More on Augmented Reality

Augmented Reality: Hard Problems of Law and Policy

Lab alumni Franziska Roesner, Tamara Denning, with Bryce Clayton Newell, and Directors Tadayoshi Kohno, Ryan Calo wrote “Augmented Reality: Hard Problems of Law and Policy” for the recent Workshop on Usable Privacy & Security for wearable and domestic ubIquitous DEvices (UPSIDE).

In this paper they describe their vision of AR and explore the unique and difficult problems AR presents for law and policy–including around privacy, free speech, discrimination, and safety.

iAffiliates Day with Avatars and Virtual Environments

(photo credit Liz Gealach)

The University of Washington’s iSchool recently held their iAffiliates Day and used the “un-conference concept” to highlight the interesting research being done by members of the iSchool. At an un-conference, ideas for topics are presented to the audience and those that gain interest breaking into smaller groups to discuss them. A staple of the video game industry for years now, the idea of playing a game through an online avatar was one of the topics chosen by the audience. Both offline games like The Sims and massively popular online ones such as World of Warcraft and Second Life place a user in a virtual world behind an avatar. Ran Hinrichs, CEO of 2b3d and member of the iSchool at the University of Washington spoke on the topic. Ran, led a presentation on where the online avatar is today, what we have learned and what we can build.

What we have learned from avatars online revolves around what Ran refers to as “the psychology of an avatar.” His research aims to gain a better understanding of how a person’s avatar fits in and interacts with others in virtual worlds. Ran’s findings have linked taller avatars to better success rates in closing deals and transactions with other players. Social stigma concerning appearance still exists in these online communities. As an example, Ran explained that an avatar with a birthmark on its face, even when the player is broadcasting his actual face through a chat portal, will be treated differently than someone without the birthmark. Movement also factors into interactions online. Avatars that move their head as they speak, similar to someone speaking in real life, offer a movement that feels more realistic to other users and one that has shown to get more attention from those users. Proximity is recognized as well, with users preferring to maintain a normal conversational space. These qualities of avatars that Ran highlighted at iAffiliates serve to define a space that is becoming more and more populated, a space that has also become an eleven billion dollar industry.

Object creation was the center of Ran’s conference lecture, he detailed just how far building within virtual environments has come. Using Second Life as an example, he explained the digital portability of objects. Users can come together within the virtual environment and create a new object for it. For instance, if three users wanted to create a door, one could make the model of the door and define its shape. Another could create the texture of the door that is placed on it to make it resemble its real life counterpart. And finally the third user could create a script for the door to open and close. A key feature  of this door is that IP rights are encompassed in its creation. Users can then then turn around and not only sell the product or a copy on the market, but also prevent others from building their own copy of the product itself or any IP protected feature of it (i.e. the second user’s texture. This step is what has transformed object development into the eleven billion dollar industry it is today and makes the online avatar relevant in discussions across many fields.

For now though, Ran recognized that virtual environments are big and though they have been since 2003, they have not yet been recognized by most as one of the next big things in the technological field. The reason for this is two-fold: Realism and Cost. Concerning virtual worlds, the realism idea of the uncanny valley holds that humans will have a hard time playing within hyper-realistic settings or even playing through an avatar that looks like them. The similarities become too unnerving to a user and drive them away from the game. Cost has also held users back as even owning a region in Second Life costs $1000 to begin with and $295 every month. Ran did not seem concerned when addressing these issues, he expects the industry will continue to be on the rise. Part of those expectations stem from understanding that a product like this is likely to attract a different form of customer – retail. Will customers be able to walk down the virtual aisles of Costco or Amazon anytime soon? Ran sees it as a definite possibility, and one that could elevate the industry to even greater heights.

Security and Privacy for Augmented Reality Systems

Augmented Reality (AR) technologies promise to enhance our perception of and interaction with the real world. Unlike virtual reality systems, which replace the real world with a simulated one, AR systems sense properties of the physical world and overlay computer-generated visual, audio, and haptic signals onto real-world feedback in real time. In this article, we consider the security and privacy concerns associated with AR systems themselves as well as those that arise from the supporting technologies.

Spotlight on Tech Policy Lab Scholar Franzi Roesner

(pictured with fellow Tech Policy Lab member Adam Lerner)

The Tech Policy Lab has interesting projects in the works thanks to our student scholars. We are lucky to count Franzi Roesner from UW’s Computer Science & Engineering as one of our Lab members. Part of the 2013 Rising Stars in EECS at MIT, Franzi is doing fascinating work on security and privacy for modern and emerging client platforms, specifically in the domains of third-party web tracking, permission granting in modern operating systems (such as smartphones), secure embedded user interfaces, and most recently, emerging augmented reality platforms.

In work based out of Lab Director Tadayoshi Kohno’s UW Security and Privacy Research Lab, Franzi has investigated Snapchat, analyzed the security of augmented reality systems, and helped remotely take over cars.  Her latest paper (with Professor Kohno and David Molnar), Security and Privacy for Augmented Reality Systems was just published as the cover story in the April issue of Communications of the ACM (Association for Computing Machinery), and considers the security and privacy concerns associated with augmented reality systems and the supporting technologies.

We asked Franzi how she decided she wanted to research computer security and privacy:

“When I took a computer security class during my time as an undergraduate, I was hooked. Most other classes I had taken taught me how to get things to work better, faster, and smarter, but this one taught me how to view designs skeptically and to challenge assumptions. That was exciting and seemed important. Besides fitting well with my naturally anxious nature, security and privacy as a research area also allows me to be very broad in what topics or technologies I focus on, to work at different levels of the computing stack (from low-level system details to human users), and to interact with researchers across different areas of computer science and beyond. I also believe that security and privacy issues are among the most important problems that affect real users of technology, and I want to help make sure that we can have the benefits of exciting emerging technologies—like augmented reality—without opening ourselves up to new risks.”

Below is some of Franzi’s recent work

Web and smartphone applications commonly embed third-party user interfaces like advertisements and social media widgets. However, this capability comes with security implications and while browsers have evolved to address many of these issues, mobile systems do not yet support true embedding. In, Securing Embedded User Interfaces: Android and Beyond, Franzi explores the requirements for a system to support secure embedded user interfaces, describes the experience of modifying Android, and discusses concrete techniques for creating secure embedded user interfaces.

Malicious or suspicious smartphone applications can misuse their access to the user’s system to secretly leak location data or send costly premium SMS messages. Today’s smartphone operating systems, such Android and iOS, rely on the user to make decisions about which permissions an application should have. We know that asking the user—such as with a prompt that asks if it’s okay for an application to use the current location—is neither particularly usable nor secure. In User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems, Franzi proposes a technique called access control gadgets to capture a user’s intent to grant a permission to an application in more usable way.

Third-party tracking on the web gets a lot of attention, but in her paper, Detecting and Defending Against Third-Party Tracking on the Web, Franzi explains its workings remain poorly understood. The authors’ goal was to dissect how mainstream web tracking occurs, and they developed a method for detecting and classifying five kinds of third-party trackers. They found that most commercial pages are tracked by multiple parties, trackers vary widely in their coverage, and many trackers exhibit a combination of tracking behavior. Based on this work, they released a web tracking detection platform called TrackingObserver and a defense for social media trackers (such as the Facebook “Like” button) called ShareMeNot.