Privacy, Safety, and Security

Help Us “Shift Left”

Shift Left Security in its simplest terms means moving security to the earliest part of the development process.

The urgency to prioritize data privacy and security in the enterprise is not a new call to action limited to a single organization or industry. It continues to be a pursuit that brings with it a complex set of questions as well as a healthy level of debate depending on perspective. 

Among the powers of XR tools is the ability to collect information about the people who use them at an unprecedented scale. Virtual Reality headsets rely on tracking the movement of bodies in space to deliver a 6 degrees of freedom (6dof) experience. Movement patterns are characteristic of an individual, and data on a person's movement can potentially be used to identify them. Because many XR devices use eye tracking to facilitate hands-free interaction, they are capable of collecting information on something so intimate as how our eyes move across virtual worlds, digital twin environments and equipment, buttons and displays, and text. Devices that use passthrough cameras to scan the user's environment have access to the interiors of our homes and offices.

And yet the implications of the collection of such data have only begun to be realized. Even if the technology is not yet fully utilized, the potential for XR devices to collect such detailed personal information about us is the stuff of dystopian science fiction. It presents a very real problem with which the industry, the public, and regulatory bodies must grapple. The time to understand what risks XR tools present to privacy, safety, and security is now, while the industry is still young and somewhat malleable.

Over the past year, the Immersive Reality (XR) industry has experienced unprecedented movement forward as hardware and software capabilities begin to catch up with human creativity and talent. At the same time, a growing number of committed individuals and organizations from across the world, such as the XR Safety Initiative (XRSI), Open Geospatial Consortium (OGC), ETSI, IEEE, the Cyber XR Coalition, and the W3C, are working tirelessly to build a cohesive and inclusive set of privacy and security guidelines for the XR industry while it is still evolving.

You can expect more in future updates to the XR Collaboration Resource Guide about privacy and security as these efforts move forward. Part of our contribution to building a metaverse in which individual privacy, safety, and rights are respected includes joining hands with those developing standards and guidelines to keep the public and organizations who collaborate in XR informed.

If 2020 has taught us anything, it is that collaboration and inclusion are central to any successful innovation. Privacy and security must be considered along with inclusive design and user safety. All voices and perspectives can be taken into account, but not without a commitment to work together and to support each other in this exciting work.