Project

Back to overview

Privacy Protection for Lifestyle-Tracking Devices and Applications

English title Privacy Protection for Lifestyle-Tracking Devices and Applications
Applicant Huguenin Kévin
Number 178978
Funding scheme Project funding (Div. I-III)
Research institution Institut des systèmes d'information (ISI) Université de Lausanne (HEC)
Institution of higher education University of Lausanne - LA
Main discipline Information Technology
Start/End 01.02.2019 - 31.01.2022
Approved amount 563'257.00
Show all

All Disciplines (2)

Discipline
Information Technology
Health

Keywords (5)

Quantified-self; Life-style tracking; Privacy; Utility; Wearable computing

Lay Summary (French)

Lead
Les dispositifs de suivi de mode de vie, tels que les bracelets connectés, sont de plus en plus populaires auprès du grand public et des divers acteurs de la santé tels que les hôpitaux et les assurances maladie. Ils collectent des données contextuelles (localisation, mouvement) et physiologiques (rythme cardiaque) sur leur utilisateurs et utilisatrices et leur permettent ainsi de suivre leur activité et leur santé. Si l’utilisation de ces dispositifs peut avoir un effet positif significatif sur la vie des utilisateurs et utilisatrices, celui-ci se fait au coût des risques pour la vie privée dus au caractère sensible des données collectées. Ces risques sont aujourd’hui méconnus de la communauté scientifique, du grand public et des acteurs de la santé.
Lay summary

Ce projet a pour but de passer en revue les différents types de dispositifs (appareils, applications et services) de suivi de mode de vie, les données qu’ils collectent et la manière dont elles sont traitées et utilisées. De plus il vise à évaluer les risques et les bénéfices liés à l’utilisation de ces dispositifs ainsi que de développer des techniques permettant de contrôler la manière dont ils accèdent aux données de telle sorte que les utilisateurs puissent trouver un équilibre entre vie privée et utilité. Le projet s’intéressera aussi aux aspects périphériques mais cruciaux de cet écosystème, à savoir la désirabilité, la facilité d’utilisation et la viabilité économique des dispositifs.

Direct link to Lay Summary Last update: 16.05.2018

Responsible applicant and co-applicants

Employees

Abstract

Lifestyle-tracking services, which rely on contextual and physiological data collected from sensors embedded in (wearable) connected devices, are now emerging in the wake of location-based services (LBS), in which mobile users with GPS-equipped connected devices obtain personalized services based on their locations. This new type of services is enabled by the ever-increasing number and variety of sensors embedded in connected objects (e.g., sleep-/heartbeat-rate or even EEG monitors) whose collection is facilitated by dedicated frameworks such as iOS’s HealthKit and Android’s GoogleFit. With potentially hundreds of millions of users, these services could become the “next big thing” in mobile and pervasive computing. Extensive researches on LBS have demonstrated the privacy risks related to location data. But this is just the tip of the iceberg: Compared to LBS, lifestyle-tracking activities raise many more complex and serious privacy threats, as pointed out in a recent report from the French National Commission on Informatics and Liberty (CNIL). Beyond recreational use (e.g., keeping track of one’s state and activities, following the trend of the quantified self, and sharing on social networks), lifestyle tracking has serious and sensitive applications; a typical example is health, illustrated by the collaboration of developers with medical clinics (e.g., Apple/Mayo Clinic) and insurance companies. Severe threats to privacy go hand-in-hand with the immense potential benefits of lifestyle-tracking applications, especially for the critical ones such as those concerning health. These threats are caused by the high amount and wide variety of collected data and by the sensitivity of the information that can be extracted from it. Due to the high commercial value of such data, there is no doubt that many stakeholders will be interested in collecting and exploiting it, as illustrated by the interest of insurance companies in activity trackers. Another worrisome possible application of such data is the use of the users’ heartbeat rates to monitor their reactions to specific external stimuli such as advertisement, which would be high-interest feedback. As lifestyle tracking enables sensitive applications, the utility aspects, which constitute a key counterpart of privacy, also significantly differ from recreational LBS: Coupled with an appropriate follow-up with a medical doctor, lifestyle-tracking applications can help detect conditions, possibly deadly, and thus have the potential to save their users’ lives.These drastic changes in the privacy and utility require a thorough investigation of lifestyle-tracking applications and the data they manipulate, as well as the design and implementation of efficient privacy-protection tools. This is precisely what the PrivateLife Project will achieve. Building on the strong expertise and complementarity of the consortium’s partners in the multiple facets of privacy protection (we have made key contributions to the privacy and utility of LBS and personalized medicine), the PrivateLife Project will address the unique privacy/utility trade-off that stems from the use of lifestyle-tracking services. More specifically, the goal of the PrivateLife Project is to build practical and usable privacy-protection tools by tackling all at once the problems of privacy and utility quantification, as well as that of system integration. To do so, we will take a principled approach: (1) We will rely on techniques from system design to integrate privacy-protection mechanisms into existing lifestyle-tracking devices and applications; (2) we will follow a privacy by design approach to propose new and alternative architectures and systems for lifestyle-tracking that rely on cryptographic primitives, obfuscation techniques and distributed algorithms ; (3) we will rely on statistical inference on theoretical models and data mining to quantify privacy by embodying curious adversaries; and (4) we will rely on machine learning and data-driven modeling to quantify utility by involving the users in the process through personalized surveys. Most of the aforementioned techniques are in the area of expertise of the partners; an advisory board is set-up to complement the expertise of the consortium in the topics that are relevant to the project.
-