wordpress blog stats
Connect with us

Hi, what are you looking for?

What is the new Peekaboo privacy framework for the Internet of Things?

‘Pekaboo’ is a new privacy framework for Internet of Things (IoT) devices in a smart home, to enable security through data minimization

Many internet-connected devices — let’s use Amazon’s Echo or an LG Smart TV as examples — share data to the cloud when you interact with them. How do you know your speaker isn’t always listening? How do you know it’s not sharing more information than is necessary to fulfill your request?

Right now, there’s no way to confirm this. However, the researchers at the Carnegie Mellon Security and Privacy Institute (CyLab) have come up with a newly designed privacy-sensitive architecture that “leverages an in-home hub to pre-process and minimize outgoing data in a structured and enforceable manner before sending it to external cloud servers.”

They have dubbed this framework, ‘Peekaboo!’ In essence, it as a software design which aims to enable developers to create smart home apps for particular appliances in a manner that addresses data sharing concerns and puts users in control over their personal information that is being shared on the internet of things.

What is the Internet of Things? The Internet of Things, or IoT, is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.

Why this matters: Several devices such as air conditioners, washing machines, TVs and other appliances in a smart home environment record user behaviour through the sensors embedded in these devices, and use this data to facilitate their living styles (eg: Amazon Echo’s automated “user favourite” playlists). Sensor data contains a lot of sensitive information about the user and devices. An attacker inside or near a smart home environment can potentially exploit the innate wireless medium used by these devices to exfiltrate sensitive information about the users and their activities, invading user privacy. Alternately, the attacker can even deliver an encrypted payload of malware that can potentially take over the user’s entire home, holding them hostage. With this in mind, Peekaboo attempts to create a safer environment in smart homes with this new framework.

Advertisement. Scroll to continue reading.

How is Peekaboo supposed to function? Peekaboo operates on the principle of data minimization, which refers to the practice of limiting data collection to only what is required to fulfil a specific purpose.

  • To achieve this, the system needs developers to explicitly declare the relevant data collection behaviors in the form of a manifest file which is then then fed into an in-house trusted network to transmit sensitive data from smart home devices such as Amazon Echo or LG Smart TV on a need-to-know basis.
  • The network acts as the pathway between the raw data from IoT devices and the respective cloud services. It also enables third-party auditors to crosscheck an app developer’s data collection claims.
  • The manifest file details the permissions an app needs in order to access protected parts of the system or other apps. It is usually analogous to a phone operating system’s root data format.
  • Peekaboo makes it possible to define the data collection practices in a more adjustable manner such as, the kind of data to be gathered, when it should be carried out, and how frequently.

“This approach offers more flexibility than permissions, as well as a mechanism for enforcement. It also offers users (and auditors) more transparency about a device’s behavior, in terms of what data will flow out, at what granularity, where it will go, and under what conditions.” — CyLab’s blog on Peekaboo

Does India have any protection measures for IoT devices? No, India does not have any protective measures for IoT device data because the country does not have any kind of data protection laws in place. Although the Code of Practice for Securing Consumer Internet of Things (IoT) released by the Telecommunication Engineering Centre (TEC) calls for unique default passwords for all IoT devices, asks users to choose a strong password, requires for the implementation of a system to manage reports of vulnerabilities, provide regular updates and verify software. However, the code is offered a choice and thus, cannot be enforced.

Non-personal data such as what is collected by these devices falls under the jurisdiction of the National Data Governance Framework which is still under public consultation.

Do other countries have laws regulating the IoT? The United States is the first country to draft a legislation on the internet of things. Dubbed the IoT Cybersecurity Improvement Act of 2020, it requires government agencies to ensure the security of their IoT devices. On a state level, several states, including California and Oregon, have already passed IoT cybersecurity laws.

In the European Union, the NIS2 Directive, which was passed by all 27 member states late in May 2022, covers the security of the internet of things. These new rules mean that IoT device manufacturers will have to report all of their cybersecurity incidents and analyze the vulnerabilities to prepare a report for the Union’s cybersecurity agency. Failure to comply will result in heavy fines or sanctions.

Read also:

Advertisement. Scroll to continue reading.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...


Releasing the policy is akin to putting the proverbial 'cart before the horse'.


The industry's growth is being weighed down by taxation and legal uncertainty.


Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ