Mobiscopes for Human Spaces - UCLA REMAP

© 2005 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for

creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained

from the IEEE.

For more information, please see www.ieee.org/portal/pages/about/documentation/copyright/polilink.html.

MOBILE AND UBIQUITOUS SYSTEMS

www.computer.org/pervasive

Mobiscopes for Human Spaces

Tarek Abdelzaher, Yaw Anokwa, Péter Boda, Jeff Burke, Deborah Estrin,Leonidas Guibas, Aman Kansal, Samuel Madden, and Jim Reich

Vol. 6, No. 2April–June 2007

This material is presented to ensure timely dissemination of scholarly and technicalwork. Copyright and all rights therein are retained by authors or by other copyright

holders. All persons copying this information are expected to adhere to the terms andconstraints invoked by each author's copyright. In most cases, these works may not be

reposted without the explicit permission of the copyright holder.

20 PERVASIVEcomputing Published by the IEEE Computer Society ■ 1536-1268/07/$25.00 © 2007 IEEE

Mobiscopes for Human Spaces

Amobiscope is a federation of distrib-uted mobile sensors into a taskablesensing system that achieves high-density sampling coverage over awide area through mobility. Mobis-

copes affordably extend into regions that static sen-sors cannot, proving especially useful for applica-tions that only occasionally require data from each

location. They represent a newtype of infrastructure—virtual inthat a given node can participatein forming more than one mobis-cope, but physically coupled tothe environment through carri-ers, including people and vehi-cles. Mobiscope applicationsinclude public-health epidemio-logical studies of human expo-sure using mobile phones andreal-time, fine-grained automo-bile traffic characterization usingsensors on fleet vehicles. Althoughmobility has proven critical inmany scientific applications, suchas Networked InfomechanicalSystems for science observato-ries,1 we focus on the challengesand opportunities mobiscopespose in human spaces.

Mobiscopes complement sta-tic sensing systems by address-ing the fundamental limitationscreated by fixed sensors. System

designers can’t always place sensing devices withsufficiently high spatial density to accurately sample the field of spatially varying phenomena,

making it impossible to satisfy the spatial band-limiting guarantees that traditional sampling cri-teria require. Covering large areas can be chal-lenging because of the need for long dwell times,the unavailability of wired power, the impracti-cality of battery replacement, the inability of anyentity to install devices across the entire area, andthe expense of purchasing and maintainingenough devices. Equally important, target sensortypes might be unavailable or unaffordable in theform of autonomous instruments, further moti-vating mobile, human-in-the-loop instruments.For example, city-scale air quality measure-ments—which typically use costly mass spec-trometers to measure pollutants—are expensivewhen using fixed-sensor infrastructures but couldbe substantially cheaper and could cover muchlarger areas if sensors were mounted on mobilenodes (for example, cars).

This combination of application demand andincreasingly powerful wireless and sensing tech-nology suggests that it’s time to consider a generalarchitecture for mobiscopes. To understandwhat’s needed to build a unified system, we con-sider several broad classes of mobiscope. We dis-cuss common architecture challenges, existingsolutions, and major areas for future work.

Classes of mobiscopesEarly mobiscopes arose directly from widely

available sensing modalities in networked devices.Examples include image sensors in mobilephones, GPS in phones and vehicles, and theincreasingly diverse telemetry available in vehi-cles. We consider these as representatives of twobroad categories of mobiscope.

Mobiscopes extend the traditional sensor network model, introducingchallenges in data management and integrity, privacy, and networksystem design. Researchers need an architecture and generalmethodology for designing future mobiscopes.

B U I L D I N G A S E N S O R - R I C H W O R L D

Tarek AbdelzaherUniversity of Illinois at Urbana-Champaign

Yaw AnokwaUniversity of Washington

Péter BodaNokia Research Center

Jeff Burke and Deborah EstrinUniversity of California, Los Angeles

Leonidas GuibasStanford University

Aman KansalMicrosoft Research

Samuel MaddenMassachusetts Institute of Technology

Jim ReichPalo Alto Research Center

Vehicular mobiscopesOne category is vehicular applications

for traffic and automotive monitoring,2

where a subset of equipped vehicles sensesvarious surrounding conditions such astraffic, road conditions, or weather. Thesemobiscopes exploit the spatial oversam-pling often provided by dense vehicle traf-fic to produce useful information beforeall vehicles can send data. However, evenwhen vehicular instrumentation achievesnearly 100 percent market penetration,subsampling the data intelligently willprevent network congestion and savestorage and processing space.

Initial probe applications have alreadybeen deployed commercially. For exam-ple, Inrix (www.inrix.com) uses anon-ymous GPS data to provide real-timetraffic measurements for freeways andlocal streets. Vehicular mobiscopes canquery for certain traffic types. For exam-ple, the EZCab application uses vehicle-to-vehicle communication to find avail-able taxi cabs.3 The probe-car conceptcan extend to other applications, such asaugmenting the number of NavTeq orTeleAtlas vehicles used for street map-ping or increasing the update frequencyof Microsoft’s street-level imagery cap-ture for Virtual Earth. Probe cars canalso acquire high-density maps of road-ways and measure road conditions,weather, and pollution using sensorsbuilt into cars and phones.

Handheld mobiscopesThe second emerging category is

mobiscopes that use handheld devices.Coarse-grained location information caninform studies ranging from the healthimpact of exposure to highway toxins toan individual’s use of transportation sys-tems. Researchers have proposed auto-mated image and acoustic capture toprovide user feedback on diet, exercise,and personal interaction as well as toidentify and share real-time informationabout civic hazards and hotspots. An

interesting example is civic participationduring a crisis, where individuals couldexercise a loose form control over sen-sor placement.4 Users ranging frompolice officers to citizens could use theircell phone cameras to photograph trou-

ble spots in their neighborhood. Such acivic system could request that policeofficers document unexplored areas orintervene in trouble spots.

A similar concept of camera-basedmapping can apply to tourism. Forexample, tourists at the Taj Mahal mightshare their photographs in virtual al-bums that potential visitors can thenbrowse to see all perspectives of the mau-soleum. Researchers have paid specialattention to metadata management tofacilitate such sharing.5

Common requirementsThe applications we’ve mentioned

share several important requirements thatare also a priority for mobiscope opera-tion and acceptance. For example, datapersistence must be assured even whensensing nodes leave the data collectionarea or when no mobile nodes are pre-sent. At the same time, data access tendsto be spatially correlated with the users’location and can change rapidly (some-what predictably) as the user moves. Thesystem can use data to make decisions inreal time. It might use a human-in-the-loop as an actuator, sensor, interpreter, orresponder. Because the system will exploitsensors and mobility sources already inthe environment, social constraints onsystem behavior come into play. Manyprivate and public entities will likely shareownership of sensors and the resultingdata, so we can’t assume trust, coordi-

nated deployment, and respect of users’privacy. The needed sensor data might befragmented across multiple networks, andconnectivity and user needs might changedynamically with motion. Furthermore,the metadata (such as sensor position, ori-

entation, and calibration parameters)must also compatibly cross networks.

The commonality of problems acrossa wide range of envisioned mobiscope sys-tems calls for a general architecture anddesign guidelines for future mobiscopes.This architecture will not only encouragecomponent reuse and reduce develop-ment costs but also promote interoper-ability among future mobile sensing sys-tems. The systems will need commoninterfaces to negotiate privacy settings,exchange data feeds, distill information,and perform coordinated actuation on thephysical world. The literature discussessuch architectures’ components but oftenfocuses on a specific application type—for example, an architecture for vehicle-to-vehicle live video streaming6,7 or archi-tectural support for heterogeneity basedon a MediaBroker.8

Mobility and samplingcoordination

Fundamentally, mobiscopes’ perfor-mance depends on mobility patterns oftransporters—which are stochastic andwhose movement patterns range fromhighly structured (such as road traffic)to less structured (such as foot traffic)—and on sensor densities that can varywidely over time and space. Several chal-lenges arise from mobility. The networkorganization can be highly variable, bothin terms of sensing coverage and radioconnectivity. Nodes might not have con-

APRIL–JUNE 2007 PERVASIVEcomputing 21

Heterogeneity is a fundamental

and beneficial quality of mobiscopes,

not just a problem to overcome.

nectivity at all times and locations whenthey collect data. Understanding dataacquisition and distribution behavior inthe network is therefore nontrivial.

Often, uncoordinated mobile nodessense areas that other nodes have alreadyvisited, but they don’t visit rarely trav-eled areas frequently enough. For exam-ple, in MIT’s CarTel project (see figure1), researchers have equipped cars withsmall embedded computers, wirelessradios, and GPS sensors and cameras formeasuring road speed and capturingroad conditions.9 Members of the com-munity drive the cars as they go abouttheir daily business. Unfortunately, theirdaily business often takes them on thesame routes, providing only sparse cov-

erage of back roads and outlying com-munities while the MIT campus is highly(and redundantly) covered.

Mobility also causes challenging dy-namic behavior in sensor allocation andnetwork topologies. In a typical mobis-cope, particular regions in space will likelybe of interest, but the motion of the sen-sors (especially when commuters or pe-destrians are carrying them) might makecoverage for those regions poor. Forexample, the midblock regions of road-ways with traffic lights often contain nocars, so data might be unavailable fromthat region, creating a hole in the peer-to-peer network as well. The mobile sensingdevices’ availability can depend on userbehavior and device characteristics. For

example, users might forget or turn offtheir phones, making them unavailable tothe mobiscope, or a data service might notbe available during a telephone conver-sation. We need solutions to these chal-lenges. Sensors’ availability can alsochange drastically with time, as with carsand pedestrians at rush hour comparedto low availability at midnight.

Application adaptation Applications must adapt to the net-

work’s available communication andsensing characteristics. For instance, theycould buffer data when connectivity isunavailable or dynamically adapt theirspatial scope. Mechanisms from disrup-tion-tolerant networks and data-mulling

22 PERVASIVEcomputing www.computer.org/pervasive


Open wireless access point

User’s wirelessaccess point

Other CarTel networks

Local CarTelcollecting

traffic,CAN info

Peer-to-peerinformation exchange

Internet

Clients

CarTelHQIn: Road speeds, sensor dataOut: Alerts, info

Data-analysisbackend

Queries

Opportunistic IPrelaying via 802.11,WiMAX, and so on

GUIs/Viz

Figure 1. CarTel—a typical mobiscope.

contexts will be increasingly important.Analytic foundations also help explainglobal network behavior and the extentto which adaptation can help maintainacceptable system performance. Researchhas addressed adaptation to someextent—for example, summarizing datain low-bandwidth environments10 ortrading latency for bandwidth by usingvehicles to carry large amounts of data.11

Yet, substantial questions remain, par-ticularly with respect to global resourceoptimization. It’s unclear how to bestrelate diverse resources such as total datatransfer bandwidth, data freshness, datapropagation latency, and application-rel-evant metrics such as traffic conditionsor time of day.

Actuated mobilityIn some mobiscopes, it might be possi-

ble to task some or all of the nodes to visita specific location to collect informationon demand. We call such mobiscopesactuated, and the actuatable nodes actua-tors. In an actuated mobiscope, servernodes can record areas that most need tobe visited and can task actuators to visitthose areas either one at a time or as partof a circuit. Actuated mobiscopes presentnumerous interesting research challengesrelated to determining the value of observ-ing a particular location or collecting infor-mation versus the cost of sending an actu-ator to that location. One common wayto address these challenges is to formulatethem as an optimization problem thataims to maximize the utility of informa-tion collected in a particular time periodor subject to an energy or cost constraint.12

Distributed robotics has also addressedsimilar coverage problems.1,13

Opportunistic connectivity In networks without predictable

mobility, opportunistic connectivity—where nodes happen to come into con-tact with each other or with networkinfrastructure (such as an open 802.11

network)—can substantially improveconnectivity. This technique performsbetter than mechanisms that wait untilnodes return to some “home” locationwhere infrastructure connectivity existsand can be cheaper and potentially moreefficient than solutions that rely on fixedcellular infrastructure (where upstreamdata rates are typically highly con-strained). Important techniques worthexploiting include

• building low-level network protocolsthat can quickly identify and associ-ate with nearby nodes (without, forexample, long address acquisition orchannel negotiation delays)9 and

• designing routing algorithms that candeliver data through such oppor-tunistic connections (for example, byusing limited-scope flooding or ex-ploiting point-to-point long-haul con-nections in the network).

Prioritization In many mobiscopes, it’s likely that the

system will capture more informationthan it can deliver in real time. One solu-tion is aggregation,14 but another alter-native is prioritization, which assigns dif-

ferent priorities to pieces of collecteddata and delivers data in priority order.In some cases, simple prioritization,where particular data types (such asemergency alerts15) are given greater im-portance, might be sufficient. However,a more coordinated form of prioritiza-

tion is necessary when different nodescover overlapping geographic areas toavoid wasting valuable bandwidth onredundant data reports. To avoid redun-dant reports, you need coordination—for example, before sending large col-lections of sensor readings to a serverresponsible for presenting data to theuser, a mobile node might first send acompact summary of its data. The servercan then examine the summary anddetermine what information is valuablegiven the data it has already receivedfrom other mobile nodes. CarTel em-ploys a similar technique.16 In addition,many applications have data require-ments that vary with time, location, andtheir need for frequent, low-latency datadelivery. This might be summarized bya more complex utility function that canradically increase efficiency over fixed-priority approaches.17

Challenges and opportunitiesof heterogeneity

Mobiscopes will come into beingthrough many different mechanisms. Insome cases, hardware will be explicitlydeployed as a single mobiscope to achievea particular data-collection goal. In oth-ers, already deployed devices will be fed-

erated into an ad hoc collection throughtheir owners’ participation. In still dif-ferent cases, virtual mobiscopes will beformed by correlating gathered datawithout edge devices.

Mobiscopes will thus take on varioustopologies and structures, federate devices


Heterogenous sensing systems are far more

immune to weaknesses of any one sensing

modality and more robust against defective,

missing, or malicious data sources than even

carefully designed homogeneous systems.

with different capabilities, and drawtogether components with varying levelsof trust and credibility. We can classifyheterogeneity in mobiscopes across sev-eral dimensions: structure and topology,transducer performance, data ownership,and data dissemination qualities (such asresolution). Irregular data streams are in-evitable owing to sensors’ mobile nature.We must prepare applications that canadapt task allocations and service levelsto the available resources.

Heterogeneity is a fundamental, bene-ficial quality of mobiscopes, not just aproblem to overcome. Heterogenous sens-ing systems are far more immune to theweaknesses of sensing modalities and farmore robust against defective, missing, ormalicious data sources than even carefullydesigned homogeneous systems. In somecases, the information the applicationneeds is available only by fusing data fromseveral different sensing modalities. More-over, the same qualities necessary to sup-port heterogeneous sensors also help thesystem adapt to new varieties of sensorsthat are developed over time or broughtfrom other areas into the sensed space.

Heterogeneity of ownershipUnlike a sensor network that a single

entity (such as a corporation or univer-sity laboratory) has assembled, mobis-copes must be federated from individu-ally owned devices, held or worn byowners who might not be trustworthyand might not maintain their devices ingood condition. This exposes the mobis-cope to intentional or accidental injec-tion of incorrect data or biased sampling.It also raises issues of data integrity, trust,security, and selective sharing that thearchitecture should address.

Heterogeneous data resolutionand types

Applications can use the available datato derive and maintain metrics at multipleresolutions with varying coverage in spaceand time. For instance, imagine a systemof wearable ski-slope monitoring devicesthat collect data from poll-mounted sen-sors.18 Coarser granularity measurementsmight be available for more area and timeinstances, while finer-granularity data isserved only for specific regions (namely,the more populated slopes). Applications

can receive regularized grid interpolationsderived from raw data. Simple interpola-tions might be sufficient for smoothlyvarying data such as temperature, whilemore complex known or learned dynam-ics models fill in the gaps in faster-vary-ing or sparser data. In addition, bufferingdata and providing aggregates over mul-tiple time-window sizes might allow thedata from an irregularly sampled worldto yield reasonably uniform coverage asdata trickles in over time. Researchershave examined using model-based tech-niques to improve the quality of datadespite missing values,19,20 but adaptingthis work to heterogeneous data of vary-ing types remains a challenge.

Data heterogeneity also presents chal-lenges when trying to integrate data frommany different sensors. Nokia’s Sensor-Planet effort (www.sensorplanet.org; seefigure 2) and the Microsoft SensorMapproject invite users to submit data fromtheir own sensing deployments. Althoughthese efforts present a great potentialresource, to effectively use the data, weneed to a way to combine and query thesedifferent data sets.



Application 2 Novel use cases

“Green phones”providing

environmental data,sharing

Application 1

Central datarepository

Sink node

Sink node

“Service manifolds” Traffic, masses of people...

the more data shared, the more accurate

“Urban games”Locations shared,

participation of the public

Mobile phones act as asensor node and/or sink node

Mixed sensor networks thatconsist of ordinary sensors and

mobile sensors

Figure 2. The Nokia SensorPlanet initiative. Data from various sources is collected in a central repository that users can queryand process.

Robustness throughdata heterogeneity

So, heterogeneity is both a difficultyand an asset. Heterogeneity of devicesimplies that different transducers (forexample, image, acoustics, physical sen-sors, and user annotations) are availableat different times at the nearby locations.However, mobiscopes’ nature impliesthat any sensor fusion algorithm relieson the transporters and the network todetermine when it will receive data andwhat type of data will arrive. This putsadditional stress on the sensor fusion andestimation algorithms. This also suggestssignificant advantages for model-drivenapproaches such as Kalman filters21 orparticle filters,22 which adapt well toirregular sampling and allow the use ofheterogeneous sensor models and sys-tems dynamics models. In some cases,system designers can even harness het-erogeneity to increase the robustness todefective, malicious, or unavailable sen-sors.23

Tackling data privacyThe topic of privacy hinges on com-

plex policy issues that vary culturally andlegally among societies, but fundamen-tally, it’s about people’s ability to controlinformation flow about themselves.These issues are especially difficult inmobiscopes because the connectionbetween the observed party and the sen-sor collecting information is implicit inthe transporters’ relationships and be-cause entities collecting data often inad-vertently reveal information about them-selves. The nodes’ distributed ownershipand control makes policies even moredifficult to define, let alone enforce.

Policy definitionBeyond data distribution and manage-

ment, data privacy issues present impor-tant trade-offs between the need for selec-tive sharing and the network informationoutput’s fidelity, configurability, usability,

and verifiability. The inability to publiclyassociate data with sources (for privacyreasons) could lead to loss of context,which reduces the network’s ability togenerate useful information. Conversely,revealing too much context can poten-tially thwart anonymity, violating privacyrequirements.

For example, consider sampling ambi-ent sound from a carried cell phone tomap sound pollution profiles or as aproxy for exposure to highways andassociated fumes. Similarly, consider theuse of cell phone cameras as a form ofcivic engagement where citizens docu-ment concerns such as uneven sidewalks,lack of handicap access, and overflow-ing trash cans. Clearly, these data aremore meaningful if the users send theassociated GPS readings along with theprimary data. However, transmission ofGPS data could reveal the user’s identity(for example, if the GPS trace ends up ata particular address most nights). It canalso shed light on user activities.

This problem is often termed locationprivacy.24 Ensuring location privacy is across-cutting challenge that has implica-tions for routing25 and energy manage-ment.26 A mobile node isn’t restricted toa known private space under a singleuser’s jurisdiction but passes throughmultiple spaces. Furthermore, a mobilenode isn’t part of a dedicated applicationbut might serve different applications atdifferent times. So, the system mightrequire effective user interfaces and, insome cases, automatic adaptation.

Local processingRelated to these concerns is an indi-

vidual’s need to keep something from

becoming data, not just reducing accessto collected data. In many contexts, thismeans putting the selectivity and filteringcapabilities on the end-user node itselfrather than relying on post facto filter-ing. Another alternative is to give theuser a private server space in which toreview his or her data before release4—

at the expense of latency and otherusability aspects, of course.

VerificationAnother related issue is trust and data

integrity. It’s important to develop sys-tems where users can verify data’s cor-rectness without violating the source’sprivacy. Moreover, because distributeddata management in mobiscopes relieson user cooperation, a challenge becomesintroducing proper incentives that pro-mote successful participation and preventabusive access with the purpose of “gam-ing the system.” In some cases (such as apeer-to-peer vehicle or handheld devicenetwork), privacy constraints, transienceof communication between participants,and the sheer number of participantsmight actually make cryptographicallyauthenticating the user’s identity unde-sirable or impractical. In these cases, thecorrect solution might be to instead relyon redundancy in the sensor data to val-idate a data source anonymously.27 Theliterature presents an early account ofmany other privacy (and security) issuesin sensor networks.28

Privacy preserving data miningAlthough we can resolve several pri-

vacy challenges by employing a trustedauthority that guarantees nondisclosure,the need to be trusted increases the bar-


It’s important to develop systems

where users can verify data’s correctness

without violating the source’s privacy.

rier to entry for anyone who might wantto contribute aggregation and searchfunctions to the sensor Web. This begsthe question: Can a system achieve pri-vacy-preserving aggregation and searchwithout trusting the entity performingthese operations? In this case, a user isn’twilling to share his or her data (with theuntrusted node) but might be interested

in the result of aggregation over the tar-get community. An important field thatsolves this problem is privacy-preservingstatistics and data mining.29 Typically,the system uses additive random noiseto perturb data without affecting the sta-tistics to be collected. It can then use per-turbed data, for example, to computeoriginal data distributions30 or constructdecision trees for data classification31

without disclosing original values. Consider a trivial example where a

population wants to compute its aver-age undetected number of speeding vio-lations per month (as measured by speedsensors mounted in vehicles that corre-late actual speed to the speed limit readfrom a map at the vehicle’s current GPSlocation). A trivial solution is one whereeach sensor adds a zero-mean randomnumber to the actual number of viola-tions, sharing the resulting total. The dis-closed total doesn’t reveal the actual pri-vate data. Nevertheless, averaging thetotals over a large population gives thetrue population average (because theadded noise averages out). This has theadditional benefit that if the populationisn’t large enough, the computed statis-tic isn’t accurate. This is an advantagebecause in a small population (for exam-

ple, a society of three), knowing an accu-rate average can reveal a lot about theindividual values.

The choice of the best perturbationalgorithm for a data set is a nontrivialproblem that has received much atten-tion.32 Researchers have also studied theextent to which additive noise improvesprivacy, revealing cases where private data

can be reconstructed in violation of theintent from perturbation. For example,private data reconstruction is possible inthe presence of high data correlation.33

Another challenge is developing ro-bust solutions (with respect to variousattacks on privacy) that apply to statis-tical operations such as regression (usedin the traffic example) and classification(used in learning). In general, becausefuture mobiscopes’ main goal will beinformation distillation from raw data,system designers will need theoreticalfoundations for obfuscating the raw datain a way that reconciles privacy require-ments on individual measurements withthe ability to compute certain aggregateproperties of the collective.

Networking challengesIntegrating sensing-capable mobile

devices into the networking infrastruc-ture shifts the network’s main utilityfrom data communication to informa-tion filtering. For humans to make senseof the constantly increasing flow of datafrom sensors (and other sources), theymust have tools to selectively filter,aggregate, and disseminate data on thebasis of individual data consumers’expressed or statistically most likely

needs. A direct result of this informationreduction requirement is the need fornetwork storage as a key service becauseaggregation and filtering both imply aneed to buffer information for a poten-tially long time. Users might need to usedisruption-tolerant protocols and archi-tectures34 to diffuse data toward desti-nations and buffer data when no oppor-tunities exist for making progress.

Information reduction in disruption-tolerant networks raises a host of researchchallenges. One such challenge is proto-cols that integrate opportunistic en routeaggregation mechanisms with buffering.The interplay between storage and datareduction in mobiscopes also offers inter-esting directions for rethinking other basicnetwork functions such as congestion con-trol. For example, you can reduce infor-mation more aggressively as a congestioncontrol mechanism to alleviate high stor-age use or to increase user privacy by keep-ing data local. A direct consequence of theneed to process (for example, reduce) datainside the mobiscope is having to focus onnetwork programming issues. So, a mobis-cope architecture should present not onlycommunication protocol and data man-agement interfaces but also programminginterfaces for in-network computation. Inshort, the advent of ubiquitous networksof mobile embedded devices shifts the fun-damental networking paradigm, offeringapplication programmers interesting chal-lenges in network architecture, protocoldesign, and exported abstractions. Resolv-ing these challenges to shape future net-work standards will be a most interestingtask for the research community over thenext decade.

Human factorsand social implications

Mobiscopes will be tightly coupled withtheir users. This presents significanthuman-factors design challenges and manysociocultural implications that extendbeyond limited notions of privacy in data



Mobiscopes will be tightly coupled

with their users, presenting significant

human-factors design challenges and many

sociocultural implications.

transmission and storage. Both of theseissues should become integral considera-tions for designing future mobiscopes.

Academics contemplating observing sys-tems for various disciplines—includingsocial sciences, public health, arts, andhumanities—have considered social issuesstemming from the autonomous observa-tion of individuals by information tech-nology.35–37 Mobiscopes are part of ourmaturing ability to silently watch ourselvesand others, and their design and develop-ment must consider related social issues.Traditional responses to these concernsoften postpone serious investigationbecause the technology is somehow con-sidered immature. This is no longer true,so we propose four areas for the commu-nity to have a richer discussion of theseobserving technologies’ social implications:

• explicitly considering broader policyprecedents in information privacy asthey apply to mobiscopes,

• extending popular education on infor-mation technology’s new observationcapabilities,

• facilitating individuals’ participationin sensing their own lives, and

• helping users understand and audittheir own data uploads.

For example, Rakesh Agrawal and hiscolleagues applied the Organisation forEconomic Co-operation and Develop-ment international guidelines for data pro-tection—collection limitation, data qual-ity, purpose specification, use limitation,security safeguards, openness, individualparticipation, and accountability—tomedical-record databases.37 They demon-strated that implementing or supportingsuch ideals in technology presents richresearch problems with few immediatesolutions to practical concerns. Similarly,Harry Hochheiser compared the WorldWide Web Consortium’s Platform for Pri-vacy Preference with the US data privacypolicy.38 Mobiscope system design should

begin with a similarly broad considerationof the existing policy base and the practi-cal concerns of the people being sensedrather than focusing solely on narrowerchallenges, such as protecting sensitivedata during transmission and storage.

Finally, mobiscope design can involveuser interfaces of mobile devices, whichhaven’t been present in traditional embed-ded systems. We also suggest that havinga local UI provides a key opportunity forambient and explicit feedback to the useron what data uploads are occurring frommobile devices at any given time. It canalso help users configure their sensing par-ticipation and provide feedback on oper-ational status. An effective interface mightpresent real-time streams or historicalexamples of locally collected data to helpusers decide their desired privacy andsharing settings. Or it might present long-term features extracted from local orremote data over some geographic region.

For instance, an application providingboth upload feedback and location-basedinformation might display a stream ofautomobile traffic information from anaggregation service on a map by color orline thickness (instead of actual numbersof passing cars in a part of a city) orthrough simple classification such asavoid, heavy traffic, easy, and practicallyno traffic categories on a speech-enabledinterface. At the same time, the display ofa multimodal interface might remind usersthat the system was anonymously sharingtheir positions to contribute to the trafficmap and give them the option to disableit. This alone presents many challenges inguaranteeing to the user that the system isactually doing what it says it’s doing.

Existing research partially ad-dresses some of the challengesmobiscopes pose—for example,several researchers have ad-

dressed privacy in sensor networks25,39 andexamined network architectures for par-

ticular classes of mobiscopes.9 Unfortu-nately, this early work didn’t address thebroader architectural issues that must beconsidered before mobiscopes can bewidely deployed. Much work must still bedone on platforms and APIs that offer effi-cient, robust, private, and secure net-working and sensory data collection in theface of heterogeneous connectivity andmobility.

REFERENCES1. R. Pon et al., “Networked Infomechanical

Systems (NIMS): Next Generation SensorNetworks for Environmental Monitoring,”IEEE MTT-S Int’l Microwave Symp.Digest, June 2005, pp. 4.

2. B.S. Kerner et al., “Traffic State Detectionwith Floating Car Data in Road Net-works,” Proc. 2005 IEEE Int’l Conf. Intel-ligent Transportation Systems (ITS 05),IEEE Press, 2005, pp. 44–49.

3. P. Zhou et al., “EZCab: A Cab BookingApplication Using Short-Range WirelessCommunications,” Proc. 3rd IEEE Int’lConf. Pervasive Computing and Commu-nications, IEEE CS Press, 2005, pp. 27–38.

4. A. Parker et al., “Network System Chal-lenges in Selective Sharing and Verificationfor Personal, Social, and Urban-Scale Sens-ing Applications,” Proc. 5th Workshop HotTopics in Networks, ACM Press, 2006, pp.37–42.

5. M. Davis et al., “MMM2: Mobile MediaMetadata for Media Sharing,” CHI 05Extended Abstracts on Human Factors inComputing Systems, ACM Press, 2005, pp.1335–1338.

6. M. Guo, M.H. Ammar, and E.W. Zegura,“V3: A Vehicle-to-Vehicle Live VideoStreaming Architecture,” Proc. 3rd IEEEInt’l Conf. Pervasive Computing and Com-munications, IEEE CS Press, 2005, pp.171–180.

7. M.D. Dikaiakos et al., “VITP: An Infor-mation Transfer Protocol for VehicularComputing,” Proc. 2nd ACM Int’l Work-shop Vehicular Ad Hoc Networks, ACMPress, 2005, pp. 30–39.

8. M. Modahl et al., “MediaBroker: An Archi-tecture for Pervasive Computing,” Proc.


2nd Ann. IEEE Int’l Conf. Pervasive Computing and Communica-tions, IEEE CS Press, 2004, pp. 253–262.

9. B. Hull et al., “CarTel: A Distributed Mobile Sensor Computing Sys-tem,” Proc. 4th Int’l Conf. Embedded Networked Sensor Systems,ACM Press, 2006, pp. 125–138.

10. A. Talukdar, B.R. Badrinath, and A. Acharya, “Rate Adaptation



the AUTHORSTarek Abdelzaher is an associate professor in theComputer Science Department of the University of Illi-nois at Urbana-Champaign. His research interests in-clude real-time computing, distributed systems, sensornetworks, and control. He received his PhD in adap-tive real-time systems from the University of Michigan.He is the editor in chief of the Journal of Real-Time Sys-tems and an associate editor of IEEE Transactions onMobile Computing, IEEE Transactions on Parallel and Dis-

tributed Systems, ACM Transactions on Sensor Networks, and Ad Hoc Net-works. He’s a member of the IEEE and ACM. Contact him at the Dept. ofComputer Science, Univ. of Illinois at Urbana Champaign, 201 N. Good-win Ave., Urbana, IL 61801; [email protected].

Yaw Anokwa is a PhD student in computer science atthe University of Washington. His research interests arebuilding, deploying, and evaluating low-cost technolo-gies that positively impact the developing world andexploring the ubiquitous computing and human-com-puter interaction problems in that space. He has a BScin computer science from Butler University and a BSc inelectrical engineering from Indiana University–PurdueUniversity Indianapolis. Contact him at Computer Sci-

ence and Eng., Box 352350, Univ. of Washington, Seattle, WA 98195;[email protected].

Péter Boda is a principal scientist at the Nokia Re-search Center, Palo Alto. He heads SensorPlanet, aNokia initiative on large-scale mobile-device-centricwireless sensor networks, which aims to set up a globalopen-research framework with the participation ofleading universities. His research interests include datafusion of sensor information and the development ofmobile applications where the physical and digitalworlds merge to provide a better user experience, as

well as advanced user interface solutions with fused contextual and sensorinformation accurately describing the user’s intention. He received hisLicTech from the Helsinki University of Technology. Contact him at theNokia Research Center, 955 Page Mill Rd., Palo Alto, CA 94304; [email protected]; http://research.nokia.com/people/peter_pal_boda.

Jeff Burke is the executive director of REMAP, the Cen-ter for Research in Engineering, Media, and Perfor-mance at the University of California, Los Angeles. Incollaboration with UCLA’s Center for Embedded Net-worked Sensing, he’s focusing on urban public spaceuses for mobile, embedded, and media technologies,including approaches that involve communities in sys-tem specification and design. Contact him at REMAP,Univ. of California, Los Angeles, 102 E. Melnitz Hall,

Los Angeles, CA 90095-1622; [email protected].

Deborah Estrin is a professor of computer science at theUniversity of California, Los Angeles, where she holds theJon Postel Chair in Computer Networks. She’s also thefounding director of the university’s NSF-funded Centerfor Embedded Networked Sensing. Her research inter-ests include rapidly deployable and robustly operatingdistributed systems of physically embedded devices,with particular application to environmental monitoring.She received her PhD in computer science from the

Massachusetts Institute of Technology. She is a Fellow of the IEEE, ACM,and AAAS (the American Association for the Advancement of Science).Contact her at the UCLA Computer Science Dept., 3531H Boelter Hall,Box 951596, Los Angeles, CA 90095-1596 ; [email protected]; http://cens.ucla.edu/Estrin.

Leonidas Guibas is a professor of computer science atStanford University, where he heads the Graphics Labo-ratory’s Geometric Computation group. He’s also part ofthe university’s AI Laboratory, Bio-X Program, and ICME.Program. His research interests include computationalgeometry, geometric modeling, computer graphics,computer vision, robotics, ad hoc communication andsensor networks, and discrete algorithms. He receivedhis PhD from Stanford University. He’s an ACM fellow.

Contact him at the Computer Science Dept., Gates Bldg., Stanford Univ.,Stanford, CA 94305; [email protected].

Aman Kansal is a researcher in Microsoft Research’sNetworked Embedded Computing group, where he’sdeveloped a shared and programmable mobile phonesensor network. His research interests include sensor-actuator networks, pervasive computing, wireless andmobile computing, and embedded systems. He receivedhis PhD in electrical engineering from the University ofCalifornia, Los Angeles. He’s a member of the IEEE andACM. Contact him at Microsoft Research, 1 Microsoft

Way, Redmond, WA 98052; [email protected].

Samuel Madden is an assistant professor in the ElectricalEngineering and Computer Science Department and amember of the Computer Science and Artificial Intelli-gence Laboratory at the Massachusetts Institute of Tech-nology. His research interests include all areas of data-base systems, modeling and statistical techniques forvalue prediction and outlier detection in sensor networks,high-performance database systems, and networkingand data processing in intermittently connected environ-

ments. Contact him at 32 Vassar St., Rm. 32-G938, Cambridge, MA 02139;[email protected].

Jim Reich is a researcher at the Palo Alto Research Cen-ter, where he leads the Embedded Collaborative Com-puting Area. His research interests include collaborativesignal processing for acoustic and video sensor net-works, distributed tracking, resource-aware program-ming approaches, and control of object-mover airjetarrays and space vehicles. He received his MS in electri-cal and computer engineering from Carnegie MellonUniversity. Contact him at PARC, 3333 Coyote Hill Rd.,

Palo Alto, CA 94304; [email protected]; www.parc.com/jreich.

Schemes in Networks with Mobile Hosts,”Proc. 4th Ann. ACM/IEEE Int’l Conf.Mobile Computing and Networking, ACMPress, 1998, pp. 169–180.

11. E. Brewer et al., “The Case for Technologyin Developing Regions,” Computer, vol. 38,no. 6, 2005, pp. 25–38.

12. A. Meliou et al., “Data Gathering Tours inSensor Networks,” Proc. 5th Int’l Conf.Information Processing in Sensor Net-works, ACM Press, 2006, pp. 43–50.

13. A. Howard, L. Parker, and G. Sukhatme,“Experiments with Large HeterogeneousMobile Robot Team: Exploration, Map-ping, Deployment, and Detection,” Int’l J.Robotics Research, vol. 25, no. 5, 2006, pp.431–447.

14. S. Madden et al., “TinyDB: An AcqusitionalQuery Processing System for Sensor Net-works,” ACM Trans. Database Systems,vol. 30, no. 1, 2005, pp. 122–173.

15. A. Festag, R. Schmitz, and R. Baldessari,“InterVehicle Communication— Improv-ing Driver Control and Vehicle Safety,”demo presented at 11th Ann. Int’l Conf.Mobile Computing and Networking (MOBI-COM 05), 2005.

16. Y. Zhang et al., “IceDB: Continuous QueryProcessing in an Intermittently ConnectedWorld,” to be published in Proc. 23rd IEEEInt’l Conf. Data Eng. (ICDE 07), IEEEPress, 2007.

17. A. Ghosh et al., “Variable-Resolution Infor-mation Dissemination,” Proc. 2nd Ann.IEEE Communications Society Conf. Sen-sor and Ad Hoc Communications and Net-works, IEEE Press, 2005, pp. 487–497.

18. S.B. Eisenman and A.T. Campbell, “Ski-Scape Sensing,” Proc. 4th Int’l Conf. Em-bedded Networked Sensor Systems, ACMPress, 2006, pp. 401–402.

19. A. Krause et al., “Near-Optimal SensorPlacements: Maximizing Information whileMinimizing Communication Cost,” Proc.5th Int’l Conf. Information Processing inSensor Networks, IEEE Press, 2006, pp.2–10.

20. A. Deshpande and S. Madden, “MauveDB:Supporting Model-Based User Views inDatabase Systems,” Proc. 2006 ACM SIG-MOD Int’l Conf. Management of Data,ACM Press, 2006, pp. 73–84.

21. H.W. Sorenson, Kalman Filtering: Theoryand Application, IEEE Press, 1985.

22. S. Arulampalam et al., “A Tutorial on Par-ticle Filters for On-Line Non-Linear/Non-Gaussian Bayesian Tracking,” IEEE Trans.Signal Processing, vol. 50, no. 2, 2002, pp.174–188.

23. W. Li et al., “Robust Statistical Methods forSecuring Wireless Localization in SensorNetworks,” Proc. 4th Int’l Symp. Informa-tion Processing in Sensor Networks, IEEEPress, 2005, pp. 91–98.

24. M. Li et al., “Swing & Swap: User-CentricApproaches towards Maximizing LocationPrivacy,” Proc. 5th ACM Workshop Pri-vacy in Electronic Society, ACM Press,2006, pp. 19–28.

25. P. Kamat et al., “Enhancing Source-Loca-tion Privacy in Sensor Network Routing,”Proc. 25th IEEE Int’l Conf. DistributedComputing Systems (ICDCS 05), IEEE CSPress, 2005, pp. 599–608.

26. C. Ozturk, Y. Zhang, and W. Trappe,“Source-Location Privacy in Energy-Con-strained Sensor Network Routing,” Proc.2nd ACM Workshop Security of Ad Hocand Sensor Networks, ACM Press, 2004,pp. 88–93.

27. P. Golle, D.H. Greene, and J. Staddon,“Detecting and Correcting Malicious Datain VANETs,” Proc. 1st ACM WorkshopVehicular Ad Hoc Networks, ACM Press,2004, pp. 29–37.

28. H. Chan and A. Perrig, “Security and Pri-vacy in Sensor Networks,” Computer, vol.36, no. 10, 2003, pp. 103–105.

29. V.S. Verykios et al., “State-of-the-Art in Pri-vacy Preserving Data Mining,” ACM SIG-MOD Record, vol. 33, no. 1, 2004, pp.50–57.

30. D. Agrawal and C.C. Aggarwal, “On theDesign and Quantification of Privacy Pre-serving Data Mining Algorithms,” Proc.20th ACM SIGMOD-SIGACT-SIGART Symp.Principles of Database Systems, ACMPress, 2001, pp. 247–255.

31. R. Agrawal and R. Srikant, “Privacy-Pre-serving Data Mining,” Proc. 2000 ACMSIGMOD Int’l Conf. Management of Data,ACM Press, 2000, pp. 439–450.

32. A. Evfimievski, “Randomization in PrivacyPreserving Data Mining,” ACM SIGKDD

Explorations Newsletter, vol. 4, no. 2,2002, pp. 43–48.

33. Z. Huang, W. Du, and B. Chen, “DerivingPrivate Information from Randomized

Data,” Proc. 2005 ACM SIGMOD Int’l Conf.Management of Data, ACM Press, 2005,pp. 37–48.

34. K. Fall, “A Delay-Tolerant Network Archi-tecture for Challenged Internets,” Proc.2003 Conf. Applications, Technologies,Architectures, and Protocols for ComputerCommunications, ACM Press, 2003, pp.27–34.

35. J. Rule, “Toward Strong Privacy: Values,Markets, Mechanisms, and Institutions,”Univ. of Toronto Law J., vol. 54, no. 2,2004, pp. 183–225.

36. T.Y. Levin, U. Frohne, and P. Weibel, CTRL[SPACE]: Rhetorics of Surveillance from Ben-tham to Big Brother, MIT Press, 2002.

37. R. Agrawal et al., “Hippocratic Databases,”Proc. 28th Int’l Conf. Very Large Data-bases, Morgan Kaufmann, 2002, pp.143–154.

38. H. Hochheiser, “The Platform for PrivacyPreference as a Social Protocol: An Exami-nation within the US Policy Context,” ACMTrans. Internet Technology, vol. 2, no. 4,2002, pp. 276–306.

39. M. Gruteser and D.D. Grunwald, “Anony-mous Usage of Location-Based Servicesthrough Spatial and Temporal Cloaking,”Proc. 1st Int’l Conf. Mobile Systems, Appli-cations, and Services, ACM Press, 2003, pp.31–42.

For more information on this or any other comput-ing topic, please visit our Digital Library at www.computer.org/publications/dlib.


Documents

Mobiscopes for Human Spaces - UCLA REMAP