SlideShare a Scribd company logo
1 of 83
Download to read offline
©2017CarnegieMellonUniversity:1
Are my Devices Spying on Me?
Living in a World of Ubiquitous Computing
Lakehead University
Feb 2019
Jason Hong
@jas0nh0ng
jasonh@cs.cmu.edu
Computer
Human
Interaction:
Mobility
Privacy
Security
©2019CarnegieMellonUniversity:2
In the near future, our
smart devices will know
everything about us
©2019CarnegieMellonUniversity:3
©2019CarnegieMellonUniversity:4
©2019CarnegieMellonUniversity:5
We Are Just Starting to Enter
the Third Wave of Computing
• First Wave: Computation
– Making the basics of computers work
• Second Wave: Networking
– Connecting computers around the world
• Third Wave: Ubiquitous Computing
– Also called Internet of Things (IoT)
– Computation, communication, sensing, and
actuation woven into our everyday physical world
– Possible because of faster wireless networking,
cheap sensors, better CPUs, decreasing costs
©2019CarnegieMellonUniversity:6
Smartphones Give Us a Glimpse of this
Coming World
• Over 1B smartphones
sold every year
• Well over 100B apps
downloaded on each of
Android and iOS
• Incredibly intimate devices
©2019CarnegieMellonUniversity:7
Smartphones are Intimate
Fun Facts about Millennials
• 83% sleep with phones
©2019CarnegieMellonUniversity:8
Smartphones are Intimate
Fun Facts about Millennials
• 83% sleep with phones
• 90% check first thing in morning
©2019CarnegieMellonUniversity:9
Smartphones are Intimate
Fun Facts about Millennials
• 83% sleep with phones
• 90% check first thing in morning
• 1 in 3 use in bathroom
©2019CarnegieMellonUniversity:10
Smartphone Data is Intimate
Who we know
(contacts + call log)
Sensors
(accel, sound, light)
Where we go
(gps, photos)
©2019CarnegieMellonUniversity:11
These Technologies Offer Many Benefits
to Society
• These devices +
artificial intelligence
technologies will allow
us to build amazing
things
– Healthcare
– Urban analytics
– Physical safety
©2019CarnegieMellonUniversity:12
These Exact Same Technologies Pose
Significant Societal Challenges for Privacy
©2019CarnegieMellonUniversity:13
A Personal Story About Privacy
• In my first year teaching
at Carnegie Mellon, met
students in their lab
• Didn’t know until end of
semester that I was
being broadcast on
Internet the entire
time!
– Do you see the camera?
©2019CarnegieMellonUniversity:14
©2019CarnegieMellonUniversity:15
Wide Range of Privacy Risks
Everyday Risks Extreme Risks
Stalkers, Hackers
_________________________________
Well-being
Personal safety
Blackmail
Employers
_________________________________
Over-monitoring
Discrimination
Reputation
Friends, Family
_________________________________
Over-protection
Social obligations
Embarrassment
Government
__________________________
Civil liberties
• It’s not just Big Brother
• It’s not just corporations
• Privacy is about our relationships with every
other individual and organization out there
©2019CarnegieMellonUniversity:16
Outline for Rest of this Talk
• How do these technologies work?
– What data do devices have? Where does our data go?
– What is machine learning, and how does it work?
• Five reasons why privacy is so hard
• I want to help you make better informed decisions
• Call to action for privacy
– There is a better world we can build here
– We can only succeed through collective effort
©2019CarnegieMellonUniversity:17
Let’s Go Back to Smartphones
• Smartphones are everywhere,
they have lots of sensors + data
• Trajectory of Internet of Things
will likely match smartphones
• Case: Can we use smartphones
as a sleep monitor?
– Part of larger project on detecting
depression and well-being
– Step you thru how it works
©2019CarnegieMellonUniversity:18
Smartphones Have Lots of Data About You
• Sensor data
– Camera
– Proximity
– Light
– Microphone
– Location
– Accelerometer
– Gyroscope
– Magnetometer
– Temperature
– Humidity
©2019CarnegieMellonUniversity:19
Smartphones Have Lots of Data About You
• Phone status
– Network
– Battery
– Screen on/off
– Plugged in (or not)
©2019CarnegieMellonUniversity:20
Smartphones Have Lots of Data About You
• Personal data
– Apps installed
– What app is currently running
• Can record app usage history too
– Photos (many photos
have GPS data inside)
– SMS log
– Contacts
– Call log
– Calendar
©2019CarnegieMellonUniversity:21
Accessing All of the Smartphone Data
• Really easy for apps to get all the data I showed,
only a few restrictions
– Ex. Google dislikes looking at what apps installed
– Ex. Some notifications when installing and running
©2019CarnegieMellonUniversity:22
A Gap: How to Transform All of this Data
into Real World Activities?
Sensors
Accelerometer
Gyroscope
Microphone
…
Phone
Screen on / off
Plugged in (or not)
Battery life
…
Personal
Apps installed
App usage
Contacts
…
Sleep
Sleeping or not?
How well is person sleeping?
?
©2019CarnegieMellonUniversity:23
©2019CarnegieMellonUniversity:24
Machine Learning is Used to Make These
Kinds of Predictions
• Machine learning is one area of Artificial
Intelligence
– This is the kind that’s been getting lots of press
• The goal of machine learning is to develop
systems that can improve performance with
more experience
– Can use “example data” (like the one I
just showed you) as “experience”
– Uses these examples to discern patterns
©2019CarnegieMellonUniversity:25
How Machine Learning is Typically Used
• Gather lots of data
– We paid 27 people to fill out a daily sleep diary and
install an app that would collect lots of sensor data
• Design features that characterize the data
– Ex. Get loudness from microphone once every minute
– Ex. Get light intensity once every min
– Ex. Get motion from accelerometer once every min
• Train a machine learning model on that data
– Uses statistics to look for patterns in the features
– Our model outputs “sleeping” or “not sleeping”
• Measure effectiveness of model vs original data
• Repeat until model is good enough
©2019CarnegieMellonUniversity:26
Two Comments Here
More Data is Almost Always Better
• This is why Big Data is of such interest
– Easier to collect data than ever before
• Sensors, social media, web clicks, web tracking
– More data leads to better predictive models
• Can infer lots of things about human behavior
©2019CarnegieMellonUniversity:27
Two Comments Here
More Data is Almost Always Better
• This is why Big Data is of such interest
– Easier to collect data than ever before
• Sensors, social media, web clicks, web tracking
– More data leads to better models of behavior
• Can infer lots of things about human behavior
– What ads are people likely to click on?
– What books to recommend to people?
– Are you pregnant or not?
– What is your personality type?
– Are you depressed or not?
– Can’t answer these 100% accuracy, but improving
©2019CarnegieMellonUniversity:28
Two Comments Here
AI / Machine Learning Not As Sophisticated as in Media
©2019CarnegieMellonUniversity:29
©2019CarnegieMellonUniversity:30
©2019CarnegieMellonUniversity:31
Two Comments Here
AI / Machine Learning Not As Sophisticated as in Media
• A lot of people outside of computer science
often ascribe human behaviors to AI systems
– Especially desires and intentions
– Works well for sci-fi, but not for today or near future
• These systems only do:
– What we program them to do
– What they are trained to do (based on the data)
• Personally, I’m far more scared of people doing
bad things with AI and badly designed systems
©2019CarnegieMellonUniversity:32
Stepping Back to Internet of Things
• The fundamental tension
– IoT technologies offer potential tremendous
benefits for individuals and society
– These exact same technologies pose major
challenges for privacy
• Why is privacy so hard?
• What can we do about privacy?
©2019CarnegieMellonUniversity:33
Five Reasons Why Privacy is Hard
#1 Strong Incentives to for Companies to Collect Data
• Alluded to this with Big Data
– Barriers to collecting data are also really low
– More data means better predictive models
• Data has strong potential to affect bottom line
– Increasing relevance of online ads worth millions
– “Post-purchase monetization”
©2019CarnegieMellonUniversity:34
Five Reasons Why Privacy is Hard
#2 Low Knowledge, Awareness, Motivation by Devs
• Developers have low knowledge of privacy
– But even those with CS degrees have little knowledge
– In surveys and interviews, vast majority of app
developers knew little about what privacy issues
there were and how to address them
©2019CarnegieMellonUniversity:35
Five Reasons Why Privacy is Hard
#2 Low Knowledge, Awareness, Motivation by Devs
• Low awareness of privacy issues in their apps
• Many developers didn’t realize how much
data their app is collecting
– Or that it was collecting data at all
• App developers often use third-party libraries
– Functionality like analytics and advertising
– We found that over 40% of apps
collect data only because of these libraries
– Some apps use several libraries, which mean
your data is being sent to lots of third parties
©2019CarnegieMellonUniversity:36
Five Reasons Why Privacy is Hard
#3 Companies Get Little Pushback on Privacy
• Let’s say you want to purchase a web cam
– Go into store, can compare price, color, features
– But can’t easily compare privacy (or security)
– So, privacy does not influence customer purchases
– So, companies not incentivized to improve
• Less than 0.1% of reviews on Google Play
mention privacy concerns
• This is a market failure
– This is why companies assign privacy a low priority
©2019CarnegieMellonUniversity:37
Five Reasons Why Privacy is Hard
#4 Unclear What the Right Thing To Do Is
• Even if a company wants to be privacy-sensitive,
it’s not always clear what the right thing to do is
©2019CarnegieMellonUniversity:38
• New York Times privacy policy
• Still state of the art for privacy notices
• But no one reads these
©2019CarnegieMellonUniversity:39
Five Reasons Why Privacy is Hard
#4 Unclear What the Right Thing To Do Is
• Even if a company wants to be privacy-sensitive,
it’s not always clear what the right thing to do is
• For developers
– What is the best way of informing people?
– What is the best way of storing data?
– How to best assess what is / isn’t acceptable?
• Business metrics are also unclear
– In board room, metrics include Lifetime Value,
Customer Acquisition Cost, Year over year growth, etc
– No real metrics for privacy today
©2019CarnegieMellonUniversity:40
Five Reasons Why Privacy is Hard
#5 Burden on End-Users is Too High
• Individuals have to be constantly vigilant
– The webcam in my first class, or the AirBnb story
• Individuals also have to make too many decisions
– Is this device good with respect to privacy?
– Should I install this app?
– What are all the settings I need to know?
– What are all the terms and conditions?
– Trackers, cookies, VPNs, anonymizers, etc
©2019CarnegieMellonUniversity:41
What Can We Do About Privacy?
• Privacy is not hopeless
• I don’t have all the answers
• What I hope is that my talk will serve as part of
an ongoing conversation on privacy, and will
help stir some of you to action
• Here are some suggestions…
©2019CarnegieMellonUniversity:42
What Can We Do About Privacy?
• If you are a journalist…
– Learn more and report on bad actors / devices
– Many companies are responsive to bad press
• If you are a student or researcher…
– There are lots of ways you can help
– Ex. Address privacy for a specific vulnerable group
• Intimate partner violence or children
– Ex. Analyze what a device is doing (+ journalist)
– Ex. Build better tools for developers
– (Or if you teach, get students in your class to do these!)
©2019CarnegieMellonUniversity:43
What Can We Do About Privacy?
• If you are a developer…
– Learn more, and advocate within your company
– Establish some privacy standards, or privacy reviews
• If you are a policy maker…
– Don’t let companies get away with “individual choice”
• Too easy to push all the work to end-users
• If you are a consumer…
– Don’t buy that cheaper “smart” TV
– Be more deliberate about purchases, do some research
– Be especially wary of devices with cameras and mics
– Give feedback to companies about privacy
©2019CarnegieMellonUniversity:44
What Can We Do About Privacy?
• There is no single solution for privacy, and it will
never be “solved”
– It will be more like literacy or civil rights
– It will be something every generation will have to
• It will require a combination of market forces,
legislation, education, and new technologies
– It will be hard
– But we are still in the very early days of Internet of
Things, and we can still steer it onto a better path
©2019CarnegieMellonUniversity:45
https://www.flickr.com/photos/johnivara/536856713
©2019CarnegieMellonUniversity:46
https://www.flickr.com/photos/johnivara/536856713
How can we create
a connected world we
would all want to live in?
©2019CarnegieMellonUniversity:47
©2019CarnegieMellonUniversity:48
• “It's tough to make
predictions, especially
about the future”
– Yogi Berra
©2019CarnegieMellonUniversity:49
Looking Backwards
• The Industrial Revolution led to major changes
in society
– Compulsory high school education
– Shift from rural to urban areas
– Labor unions
– Feminism
– Welfare state
• Internet of Things + Artificial Intelligence will
likely be equally disruptive to society
©2019CarnegieMellonUniversity:50
©2019CarnegieMellonUniversity:51
IoT Pyramid Top Tier
• A few devices per person
• High computational power
• Tablets
• Glasses
• Laptops
• Smartphones
©2019CarnegieMellonUniversity:52
IoT Pyramid Top Tier
• A few devices per person
• High computational power
• Tablets
• Glasses
Middle Tier
• Tens of devices per person
• Moderate computational power
• TVs
• Smart Toys
• Laptops
• Smartphones
• Thermostats
• Refrigerators
©2019CarnegieMellonUniversity:53
IoT Pyramid Top Tier
• A few devices per person
• High computational power
• Tablets
• Glasses
Middle Tier
• Tens of devices per person
• Moderate computational power
• TVs
• Smart Toys
Bottom Tier
• Hundreds of devices per person
• Low computational power
• HVAC
• RFIDs
• Lightbulbs
• Laptops
• Smartphones
• Thermostats
• Refrigerators
• Smart toilets
• Implanted
medical devices
©2019CarnegieMellonUniversity:54
IoT Security Issues Top Tier Security
• Cybersecurity good today
• Can run endpoint protection
• Large corporations developing
©2019CarnegieMellonUniversity:55
IoT Security Issues Top Tier Security
• Cybersecurity good today
• Can run endpoint protection
• Large corporations developing
Middle Tier Security
• Cybersecurity weak today
• Basic or no endpoint capabilities
• Spotty security protections
©2019CarnegieMellonUniversity:56
IoT Security Issues Top Tier Security
• Cybersecurity good today
• Can run endpoint protection
• Large corporations developing
Middle Tier Security
• Cybersecurity weak today
• Basic or no endpoint protection
• Spotty security protections
Bottom Tier Security
• Cybersecurity very poor today
• Weak or no endpoint protection
• Low manufacturer experience
• High diversity in hw, sw, OS
• Many devices never updated
• Major scalability challenges
©2019CarnegieMellonUniversity:57
How is IoT Security Different?
1. Physical Safety and Security
• Deliberate attacks
– Ex. Crashing drones or autonomous vehicles
– Note that most attackers won’t do this
©2019CarnegieMellonUniversity:58
How is IoT Security Different?
1. Physical Safety and Security
• Different classes of attackers, different motives
• State-sponsored
– State secrets, intellectual property, sow discord
• Non-state actors
– Terrorism, advocacy for a cause
• Organized crime
– Repeatable business model, stay under radar
• Disgruntled employee / Insider attack
• Script kiddies
©2019CarnegieMellonUniversity:59
How is IoT Security Different?
1. Physical Safety and Security
• More likely attack: Ransomware
– Lock out of your house unless pay ransom
– Make videos of you at home public unless you pay
©2019CarnegieMellonUniversity:60
How is IoT Security Different?
1. Physical Safety and Security
• More likely attack: Ransomware
– Lock out of your house unless pay ransom
– Make videos of you at home public unless you pay
• Just as likely: attacks for the “lulz”
– Tripping circuit breakers at office
– Remotely adjusting thermostat to make harder sleep
(or waste money, or let pipes freeze over)
• What kinds of safeguards for physical safety?
• Can we build models of normal vs abnormal
behaviors for devices and apps, and enforce?
©2019CarnegieMellonUniversity:61
How is IoT Security Different?
2. Scalability
• Billions of devices will need to be secured
– Gartner estimates 20B devices by 2020
• Scale transforms easy into hard
– Ex. Unique passwords for dozens of devices?
– Ex. Security policies, each device having different user
interface (most not having a display and keyboard)?
– Ex. Physically locking down dozens of devices?
– Ex. Installing software updates
• What kinds of network protocols, APIs, and
middleware to help manage IoT devices at scale?
©2019CarnegieMellonUniversity:62
How is IoT Security Different?
2. Scalability
• Scalability also enables new classes of attacks
http://shodan.io
©2019CarnegieMellonUniversity:63
©2019CarnegieMellonUniversity:64
How is IoT Security Different?
2. Scalability
• Possible for attackers to search for and execute
vulnerabilities at scale
– Ex. Mirai botnet DDoS attack Oct 2016
• Nightmare scenarios
– Find vulnerabilities in smartphone-connected
blood glucose monitors, inject fake data
– Find vulnerable medical implants, hold people hostage
• Again, some kind of model or policy
– Maybe formal model, maybe big data
• Better ways of using proximity for access?
©2019CarnegieMellonUniversity:65
How is IoT Security Different?
3. Diversity of IoT Devices
• Hundreds of different manufacturers for middle
and bottom tier
– Different operating systems, wireless networking,
configuration software, log formats, cloud services
– Poor or no I/O capabilities, each UI different too
• Result: fragmentation of cybersecurity
– More network-based (vs endpoint) approaches
• Again, network protocols, APIs, and middleware
to help configure and manage
• Can we also help people make good decisions?
– Ex. Crowdsourcing or AI / Machine Learning
©2019CarnegieMellonUniversity:66
How is IoT Security Different?
4. Low Manufacturer Experience
• Most traditional software companies understand
basics of good cybersecurity
• But most IoT will be developed by non-traditional
hardware companies
– Mostly middle and bottom tier
– Ex. Lighting, toys, medical equipment, audio,
household appliances
• And lots of small-scale manufacturers who have
no experience with security
– Ex. Kickstarter
©2019CarnegieMellonUniversity:67
153 Projects at Kickstarter for “iot”
©2019CarnegieMellonUniversity:68
382 Projects at Kickstarter for “sensor”
©2019CarnegieMellonUniversity:69
766 Projects at Kickstarter for “wireless”
©2019CarnegieMellonUniversity:70
How is IoT Security Different?
4. Low Manufacturer Experience
• Last time I checked, only 3 of top 50 CS
programs required a cybersecurity course
• But, only half of developers have CS degrees
©2019CarnegieMellonUniversity:71
How is IoT Security Different?
4. Low Manufacturer Experience
• Low experience + Lots of small manufacturers
• Result: Lots of really basic vulnerabilities
– Poor software engineering practices for security
– Lack of awareness, knowledge, motivation to be secure
• Result: Lots of unsupported devices
– Small manufacturers will go out of business
– Or end of life from bigger manufacturers
• How can we help devs with low experience?
• How to offer security for lifespan of decades?
©2019CarnegieMellonUniversity:72
How is IoT Security Different?
5. Lots of Unexpected Emergent Behaviors
©2019CarnegieMellonUniversity:73
• A six-year-old asked her family’s
Echo “can you play dollhouse with
me and get me a dollhouse?”
• The device complied, ordering a
KidKraft Sparkle mansion
dollhouse, in addition to “four
pounds of sugar cookies.”
©2019CarnegieMellonUniversity:74
• The story ended up on a local
morning show, where the anchor
remarked “I love the little girl,
saying ‘Alexa ordered me a
dollhouse.’”
©2019CarnegieMellonUniversity:75
IoT Privacy
Awareness
©2019CarnegieMellonUniversity:76
How Can We Make Invisible Information
Flows Visible?
• For bottom-tier of pyramid, devices non-obvious
• CMU Mites.io platform
– Air temp, humidity, pressure, 6-axis IMU, grid eye, …
• How to increase awareness of devices like this?
©2019CarnegieMellonUniversity:77
Signifiers.io
• Project by some of our Master’s of HCI students
©2019CarnegieMellonUniversity:78
Signifiers.io
Amazon Alexa and Google Home (Voice)
©2019CarnegieMellonUniversity:79
Signifiers.io
Smart TVs Sensing Video and Audio
©2019CarnegieMellonUniversity:80
Signifiers.io
Webcams Sensing Video and Audio
©2019CarnegieMellonUniversity:81
Open Challenges for IoT Privacy+Security
• Can we make it so a person can understand what
data is being sensed in a room within 30 seconds?
• Most developers know nothing about security or
privacy. How can we help average devs do better?
• Can we enable an ecosystem for privacy that shifts
burden off of end-users and onto OS, markets,
developers, third-parties, and governments?
• How can we best address the market failure of IoT
privacy and security?
©2019CarnegieMellonUniversity:82
Some of Our Ongoing Work at CMU
• Devs specify purposes in apps and others check
– Ex. “This app uses contacts for advertising”
– Ex. “This app uses location for maps”
• Manufacturer Usage Descriptions
– Change default from blacklist to whitelist
– “This toaster will only contact facebook.com”
• Privacyproxy.io
– Crowd-based approach for finding personally
identifiable information (PII) used by apps
– Data that you see a lot but no one else sees
– Using this to map out who knows what about us
– Can download for Android at Google Play
©2019CarnegieMellonUniversity:83
Thanks!
More info at cmuchimps.org
or email jasonh@cs.cmu.edu
Read more:
• Towards a Safe and Secure Internet of Things
https://www.newamerica.org/cybersecurity-initiative/policy-
papers/toward-a-safe-and-secure-internet-of-things/
Special thanks to:
• NSF
• Alfred P. Sloan
• NQ Mobile
• DARPA
• Google
• CMU Cylab
• New America

More Related Content

What's hot

Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...
Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...
Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...Dana Gardner
 
Exploring Emergent Consumer Experience: A Topological Data Analysis Approach
Exploring Emergent Consumer Experience: A Topological Data Analysis ApproachExploring Emergent Consumer Experience: A Topological Data Analysis Approach
Exploring Emergent Consumer Experience: A Topological Data Analysis ApproachDonna Hoffman
 
Future opportunities in social communications
Future opportunities in social communicationsFuture opportunities in social communications
Future opportunities in social communicationsPawan Gupta
 
Using Topological Data Analysis to Explore Emergent Consumer Experience from ...
Using Topological Data Analysis to Explore Emergent Consumer Experience from ...Using Topological Data Analysis to Explore Emergent Consumer Experience from ...
Using Topological Data Analysis to Explore Emergent Consumer Experience from ...Donna Hoffman
 
The ethics of cloud and mobile computing for lawyers
The ethics of cloud and mobile computing for lawyersThe ethics of cloud and mobile computing for lawyers
The ethics of cloud and mobile computing for lawyersNicole Black
 
Consumer Experience in the Internet of Things
Consumer Experience in the Internet of ThingsConsumer Experience in the Internet of Things
Consumer Experience in the Internet of ThingsDonna Hoffman
 
Consumer Experience in the Internet of Things: Conceptual Foundations
Consumer Experience in the Internet of Things: Conceptual FoundationsConsumer Experience in the Internet of Things: Conceptual Foundations
Consumer Experience in the Internet of Things: Conceptual FoundationsDonna Hoffman
 
The challenge of security awareness
The challenge of security awarenessThe challenge of security awareness
The challenge of security awarenessJisc
 
ZION: Security and Internet of Things
ZION: Security and Internet of ThingsZION: Security and Internet of Things
ZION: Security and Internet of ThingsAnkam Karthik
 
Big Data and High Performance Computing
Big Data and High Performance ComputingBig Data and High Performance Computing
Big Data and High Performance ComputingAbzetdin Adamov
 
New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference ) New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference ) Ahmed Banafa
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big dataPeter Wood
 
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...mkeane
 
Internet of things enabling tech - challenges - opportunities (2016)
Internet of things   enabling tech - challenges - opportunities (2016)Internet of things   enabling tech - challenges - opportunities (2016)
Internet of things enabling tech - challenges - opportunities (2016)Davor Dokonal
 
iPractice for Lawyers: Cloud and mobile computing and social media
iPractice for Lawyers: Cloud and mobile computing and social mediaiPractice for Lawyers: Cloud and mobile computing and social media
iPractice for Lawyers: Cloud and mobile computing and social mediaNicole Black
 
Internet and Society 2018 Digital Divide, Exclusion, Policy, and new harms
Internet and Society 2018 Digital Divide, Exclusion, Policy, and new harmsInternet and Society 2018 Digital Divide, Exclusion, Policy, and new harms
Internet and Society 2018 Digital Divide, Exclusion, Policy, and new harmsJames Stewart
 
Chapter-2.docx
Chapter-2.docxChapter-2.docx
Chapter-2.docxAmir Khan
 

What's hot (20)

Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...
Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...
Growing BYOD Trend Brings New Security Challenges for IT in Allowing Greater ...
 
Exploring Emergent Consumer Experience: A Topological Data Analysis Approach
Exploring Emergent Consumer Experience: A Topological Data Analysis ApproachExploring Emergent Consumer Experience: A Topological Data Analysis Approach
Exploring Emergent Consumer Experience: A Topological Data Analysis Approach
 
Future opportunities in social communications
Future opportunities in social communicationsFuture opportunities in social communications
Future opportunities in social communications
 
Using Topological Data Analysis to Explore Emergent Consumer Experience from ...
Using Topological Data Analysis to Explore Emergent Consumer Experience from ...Using Topological Data Analysis to Explore Emergent Consumer Experience from ...
Using Topological Data Analysis to Explore Emergent Consumer Experience from ...
 
The ethics of cloud and mobile computing for lawyers
The ethics of cloud and mobile computing for lawyersThe ethics of cloud and mobile computing for lawyers
The ethics of cloud and mobile computing for lawyers
 
Consumer Experience in the Internet of Things
Consumer Experience in the Internet of ThingsConsumer Experience in the Internet of Things
Consumer Experience in the Internet of Things
 
Consumer Experience in the Internet of Things: Conceptual Foundations
Consumer Experience in the Internet of Things: Conceptual FoundationsConsumer Experience in the Internet of Things: Conceptual Foundations
Consumer Experience in the Internet of Things: Conceptual Foundations
 
The Internet of Things and Future Shock: Too Much Change Too Fast?
The Internet of Things and Future Shock: Too Much Change Too Fast?The Internet of Things and Future Shock: Too Much Change Too Fast?
The Internet of Things and Future Shock: Too Much Change Too Fast?
 
The challenge of security awareness
The challenge of security awarenessThe challenge of security awareness
The challenge of security awareness
 
ZION: Security and Internet of Things
ZION: Security and Internet of ThingsZION: Security and Internet of Things
ZION: Security and Internet of Things
 
Big Data and High Performance Computing
Big Data and High Performance ComputingBig Data and High Performance Computing
Big Data and High Performance Computing
 
New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference ) New trends of IoT in 2018 and beyond (SJSU Conference )
New trends of IoT in 2018 and beyond (SJSU Conference )
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
 
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
 
IoT.ppt
IoT.pptIoT.ppt
IoT.ppt
 
Future of the Internet - National Geographic - Digital Capital Week
Future of the Internet - National Geographic - Digital Capital WeekFuture of the Internet - National Geographic - Digital Capital Week
Future of the Internet - National Geographic - Digital Capital Week
 
Internet of things enabling tech - challenges - opportunities (2016)
Internet of things   enabling tech - challenges - opportunities (2016)Internet of things   enabling tech - challenges - opportunities (2016)
Internet of things enabling tech - challenges - opportunities (2016)
 
iPractice for Lawyers: Cloud and mobile computing and social media
iPractice for Lawyers: Cloud and mobile computing and social mediaiPractice for Lawyers: Cloud and mobile computing and social media
iPractice for Lawyers: Cloud and mobile computing and social media
 
Internet and Society 2018 Digital Divide, Exclusion, Policy, and new harms
Internet and Society 2018 Digital Divide, Exclusion, Policy, and new harmsInternet and Society 2018 Digital Divide, Exclusion, Policy, and new harms
Internet and Society 2018 Digital Divide, Exclusion, Policy, and new harms
 
Chapter-2.docx
Chapter-2.docxChapter-2.docx
Chapter-2.docx
 

Similar to Are my Devices Spying on Me? Living in a World of Ubiquitous Computing

Overview of data mining
Overview of data miningOverview of data mining
Overview of data miningMasterM0212
 
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015Jason Hong
 
Putting data science into perspective
Putting data science into perspectivePutting data science into perspective
Putting data science into perspectiveSravan Ankaraju
 
Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO ...
Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO ...Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO ...
Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO ...Jason Hong
 
WF-IOT-2014, Seoul, Korea, 06 March 2014
WF-IOT-2014, Seoul, Korea, 06 March 2014WF-IOT-2014, Seoul, Korea, 06 March 2014
WF-IOT-2014, Seoul, Korea, 06 March 2014Charith Perera
 
Continuing Education Conferance
Continuing Education ConferanceContinuing Education Conferance
Continuing Education ConferanceTommy Riggins
 
Social Cybersecurity: Applying Social Psychology to Cybersecurity, at SecHuma...
Social Cybersecurity: Applying Social Psychology to Cybersecurity, at SecHuma...Social Cybersecurity: Applying Social Psychology to Cybersecurity, at SecHuma...
Social Cybersecurity: Applying Social Psychology to Cybersecurity, at SecHuma...Jason Hong
 
Next Generation of the Previously Unthinkable
Next Generation of the Previously UnthinkableNext Generation of the Previously Unthinkable
Next Generation of the Previously Unthinkableqmatheson
 
Business Intelligence & Predictive Analytic by Prof. Lili Saghafi
Business Intelligence & Predictive Analytic by Prof. Lili SaghafiBusiness Intelligence & Predictive Analytic by Prof. Lili Saghafi
Business Intelligence & Predictive Analytic by Prof. Lili SaghafiProfessor Lili Saghafi
 
Web 2.0 Collective Intelligence - How to use collective intelligence techniqu...
Web 2.0 Collective Intelligence - How to use collective intelligence techniqu...Web 2.0 Collective Intelligence - How to use collective intelligence techniqu...
Web 2.0 Collective Intelligence - How to use collective intelligence techniqu...Paul Gilbreath
 
The Web and the Collective Intelligence - How to use Collective Intelligence ...
The Web and the Collective Intelligence - How to use Collective Intelligence ...The Web and the Collective Intelligence - How to use Collective Intelligence ...
The Web and the Collective Intelligence - How to use Collective Intelligence ...Hélio Teixeira
 
The digital and social media trends to watch. 2015 and beyond seminar: are yo...
The digital and social media trends to watch. 2015 and beyond seminar: are yo...The digital and social media trends to watch. 2015 and beyond seminar: are yo...
The digital and social media trends to watch. 2015 and beyond seminar: are yo...CharityComms
 
Future of market research
Future of market researchFuture of market research
Future of market researchAniket Aggarwal
 
Unlocking Value of Data in a Digital Age
Unlocking Value of Data in a Digital AgeUnlocking Value of Data in a Digital Age
Unlocking Value of Data in a Digital AgeRuud Brink
 
The 10 Fallacies, Myths and Legends of Planning for Digital – With an Extra S...
The 10 Fallacies, Myths and Legends of Planning for Digital – With an Extra S...The 10 Fallacies, Myths and Legends of Planning for Digital – With an Extra S...
The 10 Fallacies, Myths and Legends of Planning for Digital – With an Extra S...VCU Brandcenter
 
Breakout 3. AI for Sustainable Development and Human Rights: Inclusion, Diver...
Breakout 3. AI for Sustainable Development and Human Rights: Inclusion, Diver...Breakout 3. AI for Sustainable Development and Human Rights: Inclusion, Diver...
Breakout 3. AI for Sustainable Development and Human Rights: Inclusion, Diver...Saurabh Mishra
 
Is big data just a buzzword -Big data simply explained
Is big data just a buzzword -Big data simply explainedIs big data just a buzzword -Big data simply explained
Is big data just a buzzword -Big data simply explainedVivek Srivastava
 

Similar to Are my Devices Spying on Me? Living in a World of Ubiquitous Computing (20)

Bob Gourley
Bob GourleyBob Gourley
Bob Gourley
 
Overview of data mining
Overview of data miningOverview of data mining
Overview of data mining
 
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
 
Putting data science into perspective
Putting data science into perspectivePutting data science into perspective
Putting data science into perspective
 
Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO ...
Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO ...Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO ...
Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO ...
 
WF-IOT-2014, Seoul, Korea, 06 March 2014
WF-IOT-2014, Seoul, Korea, 06 March 2014WF-IOT-2014, Seoul, Korea, 06 March 2014
WF-IOT-2014, Seoul, Korea, 06 March 2014
 
Continuing Education Conferance
Continuing Education ConferanceContinuing Education Conferance
Continuing Education Conferance
 
Social Cybersecurity: Applying Social Psychology to Cybersecurity, at SecHuma...
Social Cybersecurity: Applying Social Psychology to Cybersecurity, at SecHuma...Social Cybersecurity: Applying Social Psychology to Cybersecurity, at SecHuma...
Social Cybersecurity: Applying Social Psychology to Cybersecurity, at SecHuma...
 
SMAC
SMACSMAC
SMAC
 
Next Generation of the Previously Unthinkable
Next Generation of the Previously UnthinkableNext Generation of the Previously Unthinkable
Next Generation of the Previously Unthinkable
 
Business Intelligence & Predictive Analytic by Prof. Lili Saghafi
Business Intelligence & Predictive Analytic by Prof. Lili SaghafiBusiness Intelligence & Predictive Analytic by Prof. Lili Saghafi
Business Intelligence & Predictive Analytic by Prof. Lili Saghafi
 
Web 2.0 Collective Intelligence - How to use collective intelligence techniqu...
Web 2.0 Collective Intelligence - How to use collective intelligence techniqu...Web 2.0 Collective Intelligence - How to use collective intelligence techniqu...
Web 2.0 Collective Intelligence - How to use collective intelligence techniqu...
 
The Web and the Collective Intelligence - How to use Collective Intelligence ...
The Web and the Collective Intelligence - How to use Collective Intelligence ...The Web and the Collective Intelligence - How to use Collective Intelligence ...
The Web and the Collective Intelligence - How to use Collective Intelligence ...
 
The digital and social media trends to watch. 2015 and beyond seminar: are yo...
The digital and social media trends to watch. 2015 and beyond seminar: are yo...The digital and social media trends to watch. 2015 and beyond seminar: are yo...
The digital and social media trends to watch. 2015 and beyond seminar: are yo...
 
Future of market research
Future of market researchFuture of market research
Future of market research
 
Unlocking Value of Data in a Digital Age
Unlocking Value of Data in a Digital AgeUnlocking Value of Data in a Digital Age
Unlocking Value of Data in a Digital Age
 
The 10 Fallacies, Myths and Legends of Planning for Digital – With an Extra S...
The 10 Fallacies, Myths and Legends of Planning for Digital – With an Extra S...The 10 Fallacies, Myths and Legends of Planning for Digital – With an Extra S...
The 10 Fallacies, Myths and Legends of Planning for Digital – With an Extra S...
 
inte
inteinte
inte
 
Breakout 3. AI for Sustainable Development and Human Rights: Inclusion, Diver...
Breakout 3. AI for Sustainable Development and Human Rights: Inclusion, Diver...Breakout 3. AI for Sustainable Development and Human Rights: Inclusion, Diver...
Breakout 3. AI for Sustainable Development and Human Rights: Inclusion, Diver...
 
Is big data just a buzzword -Big data simply explained
Is big data just a buzzword -Big data simply explainedIs big data just a buzzword -Big data simply explained
Is big data just a buzzword -Big data simply explained
 

Recently uploaded

Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
5 Considerations For Choosing The Best Gutter Guards
5 Considerations For Choosing The Best Gutter Guards5 Considerations For Choosing The Best Gutter Guards
5 Considerations For Choosing The Best Gutter GuardsCPR Gutter Protection
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
20200723_insight_release_plan
20200723_insight_release_plan20200723_insight_release_plan
20200723_insight_release_planJamie (Taka) Wang
 
AI-based audio transcription solutions (IDP)
AI-based audio transcription solutions (IDP)AI-based audio transcription solutions (IDP)
AI-based audio transcription solutions (IDP)KapilVaidya4
 
AI Health Agents: Longevity as a Service in the Web3 GenAI Quantum Revolution
AI Health Agents: Longevity as a Service in the Web3 GenAI Quantum RevolutionAI Health Agents: Longevity as a Service in the Web3 GenAI Quantum Revolution
AI Health Agents: Longevity as a Service in the Web3 GenAI Quantum RevolutionMelanie Swan
 
ict grade 12 lesson 2 sinhala medium notes pdf
ict grade 12 lesson 2 sinhala medium notes pdfict grade 12 lesson 2 sinhala medium notes pdf
ict grade 12 lesson 2 sinhala medium notes pdfruhisiya9
 
Deliver Latency Free Customer Experience
Deliver Latency Free Customer ExperienceDeliver Latency Free Customer Experience
Deliver Latency Free Customer ExperienceOpsTree solutions
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Future Research Directions for Augmented Reality
Future Research Directions for Augmented RealityFuture Research Directions for Augmented Reality
Future Research Directions for Augmented RealityMark Billinghurst
 
What Developers Need to Unlearn for High Performance NoSQL
What Developers Need to Unlearn for High Performance NoSQLWhat Developers Need to Unlearn for High Performance NoSQL
What Developers Need to Unlearn for High Performance NoSQLScyllaDB
 
Plant tissue culture pharmacongosy-1 Semester 4
Plant tissue culture pharmacongosy-1 Semester 4Plant tissue culture pharmacongosy-1 Semester 4
Plant tissue culture pharmacongosy-1 Semester 4Nandakishor Deshmukh
 
COMPUTER_GROUP 7_10 ST. JOHN VIANNEY.pptx
COMPUTER_GROUP 7_10 ST. JOHN VIANNEY.pptxCOMPUTER_GROUP 7_10 ST. JOHN VIANNEY.pptx
COMPUTER_GROUP 7_10 ST. JOHN VIANNEY.pptxabalosyvonne42
 
RTL Design Methodologies_Object Automation Inc
RTL Design Methodologies_Object Automation IncRTL Design Methodologies_Object Automation Inc
RTL Design Methodologies_Object Automation IncObject Automation
 
Tracking license compliance made easy - intro to Grant (OSS)
Tracking license compliance made easy - intro to Grant (OSS)Tracking license compliance made easy - intro to Grant (OSS)
Tracking license compliance made easy - intro to Grant (OSS)Anchore
 
LLM Threats: Prompt Injections and Jailbreak Attacks
LLM Threats: Prompt Injections and Jailbreak AttacksLLM Threats: Prompt Injections and Jailbreak Attacks
LLM Threats: Prompt Injections and Jailbreak AttacksThien Q. Tran
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 

Recently uploaded (20)

Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
5 Considerations For Choosing The Best Gutter Guards
5 Considerations For Choosing The Best Gutter Guards5 Considerations For Choosing The Best Gutter Guards
5 Considerations For Choosing The Best Gutter Guards
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
20200723_insight_release_plan
20200723_insight_release_plan20200723_insight_release_plan
20200723_insight_release_plan
 
AI-based audio transcription solutions (IDP)
AI-based audio transcription solutions (IDP)AI-based audio transcription solutions (IDP)
AI-based audio transcription solutions (IDP)
 
AI Health Agents: Longevity as a Service in the Web3 GenAI Quantum Revolution
AI Health Agents: Longevity as a Service in the Web3 GenAI Quantum RevolutionAI Health Agents: Longevity as a Service in the Web3 GenAI Quantum Revolution
AI Health Agents: Longevity as a Service in the Web3 GenAI Quantum Revolution
 
ict grade 12 lesson 2 sinhala medium notes pdf
ict grade 12 lesson 2 sinhala medium notes pdfict grade 12 lesson 2 sinhala medium notes pdf
ict grade 12 lesson 2 sinhala medium notes pdf
 
Deliver Latency Free Customer Experience
Deliver Latency Free Customer ExperienceDeliver Latency Free Customer Experience
Deliver Latency Free Customer Experience
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Future Research Directions for Augmented Reality
Future Research Directions for Augmented RealityFuture Research Directions for Augmented Reality
Future Research Directions for Augmented Reality
 
What Developers Need to Unlearn for High Performance NoSQL
What Developers Need to Unlearn for High Performance NoSQLWhat Developers Need to Unlearn for High Performance NoSQL
What Developers Need to Unlearn for High Performance NoSQL
 
Plant tissue culture pharmacongosy-1 Semester 4
Plant tissue culture pharmacongosy-1 Semester 4Plant tissue culture pharmacongosy-1 Semester 4
Plant tissue culture pharmacongosy-1 Semester 4
 
COMPUTER_GROUP 7_10 ST. JOHN VIANNEY.pptx
COMPUTER_GROUP 7_10 ST. JOHN VIANNEY.pptxCOMPUTER_GROUP 7_10 ST. JOHN VIANNEY.pptx
COMPUTER_GROUP 7_10 ST. JOHN VIANNEY.pptx
 
RTL Design Methodologies_Object Automation Inc
RTL Design Methodologies_Object Automation IncRTL Design Methodologies_Object Automation Inc
RTL Design Methodologies_Object Automation Inc
 
Tracking license compliance made easy - intro to Grant (OSS)
Tracking license compliance made easy - intro to Grant (OSS)Tracking license compliance made easy - intro to Grant (OSS)
Tracking license compliance made easy - intro to Grant (OSS)
 
LLM Threats: Prompt Injections and Jailbreak Attacks
LLM Threats: Prompt Injections and Jailbreak AttacksLLM Threats: Prompt Injections and Jailbreak Attacks
LLM Threats: Prompt Injections and Jailbreak Attacks
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 

Are my Devices Spying on Me? Living in a World of Ubiquitous Computing

  • 1. ©2017CarnegieMellonUniversity:1 Are my Devices Spying on Me? Living in a World of Ubiquitous Computing Lakehead University Feb 2019 Jason Hong @jas0nh0ng jasonh@cs.cmu.edu Computer Human Interaction: Mobility Privacy Security
  • 2. ©2019CarnegieMellonUniversity:2 In the near future, our smart devices will know everything about us
  • 5. ©2019CarnegieMellonUniversity:5 We Are Just Starting to Enter the Third Wave of Computing • First Wave: Computation – Making the basics of computers work • Second Wave: Networking – Connecting computers around the world • Third Wave: Ubiquitous Computing – Also called Internet of Things (IoT) – Computation, communication, sensing, and actuation woven into our everyday physical world – Possible because of faster wireless networking, cheap sensors, better CPUs, decreasing costs
  • 6. ©2019CarnegieMellonUniversity:6 Smartphones Give Us a Glimpse of this Coming World • Over 1B smartphones sold every year • Well over 100B apps downloaded on each of Android and iOS • Incredibly intimate devices
  • 7. ©2019CarnegieMellonUniversity:7 Smartphones are Intimate Fun Facts about Millennials • 83% sleep with phones
  • 8. ©2019CarnegieMellonUniversity:8 Smartphones are Intimate Fun Facts about Millennials • 83% sleep with phones • 90% check first thing in morning
  • 9. ©2019CarnegieMellonUniversity:9 Smartphones are Intimate Fun Facts about Millennials • 83% sleep with phones • 90% check first thing in morning • 1 in 3 use in bathroom
  • 10. ©2019CarnegieMellonUniversity:10 Smartphone Data is Intimate Who we know (contacts + call log) Sensors (accel, sound, light) Where we go (gps, photos)
  • 11. ©2019CarnegieMellonUniversity:11 These Technologies Offer Many Benefits to Society • These devices + artificial intelligence technologies will allow us to build amazing things – Healthcare – Urban analytics – Physical safety
  • 12. ©2019CarnegieMellonUniversity:12 These Exact Same Technologies Pose Significant Societal Challenges for Privacy
  • 13. ©2019CarnegieMellonUniversity:13 A Personal Story About Privacy • In my first year teaching at Carnegie Mellon, met students in their lab • Didn’t know until end of semester that I was being broadcast on Internet the entire time! – Do you see the camera?
  • 15. ©2019CarnegieMellonUniversity:15 Wide Range of Privacy Risks Everyday Risks Extreme Risks Stalkers, Hackers _________________________________ Well-being Personal safety Blackmail Employers _________________________________ Over-monitoring Discrimination Reputation Friends, Family _________________________________ Over-protection Social obligations Embarrassment Government __________________________ Civil liberties • It’s not just Big Brother • It’s not just corporations • Privacy is about our relationships with every other individual and organization out there
  • 16. ©2019CarnegieMellonUniversity:16 Outline for Rest of this Talk • How do these technologies work? – What data do devices have? Where does our data go? – What is machine learning, and how does it work? • Five reasons why privacy is so hard • I want to help you make better informed decisions • Call to action for privacy – There is a better world we can build here – We can only succeed through collective effort
  • 17. ©2019CarnegieMellonUniversity:17 Let’s Go Back to Smartphones • Smartphones are everywhere, they have lots of sensors + data • Trajectory of Internet of Things will likely match smartphones • Case: Can we use smartphones as a sleep monitor? – Part of larger project on detecting depression and well-being – Step you thru how it works
  • 18. ©2019CarnegieMellonUniversity:18 Smartphones Have Lots of Data About You • Sensor data – Camera – Proximity – Light – Microphone – Location – Accelerometer – Gyroscope – Magnetometer – Temperature – Humidity
  • 19. ©2019CarnegieMellonUniversity:19 Smartphones Have Lots of Data About You • Phone status – Network – Battery – Screen on/off – Plugged in (or not)
  • 20. ©2019CarnegieMellonUniversity:20 Smartphones Have Lots of Data About You • Personal data – Apps installed – What app is currently running • Can record app usage history too – Photos (many photos have GPS data inside) – SMS log – Contacts – Call log – Calendar
  • 21. ©2019CarnegieMellonUniversity:21 Accessing All of the Smartphone Data • Really easy for apps to get all the data I showed, only a few restrictions – Ex. Google dislikes looking at what apps installed – Ex. Some notifications when installing and running
  • 22. ©2019CarnegieMellonUniversity:22 A Gap: How to Transform All of this Data into Real World Activities? Sensors Accelerometer Gyroscope Microphone … Phone Screen on / off Plugged in (or not) Battery life … Personal Apps installed App usage Contacts … Sleep Sleeping or not? How well is person sleeping? ?
  • 24. ©2019CarnegieMellonUniversity:24 Machine Learning is Used to Make These Kinds of Predictions • Machine learning is one area of Artificial Intelligence – This is the kind that’s been getting lots of press • The goal of machine learning is to develop systems that can improve performance with more experience – Can use “example data” (like the one I just showed you) as “experience” – Uses these examples to discern patterns
  • 25. ©2019CarnegieMellonUniversity:25 How Machine Learning is Typically Used • Gather lots of data – We paid 27 people to fill out a daily sleep diary and install an app that would collect lots of sensor data • Design features that characterize the data – Ex. Get loudness from microphone once every minute – Ex. Get light intensity once every min – Ex. Get motion from accelerometer once every min • Train a machine learning model on that data – Uses statistics to look for patterns in the features – Our model outputs “sleeping” or “not sleeping” • Measure effectiveness of model vs original data • Repeat until model is good enough
  • 26. ©2019CarnegieMellonUniversity:26 Two Comments Here More Data is Almost Always Better • This is why Big Data is of such interest – Easier to collect data than ever before • Sensors, social media, web clicks, web tracking – More data leads to better predictive models • Can infer lots of things about human behavior
  • 27. ©2019CarnegieMellonUniversity:27 Two Comments Here More Data is Almost Always Better • This is why Big Data is of such interest – Easier to collect data than ever before • Sensors, social media, web clicks, web tracking – More data leads to better models of behavior • Can infer lots of things about human behavior – What ads are people likely to click on? – What books to recommend to people? – Are you pregnant or not? – What is your personality type? – Are you depressed or not? – Can’t answer these 100% accuracy, but improving
  • 28. ©2019CarnegieMellonUniversity:28 Two Comments Here AI / Machine Learning Not As Sophisticated as in Media
  • 31. ©2019CarnegieMellonUniversity:31 Two Comments Here AI / Machine Learning Not As Sophisticated as in Media • A lot of people outside of computer science often ascribe human behaviors to AI systems – Especially desires and intentions – Works well for sci-fi, but not for today or near future • These systems only do: – What we program them to do – What they are trained to do (based on the data) • Personally, I’m far more scared of people doing bad things with AI and badly designed systems
  • 32. ©2019CarnegieMellonUniversity:32 Stepping Back to Internet of Things • The fundamental tension – IoT technologies offer potential tremendous benefits for individuals and society – These exact same technologies pose major challenges for privacy • Why is privacy so hard? • What can we do about privacy?
  • 33. ©2019CarnegieMellonUniversity:33 Five Reasons Why Privacy is Hard #1 Strong Incentives to for Companies to Collect Data • Alluded to this with Big Data – Barriers to collecting data are also really low – More data means better predictive models • Data has strong potential to affect bottom line – Increasing relevance of online ads worth millions – “Post-purchase monetization”
  • 34. ©2019CarnegieMellonUniversity:34 Five Reasons Why Privacy is Hard #2 Low Knowledge, Awareness, Motivation by Devs • Developers have low knowledge of privacy – But even those with CS degrees have little knowledge – In surveys and interviews, vast majority of app developers knew little about what privacy issues there were and how to address them
  • 35. ©2019CarnegieMellonUniversity:35 Five Reasons Why Privacy is Hard #2 Low Knowledge, Awareness, Motivation by Devs • Low awareness of privacy issues in their apps • Many developers didn’t realize how much data their app is collecting – Or that it was collecting data at all • App developers often use third-party libraries – Functionality like analytics and advertising – We found that over 40% of apps collect data only because of these libraries – Some apps use several libraries, which mean your data is being sent to lots of third parties
  • 36. ©2019CarnegieMellonUniversity:36 Five Reasons Why Privacy is Hard #3 Companies Get Little Pushback on Privacy • Let’s say you want to purchase a web cam – Go into store, can compare price, color, features – But can’t easily compare privacy (or security) – So, privacy does not influence customer purchases – So, companies not incentivized to improve • Less than 0.1% of reviews on Google Play mention privacy concerns • This is a market failure – This is why companies assign privacy a low priority
  • 37. ©2019CarnegieMellonUniversity:37 Five Reasons Why Privacy is Hard #4 Unclear What the Right Thing To Do Is • Even if a company wants to be privacy-sensitive, it’s not always clear what the right thing to do is
  • 38. ©2019CarnegieMellonUniversity:38 • New York Times privacy policy • Still state of the art for privacy notices • But no one reads these
  • 39. ©2019CarnegieMellonUniversity:39 Five Reasons Why Privacy is Hard #4 Unclear What the Right Thing To Do Is • Even if a company wants to be privacy-sensitive, it’s not always clear what the right thing to do is • For developers – What is the best way of informing people? – What is the best way of storing data? – How to best assess what is / isn’t acceptable? • Business metrics are also unclear – In board room, metrics include Lifetime Value, Customer Acquisition Cost, Year over year growth, etc – No real metrics for privacy today
  • 40. ©2019CarnegieMellonUniversity:40 Five Reasons Why Privacy is Hard #5 Burden on End-Users is Too High • Individuals have to be constantly vigilant – The webcam in my first class, or the AirBnb story • Individuals also have to make too many decisions – Is this device good with respect to privacy? – Should I install this app? – What are all the settings I need to know? – What are all the terms and conditions? – Trackers, cookies, VPNs, anonymizers, etc
  • 41. ©2019CarnegieMellonUniversity:41 What Can We Do About Privacy? • Privacy is not hopeless • I don’t have all the answers • What I hope is that my talk will serve as part of an ongoing conversation on privacy, and will help stir some of you to action • Here are some suggestions…
  • 42. ©2019CarnegieMellonUniversity:42 What Can We Do About Privacy? • If you are a journalist… – Learn more and report on bad actors / devices – Many companies are responsive to bad press • If you are a student or researcher… – There are lots of ways you can help – Ex. Address privacy for a specific vulnerable group • Intimate partner violence or children – Ex. Analyze what a device is doing (+ journalist) – Ex. Build better tools for developers – (Or if you teach, get students in your class to do these!)
  • 43. ©2019CarnegieMellonUniversity:43 What Can We Do About Privacy? • If you are a developer… – Learn more, and advocate within your company – Establish some privacy standards, or privacy reviews • If you are a policy maker… – Don’t let companies get away with “individual choice” • Too easy to push all the work to end-users • If you are a consumer… – Don’t buy that cheaper “smart” TV – Be more deliberate about purchases, do some research – Be especially wary of devices with cameras and mics – Give feedback to companies about privacy
  • 44. ©2019CarnegieMellonUniversity:44 What Can We Do About Privacy? • There is no single solution for privacy, and it will never be “solved” – It will be more like literacy or civil rights – It will be something every generation will have to • It will require a combination of market forces, legislation, education, and new technologies – It will be hard – But we are still in the very early days of Internet of Things, and we can still steer it onto a better path
  • 48. ©2019CarnegieMellonUniversity:48 • “It's tough to make predictions, especially about the future” – Yogi Berra
  • 49. ©2019CarnegieMellonUniversity:49 Looking Backwards • The Industrial Revolution led to major changes in society – Compulsory high school education – Shift from rural to urban areas – Labor unions – Feminism – Welfare state • Internet of Things + Artificial Intelligence will likely be equally disruptive to society
  • 51. ©2019CarnegieMellonUniversity:51 IoT Pyramid Top Tier • A few devices per person • High computational power • Tablets • Glasses • Laptops • Smartphones
  • 52. ©2019CarnegieMellonUniversity:52 IoT Pyramid Top Tier • A few devices per person • High computational power • Tablets • Glasses Middle Tier • Tens of devices per person • Moderate computational power • TVs • Smart Toys • Laptops • Smartphones • Thermostats • Refrigerators
  • 53. ©2019CarnegieMellonUniversity:53 IoT Pyramid Top Tier • A few devices per person • High computational power • Tablets • Glasses Middle Tier • Tens of devices per person • Moderate computational power • TVs • Smart Toys Bottom Tier • Hundreds of devices per person • Low computational power • HVAC • RFIDs • Lightbulbs • Laptops • Smartphones • Thermostats • Refrigerators • Smart toilets • Implanted medical devices
  • 54. ©2019CarnegieMellonUniversity:54 IoT Security Issues Top Tier Security • Cybersecurity good today • Can run endpoint protection • Large corporations developing
  • 55. ©2019CarnegieMellonUniversity:55 IoT Security Issues Top Tier Security • Cybersecurity good today • Can run endpoint protection • Large corporations developing Middle Tier Security • Cybersecurity weak today • Basic or no endpoint capabilities • Spotty security protections
  • 56. ©2019CarnegieMellonUniversity:56 IoT Security Issues Top Tier Security • Cybersecurity good today • Can run endpoint protection • Large corporations developing Middle Tier Security • Cybersecurity weak today • Basic or no endpoint protection • Spotty security protections Bottom Tier Security • Cybersecurity very poor today • Weak or no endpoint protection • Low manufacturer experience • High diversity in hw, sw, OS • Many devices never updated • Major scalability challenges
  • 57. ©2019CarnegieMellonUniversity:57 How is IoT Security Different? 1. Physical Safety and Security • Deliberate attacks – Ex. Crashing drones or autonomous vehicles – Note that most attackers won’t do this
  • 58. ©2019CarnegieMellonUniversity:58 How is IoT Security Different? 1. Physical Safety and Security • Different classes of attackers, different motives • State-sponsored – State secrets, intellectual property, sow discord • Non-state actors – Terrorism, advocacy for a cause • Organized crime – Repeatable business model, stay under radar • Disgruntled employee / Insider attack • Script kiddies
  • 59. ©2019CarnegieMellonUniversity:59 How is IoT Security Different? 1. Physical Safety and Security • More likely attack: Ransomware – Lock out of your house unless pay ransom – Make videos of you at home public unless you pay
  • 60. ©2019CarnegieMellonUniversity:60 How is IoT Security Different? 1. Physical Safety and Security • More likely attack: Ransomware – Lock out of your house unless pay ransom – Make videos of you at home public unless you pay • Just as likely: attacks for the “lulz” – Tripping circuit breakers at office – Remotely adjusting thermostat to make harder sleep (or waste money, or let pipes freeze over) • What kinds of safeguards for physical safety? • Can we build models of normal vs abnormal behaviors for devices and apps, and enforce?
  • 61. ©2019CarnegieMellonUniversity:61 How is IoT Security Different? 2. Scalability • Billions of devices will need to be secured – Gartner estimates 20B devices by 2020 • Scale transforms easy into hard – Ex. Unique passwords for dozens of devices? – Ex. Security policies, each device having different user interface (most not having a display and keyboard)? – Ex. Physically locking down dozens of devices? – Ex. Installing software updates • What kinds of network protocols, APIs, and middleware to help manage IoT devices at scale?
  • 62. ©2019CarnegieMellonUniversity:62 How is IoT Security Different? 2. Scalability • Scalability also enables new classes of attacks http://shodan.io
  • 64. ©2019CarnegieMellonUniversity:64 How is IoT Security Different? 2. Scalability • Possible for attackers to search for and execute vulnerabilities at scale – Ex. Mirai botnet DDoS attack Oct 2016 • Nightmare scenarios – Find vulnerabilities in smartphone-connected blood glucose monitors, inject fake data – Find vulnerable medical implants, hold people hostage • Again, some kind of model or policy – Maybe formal model, maybe big data • Better ways of using proximity for access?
  • 65. ©2019CarnegieMellonUniversity:65 How is IoT Security Different? 3. Diversity of IoT Devices • Hundreds of different manufacturers for middle and bottom tier – Different operating systems, wireless networking, configuration software, log formats, cloud services – Poor or no I/O capabilities, each UI different too • Result: fragmentation of cybersecurity – More network-based (vs endpoint) approaches • Again, network protocols, APIs, and middleware to help configure and manage • Can we also help people make good decisions? – Ex. Crowdsourcing or AI / Machine Learning
  • 66. ©2019CarnegieMellonUniversity:66 How is IoT Security Different? 4. Low Manufacturer Experience • Most traditional software companies understand basics of good cybersecurity • But most IoT will be developed by non-traditional hardware companies – Mostly middle and bottom tier – Ex. Lighting, toys, medical equipment, audio, household appliances • And lots of small-scale manufacturers who have no experience with security – Ex. Kickstarter
  • 69. ©2019CarnegieMellonUniversity:69 766 Projects at Kickstarter for “wireless”
  • 70. ©2019CarnegieMellonUniversity:70 How is IoT Security Different? 4. Low Manufacturer Experience • Last time I checked, only 3 of top 50 CS programs required a cybersecurity course • But, only half of developers have CS degrees
  • 71. ©2019CarnegieMellonUniversity:71 How is IoT Security Different? 4. Low Manufacturer Experience • Low experience + Lots of small manufacturers • Result: Lots of really basic vulnerabilities – Poor software engineering practices for security – Lack of awareness, knowledge, motivation to be secure • Result: Lots of unsupported devices – Small manufacturers will go out of business – Or end of life from bigger manufacturers • How can we help devs with low experience? • How to offer security for lifespan of decades?
  • 72. ©2019CarnegieMellonUniversity:72 How is IoT Security Different? 5. Lots of Unexpected Emergent Behaviors
  • 73. ©2019CarnegieMellonUniversity:73 • A six-year-old asked her family’s Echo “can you play dollhouse with me and get me a dollhouse?” • The device complied, ordering a KidKraft Sparkle mansion dollhouse, in addition to “four pounds of sugar cookies.”
  • 74. ©2019CarnegieMellonUniversity:74 • The story ended up on a local morning show, where the anchor remarked “I love the little girl, saying ‘Alexa ordered me a dollhouse.’”
  • 76. ©2019CarnegieMellonUniversity:76 How Can We Make Invisible Information Flows Visible? • For bottom-tier of pyramid, devices non-obvious • CMU Mites.io platform – Air temp, humidity, pressure, 6-axis IMU, grid eye, … • How to increase awareness of devices like this?
  • 77. ©2019CarnegieMellonUniversity:77 Signifiers.io • Project by some of our Master’s of HCI students
  • 81. ©2019CarnegieMellonUniversity:81 Open Challenges for IoT Privacy+Security • Can we make it so a person can understand what data is being sensed in a room within 30 seconds? • Most developers know nothing about security or privacy. How can we help average devs do better? • Can we enable an ecosystem for privacy that shifts burden off of end-users and onto OS, markets, developers, third-parties, and governments? • How can we best address the market failure of IoT privacy and security?
  • 82. ©2019CarnegieMellonUniversity:82 Some of Our Ongoing Work at CMU • Devs specify purposes in apps and others check – Ex. “This app uses contacts for advertising” – Ex. “This app uses location for maps” • Manufacturer Usage Descriptions – Change default from blacklist to whitelist – “This toaster will only contact facebook.com” • Privacyproxy.io – Crowd-based approach for finding personally identifiable information (PII) used by apps – Data that you see a lot but no one else sees – Using this to map out who knows what about us – Can download for Android at Google Play
  • 83. ©2019CarnegieMellonUniversity:83 Thanks! More info at cmuchimps.org or email jasonh@cs.cmu.edu Read more: • Towards a Safe and Secure Internet of Things https://www.newamerica.org/cybersecurity-initiative/policy- papers/toward-a-safe-and-secure-internet-of-things/ Special thanks to: • NSF • Alfred P. Sloan • NQ Mobile • DARPA • Google • CMU Cylab • New America

Editor's Notes

  1. https://www.lakeheadu.ca/research-and-innovation/about/research-and-innovation-week/schedule I’ve been working on privacy and security issues for about 15 years, looking a lot at the human factors issues. I was invited to give a talk about some of the challenges ahead for the Internet of Things. I wanted to start out by giving some background about IoT first.
  2. I’ve been working on sensor-based systems for about 15 years now I believe in the near future, our smart devices will know pretty much everything about us They are going to know how well we are sleeping, whether we are depressed or not, and how sustainable or green we are You probably have many questions about this simple statement: How did we get here? How do these technologies work? What will this all mean for you and for society? And given the title of my talk, what will this all mean for privacy? Let’s start with the first question, how did we get here?
  3. https://commons.wikimedia.org/wiki/File:Dell_Desktop_Computer_in_school_classroom.jpg About 30 years ago, computers were primarily large boxes that came with a monitor, keyboard, and mouse Emphasis is on large here, really takes up the entire desk You could also only get computers in one color:ugly
  4. Today, computers come in all kinds of form factors Smartphones, tablets, glasses, cars, watches, clothes, fitness trackers, health monitoring devices, parking meters, electronic locks, smart mirrors, drones, and yes, even smart toilets.
  5. All of these smart devices are part of the third big wave of computing. The first wave focused on computation, making the basics of computing work. The second wave centered on networking, connecting all of these computers together in a global network. The third wave, of which we are in the early stages, looks at making computers part of the physical world in which we live. Computation and communication are being embedded into everyday objects. All of this is possible because of shifts in the costs and capabilities of technology.
  6. What will this world be like? Will just focus on smartphones for now, since they are the most pervasive devices we have today Representative of many of the problems and opportunities we will be grappling with in the future Smartphones are everywhere http://marketingland.com/report-us-smartphone-penetration-now-75-percent-117746 http://www.pewinternet.org/fact-sheets/mobile-technology-fact-sheet/ http://www.androidauthority.com/google-play-store-vs-the-apple-app-store-601836/
  7. These devices are also incredibly intimate, perhaps the most intimate computing devices we’ve ever created. From Pew Internet and Cisco 2012 study Main stats on this page are from: http://www.cisco.com/c/en/us/solutions/enterprise/connected-world-technology-report/index.html#~2012 Additional stats about mobile phones: http://www.pewinternet.org/fact-sheets/mobile-technology-fact-sheet/ ----------------------- What’s also interesting are trends in how people use these smartphones http://blog.sciencecreative.com/2011/03/16/the-authentic-online-marketer/ http://www.generationalinsights.com/millennials-addicted-to-their-smartphones-some-suffer-nomophobia/ In fact, Millennials don’t just sleep with their smartphones. 75% use them in bed before going to sleep and 90% check them again first thing in the morning.  Half use them while eating and third use them in the bathroom. A third check them every half hour. Another fifth check them every ten minutes. A quarter of them check them so frequently that they lose count. http://www.androidtapp.com/how-simple-is-your-smartphone-to-use-funny-videos/ Pew Research Center Around 83 percent of those 18- to 29-year-olds sleep with their cell phones within reach.  http://persquaremile.com/category/suburbia/
  8. From Cisco report
  9. Also from Cisco report
  10. But it’s not just the devices that are intimate, the data is also intimate. Location, call logs, SMS, pics, more
  11. A grand challenge for computer science http://www.flickr.com/photos/robby_van_moor/478725670/
  12. https://newyork.cbslocal.com/2018/04/24/china-assigns-every-citizen-a-social-credit-score-to-identify-who-is-and-isnt-trustworthy/ https://www.wired.co.uk/article/china-social-credit-system-explained deductions for bad behaviour like traffic violations add points for good behaviour such as donating to charity Facial recognition is used to spot jaywalkers / how much time they spend playing video games "not qualified" to buy a plane ticket, and banned from travelling some train lines, buying property, or taking out a loan
  13. Pressure sensor too
  14. Pressure sensor too
  15. Let me convey to you the intuition behind how we transform low level sensor data into higher level activities Here is an example of sensor data from a participant’s smartphone
  16. Autonomous Capable of independent thought, decision making Experience compassion and love, or anger and revenge
  17. This is closer to what the state of the art for Artificial Intelligence is This was considered a major breakthrough a few years ago Object detection and identification in images https://research.googleblog.com/2014/09/building-deeper-understanding-of-images.html
  18. Captioning images. Note the errors. See the “cat” on the bottom http://cs.stanford.edu/people/karpathy/deepimagesent/
  19. When you have razor thin margins, anything that improve things will be adopted
  20. 0.1% based on our paper Why People Hate Your App
  21. Grade 12.5 About 10 min to read So based on Lorrie and Aleecia’s work, it will take 25 full days to read all privacy policies of all web sites But this assumes people read it Rationale behavior not to read privacy policies: we want to use the service, painful to read, clear cost but unclear benefit
  22. Like literacy or civil rights, every generation will have to face this issue, will have to invest in addressing these issues
  23. https://www.flickr.com/photos/johnivara/536856713 https://creativecommons.org/licenses/by-nc-nd/2.0/ I want to wrap up by taking a big step back and looking at the big picture. Today, we are at a crossroads. There is only one time in human history when a global network of computers is created, and that time is now. And there is only one time in human history when computation, communication, and sensing is woven into our everyday world, and that time is now. We’re already in the early stages of IoT. And it will offer tremendous benefits to society in terms of safety, sustainability, transportation, health care, and more, but only if we can address the real privacy problems that these same technologies pose. So I’ll end with a question for you to consider:
  24. https://www.flickr.com/photos/johnivara/536856713 https://creativecommons.org/licenses/by-nc-nd/2.0/ Today, we are at a crossroads. There is only one time in human history when a global network of computers is created, and that time is now. And there is only one time in human history when computation, communication, and sensing is woven into our everyday world, and that time is now. Now, I’ve avoided using the term Internet of Things because as you may remember from yesterday, I don’t really like the term. But regardless of what it’s called, it’s coming, and coming soon. And it will offer tremendous benefits to society in terms of safety, sustainability, transportation, health care, and more, but only if we can address the real privacy problems that these same technologies pose. So I’ll end with a question for you to consider:
  25. While IoT is often talked about as a single monolithic concept, it is more useful to think of it as a three-tier pyramid. Each tier represents a different class of device, based on the computational power of the device, as well as the amount of interaction and attention a person needs to devote to each device. Each tier also poses different kinds of security challenges due to the nature of the devices in that tier. At the top of the pyramid are devices with a great deal computational heft, rich sensing capabilities, fast networking, long battery life, and high interactivity. These devices will be highly personal and be what people typically think of as computers. Example devices here include laptops, smart glasses, tablets, smartphones, and gaming devices. Each person will only have a few of these devices but will also spend a lot of time with them. Most of these devices will have common operating systems, can run third-party software, and will be manufactured by large corporations with a great deal of experience in developing secure software.
  26. In the middle are devices that offer basic interactivity, such as TVs, smart watches, refrigerators, thermostats, electronic whiteboards, cable boxes, and interactive toys. Some of these devices will have advanced sensing and computing capabilities, but the key characteristic here is that people will only use these devices at most a few times a day, and they will also only require a little bit of their attention to use. There will also be greater diversity here in terms of manufacturers, operating systems, and software development experience.
  27. At the bottom of the pyramid there will be hundreds of devices per person, each of which lie far in the background of our attention. These might include RFID-enabled ID cards and badges, clothes, HVAC, digital lightbulbs, smart toilets, smart meters, security systems, implanted medical devices, digital picture frames, cheap environmental sensors, electronic locks, and more. Most of these devices will be embedded or situated in homes, buildings, and public places. Devices in this tier will have very little computational resources, basic sensing, few (if any) software capabilities, and a wide range of software and operating systems. Many of the manufacturers of devices in this tier will also have little experience in developing reliable software and pushing out updates.
  28. The sheer number of these devices will make what would ordinarily be trivial tasks into significant challenges. For example, configuring a security policy for a single device is tractable. Configuring a security policy for hundreds of devices, each of which has a different user interface, is not. Similarly, it is easy to have unique passwords for a few devices, but less so for a house or building full of devices, many of which do not even have keyboard input or displays. It is also easy to physically lock down a few computers to prevent them from being stolen, but it is very difficult to do the same for large numbers of IoT devices. Even worse, many of these IoT devices can be easily lost or stolen due to their small size, or even tampered with to send back fake data.
  29. Screenshot from Sep 11 2017 Example of a webcam type that likely has well-known password (admin / admin) Note that shodan reports tens of thousands of these
  30. Your blood glucose monitor doesn’t need to contact Facebook (or at least I hope it won’t) Proximity: might be NFC, Bluetooth, makes attack much harder to scale
  31. The diversity of these devices will make it hard for any single cybersecurity approach to dominate. First, the vast majority of IoT devices will be those at the bottom of the pyramid, having very little CPU processing power and limited battery life. Devices like digital light bulbs will not be able to run conventional encryption algorithms or security software. Second, there will be hundreds of IoT manufacturers all using different kinds of operating systems, different kinds of wireless networking (Zigbee, Z-Wave, Bluetooth, Wi-Fi), different kinds of configuration software, and different kinds of formats for access logs. The upshot is that compatibility and interoperability will be extremely difficult in the near future.
  32. The sheer number of these devices will make what would ordinarily be trivial tasks into significant challenges. For example, configuring a security policy for a single device is tractable. Configuring a security policy for hundreds of devices, each of which has a different user interface, is not. Similarly, it is easy to have unique passwords for a few devices, but less so for a house or building full of devices, many of which do not even have keyboard input or displays. It is also easy to physically lock down a few computers to prevent them from being stolen, but it is very difficult to do the same for large numbers of IoT devices. Even worse, many of these IoT devices can be easily lost or stolen due to their small size, or even tampered with to send back fake data.
  33. This was as of Sep 2017
  34. Ex. Operating system support, what are ways of making things secure by default, make the easy path the safe path
  35. Image from wired.com A friend told me that a person once annoyed a bunch of people wearing Google Glass by shouting out “Ok Glass, take a picture,” causing everyone’s wearable to take a picture.
  36. In my first year teaching at CMU, I taught a project-based capstone course. I met with students in their lab space every week, and it wasn’t until the last week of class that they incidentally mentioned that we had been streaming on the Internet the entire semester. There was a small webcam that I had never noticed.
  37. air-temperature, humidity, pressure, a 6-axis IMU, a 3 axis magnetometer, a AMG8833 grid eye sensor (a PIR sensor array), an ambient light and color sensor, a PIR sensor, and a wirewound inductor for EMI sensing
  38. Better programming abstractions Ex. app only needs “loudness” vs raw microphone Make it easier for devs to get the data they want, but also make it easier to check See privacystreams.github.io
  39. DARPA Google CMU CyLab