A team of researchers at Carnegie Mellon University have developed the Internet of Things Assistant, an app that helps individuals to track how their data is being collected and who is spying on them.
Consider public cameras with facial recognition and scene recognition capabilities, Bluetooth beacons surreptitiously tracking your whereabouts at the mall, or your neighbour’s smart doorbell or smart speaker, according to a story published by Carnegie Mellon’s Security and Privacy Institute
The IoT Assistant app will let you discover the IoT devices around you and learn about the data they collect. If the device offers privacy choices like opting in or out of data collection, the app will help you access these choices.
While end-users may use the app to see information about IoT devices around them, owners of IoT devices may use a cloud-based online portal to publish the presence of their IoT devices in registries spanning different areas.
Organizations such as mall operators, shop owners, universities, or individuals can request the creation of registries where they can control the publication of IoT technologies in different areas. The infrastructure is hosted in the cloud and is designed to be easy to use. For instance, pre-made templates for commonly used off-the-shelf IoT devices are available for people to edit and easily publish in registries.
“Because of new laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), people need to be informed about what data is collected about them and they need to be given some choices over these processes,” says Professor Norman Sadeh, a CyLab faculty member in Carnegie Mellon’s Institute for Software Research and the principal investigator on the project.
“We have built an infrastructure that enables owners of IoT technologies to comply with these laws, and an app that takes advantage of this infrastructure to empower people to find out about and control data collected by these technologies.”
Right now, some public spaces under surveillance might have signs that say, “This area is under surveillance,” informing people in the vicinity that video of them may be recorded.
“These signs tell you nothing about what is being done with your footage, how long it’s going to be retained, whether or not it uses facial recognition, or with whom this is going to be shared,” says Sadeh.
“Under regulations like GDPR and CCPA, there are requirements to more explicitly communicate not just the presence of these technologies and what they collect, but to also give people some control over what is being collected and how the data can be used.”