By Ari Juels

Do you own your own heartbeats and footsteps? The answer should be a self-evident, resounding “yes.” But often today, it’s not. Services for fitness tracking devices and mobile apps often corral user data in cloud repositories; they provide users with highly restrictive APIs, and then mine or resell the raw data.

The same may happen with the private data generated by devices in the emerging Open Web of Things: Smart appliances, sensor-instrumented vehicles, home monitoring and control systems, and much more.

To stimulate collaborative research on privacy for the Open Web of Things, Google has launched an “expedition” program, awarding grants to Cornell Tech, Carnegie Mellon, Univ. of Illinois, and Stanford. This program brings together top researchers in relevant disciplines and institutions to explore options for the design of an open technology stack and answers to major IoT research questions. My colleagues Mor Naaman of the Jacobs Technion-Cornell Institute and Vitaly Shmatikov are working with me on the Cornell Tech team.

In the midst of this evolution of devices and loss of troves of personal data to service providers, we believe a key threat is underexplored: the correlation between dissimilar data sources, such as physical sensors and social media. We call this threat parallax privacy infringement. The term “parallax” denotes the displacement of an object when seen from two vantage points, which reveals distance and depth. Similarly, the vantage points afforded by disparate data streams can reveal a great deal about users. Our role in the expedition program will be to explore the implications to user privacy.

Our collaboration with a major player at the interface of digital and physical systems offers the chance not just to identify privacy problems, but to help inform industry creation of a privacy-sensitive Open Web of Things. Stay tuned for more!

Ari Juels is a professor at the Jacobs Technion-Cornell Institute at Cornell Tech