DTL Talks: David Choffnes, DTL 2015 Grantee (Northeastern University)

27 Mar 2017
David Choffnes tells us about the current status of Recon

Boston, US

As we move about the world with our mobile devices, companies are constantly gathering information about us. Part of the job of the Recon project is to understand what information is being gathered by which parties, give this information to individuals and allow individuals to regain control over what information is shared and with whom. My name is David Choffnes, I'm an assistant professor in the College of Computer and Information Science at Northeastern University. I'm also a member of the Cyber Security and privacy Institute and I'm also a grantee at the Data Transparency Lab.

What is your project Recon about?

So, my research focuses on privacy for mobile devices so for example if the user sees that their GPS location is shared with another party they could choose to block that or they could even choose to replace it with something else. So, in general users can benefit from our research because we provide individuals with exactly what information about them is being shared with other parties as they use their mobile device and we're able to allow those users to control how that information is shared in the future. Beyond that we also been generating public reports that are anonymized summaries of information we've seen gathered from our users and we can provide that to regulators as well for example to the Federal Trade Commission's Consumer Protection Division.

One of the key challenges with this area of research is that because it's privacy related information as researchers we generally don't know in advance what any individual user’s personal information is and quite honestly, we don't want to know that information because after all it's private. But what we can do is design algorithms that identify when personal information is being exposed to other parties without users having to tell us what it is in advance.

What is the current status of your project?

Currently our system, which is called Recon, is publicly available. We have a beta testing environment right now with over 300 users and people can visit our webpage to sign up and use our system. But what we're also working on is coming up with ways for individuals to use our system outside of our research experiment so we're working with other DTL grantees to provide Recon as a service that runs inside an app on an Android device. We're also working on providing this is something that can run in your home router or on a Raspberry Pi, so that individuals can deploy this inside their own home networks and get the same functionality that we provide today using cloud services.

Moving forward something that we're looking into is trying to understand how IoT devices so Internet of Things devices are collecting information about individuals so one of the big challenges here is that these devices unlike our mobile devices completely surround us all the time and generally we don't have as much control over them in terms of turning them off or even knowing when they're transmitting information to other parties. So, one of the things that we're working on is building a lab here in this Cyber Security and Privacy Institute at Northeastern where we can do controlled experiments on a large collection of IOT devices set up like a studio apartment so we can do these in a controlled way and it'll be an environment where individuals can use the space as a lounge and we can understand how these devices share information with other parties as people naturally interact with them.

Which is your role within the project?

On the Recon project, I am the principal investigator I lead a team consisting of an undergraduate student, a PhD student and a postdoc so the grant from the Data Transparency Lab really helps Recon get off the ground.

The Data Transparency Lab is meant to be an incubator for ideas to improve online privacy the problem of online privacy is only going to continue to get worse as more and more devices that surround us every day are collecting information about us. So, it's critically important to develop tools that individuals can use to gain control over that privacy.