How Moments of Truth change the way we think about Privacy

Esther Görnemann recently presented her work at the Lab as part of the Privacy & Us doctoral consortium in London. Her work provides an important perspective on the crucial role that the individual experience of Moments of Truth plays in understanding how human beings think about privacy and how under which circumstances they start actively protecting it. Here is a brief overview of her current research as well as a short introductory video.

During preliminary interview sessions, a number of internet and smartphone users talked to me about the surprising experience when they realized that personal information had been collected, processed an applied without their knowledge.
In these interviews and in countless furious online reports, users expressed concern about their device, often stating they felt taken by surprise, patronized or spied upon.


Some examples:

  • In an interview, a 73-year old man recalled that he was searching for medical treatment of prostate disorders on Google and was immediately confronted with related advertisements on the websites he visited subsequently. Some days later, he also started to receive email spam related to his search. He said “I felt appalled and spied upon” and ever since had begun to consider whether the search he was about to conduct might contain information he would rather keep for himself.


  • A Moment of Truth that made headlines in international news outlets was the story of Danielle from Portland who in early 2018 contacted a local TV station and reported that her Amazon Echo had recorded a private conversation between her and her husband and had sent it to a random person of the couple’s contact list who immediately called the couple back, to tell them what he had received. The couple turned to Amazon’s customer service, but the company was not immediately able to explain the incident. When she called the TV station, Danielle expressed her feelings: “I felt invaded. A total privacy invasion. I’m never plugging that device in again, because I can’t trust it.” While Amazon later explained the incident, saying the Echo mistakenly picked up several words from the conversation and interpreted them as a series of commands to record and send the audio, Danielle still claims the device had not prompted any confirmation or question.  


  • An interview participant recalled how he coincidently revealed that his smartphone photo gallery was automatically synchronized with the cloud service Dropbox. He described his reaction with the words “Dropbox automatically uploaded all my pictures in the cloud. It’s like stealing! […] Since then I’m wary. And for sure I will never use Dropbox again.”

Drawing from philosophical and sociological theories, this research project conceptualizes Moments of Truth as the event in which the arrival of new information results in a new interpretation of reality and a fundamental change of perceived alternatives of behavioural responses.

The notion of control or agency is one of several influential factors that mobilizes people and is key to understand reactions to Moments of Truth.

The goal of my research is to construct a model to predict subjects’ affective and behavioural responses to Moments of Truth. A central question is why some people display an increased motivation to protest and claim their rights, convince others, adapt usage patterns and take protective measures. Currently, I am looking at the central role that the perception of illegitimate inequality and the emotional state of anger play in mobilizing people to actively protect their privacy.


Managing security under the GDPR profoundly



An interview with  Dr. Alexander Novotny:

The EU General Data Protection Regulation (GDPR) requires organizations to stringently secure personal data. Since penalties under the GDPR loom large, organizations feel uncertain about how to deal with securing personal data processing activities. The Privacy and Sustainable Computing Lab has interviewed the security and privacy expert Dr. Alexander Novotny on how organizations shall address security for processing personal data:






Under the GDPR, organizations using personal data will have stringent obligations to secure the processing of personal data. How can organizations meet this challenge?

Organization’s security obligations while processing personal data are regulated under Article 32 of the EU General Data Protection Regulation. Security is primarily the data controller’s responsibility. The data controller is the organization who determines the purposes and means of the processing of personal data. To ensure appropriate security, controllers and processors of personal data have to take technical and organizational measures, the so called “TOMs”. Which security measures are appropriate depends on the state of the art and the costs of implementation in relation to the risk. Organizations are only required to implement state of the art technology for securing data processing. The implementation of best available security technologies is neither a requirement in most cases, nor putting security technologies in place that are still not market-available or pre-mature. Also the nature, scope and context of data processing need to be taken into account. For processing dozens of IP addresses in an educational context, for example, different protection is adequate than for processing thousands of IP addresses in a healthcare context. For identifying reasonable TOMs, also the purposes of processing and the risks for the rights and freedoms of natural persons need to be considered.

How can the level of risk for the rights and freedom of natural persons be measured?

The GDPR outlines that the likelihood and the severity of the risk are important factors: the wording in Article 32 of the GDPR points to traditional risk appraisal methods based on probability and impact. These methods are commonly used in IT security already today. Many organizations therefore have classification schemes for likelihood and severity. Often, they categorize these two factors into the classes “low”, “medium” and “high”. Little historic experience in terms of likelihood and severity of security incidents is available. Without such experience, it is very difficult to meaningfully apply rational risk scales such as scales based on monetary values. Also, the ENISA recommends a similar qualitative risk assessment method in its 2017 handbook on the security of personal data processing. What data controllers need to keep in mind is especially the risk for the data subject in the first place and not the organization’s own risk. Thus, organizations have to take a different viewpoint, in particular organizations that have done a risk assessment with regard to an ISO 27001 information security management system already. These organizations need to amend the risk assessment by the viewpoint of the data subject.

What are these so-called TOMs?

Examples on technical and organizational measures are given in Article 32 of the GDPR. The regulation names pseudonymization and encryption of personal data as well as the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. Organizations need the ability to restore the availability and access to the personal data in the event of a physical or technical incident. Also, a process for regularly testing and evaluating the effectiveness of technical and organizational measures is required. Recital 78 of the GDPR refers to additional measures such as internal policies, for instance. What is remarkable here is that TOMs do not only aim to keep personal data confidential and correct. TOMs also target the availability and access to personal data as well as the resilience of IT systems that are used to process personal data. Availability and resilience of IT infrastructure is one of the traditional IT security goals. But from the viewpoint of data protection it has not been given high priority so far. Hence, organizations have to further integrate their data protection efforts with IT security in order to tackle these requirements set out by the GDPR.

How can a controller be sure that the identified and implemented TOMs are actually appropriate?

This is a question that is often asked by organizations complaining that the guidance provided by the GDPR is overly vague and legal certainty is low. With regard to this question of appropriateness a clash of cultures is often witnessed: on the one hand, technicians responsible for the implementation of the TOMs and, on the other hand, lawyers having an eye on GDPR compliance follow different approaches. Technicians are used to predetermined instructions and requirements. They take a very technological viewpoint and often desire that competent authorities issue specific hard facts lists of TOMs. In contrast, lawyers are used to structurally apply legal criteria for appropriateness and adequacy to real world cases. Instead of relying on predetermined lists of TOMs, organizations are now required to think in terms of what is best for the data subjects and for themselves when it comes to data security. Of course, predefined lists and templates of TOMs can be helpful to enlighten the state of the art. But organizations are required to make up their own minds which TOMs are particularly appropriate for them. This is particularly reflected in Article 32 of the GDPR. It states that the nature, scope and context of data processing need to be taken into account to determine appropriate TOMs.  To increase legal certainty for organizations, they are well advised to write down their particular approach on the selection of TOMs. If organizations comprehensively document their risk-based reasoning about which TOMs they implement to address the identified risks they will likely be safe in front of the law.

What can we understand under regularly assessing and evaluating the effectiveness of TOMs?
Practically this means that controllers need to operate a data protection management system (DMS). Within the scope of such a DMS, regular audits of the effectiveness of the implemented TOMs need to be conducted. Organizations can integrate the DMS into their existing information security management system. With such integration, they can leverage the continual improvement process that is already in place with established management systems. Also, the DMS  supports the required process of regularly testing and evaluating the effectiveness of TOMs.

About the interviewee:

Dr. Alexander Novotny is an information privacy and security specialist. He has been researching on privacy and data protection since the first proposal of the EU commission on the GDPR in 2012. He works as an information security manager for a large international enterprise based in Austria. He holds certification as a data protection officer, is lecturing on IoT security and advising EU-funded research and innovation projects on digital security and privacy.




2 days to GDPR: Standards and Regulations will always lag behind Technology – We still need them… A Blog by Axel Polleres

In the light of the near coming-into-effect of the European General Data Protection Regulation (GDPR) in 2 days from now, there is a lot of uncertainty involved. In fact, many view the now stricter enforcement of data protection and privacy as a late repair to the harm already done, in the context of recent scandals such as the Facebook/Cambridge Analytica breach, which caused a huge discussion about online privacy over the past month, culminating in Mark Zuckerberg’s testimony in front of the senate.

“I am actually not sure we shouldn’t be regulated” Mark Zuckerberg in a recent BBC interview.

Like for most of us, my first reaction to this statement was a feeling of ridiculousness, that in fact it is already far too late and that while such an incident as the Cambridge Analytica scandal was foreseeable (as for instance indicated by Tim Berners-Lee’s reaction to his Turing award back in 2017 already). So many of us may say or feel that the GDPR is coming too late.

However, we see another effect of regulations and standards than sheer prevention of such things happening: cleaning up after the mess.

(Source: uplodaded by Michael Meding to de.wikipedia)

This is often the role of regulations and also, likewise in a similar way the role of (technology) standards.

Technology standards vs legal regulations – not too different.

Given my own experiences on contributing to the standardisation of a Web Data query language, SPARQL1.1, this was very much our task: cleaning up and aligning diverging implementations of needed additional features which have been implemented in different engines to address user’s needs. Work in standards often involves compromises (also a parallel to legislation), so whenever being confronted with this or that not being perfect in the standard we created, that’s normally the only response I have… we’ll have to fix it in the next version of the standard.

Back to the privacy protection regulation, this is also what will need to happen, we now have a standard, call it “GDPR 1.0”, but it will take a while until its implementors, the member states of the EU, will have collected enough “implementation experiencee” to get through suggestions for improvements.

Over time, hopefully enough such experience will emerge to recollect best practices and effective interpretations of  the parts of the GDPR that still remain highly vague: take for instance, what does it mean that “any information and communi­cation relating to the processing of those personal data be easily accessible and easy to understand” (GDPR, recital 39)

The EU will need do continue to work towards GDPR1.1, i.e. to establish best practices and standards that clarify these uncertainties, and offer workable agreed solutions, ideally based on open standards.

Don’t throw out the baby with the bathtub

Yet, there is a risk: voices are already raising that GDPR will be impossible to execute in its full entirety, single member states try already to implement “softened” interpretations of GDPR (yes, it is indeed my home country…), or ridiculous business model ideas such as GDPRShield, are mushrooming to e.g. exclude European customers entirely, in order to avoid GDPR compliance.

There are three ways the European Union can deal with this risk:

  • Soften GDPR or implement it faintheartedly – not a good idea, IMHO, as any loopholes or exceptions around GDPR sanctions will likely put us de facto back into pre-GDPR state.
  • Stand with GDPR firmly and strive for full implementation of its principles, start working on GDPR1.1 in parallel, that is amending best practices and also technical standards which make GDPR work and help companies to implement it.

In our current EU project SPECIAL, which I will also have the opportunity to present again later this year at MyData2018 (in fact, talking about our ideas for standard formats to support GDPR compliant, interoperable recording of consent and personal data processing), we aim at supporting the latter path. First steps to connect both, GDPR legal implementation and working on technical standard, towards such a “GDPR1.1”, supported by standard formats for interoperability and privacy compliance controls, have been taken in a recent W3C workshop in my home university in Vienna, hosted by our institute a month ago.

Another example: Net Neutrality

As a side note, earlier in this blog, I mentioned the (potentially unintended) detrimental effects that giving up net neutrality could have on democracy and freedom of speech. In my opinion, net neutrality is the next topic we need to think about in terms of regulations in the EU as well; dogmatic rules won’t help. Pure net neutrality is no longer feasible, it’s probably gone and a thing of the past, where data traffic was not an issue of necessity. In fact, regulating the distribution of data traffic may be justifiable by commercial (thanks to Steffen Staab for the link) or by even non-commercial interests. For instance optimizing energy consumption: the tradeoffs need to be wisely weighed against each other and regulated, but again, throwing out the baby with the bathtub, as now potentially happened with the net neutrality repeal in the US should be avoided.

Javier D. Fernández – Green Big Data

I have a MSc and a PhD degree in Computer Science, and it’s sad (but honest) to say that in all my academic and professional career the word “privacy” was hardly mentioned. We do learn about “security” but as a mere non-functional requirement, as it is called. Don’t get me wrong, I do care about privacy and I envision a future where “ethical systems” are the rule and no longer the exception, but when people suggest, promote or ask for privacy-by-design systems, one should also understand that we engineers (at least my generation) are mostly not yet privacy-by-design educated.

That’s why, caring about privacy, I like it so much to read diverse theories and manifestos providing general principles to come up with ethical, responsible and sustainable designs for our systems, in particular where personal Big Data (and all the variants, i.e. Data Science) is involved. The Copenhague letter (promoting open humanity-centered designs to serve society), the Responsible Data Science principles (fairness, accuracy, confidentiality, and transparency) and the Ethical Design Manifesto (focused on maximizing human rights and human experience and respect human effort) are good examples, to name but a few.

Acknowledging that these are inspiring works, an engineer might find the aforementioned principles a bit too general to serve as an everyday reference guide for practitioners. In fact, one could argue that they are deliberately open for interpretation, in order to adapt them to each particular use case: they point to the goal(s) and some intermediate stones (i.e. openess or decentralization), while the work of filling up all the gaps is by no means trivial.

Digging a bit to find more fine-grained principles, I thought of the concept of Green Big Data, to refer to Big Data made and use in a “green”, healthy fashion, i.e, being human-centered, ethical, sustainable and valuable for the society. Interestingly, the closest reference for such term was a highly cited article from 2003 regarding “green engineering” [1]. In this article, Anastas and Zimmerman inspected 12 principles to serve as a “framework for scientists and engineers to engage in when designing new materials, products, processes, and systems that are benign to human health and the environment”.

Inspired by the 12 principles of green engineering, I started an exercise to map such principles to my idea of Green Big Data. This map is by no means complete, and still subject to interpretation and discussion. Ben Wagner and my colleagues at the Privacy & Sustainable Computing Lab provided valuable feedback and encouraged me to share these principles with the community in order to start a discussion openly and widely. As an example, Axel Polleres already pointed out that “green” is interpreted here as mostly covering the privacy-aware aspect of sustainable computing, but other concepts such as “transparency-aware” (make data easy to consume) or “environmentally-aware” (avoid wasting energy by letting people run the same stuff over and over again) could be further developed.

You can find the Green Big Data principles below, looking forward for your thoughts!

12 Principles of Green Engineering

12 Principles of Green Big Data

Related topics

Principle 1

Designers need to strive to ensure that all material and energy inputs and outputs are as inherently non-hazardous as possible.

Big Data inputs, outputs and algorithms should be designed to minimize exposing persons to risk.

Security, privacy, data leaks, fairness, confidentiality, human-centric

Principle 2

It is better to prevent waste than to treat or clean up waste after it is formed.

Design proactive strategies to minimize, prevent, detect and contain personal data leaks and misuse.

Security, privacy, accountability, transparency

Principle 3

Separation and purification operations should be designed to minimize energy consumption and materials use.

Design distributed and energy-efficient systems and algorithms that require as little personal data as possible, favoring anonymous and personal-independent processing.

Distribution, anonymity, sustainability

Principle 4

Products, processes, and systems should be designed to maximize mass, energy, space, and time efficiency.

Use the full capabilities of existing resources and monitor that it serves the needs of individuals and the society in general.

Sustainability, human-centric, societal challenges, accuracy

Principle 5

Products, processes, and systems should be “output pulled” rather than “input pushed” through the use of energy and materials.

Design systems and algorithms to be versatile, flexible and extensible, independently of the scale of the personal data input.



Principle 6

Embedded entropy and complexity must be viewed as an investment when making design choices on recycle, reuse, or beneficial disposition.

Treat personal data as a first-class but hazardous citizen, with extreme precautions in third-party personal data reuse, sharing and disposal.

Privacy, confidentiality, human-centric

Principle 7

Targeted durability, not immortality, should be a design goal.

Define the “intended lifespan” of the system, algorithms and involved data, and design them to be transparent by subjects, who control their data.

Transparency, openness, right to amend and to be forgotten,


Principle 8

Design for unnecessary capacity or capability (e.g., “one size fits all”) solutions should be considered a design flaw.

Analyze the expected system/algorithm load and design it to meet the needs and minimize the excess.

Sustainability, scalability, data leaks

Principle 9

Material diversity in multicomponent products should be minimized to promote disassembly and value retention.

Data and system integration must be carefully designed to avoid further personal data risks.

Integration, confidentiality, cross-correlation of personal data

Principle 10

Design of products, processes, and systems must include integration and interconnectivity with available energy and materials flows.

Design open and interoperable systems to leverage the full potential of existing systems and data, while maximizing transparency for data subjects.

Integration, openness

Interoperability, transparency

Principle 11

Products, processes, and systems should be designed for performance in a commercial “afterlife”.

Design modularly for the potential system and data obsolescence, maximizing reuse.

Sustainability, Obsolescence

Principle 12

Material and energy inputs should be renewable rather than depleting.

Prefer data, systems and algorithms that are

open, well-maintained and sustainable in the long term.

Integration, openness

Interoperability, sustainability


[1] Anastas, P. & Zimmerman, J. 2003. Design through the 12 principles of green engineering. Environmental Science and Technology 37(5):94A–101A

Let’s Switch! Some Simple Steps for Privacy-Activism on the Ground

by Sarah Spiekermann, Professor of Business Informatics & Author,

Vienna University of Economics and Business, Austria

Being an “activist” sounds like the next big hack in order to change society for the better; important work done by really smart and courageous people. But I wonder whether these high standards for activism suffice to really change things on the ground. I think we need more: We need activism on the ground.

What is activism on the ground?

By activism on the ground I mean all of us need to be involved: anyone who consumes products and services. Anyone who currently does not engage in any of those “rational choices” that economists ascribe to us. Lets become rational! Me, you, we all can become activists on the ground and make markets move OUR way. How? By switching! Switching from the products and services that we currently buy and use, where we feel that the companies who provide us with these services don’t deserve our money or attention or – most importantly – any information about your private life.

For the digital service world I have started to think about how to switch for quite some time. And in November last year I started a project with my Master Class in Privacy & Security at Vienna University of Business and Economics: We went out and tested the market leading Internet Services that most of us use. We looked into their privacy policies and checked to what extent they give us fair control over our data or – in contrast – hide important information from us. We benchmarked the market leaders with their privacy-friendly competitors. We looked at their privacy defaults and the information and decision control they give us over our data. To check whether switching to a privacy-friendly alternative is a realistic option. We also compared all services’ user experience (nothing is worse than functional but unusable security…). And guess what? Ethical machines are indeed out there.

So why not switch?

Here is the free benchmark study for download that gives you the overview.

Switching your messenger services

For the messenger world, I can personally recommend Signal, which works just as well as WhatsApp does; only that it is blue instead of green. I actually think that WhatsApp does not deserve to be green, because the company shares our contact network information with anyone interested in buying it. My students found that Signal’s privacy design is not quite as good as Wickr Me. I must admit that I had some trouble using Signal on my new GSMK Cryptophone where I obviously reject the idea of installing GooglePlay; but for normal phones Signal works just fine.

Switching your social network

When it comes to social networks, I quit Facebook long ago. I thought the content got a bit boring in these past 4-5 years as people have started to become more cautious in posting their really interesting stuff. I am on Twitter and find it really cool, but the company’s privacy settings and controls are not good. We did not test for Twitter addictiveness …

I signed up with diaspora* which I have known for a long time, because its architecture and early set-up was done by colleagues in the academic community. It is building on a peer-to-peer infrastructure and hence possesses the architecture of choice for a privacy-friendly social network. Not surprisingly, my students found it really good in terms of privacy.  I am not fully done with testing it myself. I certainly hate the name “diaspora”, which is associated with displacement from your homeland. The name signals too much negativity for a service that is actually meant to be a save haven. But other than that I think we should support it more. Interesting enough my students also benchmarked Ello, that is really a social network for artists by now. But as Joseph Beuys already famously proclaimed “Everyone is an artists”, right? I really support this idea! And since their privacy settings are ok (just minor default issues…), this is also an alternative for creative social nomads to start afresh.

Switching your maps service

HERE WeGo is my absolute favorite when it comes to a location service. And this bias has a LONG history, because I already knew the guys who build the service in its earliest versions back then in Berlin (at the time the company was called Gate5). Many of this service’s founding fathers were also members of the Chaos Computer Club. And guess what: when hackers build for themselves, they build really well.

For good reasons my students argue that OSMAND is a great company as well. Especially their decisional data control seems awesome. No matter what you do: Don’t waste your time throwing your location data into the capitalist hands of Google and Apple. Get rid of them! And and Waze are not any better according to our benchmark. Location services that don’t get privacy right are the worst we can carry around with us, because letting anyone know where we are at any point in time is really stupid. If you don’t switch for the sake of privacy, switch for the sake of activism.

Switching E-Mail services

I remember when a few of my friends started to be beta-users of gmail. Everyone wanted to have an account. But ever since Google decided to not only scan all our e-mails for advertising purposes but also combine all this knowledge with everything else we do with them (including search, YouTube, etc.) As a result I turned away from the company. I do not even search with Google anymore, but use Startpage as a very good alternative.

That said, gmail is really not the only online mail provider that scans all you write and exchange with others. As soon as you handle your e-mail in the cloud with free providers you must kind of expect that this is the case. My students therefore recommend to switch to Runbox. It is a pay-for e-mail service, but the price is really affordable starting with € 1,35 per month with the smallest package and below € 5 for a really comfortable one. Also: Runbox is a hydropowered e-mail service. So you also do something good for the environment supporting them. An alternative to Runbox is Tutanota. Its usability was rated a bit weaker in comparison to Runbox, but it is available for free.

Switching Calender Systems

Calendars are next to our physical locations and contact data an important service to care about when it comes to privacy. After all, the calendar tells whether you are at home or not at a certain time. Just imagine an online calendar was hacked and your home broken into while you are not there. These fears were pretty evident in class discussions I had with my students who created the benchmark study and we therefore compared calendar apps as well. All the big service providers are really not what you want to use. Simple came up as the service of choice you can use on your phone; at least if you have an Android operating system. If you do not have the calendar on you phone or no Android, Fruux is the alternative of choice for you.

In conclusion, there are alternatives available and you can make meaningful choices about your privacy. The question is now, will you be willing to do so?

Consent Request

Olha, would you be so kind and introduce yourself and your project?

My name is Olha Drozd. I am a project related research associate at theInstitute of Management Information Systems, working on the SPECIAL (Scalable Policy-aware Linked Data Architecture For Privacy,Transparency and Compliance) project a Research and Innovation Actionfunded under the H2020-ICT-2016-1 Big Data PPP call ( At the moment, together with my colleagues,I am working on the development of the user interface (UI) for theconsent request that will be integrated into the privacy dashboard.

Would you please explain the privacy dashboard?

With the help of the privacy dashboard users would be able to access the information about what data is/was processed about them, what is/was the purpose for the data processing, and what data processors are/were involved. The users would also be able to request correction and erasure of the data, review the consent they gave for the data processing and withdraw that consent.

We have two ideas of how this dashboard could be implemented:

  1. Every company could have their own privacy dashboard installed on their infrastructure.
  2. The privacy dashboard could be a trusted intermediary between a company and a user. In that case we would have different companies that are represented in a single dashboard.

As I mentioned in the beginning, I am concentrating on the development of different versions of UI for the consent request that could be integrated into the dashboard. Our plan is to test multiple UIs with the help of user studies to identify better suitable UIs for different contexts. At the moment we are planning to develop two UIs for the consent request.

Olha, would you please tell us more about the consent request?

Before a person starts using an online service he/she should be informed about:

  • What data is processed by the service?
  • How is the data processed?
  • What is the purpose for the processing?
  • Is the data shared and with whom?
  • How is the data stored?

All this information is presented in a consent request, because the user has not only to be informed but has to give his/her consent to the processing of his/her data. We are now aiming to create a dynamic consent request, so that users have flexibility and more control over giving consent compared to all-or-nothing approach that is used by companies today. For example, if the person wants to use wearable health tracking device (e.g. for a FitBit watch) but he/she does not want to have an overview of the statistics of all day heart rate but just activity heart rate, then he/she could allow collection/processing of the data just for the purpose of displaying activity heart rate. It should be also possible to show only the relevant information for the specific situation to the user. In order to ensure that the user is not over burdened with consent requests we are planning to group similar requests into categories and ask for consent once per category. Additionally, it should be possible to adjust or revoke the consent at any time.

At the moment, the main issue for the development of the consent request is the amount of information that should be presented to and digested by a user. The general data protection regulation (GDPR) requires that the users should be presented with every detail. For example, not just the company, or the department that processes the information – the users should be able to drill down through the info. In the graph below you can see an overview of the data that should be shown to users in our small exemplifying use case scenario where a person uses health tracking wearable appliance [1]. You can see how much information users have to digest even in this small use case. Maybe for some people this detailed information could be interesting and useful, but if we consider the general public, it is known that people want to immediately use the device or service and not spend an hour reading and selecting what categories of data for what purpose they can allow to be processed. In our user studies we want to test what will happen if we give users all this information.

Olha, you have mentioned that you were palnning to develop two UIs for the consent request. Would you explain the differences between those two?

One is more technical and innovative (in a graph form) and the other one is more traditional (with tabs, like in a browser). We assume that the more traditional UI might work well with older adults and with people who are not so flexible in adapting to change, new styles and new UIs. And the more innovative one could be more popular with young people.

[1] Bonatti P., Kirrane S., Polleres A., Wenning R. (2017) Transparent Personal Data Processing: The Road Ahead. In: Tonetta S., Schoitsch E., Bitsch F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2017. Lecture Notes in Computer Science, vol 10489. Springer, Cham

“Why RFID Chips are Like a Dog Collar” Interview with Sushant Agarwal, Privacy and Sustainable Computing Lab


Sushant would you please introduce yourself and tell us about your scientific work and background?


Sushant: My name is Sushant Agarwal. I did my Bachelor and Masters in India in Aerospace Engineering at the Indian Institute of Technology Bombay.During this time, I did an internships at the University of Cambridge where I worked on a project related to RFID. There I had to carry several RFID enabled cards – key cards to unlock the university doors, college main entrance, my dorm room and also an id-card for a library. I used to wonder why they don’t just create one RFID chip which would work for everything. Later, I started my thesis which dealt with machine learning. This was the time I started thinking about privacy and how centralisation is not always a good approach. After my studies, I got an opportunity here to work on a project that combined both privacy and RFID.

Would you tell us a little more about this project?

The EU project which was called SERAMIS (Sensor-Enabled Real-World Awareness for Management Information Systems) has been dealing with the use of RFID in fashion retail. My work focused more on the privacy aspects. If you look at clothes that you buy from big fashion retailers, along with the price tags there can be RFID chips as well, which are slowly replacing the security tags or the fancy colour bombs they were using before.

Would you also tell us about the tool you created at the Lab called “PriWUcy”?

This was part of the SERAMIS project as well. We had to develop a tool for Privacy Impact Assessments. When we started developing this tool the landscape of data protection related regulation changed to the General Data Protection Regulation (GDPR). Because of this regulatory change a lot of things in our Privacy Impact Assessment tool had to be adjusted. This was the time when we thought about a sustainable solution and came up with the idea to model the legislation in a machine-readable way in order to easily update the tool based on the changes in the interpretation of the GDPR.


Sushant, what is privacy for you?

For me personally, privacy is all about control. I want to have the ultimate control of my data. At least I should be allowed to say who should get my data, as well as what kind of data they should have access to. So it shouldn’t be like logging in online and starting Facebook in one of your tabs and then Facebook tracks you for all the rest of the websites that you browse. That is something I really hate. I try to use online services where I can have the maximum amount of control possible.


Would you give us an example for how you make use of your knowledge on privacy in your daily life?


Yes, for me the concept of smart homes is something very interesting. And to try this out on a small scale, I started out with some smart bulbs. I bought  some smart-bulbs from China to experiment with. These bulbs work using Wi-Fi and through a switch in my apartment I was communicating first with a server in China and then the server was controlling my light switch. One could say the server in China was a middleman in the process of switching on my lights. And I didn’t really like this design so I looked at some open source alternatives like where I had better control and I could avoid the middleman.


A GlobArt Workshop at WU’s Privacy & Sustainable Computing Lab November 10, 2017

The Privacy & Sustainable Computing Lab together with GlobArt and Capital 300 hosted a Round Table discussion about artificial intelligence (AI), Ubiquitous Computing and the Question of Ethics on the 9th of November 2017 in Vienna. We were happy to have Jeffrey Sachs as our distinguished guest at this 4-hour intense Workshop on the future of AI. Other distinguished speakers were Bernhard Nessler from Johannes Kepler University Linz introducing to the limits of AI as well as Christopher Coenen unveiling the philosophical and historical roots of our desire to created artificial life.

The session and its speakers were structured by three main questions: What can general AI really do from a technical perspective?

What are the historical and philosophical roots of our desire for artificial life?

What sorts of ethical frameworks should AI adhere to?

The speakers argued that there is a need to differentiate between AI (Artificial Intelligence) and AGI (Artificial General Intelligence), where AI (like IBM Watson) needs quality training as well as quality data, lots of hardware and energy. In contrast, AGI is able to work with unstructured data and can have a better energy consumption rate. The other advantage of AGI is that it can react to un- foreseen situations and could be more easily applicable to various areas. One point that was stressed during the debate was that a lot of the terminology used in the scientific field of AI and AGI is borrowed from neuroscience and humans proper intelligence. Since machines – as experts confirmed – do not live up to this promise, using human-related terminology could lead to a misleading of the public as well as overly confident promises by industry.

It was discussed whether the term ”processing” might be more suitable than ”thinking” – at least at the current state.

Another phenomenon could be due to science fiction (Isaac Asimov, Neal Stephenson …) or Movies like ”Her” or ”Ex Machina”, where we rather should differentiate the terms AGI and Artificial Life. 
What are the socio-cultural, historical and philosophical roots of our desire to create a general artificial intelligence and to diffuse our environments with IT systems?
 ”The World, the Flesh & the Devil” a book published in 1929 by J. Desmond Bernal was a named inspiration for the concept of the ”mechanical man”. This book in turn provided an excellent introduction into the debate about transhumanism, which often goes hand in hand with the discussion about AI. Some prominent figures in technology – such as Ray Kurzweil or Elon Musk – frequently communicate transhumanistic ideas or philosophies.

What ethical guidance can we use as investors, researchers and developers or use in technical standards to ensure that AI does not get out of control? Concerning this question, there was a general agreement on the need to have some basic standards or even regulations of upcoming AI technology. Providing one example of such standards, the IEEE is working on Ethical Aligned Design guidelines under the leading phrase “Advancing Technology for Humanity.” Here particular hope is put into P7000 (Model Process for Addressing Ethical Concerns During System Design) that sets out to describe value based engineering. Value based engineering is an approach aiming to maximize value potential and minimize value harms for human beings in IT-rich environments. The ultimate goal of value based engineering is human wellbeing.

In conclusion, the event provided an excellent basis for further discussions about AI and it’s ethics for both experts and students alike.

Speakers at the Roundtable:

  • Christopher Coenen from the Institute for System Analysis and Technology Impact Assessments in Karlsruhe
  • Peter Hampson from the University of Oxford
  • Johannes Hoff from the University of London
  • Peter Lasinger from Capital 300
  • Konstantin Oppel from Xephor Solutions
  • Michael Platzer from Mostly AI
  • Bill Price who is a Resident Economist
  • Jeffrey Sachs from Columbia University
  • Robert Trappl from the Austrian Research Institute for AI
  • Georg Franck who is Professor Emeritus for Spacial Information Systems
  • Bernhard Nessler from Johannes Kepler University
  • Sarah Spiekermann – Founder of the Privacy & Sustainable Computing Lab and Professor at WU Vienna.