Privacy in the New Age of IoT

To read the full-text of this research, you can request a copy directly from the author.


The concept of the Internet of Things (IoT) is still relatively nascent in society, as are the regulations that accompany IoT. At the heart of IoT is the use of data captured by the sensors, whether that be personal data or proprietary data. This data is processed by the cloud and is used to inform decision making and actions driven by the actuator. Particularly where sensitive data is concerned, IoT can put the privacy of individuals at risk. Examples discussed include Alexa, the Amazon virtual assistant, and connected pacemakers. IoT devices do provide many benefits, from convenience in the home, to tracking health and well-being. However, consumers are often blind to the risks associated with the sharing of personal data, until a big breach of that data occurs. It is thus the responsibility of technology organisations and governments to come together to educate society about the value of their personal data and be more transparent about the way in which they process the data. The European Union’s General Data Protection Regulation (GDPR) is a step in the right direction; however, other nations need to adopt similar rules to ensure the privacy of individuals is protected.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the author.

Processing big data requires advanced technologies that can extract useful information from large scale data to support decision making. These advanced technologies are cur- rently being offered in the form of analytic tools hosted in the cloud, and are being developed using different techniques such as artificial intelligence, machine learning, data mining, and statistical analysis. However, these tools are not very secure since the data they operate on must be in plaintext in the cloud, thereby leaving the data vulnerable to both insider and outsider attacks. To address these security issues when running data analytics in the cloud, we propose DFASC, a Distributed Framework for Analytics Security in the Cloud. At the core of the framework is homomorphic encryption (HE), which enables operations to be performed directly on encrypted data without using the private decryption key. Using HE, DFASC can distribute homomorphically encrypted data and analytics into the nodes of a distributed system and allow the analytics to operate on the encrypted data in each node. As a framework, DFASC provides mechanisms to enable the incorporation of HE libraries and data processing algorithms into the framework, which can than be used to implement analytic tools. A funda- mental challenge with HE is its performance overhead due to the computationally intensive HE operations. This challenge of accelerating individual HE operations needs to be solved before secure big data processing in the cloud can be made practical. The distribution of the analytics not only improves the performance of the underlying analytic algorithms, it also helps to speed up the underlying HE operations. To enable the sharing of the encrypted data between parties in the cloud, DFASC incorporates a cryptographic key management infrastructure. To analyze feasibility of the framework, it was extended to implement a system that classifies images using a Neural Network algorithm. The experimental results show performance improvement of the system, including in HE operations, as the number of nodes in the cluster is increased.
Full-text available
In the Open Data approach, governments and other public organisations want to share their datasets with the public, for accountability and to support participation. Data must be opened in such a way that individual privacy is safeguarded. The Privacy Funnel is a mathematical approach that produces a sanitised database that does not leak private data beyond a chosen threshold. The downsides to this approach are that it does not give worst-case privacy guarantees, and that finding optimal sanitisation protocols can be computationally prohibitive. We tackle these problems by using differential privacy metrics, and by considering local protocols which operate on one entry at a time. We show that under both the Local Differential Privacy and Local Information Privacy leakage metrics, one can efficiently obtain optimal protocols. Furthermore, Local Information Privacy is both more closely aligned to the privacy requirements of the Privacy Funnel scenario, and more efficiently computable. We also consider the scenario where each user has multiple attributes, for which we define Side-channel Resistant Local Information Privacy, and we give efficient methods to find protocols satisfying this criterion while still offering good utility. Finally, we introduce Conditional Reporting, an explicit LIP protocol that can be used when the optimal protocol is infeasible to compute, and we test this protocol on real-world and synthetic data. Experiments on real-world and synthetic data confirm the validity of these methods.
Conference Paper
Full-text available
The Helsinki Privacy Experiment is a study of the long-term effects of ubiquitous surveillance in homes. Ten volunteering households were instrumented with video cameras with microphones, and computer, wireless network, smartphone, TV, DVD, and customer card use was logged. We report on stress, anxiety, concerns, and privacy-seeking behavior after six months. The data provide first insight into the privacy-invading character of ubiquitous surveillance in the home and explain how people can gradually become accustomed to surveillance even if they oppose it.
Full-text available
Privacy is a fundamental human right recognized in all major international treaties and agreements on human rights. Nearly every country in the world recognizes privacy as a fundamental human right in their constitution, either explicitly or implicitly. Most recently drafted constitutions include specific rights to access and control one's personal information. There is a growing trend towards the enactment of comprehensive privacy and data protection acts around the world. Currently over 40 countries and jurisdictions have or are in the process of enacting such laws. Countries are adopting these laws in many cases to address past governmental abuses (such as in former East Bloc countries), to promote electronic commerce, or to ensure compatibility with international standards developed by the European Union, the Council of Europe, and the Organization for Economic Cooperation and Development. Many countries have also adopted Freedom of Information laws. This paper provides details of the state of privacy in over fifty countries around the world. It outlines the constitutional and legal conditions of privacy protection, and summarizes important issues and events relating to privacy and surveillance.
Amazon’s Echo and Alexa could add $11 billion in revenue by 2020
  • E Kim
Unlocking the potential of the Internet of Things
  • J Manyika
  • M Chui
  • P Bisson
  • J Woetzel
  • R Dobbs
  • J Bughin
Children spend six hours or more a day on screens
  • J Wakefield
Fitness tracking app Strava gives away location of secret US army bases
  • A Hern
000 cardiac devices need a security patch
  • L Vaas
Secret cameras record Baltimore’s every move from above
  • M Reel
Google’s Sidewalk Labs project in Toronto is already creating jobs
  • M Hemmadi
Woman says her Amazon device recorded private conversation, sent it out to random contact
  • G Horcher
Nudge theory: when your smart gadgets nag you
  • N Kobie
How technology is allowing police to predict where and when crime will happen
  • Dearden
Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach
  • C Cadwalladr
  • E Graham-Harrison
Barclays: 35% of consumers intending to buy an iPhone going with X
  • M Potuck
Google Marketing Live 2018 - Age of Assistance
  • T Kalischko
Battery Performance alert and cybersecurity firmware updates for certain Abbott (formerly St. Jude Medical) implantable cardiac devices: FDA safety communication
  • Us Fda
How activists fooled the internet with these convincing new Google nest products
  • J Hullinger
If you have a smart TV, take a closer look at your privacy settings
  • N Nguyen
US intelligence officials: latest WikiLeaks drop “Worse Than Snowden” Docs
  • S Frenkel
Internet of things: the greatest mass surveillance infrastructure ever?
  • J Powles
Rise of the racist robots - how AI is learning all our worst impulses
  • S Buranyi
US intelligence chief: we might use the internet of things to spy on you
  • S Ackerman
  • S Thielman
LA Times among US-based news sites blocking EU users due to GDPR
  • A Hern
  • M Belam
Salesforce CEO Marc Benioff Calls for National Privacy Law
  • D Farber
Revealed: how US and UK spy agencies defeat internet privacy and security
  • J Ball
  • J Borger
  • G Greenwald
MRC Regulatory Support Centre: Retention framework for research data and records
  • Medical Research
  • Council