IoT Privacy

The paper discusses the inherent privacy issues involved in the IoT. Specifically, they discuss the issue that arises when a plethora of sensors meant to create the ability to optimize and automate our lives also grants the opportunity for nefarious actions such as unwarranted surveillance.

The authors argue for the existence of a new system, the privacy aspects of which are each briefly described in the second section, as a solution to this issue. Chiefly, they argue that users should be given absolute control over their personal data.

The architecture relies on the existence of cloudlets, which exist near the sensors and which act as 'privacy mediators' to anonymize, denature, and otherwise obscure sensitive data so as to adhere to privacy policies specified by users and applications. These cloudlets will be dynamically deployed in the immediate area of a user, altering data collection methods to ensure that users privacy to their customized specifications.

This is more of a 'vision' paper and is therefore sparse on evaluation.

A link to the original presentation is given here: https://www.youtube.com/watch?v=v2Oobl01XsQ

Pros

• The authors give many real-world motivating examples that demonstrate the clear advantages of such a privacy-based system.
• The authors demonstrate the viability of even a laptop as a local cloudlet, increasing the viability of their design.
• They detail very well the privacy solutions proposed by others in their related works section.

Cons

• It's a vision paper, so it's somewhat sparse on implementation specifics and almost completely devoid of evaluation, although the authors do mention that such an implementation exists.
• One could argue that this design is perhaps overly optimistic in its user-centered design. Private industry would certainly favor something less controllable by the user. Some sort of negotiation between user expectations and private industry needs would likely create some new form of End User License Agreement (EULA), which users would likely have to opt into.
• The authors describe the need for the system to be simple and user friendly. They then go on to list a plethora of scenarios in which users are expected to think in terms of things like video frames from cameras and other granularities the likes of which a typical user has likely never encountered.
• They don't mention how a user 'instantiates' a new mediator when they enter a new environment, or where the code for these new instantiations comes from.

Discussion Questions

• Imagine a company wishes to outfit all of its office spaces with sensory devices. What rights would users be expected to give up simply upon entering such a building? Would one need to sign a EULA to enter the building? How would this change if the building was a public/government building?
• How would you propose to solve the issue of dynamic deployment that is left open by the authors? This is mentioned above in the con section.
• What mechanisms or abstractions can you think of that would make it easy for a user to specify a level of privacy without getting obsessed with the technical minutia of data collection?