Privacy Plays Catch Up With Wireless Devices
Kohno was one of two keynote presenters at the ACM Conference on Security and Privacy in Wireless and Mobile Networks 2012, or WiSec 2012, held this year at the University of Arizona in Tucson. Kohno also presented research and trends in wireless security and privacy to the technical audience of attendees.
Emerging threats to medical devices include wireless interception of messages between monitoring devices, including the interception of transmissions of vital signs, Kohno said. He stressed several times to the audience that immediate, direct threats to patients today are very minimal.
"The current risk to patients is very small," Kohno said.
Consumer home robots were cited as another example of technology that's quickly evolving at a rapid pace -- and with it an increasing amount of important communication being transmitted between the devices and users. Examples of these types of devices include not only "nanny" robots and increasingly complicated baby monitors, but robots designed to remotely monitor homes for intruders, or to check on elderly family members.
Many consumers are also unaware of how many automobiles on the road today are equipped with electronics that are communicating wirelessly. Key fobs that can open doors and start vehicles, and internal Bluetooth and cellular capabilities are examples of technical improvements to today's automobiles that have made cars safer, but have increased their security vulnerabilities.
So while wireless technology has greatly improved the safety and efficiency of cars, security and privacy are emerging issues that manufacturers and policymakers must be aware of, Kohno said. The ultimate goals for researchers who are working on wireless security and privacy solutions are to find the vulnerabilities, identify the challenges to protection of the systems, and communicate their findings to the public and industry.
"The good news is that these threats are being recognized," Kohno said.
Improve connections to improve policy
In another WiSec 2012 key presentation, the chief computer privacy technologist for the U.S Federal Trade Commission told researchers that if they want to improve privacy protection in their respective industries, they'll need to improve their communications with the rule enforcers and policy makers.
"Technologists need to talk to the ones who enforce the rules -- lawyers and policymakers -- to be able to use the rules and the technology to reach a better place," said Edward Felten, professor of computer science and public affairs at Princeton University. Felten also directs the Center for Information Technology Policy, which studies digital technologies and their effect on public life, and he is an online privacy advisor to the FTC.
"This isn't always happening now," Felton said of the current industry-to-regulator connection.
From a regulatory standpoint, privacy agreement details have traditionally been left to evolve between the user and the vendor, creating a large gap between what users think they are agreeing to and what companies think they can do with personal data they collect.
"Users get used to this, and decide they can live with it," Felten said. "From an industry perspective, educating consumers on how their data is used will only work if that data is used in an acceptable form."
"We have decent controls on data collection, but less control over usage of the data," he says.
Felten also advises researchers to look at the long term privacy issues the policy world is struggling with -- and will continue to struggle with if there's minimal guidance from research and industry.
"Just as we do in research -- when we try to figure out what problems industry is going to have in the future, and what problems they are going to need solutions for -- we should be willing to do this for the policy world as well."
Researchers need to improve communicating their results, so the data can be understood in the policy world, Felten said. "There are ways to write introductions to papers and presentations that speak to the public and policymakers. Given that they don’t hear from people like us very much, you can have a lot of impact if you’re one of the people that can do this."
"It's technology transfer at its best," Felten said.
The 2012 ACM Conference on Security and Privacy in Wireless and Mobile Networks, ACM WiSec 2012, took place April 16-18, 2012, and was hosted by the University of Arizona department of electrical and computer engineering. Loukas Lazos, assistant professor of electrical and computer engineering at the UA, and Marwan Krunz, professor at both the UA department of electrical and computer engineering and the UA department of computer science, served as WiSec 2012 co-chairs.
More information on ACM WiSec 2012 can be found online at
http://www.sigsac.org/wisec/WiSec2012/
More information on the University of Arizona department of computer and electrical engineering can be found at
http://www.ece.arizona.edu/