Ethical Guidelines for Ubiquitous Computing
"The intent of this section is to enunciate some general principles for us to observe, as designers and developers for ubiquitous systems, whereby the ethical and social prerogatives of our “users” can be preserved.
The most essential and the hardest to express with any rigor, which we might call principle 0, is, of course, first, do no harm: if we could all be relied upon to take this simple idea to heart, thoughtfully and with compassion, there would be very little need to enunciate any of the following.
Given the difficulties of deriving practically useful guidance from such bywords, however, let us enunciate a further five guidelines that should go some way toward illuminating the challenges we face in designing useful, humane instantiations of Ubiquitous Computing:
* Principle 1. Default to harmlessness.
Ubiquitous systems must default to a mode that ensures their users’ (physical, psychic and financial) safety.
We are familiar with the notion of “graceful degradation,” the ideal that if a system fails, if at all possible it should fail gently in preference to catastrophically, with functionality being lost progressively rather than all at once.
Given the assumption of responsibility for users and their environments implied by the ubicomp rubric, such systems must take measures that go well beyond mere graceful degradation.
Slaved passenger vehicles, dosage settings for pharmaceutical-delivery systems, controls for sealed or denied environments are examples of situations where redundant interlocks must be provided to ensure user safety.
* Principle 2. Be self-disclosing.
Ubiquitous systems must contain provisions for immediate and transparent querying of their ownership, use, capabilities, etc., such that human beings encountering them are empowered to make informed decisions regarding exposure to same.
Some analogue of broadcast station identification conventions, or perhaps of the Identification Friend or Foe (IFF) standards by which military systems identify themselves to each other, would be necessary.
“Seamlessness” must be an optional mode of presentation, not a mandatory or inescapable one: both the interfaces through which information is passed between adjacent systems, and the actual data that is so communicated, must be equally capable of self-revelation.
Ubiquitous systems, by definition, cannot help but gather information constantly, including arbitrarily granular location of users in four-dimensional spacetime. It would be unreasonable and unrealistic to assert a Web-derived model for user consent to such ongoing information-garnering activities in the ubicomp context: the scenario would be one of constant, exasperating interruption to task flow, as the user was asked to give explicit consent to the transmission of each momentary state. Given this, some provision for at least determining who owns a given system, and what will be done with information so revealed, is necessary.
* Principle 3. Be conservative of face.
Ubiquitous systems are always already social systems, and must contain provisions such that wherever possible they not unnecessarily embarrass, humiliate, or shame their users.
While Disch undoubtedly deserves credit for having so vividly imagined ubicomp avant le lettre, some twenty years ahead even of Mark Weiser, is there any reason why the system’s correction need be perceptible to anyone but Chapel himself? Why humiliate, when adjustment is all that is mandated?
This goes beyond formal information-privacy concerns, toward the instinctual recognition that no human society can survive the total evaporation of its protective hypocrisy. Some degree of “plausible deniability,” including above all imprecision of location, is probably necessary to the psychic health of a given community, such that even (natural or machine-assisted) inferences about intention and conduct may be forestalled at the subject’s will. Still worse than the prospect of being nakedly accountable to an unseen, omnipresent “network” is being nakedly accountable to each other, at all times and places.
At the absolute minimum, and in accordance with Principle 2, ubiquitous systems with surveillant capacity must announce themselves as such, in such a way that their field of operation may be effectively evaded.
* Principle 4. Be conservative of time.
Ubiquitous systems must not introduce undue complications into ordinary operations.
If they impact such operations, they must be at least as transparent to users as the pre-existing equivalent: that is, one should be able to sit in a chair, place a book upon a shelf, boil a kettle of water without being asked if one “really” wants to do so, or having fine-grained control wrested away. In the absence of other information, the default assumption must be that an adult, competent user knows and understands what they want to achieve and has accurately expressed that desire in their commands to the system.
By the same token, a universal undo convention similar to the keyboard sequence “Ctrl Z” should be afforded; “save states” or the equivalent must be rolling, continuous and persistently accessible in a graceful and intuitive manner. If a user wants to undo, or return to an earlier stage in an articulated process, they should be able to specify, e.g., how many steps or minutes’ progress they would like to efface. (“Make it like it was two or three minutes ago!”)
* Principle 5. Be deniable.
Ubiquitous systems must offer users the ability to opt out, always and at any point.
As an absolute ethical imperative, users must be afforded the ability to make their own meaningful decisions regarding their exposure to ubiquitous perception, the types and channels of information such exposure will necessary convey, and the agencies receiving and capable of acting on such conveyance.
Critical to this is the ability to simply say “no,” with no penalty other than the inability to make use of whatever benefits the ubiquitous system offers its users. (The “safe word” concept may find an novel and unforeseen application here.)" (http://www.boxesandarrows.com/view/all_watched_over_by_machines_of_loving_grace_some_ethical_guidelines_for_user_experience_in_ubiquitous_computing_settings_1_)