Collaborative Research: CNS Core: Medium: The Privacy Backplane - A Full Stack Approach to Individualized Privacy Controls Throughout the Internet-of-Things

he right to privacy and control over one’s own personal information is a core issue of our vexing time. Increasingly cheap, powerful, and long-lived sensors are being introduced everywhere, and sensor fusion and machine learning are extracting ever more actionable information from them. At the same time, legal protections and government-enforced regulations are emerging in the form of the EU’s GDPR and Califor-nia’s CCPA, along with growing calls for more government intervention. However, despite the intention of these new laws, it is unclear how effective they will ultimately be. Given the current directions of both regulatory and technological trends, many are worried that we are heading to either the death of privacy or a top-down notion of privacy that is disconnected from the realities of the current technical landscape. We instead envision a future where individual control over personal data privacy is ensured by a legal frame-work that is able to leverage new technological capabilities inside computing infrastructures to guarantee regulatory compliance and compliance with each person’s own privacy policy. Central to our vision is an infrastructure that is able to negotiate and execute data collection and access policies on behalf of users and the operators of the physical environment. This infrastructure, the privacy backplane, must be pervasive, secure, scalable, real-time, and allow user information to escape into the broader world only after all negotiated policies have been fully applied. It must also support sensor data collection, transformations, and queries suitable for owners. Using the privacy backplane, a user would define their own privacy policy or used one available from a third party. The ubiquitous infrastructure would then allow the user to traverse the physical world as normal, knowing that it, along with transfor-mations and queries, are obeying an acceptable negotiated policy at all times. In a venue where negotiation is impossible, the user would learn this quickly and have the choice of avoiding the venue. The goal of this proposal is to investigate how to build a privacy backplane system.