Oct. 7, 2022
Computer science alum aims to preserve people’s privacy in internet-connected 'smart' environments
Billions of tiny, mostly unseen devices are in the environment, gathering data largely without our awareness and using this data with no concerns about our privacy.
More than 30 billion of “Internet of Things” (IoT) devices are installed and connected to the internet worldwide — and that number grows every year.
IoT devices are in places and products ranging from “smart” buildings to our offices and homes, to control systems and smart pacemakers, to smart consumer products such as kitchen appliances, light fixtures and smart watches.
“The unfortunate situation about the IoT is that people gradually surrender their privacy without realizing it, because they’re unaware of the data being collected or how this data is used,” says Emmanuel Onu, who graduated in June with a PhD in the Department of Computer Science in the Faculty of Science.
For his PhD, Onu worked under the supervision of Dr. Ken Barker, PhD, as part of the Institute for Security, Privacy and Information Assurance, a multidisciplinary research centre under the umbrella of the Faculty of Science. Barker is director of the ISPIA.
Onu’s research focuses on preserving people’s privacy in IoT environments, which includes giving them control over how the data collected by IoT devices will be used.
“What the data collectors are doing now is essentially depriving users of that control. And we are interested in giving users control over their data,” he says.
Calgarians got a rude awakening to privacy issues in the IoT environment in 2018. A visitor to Chinook Centre spotted a browser window on one of the mall’s electronic directories, exposing a facial-recognition application running in the background. The aim was to count the number of people using the directory, and to predict their approximate age and gender.
An investigation by the privacy commissioners of Alberta and Canada found that the data collection contravened privacy laws.
Cadillac Fairview, which operates Chinook Centre, said at the time it disabled the software after the investigations were launched and subsequently deleted the data.
Onu says that for the most part, privacy is an afterthought in an IoT environment, rather than being accounted for and built into the design starting at the conceptual stage.
“My research is based on privacy-by-design, where we design buildings that consider the privacy of people who reside in them or use them,” he says.
Balance needed between privacy and IoT’s value
Onu says a privacy-preserving IoT environment requires four key components:
- Privacy awareness — making people aware of the IoT devices, the data they’re collecting, who’s collecting the data, and what it will be used for
- Privacy recommendation — providing an interactive decision-support system to help support people in an IoT environment to make rational and consistent decisions about their privacy
- Privacy contract negotiation — providing a negotiation process between people, or users, in an IoT environment and the data collector, so they can reach an agreement on how the data will be used
- Privacy preference — providing a means for users to express their privacy preferences to the data collector on how their data will be used
A privacy-preserving smart environment will require some IT infrastructure that will allow users to communicate with the smart environment, Onu says.
A core part of his research is developing an intelligent, personalized “privacy assistant” that runs on a user’s mobile phone and will mediate the interaction between users and IoT devices around them.
Most people see value in the IoT environment and the convenience afforded by IoT devices, which can provide a range of services such as security, remote monitoring and energy management, Onu notes. “All they want is to be provided this service in a manner that doesn’t affect their privacy in a malicious way.”
During his PhD, Onu managed to obtain a dataset from a research group in the U.S., which enabled him to test the privacy recommendation component of his prototype system – with what he says are “good results.”
What is needed now is more research on how a negotiated contract stipulating how data will be used can be enforced, he says. In addition, the software needs further refinements, before being loaded onto a mobile phone for testing in a real-world smart environment.
Onu now works as a senior software engineer for Vena Solutions, a Toronto-based financial planning and analysis firm. He will continue as a research associate at UCalgary, collaborating with Barker on further research to develop the privacy assistant system.
Onu estimates it will take about a year to have the complete system built, tested and proved out.
Although IoT devices have become nearly ubiquitous in the world, Barker says it would be overwhelming for an individual to personally interact with every device to define what data about us they should or can collect.
“Dr. Onu’s research will allow for personal preferences to be placed into the digital assistant, which will then communicate those preferences to each device encountered,” Barker says. “This work has the potential to allow all of us to safely benefit from the promises of an IoT-connected world, while ensuring that each of us can define what we individually want to keep private.”
The University of Calgary is one of five members (along with Concordia University, Ryerson University, University of New Brunswick, and University of Waterloo) of the National Cybersecurity Consortium (NCC), whose research themes include “privacy and privacy enhancing technologies.” The NCC is working with the public and private sectors to lead the federal Cyber Security Innovation Network.