2circumstances of use (Edwards et al., 2002). Holding a meeting in an interactiveworkspace may involve bringing together tens of devices or more, includingmobile, handheld and wearable devices belonging to meeting participants, as wellas components managing the input, monitoring, recording, and display capabilitiesof the space (e.g. Johanson et al., 2002). Ubiquitous computing, then, impliesubiquitous digital communication, as the devices that make up a ubiquitouscomputing system communicate in order to identify each other and their capabilities, achieve effective configurations of functionality, and interoperate insupport of user needs.However, while ubiquitous communication offers the possibility of achievingmore effective coordination in a world of computational devices, it also introducesa range of problems regarding the security of these systems. Information systemsecurity has always been an important issue in military and corporate settings, butin mobile and ubiquitous computing settings, it becomes a central concern for casual and end users. Networked and e-commerce systems bring with them thedangers of disclosing credit card numbers, social security information, bank transaction details, client records and other electronic artifacts; context-aware andmobile systems carry with them the possibility of disclosing information aboutactivities and locations. Ubiquitous computing, as Weiser noted, anticipates thatan individual’s computational needs will be met by tens or hundreds of computational components working together; security is both an inherent problemin this sort of combinatorial system, and a practical concern for end users.Systems must be not only secure, but usably and practically secure.In order to understand security as a user concern as well as a technical concern,our approach has been to look at the practical, everyday aspects of security as theymanifest themselves in the use of current computer systems. We have beenespecially concerned with wired and wireless networked systems, which, althoughtypically on a smaller scale, exhibit some of the same combinatorial problems towhich ubiquitous computing systems are subject. By security, here, we refer to theability of users to express and rely upon a set of guarantees that a system maymake, explicitly or implicitly, about its treatment of user data and other resources.As far as possible, we distinguish between security, which is a largely technicalconcern, and privacy, which is a largely social concern; clearly, however, they arerelated, and we will return to this relationship towards the end.