![Page 1: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/1.jpg)
IoT Privacy:
Can We Regain Control?
Richard ChowIntel [email protected]
Foundations of PrivacySept 30, 2015CMU
![Page 2: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/2.jpg)
![Page 3: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/3.jpg)
![Page 4: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/4.jpg)
![Page 5: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/5.jpg)
![Page 6: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/6.jpg)
Transparency?
![Page 7: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/7.jpg)
User Installed Apps vs Ubiquitous IoT
![Page 8: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/8.jpg)
“How do we design interfaces so
there’s an intuitive understanding of
how public or private a space is?”
Judith DonathHarvard Berkman Fellow
![Page 9: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/9.jpg)
Personal data collection should happen
with knowledge or consent
![Page 10: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/10.jpg)
Traditional Notice and Choice
Regulators
Normal Users
![Page 11: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/11.jpg)
Privacy and IoT
Notice Ubiquitous data collection
Choice No interaction models
![Page 12: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/12.jpg)
Signs Everywhere?
CHILD TRACKING
UsabilityDoes not scaleLimited Information
![Page 13: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/13.jpg)
IoT Privacy App: Vision
• Gathers IoT privacy preferences
• Proxy for interaction with IoT
– Nearby devices
– Cloud
![Page 14: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/14.jpg)
Scenario: Sensors in a Public Environment
![Page 15: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/15.jpg)
“At a base minimum, people should be able to walk
down a public street without fear that companies
they’ve never heard of are tracking their every
movement – and identifying them by name – using
facial recognition technology.”
Statement from Privacy AdvocatesJune 15, 2015NTIA process on commercial use of facial recognition technology
![Page 16: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/16.jpg)
“Protecting Photographed Subjects against Invasion of Privacy Caused by Unintentional Capture in Camera Images”http://www.nii.ac.jp/userimg/press_20121212e.pdf
![Page 17: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/17.jpg)
Scenario: Phones/Devices belonging to others
![Page 18: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/18.jpg)
Scenario: Sensors in the Home/Car
![Page 19: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/19.jpg)
Scenario: Applications on your phone
![Page 20: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/20.jpg)
Desired experience
• Discover IoT services
• Filtering for privacy mismatch
• Notify selectively to avoid user conditioning
![Page 21: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/21.jpg)
![Page 22: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/22.jpg)
Absolute Security is Hard
• True adversary can avoid notification
– Difficult to protect sensors even on your
own device
• Relies on:
– Social norms (devices owned by others)
– Standards (public sensors)
![Page 23: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/23.jpg)
Nearby IoT
Detection
Opt in / out
IoT Service Database
Privacy Filter
/ Notification
IoT ID Service Info
System Design
![Page 24: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/24.jpg)
Challenge: User Interface
Extracting privacy preferences notoriously difficult
![Page 25: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/25.jpg)
Filter rules: device data & data inferences
![Page 26: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/26.jpg)
Privacy filter and notice
ACom is tracking genderBCom is tracking location
![Page 27: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/27.jpg)
Help from Academia
• Professor Alfred Kobsa
– “Privacy Decision-Making”
• Intelligent defaults based on
machine learning
– Based on demographics and
past behavior
– Ask what to do for first few cases
to gain intelligence
![Page 28: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/28.jpg)
Challenge: Proximity Detection
• Only nearby devices relevant
• In IoT, how to detect proximate
devices?
![Page 29: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/29.jpg)
mDNS
Uniformity?
![Page 30: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/30.jpg)
Challenge: Location Privacy
Service queries reveal location
![Page 31: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/31.jpg)
PROTOTYPE USING AUTO-ID
![Page 32: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/32.jpg)
Lookup architecture: Auto-ID
01:00020128:1231293877…
EPC : Electronic Product Code ONS: Object Name Service
<PML>
<Entity>Starbucks<Entity>
<Class>
<Name>mug</Name>
</Class>
…
…
<Part EPC =“01.00011324.1231….”/>
<Measurement EPC =“01.3032.222…/>
</PML>
PML: Physical Markup Language
![Page 33: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/33.jpg)
Add Services to Auto-ID
•Auto-ID: Based on physical objects
• Incorporate‒ Many-to-many mapping
‒ Service description and privacy notice
‒ Dynamic services
![Page 34: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/34.jpg)
Service Registration
<Service EPC=“01.000501.001….”>……</Service>
Developer Account =“012345.678”
EPC=“01.000501.001….”
Signed Package
![Page 35: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/35.jpg)
Device Registration
Signed PackageSigned
Package
EPC = 00.001405.012{MACADDRESS}
![Page 36: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/36.jpg)
<PML>
<Class>
<Name>Access Point</Name>
</Class>
<Measurements></Measurements>
…
<Service EPC =“01.00011324.1231….”/>
</PML>
Device PML
Signed Package
![Page 37: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/37.jpg)
IoT Service ListingNearby IoT Detection
MACADDRESSEPC = 00.001405.012{MACADDRESS}
![Page 38: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/38.jpg)
Recap
• IoT Big Data
• Need unified frameworks
and interfaces
• Issue: User control and
transparency
![Page 39: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/39.jpg)
UC IRVINE: USER ATTITUDES
![Page 40: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/40.jpg)
User Privacy Attitudes towards IoT
• Which parameters are important?– [who]
– [what]
– [reason]
– [where]
– [persistence]
• Randomly generated IoT scenarios varying these parameters
– (Qualitative) Interview study w/ 10 participants
– (Quantitative) Amazon MTurk survey study w/ 200 participants
![Page 41: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/41.jpg)
Interview Study
• For various scenarios, participants were asked whether they• Felt comfortable
• Wanted to be informed
• Responses
– Main reasons to feel uncomfortable
• Unreasonable/suspicious purpose of data collection [reason]
– Main reasons to feel comfortable
• Trustable entity who collects data [who]
• Purpose justifying data collection [reason]
![Page 42: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/42.jpg)
Online Survey Study
• Overview
– How user attitudes differ based on parameters?
IoT service scenarioA government agency [who] is monitoring your voice [what] persistently
[persistence] for safety purposes [reason] at your workplace [where].
User reaction
Sure, I’m willing to accept this monitoring activity!
Online
survey
system
Crowd
“Relationship between IoT and Privacy”
![Page 43: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/43.jpg)
Online Survey Study
• Result #1– Most significant factors influencing user reactions are [who] and [what]
– Relatively, [reason], [where] and [persistence] have less impact
0
0.2
0.4
0.6
0.8
1
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
once continuously
Agreement to being monitored (1: allow, 0: not allow), broken down by [who]
Δ<0.1
Δ>0.4
Agreement to being monitored (1: allow, 0: not allow), broken down by [persistence]
![Page 44: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/44.jpg)
Online Survey Study
• Result #2– [persistence] has a noticeable impact in subspaces of the scenarios
• Implications– [who] and [what] are affecting people’s privacy decisions globally
– [persistence] interacts with [who]-[what] and with [what]-[reason]
Difference in agreement to monitoring, broken down by [persistence]
![Page 45: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/45.jpg)
UC BERKELEY: HOW TO NOTIFY?
![Page 46: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/46.jpg)
![Page 47: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/47.jpg)
RealSense / Perceptual Computing
apps can use camera/mic for audio/video
• face-based age detection
• face-based emotion detection
• face-based gender detection
• face detection
• face recognition
• voice command & control
• speech to text
• language detection
• gesture recognition
• voice-based emotion detection
• eye tracking
• heart rate monitor
or…
![Page 48: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/48.jpg)
![Page 49: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/49.jpg)
![Page 50: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/50.jpg)
comprehension varied…
97%
0%
12%
9%
50%
22%
94%
12%
4%
17%
15%
![Page 51: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/51.jpg)
crowdsourcing icons
![Page 52: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/52.jpg)
![Page 53: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/53.jpg)
![Page 54: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/54.jpg)
example themes
• age detection (16)
– child and/or adult (10)
• emotion detection (13)
– smiley face (9)
• gender detection (14)
– male/female symbols (7)
• face recognition (16)
– face (14)
– crosshairs/frame (10)
• heart rate (20)
– heart (14)
– EKG (11)
• gesture recognition (11)
– hand (10)
– waving motion (6)
• speech to text (15)
– letter (11)
– sound wave (7)
![Page 55: IoT Privacy: Can We Regain Control?ece734/fall2015/... · “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard](https://reader033.vdocument.in/reader033/viewer/2022050221/5f66f672643fc276a73b0391/html5/thumbnails/55.jpg)
final icons (n=300)
86% 86%
99% 96%
85%
91%
44%79%
99%99%
91%
73%