Dada says there might be a problem?

Grandpa's Pocket Ledger & My Field Notes

Following on from the great work being done by the databox project team which recently appeared in BBC News, about the work (BBC R&D) have done with it including the living room of the future and BBC Box project. I was impressed to learn about the Dada wiki.

The Defense Against the Dark Artefacts (DADA) project is a collaboration between the Universities of Cambridge, Nottingham, and Imperial, addressing challenges in security and privacy related to smart home devices. These challenges result from the current, widely-adopted approaches in which cloud services underpin home IoT devices, where network infrastructure protection is minimal and little or no isolation is provided between attached devices and the data traffic they carry.

It addresses these challenges by:

  1. designing and implementing mechanisms for device traffic monitoring with a precise look at packet traces and device profiles;
  2. applying learning technologies to detect devices’ abnormal behavior;
  3. introducing techniques for dealing with traffic anomalies and restoring home network operability;
  4. putting the homeowner in the center of management by informing them of possible security threats and offering a choice of defences.

This although I used the wrong technology, this was what I was pointing towards in my blog titled your home needs a blockchain. All the things in Human Data Interaction – Legibility, Agency and Negotiatability all apply if Dada was a databox application.

Interestingly Dada isn’t the only one in this field. Recently Princeton released IOT inspector to do something similar.

Today, we release Princeton IoT Inspector, a open-source tool that lets you inspect IoT traffic in your home network right from the browser. With a one-click install process, you can watch how your IoT devices watch you within minutes of setup.

However IOT inspector is a tool for inpection, while Dada is a tool and place to upload data for analysis to benefit the research community. Of course you don’t have to upload the data and maybe do the analysis locally (this would fit the Databox model perfectly). There is a privacy policy of course, but I expect this will be expanded in the near future.

We understand that any uploaded device trace might contain personal application data. While we need to analyse the uploaded traces to extract IoT features in order to form ML training datasets, we do not aim to analyse nor store your personal data. Therefore, the processed traces are anonymised and all sensitive application payload is removed before the actual analysis starts.

After analysis is done, our servers store the anonymised trace and the extracted features such as packet headers, addresses, ports and payload size (but not the payload itself).

Of course uploading the data for research purposes could be incredible useful. For example imagine you bought a device which is already in the Dada database. You check the device and it seems to be sending a lot of traffic odd places. You check the version number, firmware, etc but its consuming a lot of traffic which is odd. Maybe it was hacked/hijacked? With a public database, its possible to check. Even better with a databox application, it could be done automaticlly if the user(s) allow it.

Some of you maybe thinking this is insane stuff but can I remind you of the house that spied on me and the follow up which armed people with tools.

Even Mozilla went as far as to create a buyers guide to help people choose IOT devices with more information that whats usually available to you in the shop or without proper research. Now theres loads of stories about IOT hijacking by hackers (hummmm possible) and more likely from the companies who make the hardware to bring new features… 

96656cc2-6c28-4100-a783-f1006f53c102_text_hi.gif

BBC’s role in data-led services

Public Service Internet

Two good blog posts outlining the BBC’s ambitions were posted to various BBC blogs on this week.

First Matthew Postgate (CTPO of the BBC) looks at the BBC’s future role in  a data-led landscape. He mentions the BBC box which then links to work we’ve been researching in BBC R&D around the databox project.

Gizmodo started to unpick this a little, The BBC is Doing Cloud Storage and Wants You to Have Full Control Over Your Data. The interest is a good thing of course…

It was clear to me back when I first spoke to Nottingham University about the databox project, it was something different, a possible way forward following the newly established HDI principles. It was tricky to understand (and you get that sense in the Gizmodo piece) but the box infrastructure kept everything honest. If you told me 4 years later after I first published the ethics of data videos.. I’d be debating with Tim Burners-Lee about the merits of Databox vs Solid at Mozfest 2018… I wouldn’t have believed you.

I look forward to seeing where things go next with Databox/BBC Box, this for me is the BBC embracing the change and doubling down on its public service. But lets not forget the other experiments using databox at their heart as they are also part of the change.