Page 4

EETE SEP 2014

Cutting down on personal data leaks By Julien Happich Now may be the right time to cut down on smartphone data leaks and reclaim a little bit of privacy, according to Yves- Alexandre de Montjoye, a PhD candidate at the Massachusetts Institute of Technology Media Laboratory. In today’s climate of suspicion around big data, heightened by Snowden’s revelations about the NSA’s massive data collection capabilities, smartphone users and consumers in general have become more aware about the privacy issues at stake. With web giants such as Google, Amazon, Facebook all competing to gather and crunch as much user personal data as possible to monetize it, the use of a smartphone today is synonymous with loss of privacy. Often, the legal catch is that in order to benefit from an application or a web page, the user has to broadly accept the terms of service in one click that puts aside pages after pages of vaguely informative rules of engagement. Of course, some services will require geolocation, others will require a form of customer profiling, and big data is today’s buzz word for all sorts of businesses. So, is privacy a lost cause that must be sacrificed to data mining and big business? Not so, answers de Montjoye who has been working on the development of MIT’s Open Personal Data Store concept (OpenPDS). In previous research using simple telecom operator’s mobility databases, de Montjoye has shown how easy it was to identify individuals based on their daily behaviour alone, proving that even coarse datasets provided little anonymity. With OpenPDS, the PhD candidate turns big data on its head, and devised an application that stores the data generated by your digital devices in a single private location (that could be an encrypted server in the cloud, or a personal computer). Through a sophisticated SafeAnswers framework, smartphone applications are required to specify what information they need and how it will be used. Then OpenPDS works out “yes” or “no” summarized answers to the application queries, based on metadata rather than sharing raw user data. Generic computations on user data are performed in the safe environment of the PDS, here the user does not have to hand data over to receive a service. Hence, rather than having an application telling you it will access your GPS location or your SD card, without knowing exactly what the implications are (last year it was revealed that a seemingly innocuous Android flashlight app had been collecting much more data than it actually needed, only to share it with advertisers), here the permissions don’t give away data but analyse the queries to give a meaningful answer. Mechanisms have to be put in place to prevent application developers from breaking the SafeAnswers framework through a multiplicity of queries, the MIT Media lab is on the case. But today, what type of business would want to drive such an initiative? We asked de Montjoye. By enabling the game of big data while at the same time preserving personal data, this approach offers a safety net to companies willing to operate according to restrictive European data protection regulations, he says. In fact one example of personal data collection going wrong is the recent class action lawsuit initiated last June by Austrian privacy activist Maximilian Schrems against facebook, on behalf of European facebook users. With the www.europe-v-facebook. org website, Schrems is directly pitching EU data protection laws against tech giants and their abusive data collection habits, the case has been brought to the Court of Justice of the European Union. “Companies can offer their services at lower data management expenses while taking less risks regarding data theft. This approach is also more transparent to the users as they always stay in control of their personal data” de Montjoye added. “This approach also has benefits from a developer’s perspective”, de Montjoye told us. Collecting every possible data means writing more complex applications. That is more data to send and to manage, which is expensive in term of bandwidth and generally slows down the application for data it may not even be using. Often developers take as much data as possible, just in case it could be useful later as the application evolves, to future-proof the application. But here, rewriting the application queries is just as efficient to return new responses from the personal data store, the researcher explained. The MIT Media Lab is currently testing the system with several telecommunications companies in Italy and Denmark, it is making the openPDS application free to download for research purposes. 4 Electronic Engineering Times Europe September 2014 www.electronics-eetimes.com


EETE SEP 2014
To see the actual publication please follow the link above