Carnegie Mellon University Researchers Launch IoT Privacy App

Cylab -Carnegie Mellon University Researchers Launch IoT Privacy App

This week, researchers of CyLab, Carnegie Mellon University’s security and privacy research institute, launched The Internet of Things (IoT) Assistant app. This new app informs users about what IoT technologies are around them and what data they are collecting.

Rapidly Growing IoT Market

Since the early 2010’s the number of IoT devices increased 31% year-over-year to 8.4 billion in 2017. Estimates vary, but it is expected that there will be 25 to 30 billion devices in use by the end of this year. The global market value of IoT is projected to reach the trillions.

In this respect, consumers are more connected than ever. Consumer electronics also account for the largest segment of all IoT devices. These devices are often divided into consumer, commercial, industrial and infrastructure spaces.

Moreover, there are currently a number of technological developments taking place that favor IoT adoption. Over the coming years, ‘Home’ will be the fastest growing segment. This will be driven by a further rapid growth in smart home devices as well as wearables.

Users Often Not Aware of Data Being Tracked

Unfortunately, as the number of IoT and Bluetooth connected devices grows, so will the amount of data that is being tracked. This could be occurring with users’ knowledge or without.

“People navigating through the digital landscape of the Internet today are bombarded with notices about how their data is being tracked. But in the physical world, where IoT devices are tracking all kinds of data, few – if any – notices are provided”, Daniel Tkacik, representative of Carnegie Mellon University, said.

Professor Norman Sadeh, a CyLab faculty member in Carnegie Mellon’s Institute for Software Research and principal researcher on this project, added: “Because of new laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), people need to be informed about what data is collected about them. They also need to be given some choices over these processes.”

The Internet of Things (IoT) Assistant app

To help people take control over their privacy, a team of Carnegie Mellon researchers created an app, along with the entire supporting infrastructure, to address the issue. The Internet of Things (IoT) Assistant app was launched this week. The app informs users about what IoT technologies are around them and what data they are collecting. The app is available for both iOS and Android phones.

“Consider public cameras with facial recognition and scene recognition capabilities. Bluetooth beacons surreptitiously tracking your whereabouts at the mall. Or your neighbor’s smart doorbell or smart speaker. The IoT Assistant app will let you discover the IoT devices around you. It will also inform you about the data they collect. If the device offers privacy choices like opting in or out of data collection, the app will help you access these choices”, one of the researchers explained.

Right now, some public spaces under surveillance might have signs. These may, for example, say “This area is under surveillance”. Thus, people in the vicinity of the device are made aware that it could be video recording them. But Professor Norman Sadeh says that this isn’t enough. “These signs tell you nothing about what is being done with your footage.” How long is the footage going to be retained? Does it use facial recognition? With whom is the information going to be shared?

Online Portal for Device Owners

End-users can use the app to see information about IoT devices around them. Owners of IoT devices, on the other hand, can also use a cloud-based online portal to publish the presence of their own IoT devices resources. To do this, they are free to use registries made available through the privacy infrastructure developed at CMU. Pre-made templates make it easy to add a variety of different IoT devices to the registry, including off-the-shelf devices.

Organizations such as mall operators, shop owners, universities, or individuals can request the creation of registries where they can control the publication of IoT technologies in different areas. The infrastructure is hosted in the cloud and is designed to be easy to use.

“We’ve done the work for you,” Professor Norman Sadeh said. “All you need to do is start adding your IoT resources so you can be in compliance with today’s privacy laws.”

Building an IoT Privacy Infrastructure

The Internet of Things (IoT) Assistant app is part of the Personalized Privacy Assistant Project. It consists of two main components. First, the IoT Assistant mobile app. People can download this app on their smartphone to discover IoT technologies around them and their data practices. Second, a growing collection of IoT Resource Registries. Here people can publicize the presence of IoT resources and their data practices in different areas.

“We envision personalized privacy assistants as intelligent agents capable of learning the privacy preferences of their users over time, semi-automatically configuring many settings, and making many privacy decisions on their behalf. Through targeted interactions, privacy assistants will help their users better appreciate the ramifications associated with the processing of their data, and empower them to control such processing in an intuitive and effective manner,” the project website explains. For example, researchers are also exploring the idea of adding “nudges” to the app, or notifications that will inform users of data they are sharing.

As a footnote: did you know that the concept of a network of smart devices was discussed as early as 1982, with a modified Coca-Cola vending machine at Carnegie Mellon University becoming the first Internet-connected appliance. It was able to report its inventory and whether newly loaded drinks were cold or not.

IT communication specialist
Sandra has many years of experience in the IT and tech sector as a communication specialist. She's also been co-director of a company specializing in IT, editorial services and communications project management. For she follows relevant cybercrime and online privacy developments.