Internet of Things Poses an Unprecedented Privacy Risk

May 9, 2014 | 00:11
Internet of Things Poses an Unprecedented Privacy Risk
Internet of Things Poses an Unprecedented Privacy Risk
Ubiquitous sensors, tell-tale WiFi signals, smart meter information, always-on wearable technologies and the roll-out of networked Internet of Things devices have created a world in which keeping control over your personal data borders the impossible, concludes a White House report exploring the benefits and challenges of Big Data.

The report Big Data: Seizing Opportunities, Preserving Values concludes with a set of recommendations to protect privacy by policy measures such as passing national data breach legislation to compel organizations to disclose instances of user data leaks, take action to move data harvesters to greater transparency about their collection practices and the use of predictive analytics by law enforcement agencies should continue to be subjected to careful policy review.

Interestingly, the report solely focuses on policy measures and does not explore technological solutions to privacy issues. It does cite the work of two electrical and computer engineering professors who make a case for privacy-by-design but their recommendations haven't found their way into the report.

To portray what can be done with privacy-by-design Stephan Wicker and Robert Thomas of Cornell University have developed an architecture for a demand response system, or smart meter, which collects electricity usage data without revealing personal information about the consumer.

One of the Internet of Things (IoT) devices that exemplifies the tension between the opportunity of a networked world on the one hand and the privacy challenges that come with it on the other are smart meters.

A smart grid balancing demand and supply, thus reducing variation in load, can save 4 to 20 % electricity in the summer months. A significant number in an era plagued by climate change and energy security concerns. The enormous difference in potential savings is, in part, explained by the level of smart meter implementation. If participation in smart metering is mandatory estimated electricity savings are 20% while an opt-in scheme will only yield 9%.

But most countries with smart metering stimulation projects don't make participation mandatory because of a significant level of resistance among electricity consumers. The number one reason: privacy. This shows that in order to capitalize on IoT opportunities, privacy issues must be addressed.

Demand response systems require fine granularity power consumption data which reveals detailed information about the user. In their paper Wicker and Thomas refer to an experiment with an Advanced Metering System (AMS) used to monitor the electricity usage of student living in a dorm room. After setting a behavior extraction algorithm loose on the data the researchers were able to predict the student's behavior including sleeping patterns, microwave usage and the student's absence and presence in the dorm.

Wicker and Thomas propose a smart meter architecture designed with privacy in mind at the design stage. They apply several privacy-by-design principles to anonymize the user data.

Minimize collection of personal data
Smart metering is aimed at incentivizing end users to shift electricity usage to off-peak hours, the well-known example of running the washing machine at night. An AMS is designed to collect consumption data in order to determine the electricity load of the network and set the price for electricity accordingly. This data is now collected on the individual level.

But, the professors point out, it is the end user who determines at what price point they want to run their washing machine. For the utility it is enough to know what the load is on the neighborhood level to set the price. They write: “it becomes clear that it is not the power consumption data that needs to be collected, but it is instead the pricing data that needs to be distributed”.

Minimize identification of data with individuals
One way of collecting data without connecting it to individual users is by throwing together data of different users as in the example above. “Anonymization can be performed by summing the power consumption data for a sufficient number of customers so that a single customer’s data cannot be isolated”, Wicker and Thomas write. Aggregate data on a higher level, like a neighborhood rather than on the individual level.

Minimize and secure data retention
Data is not only send to the utility, it is also stored in the device. The professors propose to keep accumulated data in the metering device in a cryptographically secure vault. Data that is sent to the utility should be encrypted to prevent personal information leakage in transit. Another good practice is to refrain from retaining data that isn't needed in the long term.

The authors conclude with pointing out that “privacy-aware design is still in its infancy. There are many interesting technical problems to be solved as the design toolbox for privacy-aware information networks is developed.”

Loading comments...
related items