As the world becomes increasingly connected, and immersive technologies gain wider adoption both ... more As the world becomes increasingly connected, and immersive technologies gain wider adoption both within government, businesses, and in the consumer market, a framework for security and privacy for these devices is required. From headsets to other wearables and related sensors, eXtended Reality (XR) technologies are now capable of gathering untold quantities of biometric data about users, potentially everything from a user's location and skin color to their eye and hand positions at any given time. As we build the next version of the Internet/Web 3.0, also known as “The Metaverse,” it is critically important that we take a proactive approach and address some fundamental design choices about the principles of how we want it to operate, and potentially replicate or deepen what is broken about the Web today. Among the most important issues to address is data ownership and accountability. The National Institute of Standards and Technology (NIST) has of ered basic guidance, while regional laws such as General Data Protection Regulations (GDPR), Children’s Online Privacy Protection Rule (COPPA), and Family Educational Rights and Privacy Act (FERPA) govern some forms of data in specific locations. Despite the existing guidelines and regional laws, comprehensive protections are not in place to protect individuals and stakeholders in the Metaverse. With this in mind, the XR Safety Initiative (XRSI) proposes a Privacy and Safety Framework that sets a baseline set of standards, guidelines, and best practices that are regulation agnostic. It incorporates privacy requirements drawn from the GDPR, NIST guidance, FERPA, COPPA, and other evolving laws. The framework is designed to adapt and include novel requirements as new regulations come into ef ect. With Version 1.1 expected to be published in 2021, this paper provides an overview of the framework, how it was developed, and highlights changes in version 1.1, and most importantly, provides a baseline for securing the Metaverse. We also discuss who can benefit from this framework and of er guidance to organizations, developers, and service providers on how to implement the framework for added security and privacy designed into their product or service. This paper also provides organizations with consumer-facing Modeling and Simulation (M&S) use cases, an understanding of what a security posture should include – beyond traditional authorities to operate (ATOs) – as more organizations look to adopt emerging technologies such as XR and bring the Metaverse to life.
As the world becomes increasingly connected, and immersive technologies gain wider adoption both ... more As the world becomes increasingly connected, and immersive technologies gain wider adoption both within government, businesses, and in the consumer market, a framework for security and privacy for these devices is required. From headsets to other wearables and related sensors, eXtended Reality (XR) technologies are now capable of gathering untold quantities of biometric data about users, potentially everything from a user's location and skin color to their eye and hand positions at any given time. As we build the next version of the Internet/Web 3.0, also known as “The Metaverse,” it is critically important that we take a proactive approach and address some fundamental design choices about the principles of how we want it to operate, and potentially replicate or deepen what is broken about the Web today. Among the most important issues to address is data ownership and accountability. The National Institute of Standards and Technology (NIST) has of ered basic guidance, while regional laws such as General Data Protection Regulations (GDPR), Children’s Online Privacy Protection Rule (COPPA), and Family Educational Rights and Privacy Act (FERPA) govern some forms of data in specific locations. Despite the existing guidelines and regional laws, comprehensive protections are not in place to protect individuals and stakeholders in the Metaverse. With this in mind, the XR Safety Initiative (XRSI) proposes a Privacy and Safety Framework that sets a baseline set of standards, guidelines, and best practices that are regulation agnostic. It incorporates privacy requirements drawn from the GDPR, NIST guidance, FERPA, COPPA, and other evolving laws. The framework is designed to adapt and include novel requirements as new regulations come into ef ect. With Version 1.1 expected to be published in 2021, this paper provides an overview of the framework, how it was developed, and highlights changes in version 1.1, and most importantly, provides a baseline for securing the Metaverse. We also discuss who can benefit from this framework and of er guidance to organizations, developers, and service providers on how to implement the framework for added security and privacy designed into their product or service. This paper also provides organizations with consumer-facing Modeling and Simulation (M&S) use cases, an understanding of what a security posture should include – beyond traditional authorities to operate (ATOs) – as more organizations look to adopt emerging technologies such as XR and bring the Metaverse to life.
Uploads
Papers by Kavya Pearlman
and skin color to their eye and hand positions at any given time. As we build the next version of the Internet/Web 3.0,
also known as “The Metaverse,” it is critically important that we take a proactive approach and address some
fundamental design choices about the principles of how we want it to operate, and potentially replicate or deepen
what is broken about the Web today. Among the most important issues to address is data ownership and
accountability. The National Institute of Standards and Technology (NIST) has of ered basic guidance, while
regional laws such as General Data Protection Regulations (GDPR), Children’s Online Privacy Protection Rule
(COPPA), and Family Educational Rights and Privacy Act (FERPA) govern some forms of data in specific locations.
Despite the existing guidelines and regional laws, comprehensive protections are not in place to protect individuals
and stakeholders in the Metaverse. With this in mind, the XR Safety Initiative (XRSI) proposes a Privacy and Safety
Framework that sets a baseline set of standards, guidelines, and best practices that are regulation agnostic. It
incorporates privacy requirements drawn from the GDPR, NIST guidance, FERPA, COPPA, and other evolving
laws. The framework is designed to adapt and include novel requirements as new regulations come into ef ect. With
Version 1.1 expected to be published in 2021, this paper provides an overview of the framework, how it was
developed, and highlights changes in version 1.1, and most importantly, provides a baseline for securing the
Metaverse. We also discuss who can benefit from this framework and of er guidance to organizations, developers,
and service providers on how to implement the framework for added security and privacy designed into their
product or service. This paper also provides organizations with consumer-facing Modeling and Simulation (M&S)
use cases, an understanding of what a security posture should include – beyond traditional authorities to operate
(ATOs) – as more organizations look to adopt emerging technologies such as XR and bring the Metaverse to life.
and skin color to their eye and hand positions at any given time. As we build the next version of the Internet/Web 3.0,
also known as “The Metaverse,” it is critically important that we take a proactive approach and address some
fundamental design choices about the principles of how we want it to operate, and potentially replicate or deepen
what is broken about the Web today. Among the most important issues to address is data ownership and
accountability. The National Institute of Standards and Technology (NIST) has of ered basic guidance, while
regional laws such as General Data Protection Regulations (GDPR), Children’s Online Privacy Protection Rule
(COPPA), and Family Educational Rights and Privacy Act (FERPA) govern some forms of data in specific locations.
Despite the existing guidelines and regional laws, comprehensive protections are not in place to protect individuals
and stakeholders in the Metaverse. With this in mind, the XR Safety Initiative (XRSI) proposes a Privacy and Safety
Framework that sets a baseline set of standards, guidelines, and best practices that are regulation agnostic. It
incorporates privacy requirements drawn from the GDPR, NIST guidance, FERPA, COPPA, and other evolving
laws. The framework is designed to adapt and include novel requirements as new regulations come into ef ect. With
Version 1.1 expected to be published in 2021, this paper provides an overview of the framework, how it was
developed, and highlights changes in version 1.1, and most importantly, provides a baseline for securing the
Metaverse. We also discuss who can benefit from this framework and of er guidance to organizations, developers,
and service providers on how to implement the framework for added security and privacy designed into their
product or service. This paper also provides organizations with consumer-facing Modeling and Simulation (M&S)
use cases, an understanding of what a security posture should include – beyond traditional authorities to operate
(ATOs) – as more organizations look to adopt emerging technologies such as XR and bring the Metaverse to life.