A newly built privacy-sensitive architecture seeks to allow developers to construct smart home apps that meet data-sharing issues while still giving consumers control over their personal data. The system, known as Peekaboo by Carnegie Mellon University researchers, “leverages an in-home hub to pre-process and minimize outgoing data in a structured and enforceable manner before sending it to external cloud servers.”
Peekaboo is based on the notion of data minimization, which refers to the technique of collecting just the information necessary to achieve a certain goal. To do this, developers must specify important data collecting behaviors in the form of a manifest file, which is then fed into an in-home trusted hub to transfer sensitive data from smart home apps like smart doorbells on a need-to-know basis.
The hub not only serves as a conduit for raw data from IoT devices to cloud services but also allows third-party auditors to verify an app developer’s data-collecting claims. The manifest file, on the other hand, is similar to Android’s “AndroidManifest.xml” file, which specifies the permissions an app needs to access restricted areas of the system or other apps.
However, unlike Android, where applications are either arbitrarily granted or refused access to a certain function (e.g., camera), Peekaboo allows users to set data collection policies, including the type of data to be collected, when it should be collected, and how frequently.
“With Peekaboo, a user can install a new smart home app by simply downloading a manifest to the hub rather than a binary,” explained the researchers. “This approach offers more flexibility than permissions, as well as a mechanism for enforcement. It also offers users (and auditors) more transparency about a device’s behavior, in terms of what data will flow out, at what granularity, where it will go, and under what conditions.”
Peekaboo may also produce real privacy nutrition labels that describe an app’s reported behavior, similar to Apple’s privacy labels in iOS and Android’s Data safety section. According to the researchers, Peekaboo uses a hybrid architecture in which a local user-controlled hub pre-processes smart home data in an organized manner before passing it to external cloud servers.