What happens to all the sensitive personal information our smart devices collect from us? Where does the data picked up by our smart watches, speakers and TVs go, who has access to it and how is it used?
It’s often unclear what happens with the data these devices collect: where that data goes and how it is used. This is concerning, given these devices can often collect highly personal, private and sensitive information about ourselves and our lives
These questions have been worrying researchers at the University of Cambridge Department of Computer Science and Technology. Now they are launching a year-long investigation into the ways our information is being collected and whether or not these always comply with regulations and the law.
Working in collaboration with colleagues at Imperial College London, they will probe the data that flows from the Internet of Things – the networked consumer devices, such as smart printers, doorbells and toys, that are an increasing presence in our homes.
Backed by a grant from the Information Commissioner’s Office, the UK’s data protection regulator, they will be investigating what Dr Jat Singh describes as ‘the Internet of Stings’.
Research shows that information from our devices often finds its way to a range of third parties, such as user-tracking and advertising networks that may mine it for valuable information about consumer behaviour. He’s also worried about the occasions when data is transmitted from one country to another where there may be different rules, rights and restrictions around data and its use.
So Singh and the research team want to investigate the transmission of data from our devices to find out if it is in line with relevant law – and to inform consumers about the potential of what we can do to have better control over our information.
“We see ‘smart’ devices increasingly being worn on people’s bodies and used in people’s homes,” said Singh. “However, it’s often unclear what happens with the data these devices collect: where that data goes and how it is used. This is concerning, given these devices can often collect highly personal, private and sensitive information about ourselves and our lives.
“This project seeks to shed light on the state of current commercial data practices by analysing the nature of data flows from both a technical and a data rights, perspective. We aim to show if there are any data protection implications and concerns in the consumer smart device landscape so that we can empower policymakers, regulators, and individuals alike.”
Dr Singh leads the Compliant & Accountable Systems Research group, a team of researchers working at the intersection of technology and law. They consider ways in which technology could be better designed and deployed to meet legal and regulatory concerns and work to inform policymakers and regulators about the technical realities of new and emerging technologies.
Technical network-monitoring mechanisms have been used to establish the ways in which data is transmitted, the patterns of transmissions, and the destinations it ended up in. “This showed that potentially problematic data-flow appears to be rife in the Internet of Things,” said Singh.
Over the next year, they’ll be taking a detailed look at whether devices actually transmit data in accordance with the privacy policies and other legal obligations of the companies that sell them.
They will also explore the implications of mitigations that consumers might use, such as the implications of blocking particular data flows.
They want to establish the nature and scale of any problems and see if vendor companies are being honest and fully transparent with their consumers and compliant with data protection and other laws. They also want to better inform not only device owners but also regulators and policy-makers about the suspected issues, which may help inform future interventions.
“Problems with the data practices of the consumer smart devices have been suspected for some time, but not fully examined – from both a technical and legal perspective,” said Singh. “We need to do so if we want a better, fairer and more compliant Internet of Things.”
Originally published on the Computer Science and Technology website.