30 ways to improve IoT privacy
Much work still must be done before the industrial and municipal Internet of Things (IoT) becomes widely adopted outside of the circle of innovators. One field, privacy, well understood by the public and private sector in the context of the cloud, PCs and mobile, is in the early stage of adaptation for the IoT.
The sheer volume of data that will be collected and the new more granular architecture of the IoT present new privacy concerns that need to be resolved on an equal scale as the platform’s forecasted growth.
A demonstration of this new aspect of privacy and compliance is the Privacy Guidelines for Internet of Things: Cheat Sheet, Technical Report (pdf) by Charith Perera, researcher at the Newcastle University in the U.K. The nine-page report details 30 points about implementing strong privacy protections. This report is summarized below.
30 ways IoT developers can improve IoT privacy
1. Minimize data acquisition
Software architects should look at the frequency and type of data collected in the context of the application and should not collect more data than the task requires. The platform should control which data an application receives.
2. Minimize the number of data sources
Aggregation of data from multiple sources allows malicious parties to identify sensitive personal information of an individual that could lead to privacy violations.
3. Minimize raw data intake
Raw data could lead to secondary usage and privacy violation. Therefore, IoT platforms should consider converting or transforming raw data into secondary context data.
4. Minimize knowledge discovery
IoT applications should discover only the knowledge necessary to achieve their primary objectives. For example, if the objective is to recommend food plans, the app should not attempt to infer users’ health status without their explicit permission.
5. Minimize data storage
Raw data should be deleted once secondary context is derived.
6. Minimize the data retention period
Longer retention periods give malicious parties more time to breach and exfiltrate data.
7. Support hidden data routing
To make it more difficult for internet activities to be traced back to the users, this guideline suggests that IoT applications should support and employ an anonymous routing mechanism.
8. Anonymize data
Remove personally identifiable information (PII) before the data gets used by IoT applications so that the people described by the data remain anonymous.
9. Encrypt data communications
Typically, device-to-device communications are encrypted at the link layer using special electronic hardware included in the radio modules. Gateway-to-cloud communication is typically secured through HTTPS using Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
10. Encrypt data during processing
Sometimes the party processing the data should not be able to read the data or the computational results. Process data while they are in encrypted form. For example, homomorphic encryption is a form of encryption that allows computations to be carried out on cipher-text, thus generating an encrypted result that, when decrypted, matches the result of operations performed on the plain-text.
11. Encrypt data in storage
Encrypted data storage reduces any privacy violations due to malicious attacks and unauthorized access.
12. Reduce data granularity
IoT applications should request the minimum level of granularity that is required to perform their primary tasks. A higher level of granularity could lead to secondary data usage and eventually privacy violations. For example, location can be coarse-based on cell tower location or fine-based on address.
13. Query answering
Raw data can lead to identification and privacy violations due to secondary usage. Instead of providing a numeric response to a query a relative scale, e.q. 1 – 5 should be used.
14. Block repeated queries
Query responses should block multiple queries that maliciously could discover knowledge that violates user privacy, such as analyzing intersections of multiple results.
15. Distribute data processing
Distributed data processing avoids centralized large-scale data gathering and exfiltration.
16. Distribute data storage
Distributed data storage reduces any privacy violation due to malicious attacks and unauthorized access. It also reduces privacy risks due to unconsented secondary knowledge discovery.
17. Knowledge discovery based on aggregated data
New knowledge, such as the visitors to the park were young students during a time period, is sufficient for a gift shop to perform time series sales analysis. But the exact timing of their movement is not necessary.
18. Aggregate geography-based data
Geographic data should be aggregated within boundaries. For example, how many electric vehicles are in use in each city should not store details about individual vehicles.
19. Aggregate data based on chain
A query that asks for a count or average should be aggregated as the data passes from node to node to reduce the amount of centralized data subject to breach or secondary usage.
20. Aggregate data based on time period
Energy consumption of a given house can be acquired and represented in aggregated form as 160 kWh per month instead of gathering energy consumption daily or hourly.
21. Aggregate data based on category
Aggregating based on a category that meets the needs of the analysis rather than exact data prevents secondary use. For example, categorizing a household’s energy use in the range of 150 – 200 kWh instead of exact usage.
22. Disclose information to users
Data subjects should be adequately informed whenever data they own is acquired, processed or disseminated.
23. Apply controls
It is the software architects’ responsibility to consider what kind of controls are useful to data owners, especially when data owners are not knowledgeable. Some of the considerations: 1) data granularity, 2) anonymization technique, 3) data retention period, and 4) data dissemination.
24. Log events
Logging of events during all phases will allow both internal and external parties to examine what happened in the past to make sure a given system performed as promised.
25. Perform audits regularly
Systematic independent audits and examination of the logs, procedures, processes, hardware and software specifications should be performed regularly. Outside parties should by bound by non-disclosure agreements.
26. Make apps open source
Wherever possible IoT applications should be made available under open-source license so that outside parties can review the code and compliance demonstrated.
27. Use data flow diagrams
Data flow diagrams used by unified modeling language will allow interested parties to understand the data flows of a given IoT application and how data is treated for a demonstration of compliance.
28. Get IoT apps certified
Certifications given by a neutral authority will add trustworthiness to IoT applications.
29. Use industry standards
Industry-wide standards such as AllJoyn and the All Seen Alliance typically inherit security measures that would reduce some privacy risks.
30. Comply with policies and regulations
Adherence to policies, laws, and regulations such as ISO 29100, OECD privacy principles and the European Commission’s rules on the protection of personal data will reduce privacy risks.