Many internet-connected devices, such as smart speakers, share data to the cloud when users interact with them. However, say the researchers, there’s currently no way for users to check if a device is always listening, or sharing more information than is necessary to fulfill their request.
“People are concerned that their devices are capturing and sharing too much data,” says CyLab’s Haojian Jin, a Ph.D. student in the Human-Computer Interaction Institute. “Companies want to tell users that they only collect certain pieces of information, but they currently have no way to actually prove it.”
To address this, the researchers have developed a new privacy-sensitive architecture – which they call “Peekaboo” – for developers to build smart home apps. The system takes requests from developers to share certain pieces of data and ensures only the essential pieces of data to fulfill their request are shared with them.
“In the privacy world, we have a principle called ‘data minimization,’” says Jin. “The companies that collect the data should only be collecting the minimum amount of data to fulfill their objectives.”
Under the Peekaboo architecture, developers first declare all the data they intend to collect and under what conditions, where that data is being sent, and the granularity of the data itself—for example, whether they’d like to collect the number of hours watched on a smart TV per week, per month, per quarter, etc. Then, an in-home hub mediates between all devices in the home and the outside Internet.
“The hub enforces the sharing of only data declared by the developer,” says Jin. “And users and third-party auditors can inspect the incoming data requests as well as the outgoing data flows.”
The essence of the Peekaboo architecture, say the researchers, is that users can have more control over their data. If a developer sends in a request to collect a piece of information – for example, the number of hours spent watching a smart TV in a single day – the user can modify the request on the hub to only share the number of hours spent watching their smart TV over a whole month, if they’re more comfortable with that.
In addition, say the researchers, Peekaboo in the future could help make privacy nutrition labels – which are now being deployed by both Apple and Google – more accurate. Right now, there is no way to enforce and verify that apps are behaving consistently with their privacy nutrition labels, which are produced manually by developers and have been found to be inaccurate at times. But since Peekaboo both enforces and verifies data sharing in accordance with developers’ requests, privacy nutrition labels could be automatically generated and updated to accurately portray data collection and use.
Finally, say the researchers, as the Internet of Things continues to grow and people accumulate hundreds of IoT devices in their homes, Peekaboo can help manage the smart home holistically.
“The Peekaboo protocol will allow users to manage privacy preferences for all of their devices in a centralized manner through the hub,” says Jin. “Imagine not just a privacy nutrition label for an individual device, but a privacy nutrition label for an entire home.”