Cybersecurity & Trust in Internet of Things (IoT): Agency and negotiability over personal data in smart devices in the home
Lead Research Organisation:
University of Nottingham
Department Name: School of Computer Science
Abstract
nternet of Things is making everything smart through a network of items with sensors connected to the Internet (Minn et al., 2015). Smart devices are those items that connect to other devices or networks using wireless connectivity such as Wi-Fi, 5G (IGI Global, 2021). Smartphones, smart locks and smartwatches are examples of smart devices. According to the UK Data Protection Act (DPA) and the General Data Protection Regulation (GDPR), personal data is any information that relates to an identified or identifiable individual such as name, email, NI number, location data (ICO, n.d.). Both the DPA and GDPR mandate that the design process for new products and services consider data protection and privacy risks within it. We argue that the state-of-the-art for storing personal data in the home and setting user preferences in smart devices requires research.
Our research will (i) provide design and governance guidelines in a non-legalistic language for the manufacturers and service providers of smart devices to consider in the design process for new products and services. (ii) Consequently through standardisation, they will yield competitive advantage, and reduce their compliance, and data processing burden. (iii) Further, our research will bridge the gap between the manufacturers, service providers, privacy professionals and regulators concerning the data protection and privacy risks leading to privacy issues in smart devices.
Our eventual goal is to translate the design and governance guidelines to a policy.
Why is it important? Smart device users lack understanding of data privacy (Marwick & Boyd, 2014) and control over how their personal data is shared and processed (Broenink et al., 2010). Our proposed research will (a) enable and empower the users of smart devices to make informed choices about how much and who they share their data with and therefore have control over their personal data. (b) So the users can enjoy the tailored services of smart devices, to improve convenience and not worry about their data privacy.
We will do this through co-creation of design and governance guidelines. A technical standpoint of our starting position is to assume a solution that brings data processing and storage closer to where it is generated, akin to Databox (McAuley et al., 2016). The guidelines for the solution will cover the architecture, user interface and interactions, so users can model their privacy settings and preferences without difficulty. It will also cover cybersecurity areas such as user authentication and data security.
References
Broenink, G., Hoepman, J.-H., Hof, C. van 't, van Kranenburg, R., Smits, D., & Wisman, T. (2010). The Privacy Coach: Supporting customer privacy in the Internet
of Things. 1-10. http://arxiv.org/abs/1001.4459
ICO. (n.d.). Information Commissioner's Office.
https://ico.org.uk/for-organisations/guide-to-data-protection/
IGI Global (2021) What is Smart Device
https://www.igi-global.com/dictionary/smart-device/47498
Marwick, A. E., & Boyd, D. (2014). Networked privacy: How teenagers negotiate context in social media. New Media and Society.
https://doi.org/10.1177/1461444814543995
McAuley, D., Brown, T., Glover K., Amar, Y., Mortier, R., Li, Q., Lodge, T., Haddadi, H., Hiwal, Poonam, Price, D., Zhao, R. (2019). Privacy-Aware Data Analytics Platform. https://github.com/me-box/databox/
Minn, H., Zeng, M., & Bhargava, V. (2015). Towards a definition of the {Internet of Things (IoT)}. IEEE Internet Initiative, 1-86.
Our research will (i) provide design and governance guidelines in a non-legalistic language for the manufacturers and service providers of smart devices to consider in the design process for new products and services. (ii) Consequently through standardisation, they will yield competitive advantage, and reduce their compliance, and data processing burden. (iii) Further, our research will bridge the gap between the manufacturers, service providers, privacy professionals and regulators concerning the data protection and privacy risks leading to privacy issues in smart devices.
Our eventual goal is to translate the design and governance guidelines to a policy.
Why is it important? Smart device users lack understanding of data privacy (Marwick & Boyd, 2014) and control over how their personal data is shared and processed (Broenink et al., 2010). Our proposed research will (a) enable and empower the users of smart devices to make informed choices about how much and who they share their data with and therefore have control over their personal data. (b) So the users can enjoy the tailored services of smart devices, to improve convenience and not worry about their data privacy.
We will do this through co-creation of design and governance guidelines. A technical standpoint of our starting position is to assume a solution that brings data processing and storage closer to where it is generated, akin to Databox (McAuley et al., 2016). The guidelines for the solution will cover the architecture, user interface and interactions, so users can model their privacy settings and preferences without difficulty. It will also cover cybersecurity areas such as user authentication and data security.
References
Broenink, G., Hoepman, J.-H., Hof, C. van 't, van Kranenburg, R., Smits, D., & Wisman, T. (2010). The Privacy Coach: Supporting customer privacy in the Internet
of Things. 1-10. http://arxiv.org/abs/1001.4459
ICO. (n.d.). Information Commissioner's Office.
https://ico.org.uk/for-organisations/guide-to-data-protection/
IGI Global (2021) What is Smart Device
https://www.igi-global.com/dictionary/smart-device/47498
Marwick, A. E., & Boyd, D. (2014). Networked privacy: How teenagers negotiate context in social media. New Media and Society.
https://doi.org/10.1177/1461444814543995
McAuley, D., Brown, T., Glover K., Amar, Y., Mortier, R., Li, Q., Lodge, T., Haddadi, H., Hiwal, Poonam, Price, D., Zhao, R. (2019). Privacy-Aware Data Analytics Platform. https://github.com/me-box/databox/
Minn, H., Zeng, M., & Bhargava, V. (2015). Towards a definition of the {Internet of Things (IoT)}. IEEE Internet Initiative, 1-86.
Planned Impact
We will collaborate with over 40 partners drawn from across FMCG and Food; Creative Industries; Health and Wellbeing; Smart Mobility; Finance; Enabling technologies; and Policy, Law and Society. These will benefit from engagement with our CDT through the following established mechanisms:
- Training multi-disciplinary leaders. Our partners will benefit from being able to recruit highly skilled individuals who are able to work across technologies, methods and sectors and in multi-disciplinary teams. We will deliver at least 65 skilled PhD graduates into the Digital Economy.
- Internships. Each Horizon student undertakes at least one industry internship or exchange at an external partner. These internships have a benefit to the student in developing their appreciation of the relevance of their PhD to the external societal and industrial context, and have a benefit to the external partner through engagement with our students and their multidisciplinary skill sets combined with an ability to help innovate new ideas and approaches with minimal long-term risk. Internships are a compulsory part of our programme, taking place in the summer of the first year. We will deliver at least 65 internships with partners.
- Industry-led challenge projects. Each student participates in an industry-led group project in their second year. Our partners benefit from being able to commission focused research projects to help them answer a challenge that they could not normally fund from their core resources. We will deliver at least 15 such projects (3 a year) throughout the lifetime of the CDT.
- Industry-relevant PhD projects. Each student delivers a PhD thesis project in collaboration with at least one external partner who benefits from being able to engage in longer-term and deeper research that they would not normally be able to undertake, especially for those who do not have their own dedicated R&D labs. We will deliver at least 65 such PhDs over the lifetime of this CDT renewal.
- Public engagement. All students receive training in public engagement and learn to communicate their findings through press releases, media coverage.
This proposal introduces two new impact channels in order to further the impact of our students' work and help widen our network of partners.
- The Horizon Impact Fund. Final year students can apply for support to undertake short impact projects. This benefits industry partners, public and third sector partners, academic partners and the wider public benefit from targeted activities that deepen the impact of individual students' PhD work. This will support activities such as developing plans for spin-outs and commercialization; establishing an IP position; preparing and documenting open-source software or datasets; and developing tourable public experiences.
- ORBIT as an impact partner for RRI. Students will embed findings and methods for Responsible Research Innovation into the national training programme that is delivered by ORBIT, the Observatory for Responsible Research and Innovation in ICT (www.orbit-rri.org). Through our direct partnership with ORBIT all Horizon CDT students will be encouraged to write up their experience of RRI as contributions to ORBIT so as to ensure that their PhD research will not only gain visibility but also inform future RRI training and education. PhD projects that are predominantly in the area of RRI are expected to contribute to new training modules, online tools or other ORBIT services.
- Training multi-disciplinary leaders. Our partners will benefit from being able to recruit highly skilled individuals who are able to work across technologies, methods and sectors and in multi-disciplinary teams. We will deliver at least 65 skilled PhD graduates into the Digital Economy.
- Internships. Each Horizon student undertakes at least one industry internship or exchange at an external partner. These internships have a benefit to the student in developing their appreciation of the relevance of their PhD to the external societal and industrial context, and have a benefit to the external partner through engagement with our students and their multidisciplinary skill sets combined with an ability to help innovate new ideas and approaches with minimal long-term risk. Internships are a compulsory part of our programme, taking place in the summer of the first year. We will deliver at least 65 internships with partners.
- Industry-led challenge projects. Each student participates in an industry-led group project in their second year. Our partners benefit from being able to commission focused research projects to help them answer a challenge that they could not normally fund from their core resources. We will deliver at least 15 such projects (3 a year) throughout the lifetime of the CDT.
- Industry-relevant PhD projects. Each student delivers a PhD thesis project in collaboration with at least one external partner who benefits from being able to engage in longer-term and deeper research that they would not normally be able to undertake, especially for those who do not have their own dedicated R&D labs. We will deliver at least 65 such PhDs over the lifetime of this CDT renewal.
- Public engagement. All students receive training in public engagement and learn to communicate their findings through press releases, media coverage.
This proposal introduces two new impact channels in order to further the impact of our students' work and help widen our network of partners.
- The Horizon Impact Fund. Final year students can apply for support to undertake short impact projects. This benefits industry partners, public and third sector partners, academic partners and the wider public benefit from targeted activities that deepen the impact of individual students' PhD work. This will support activities such as developing plans for spin-outs and commercialization; establishing an IP position; preparing and documenting open-source software or datasets; and developing tourable public experiences.
- ORBIT as an impact partner for RRI. Students will embed findings and methods for Responsible Research Innovation into the national training programme that is delivered by ORBIT, the Observatory for Responsible Research and Innovation in ICT (www.orbit-rri.org). Through our direct partnership with ORBIT all Horizon CDT students will be encouraged to write up their experience of RRI as contributions to ORBIT so as to ensure that their PhD research will not only gain visibility but also inform future RRI training and education. PhD projects that are predominantly in the area of RRI are expected to contribute to new training modules, online tools or other ORBIT services.
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/S023305/1 | 01/10/2019 | 31/03/2028 | |||
| 2443102 | Studentship | EP/S023305/1 | 01/10/2020 | 05/01/2025 | Farid Vayani |