
through phishing.  Digital Living in 2010 (DL2010) will be far more 
complex, unmanageably complex, as the average homeowner struggles to 
integrate and administer dozens of computerized devices that interact 
with each other and with Internet services.   Their organizations, 
including employers,  schools, and governments, also face increased 
complexity and risk as their members work from home or bring their 
home life to work, dissolving traditional security boundaries and 
disrupting the traditional infrastructure in which the organization 
manages all of the relevant devices and services.  Ultimately, the 
digital citizen of 2010 may find the benefits of this technology 
disappear among the complexity and increased risk.

For example, consider the advent of sensor networks, and their 
applications in the home and work environment.   Sensor networks have 
been an active area of academic research.  Although they are just now 
becoming commercially available for deployment in industrial 
settings, we expect that sensor networks will soon have many uses in 
enterprise and residential settings.  Indeed, these sensor networks 
may finally allow the realization of Weiser's "ubiquitous computing" 
vision, in which computing blends into the environment and users 
interact with their digital environment through intuitive interfaces. 
Ubiquitous computing requires trustworthy sensors and networks, and 
to be trustworthy these networks must be both secure and robust.

Thus, there remain many critical questions, however, before people 
will be comfortable with DL2010 and in particular sensor networks 
that monitor human activity.  Can the average home user effectively 
configure, manage, and maintain these complex, heterogeneous 
distributed systems?  Can the network be trusted to securely sense, 
aggregate, and carry sensitive information (such as the location, 
activity, or health of occupants)?   Can the network be trusted to 
produce valid results, or at least indicate when its results are 
uncertain?     Can the network detect or resist attacks that attempt 
to discover its secrets or disrupt its behavior, even when the 
adversary is an insider with access to a sensor device?   What 
trade-offs are occupants willing to make, between the conveniences 
provided by the sensor-based applications and the potential risk to 
their privacy?  What interfaces allow the user to control the use of 
information about themselves, and effect these tradeoffs?   How do 
the interests of occupants and their organizations (employer, or 
building owner, for example) relate, and how does that affect the 
technology?  How can this technology, with perhaps thousands of 
sensors and actuators in a single home, not become a tool for 
dangerous new "denial of service" attacks -- on the home or business 
where they are deployed?  These embedded technologies may be 
installed, and used, for tens of years -- how can long-embedded 
devices continue to participate as technology advances?  How can 
occupants be assured that the infrastructure is not used to "spy" on 
them, particularly when they enter a space containing infrastructure 
not managed by them?

The grand challenge is to develop, deploy, and evaluate DL2010 
technology in ways that address the above concerns, and allow average 
people to be comfortable (and benefit from!) living in digitally 
enhanced spaces.  This subject is at the nexus of computer science, 
social science, and business, requiring extensive and ongoing 
collaborative efforts.  The project requires next-generation Internet 
technology, because it is fundamentally connecting large collections 
of tiny, heterogeneous sensors and actuators; the DL2010 network must 
scale both in size and manageability far beyond today's Internet.

Although I sketch this challenge as a five-year challenge, I expect 
that the full vision, and necessary research, will likely take 5-10 
years to complete.   One metric of success, perhaps ten years out, is 
widespread deployment of substantial aspects of the DL2010 technology 
vision in the home, without significant challenges in terms of 
manageability, availability, security, or privacy.