MIT, Harvard researchers push new way for users to control access to personal data

Called Sieve, the approach could pose challenges to companies storing users' personal data and government searches

Cryptography researchers at MIT and Harvard have developed software called Sieve that is designed to help users keep track of encrypted personal data and better manage it in the cloud.

The Web infrastructure concepts behind Sieve could have significant implications for government searches of data, such as in the Apple-FBI case, or for companies using personal data from fitness bands and other devices for marketing and other purposes.

With Sieve, a Web user on a smartphone, smartwatch or other device could store personal data in encrypted form in the cloud, according to an MIT statement on Friday.

Then, when any app wants to use specific data items, like a name or address, it would send a request to the user, and, if granted, would receive a secret key to decrypt only those items kept in the cloud account of the user. In addition, if the user wanted to revoke the app's access, Sieve would re-encrypt the data with a new key.

The idea for Sieve first came more than a year ago to Frank Wang, a Ph.D candidate in computer science at MIT. Wang was using his Fitbit and was concerned about where his fitness data was stored and how it would be accessed by him or by others, he said in an interview. "I don't want people to hack my data and get more than I want," he said.

"With Sieve, we want users to securely store and selectively access that data for Web services and Web apps. We want the data to remain secure and give subsets to Web services. In theory that's easy, but in practice, it's difficult," Wang said. "With Sieve, the user has more control over how his or her data flows to different parties."

Wang spoke by phone just prior to giving a talk on Friday about Sieve at the Usenix Symposium on Networked Systems Design and Implementation on Santa Clara, Calif. Wang, 26, has worked to develop Sieve with MIT associate professors of electrical engineering and computer science Nickolai Zeldovich and Vinod Vaikuntanathan as well as James Mickens, associated professor of computer science at Harvard University.

Apps used on everything from smart thermostats to smartphones "collect a lot of user data, and you don't know what the [app developer] will do with it," Wang said. "Our goal is to say it's the users' data, and they should say how it's used."

He gave one practical example of how Sieve would work. If a sleep monitor has sleep data that is better than what a fitness band could provide, a user could permit the sleep data to be ported to the fitness band, which might give better tips on fitness than the sleep monitor would provide. "It makes it very easy with all the data in one location," Wang said.

"Part of my motivation for Sieve was that fitness data may need to be regulated, since how different, really, is fitness data from medical records? " Wang said. "People can guess a lot about my health with a small amount of data."

Concerns about uses of fitness data and other seemingly innocuous information have come to the attention of the Federal Trade Commission and other regulators. During an appearance at CES in January, FTC Chairwoman Edith Ramirez said that devices are "gathering increasingly sensitive information about us and how it is used or shared, and the potential for unintended uses is a concern."

Ramirez said she was so personally concerned about sharing her own fitness data that she uses an older, unconnected pedometer to measure her steps. "I don't want to share," she said.

Sieve could also better protect a person's data from a court-ordered warrant. If the FBI brought a search warrant to Facebook or Amazon for a person's data, the companies would be able to say that they don't have any of the user's important data. "If somebody told Amazon, give me all of Frank's data, Amazon can say, 'Ask Frank,' " Wang said.

Wang is well aware of the FBI-Apple dispute in federal court over gaining access to a secure iPhone used in a terror attack. "Maybe Sieve would raise the hackles of the intelligence community, I don't know," Wang said.

But Sieve could be a means to simplify things for users, he said. In another example, he said a user signing up with a new insurance company could give the insurer a specific key to access a subset of the user's personal data in the cloud. After the access was finished, the key would be changed to prevent further access.

While part of the idea for Sieve came out of Wang's concerns over his personal data on Fitbit, it also came from the latest direction of study in the computer science field. "A lot of people in computer science are excited by users managing their own data, instead of Web services doing it," Wang said.

"There's a lot of user distrust about using Web services and the cloud and finding some way to interact in a secure way," he said. "People are concerned about privacy and many don't know that Facebook and Fitbit have a lot of data on us."

Wang received his undergraduate degree in computer science at Stanford University. He envisions three components for Sieve: software that a user installs on a device, software installed on apps and software installed in the cloud.

"It would be great if Sieve was a product, but it's more of a model of a new Web infrastructure," he said. Meeting with tech companies and app developers will help determine the path forward for Sieve.

"All of this is about making data access seamless for users," he said. "I hate the way we get data from Web services."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments

Latest Videos

Launch marketing council Episode 5: Retailer and supplier

In our fifth and final episode, we delve into the relationship between retailer and supplier and how it drives and influences launch marketing strategies and success. To do that, we’re joined by Campbell Davies, group general manager of Associated Retailers Limited, and Kristin Viccars, marketing director A/NZ, Apex Tool Group. Also featured are Five by Five Global managing director, Matt Lawton, and CMO’s Nadia Cameron.

More Videos

The best part: optimizing your site for SEO enables you to generate high traffic, and hence free B2B lead generation. This is done throug...

Sergiu Alexei

The top 6 content challenges facing B2B firms

Read more

Nowadays, when everything is being done online, it is good to know that someone is trying to make an improvement. As a company, you are o...

Marcus

10 lessons Telstra has learnt through its T22 transformation

Read more

Check out tiny twig for comfy and soft organic baby clothes.

Morgan mendoza

Binge and The Iconic launch Inactivewear clothing line

Read more

NetSuite started out as a cloud-based provider of Enterprise Resource Planning software or as NetSuite solution provider, which companies...

talalyousaf

NetSuite to acquire Bronto's digital marketing platform for US$200m

Read more

Thanks for sharing this post, its really good information I get through this blog.CDPO Online Exam Training

Infosectrain01

3 ways Booking.com is improving its B2B marketing game

Read more

Blog Posts

Getting privacy right in a first-party data world

With continued advances in marketing technology, data privacy continues to play catchup in terms of regulation, safety and use. The laws that do exist are open to interpretation and potential misuse and that has led to consumer mistrust and increasing calls for a stronger regulatory framework to protect personal information.

Furqan Wasif

Head of biddable media, Tug

​Beyond greenwashing: Why brands need to get their house in order first

Environmental, Social and (Corporate) Governance is a hot topic for brands right now. But before you start thinking about doing good, Craig Flanders says you best sort out the basics.

Craig Flanders

CEO, Spinach

​The value of collaboration: how to keep it together

Through the ages, from the fields to the factories to the office towers and now to our kitchen tables, collaboration has played a pivotal role in how we live and work. Together. We find partners, live as families, socialise in groups and work as teams. Ultimately, we rely on these collaborative structures to survive and thrive.

Rich Curtis

CEO, FutureBrand A/NZ

Sign in