research-article

Personal Data Management with the Databox: What's Inside the Box?

Authors:

Richard Mortier,

Chris GreenhalghAuthors Info & Claims

CAN '16: Proceedings of the 2016 ACM Workshop on Cloud-Assisted Networking

Pages 49 - 54

https://doi.org/10.1145/3010079.3010082

Published: 12 December 2016 Publication History

Abstract

We are all increasingly the subjects of data collection and processing systems that use data generated both about and by us to provide and optimise a wide range of services. Means for others to collect and process data that concerns each of us -- often referred to possessively as "your data" -- are only increasing with the long-heralded advent of the Internet of Things just the latest example. As a result, means to enable personal data management is generally recognised as a pressing societal issue.

We have previously proposed that one such means might be realised by the Databox, a collection of physical and cloud-hosted software components that provide for an individual data subject to manage, log and audit access to their data by other parties. In this paper we elaborate on this proposal, describing the software architecture we are developing, and the current status of a prototype implementation. We conclude with a brief discussion of Databox's limitations.

References

[1]

Mydex. https://data.gov.uk/library/mydex, 2012.

[2]

P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. In Proc. ACM Symposium on Operating Systems Principles (SOSP), pages 164--177, Bolton Landing, NY, USA, 2003. ACM.

Digital Library

[3]

D. Boyd and K. Crawford. Critical questions for big data. Information, Communication & Society, 15(5):662--679, May 2012.

[4]

A. Crabtree and R. Mortier. Human Data Interaction: Historical lessons from social studies and CSCW. In Proc. European Conference on Computer Supported Cooperative Work (ECSCW), Oslo, Norway, Sept. 19--23 2015.

[5]

Y.-A. de Montjoye, E. Shmueli, S. S. Wang, and A. S. Pentland. openpds: Protecting the privacy of metadata through safeanswers. PloS one, 9(7):e98790, 2014.

[6]

C. Diaz, C. Troncoso, and A. Serjantov. On the impact of social network profiling on anonymity. In Privacy Enhancing Technologies, pages 44--62. Springer, 2008.

Digital Library

[7]

C. Dwork. Differential privacy. In M. Bugliesi, B. Preneel, V. Sassone, and I. Wegener, editors, Automata, Languages and Programming, pages 1--12. Springer Berlin / Heidelberg, Berlin, Germany, 2006.

Digital Library

[8]

EU General Data Protection Regulation. Proposal for a regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0011:FIN:en:PDF, 2012.

[9]

T. Gazagnaire, A. Chaudhry, J. Crowcroft, A. Madhavapeddy, R. Mortier, D. Scott, D. Sheets, and G. Tsipenyuk. Irmin: a branch-consistent distributed library database. In Proc. OCaml User and Developer Workshop at ICFP'14, Sept. 5 2014.

[10]

S. Guha, A. Reznichenko, K. Tang, H. Haddadi, and P. Francis. Serving ads from localhost for performance, privacy, and profit. In Proc. 8th ACM HotNets, NY, USA, 2009.

[11]

H. Haddadi, A. Chaudhry, J. Crowcroft, H. Howard, D. McAuley, A. Madhavapeddy, and R. Mortier. Personal data: Thinking inside the box. In Proc. 5th Decennial ACM Aarhus Conference: Critical Alternatives, Aarhus, Denmark, Aug. 17--21 2015.

Digital Library

[12]

H. Haddadi, P. Hui, and I. Brown. Mobiad: private and scalable mobile advertising. In Proc. 5th ACM MobiArch, pages 33--38, New York, NY, USA, 2010. ACM.

Digital Library

[13]

H. Haddadi, R. Mortier, S. Hand, I. Brown, E. Yoneki, D. McAuley, and J. Crowcroft. Privacy analytics. SIGCOMM Comput. Commun. Rev., 42(2):94--98, Apr. 2012.

Digital Library

[14]

Q. Ho, J. Cipar, H. Cui, S. Lee, J. K. Kim, P. B. Gibbons, G. A. Gibson, G. Ganger, and E. P. Xing. More effective distributed ML via a stale synchronous parallel parameter server. In C. J. C. Burges, L. Bottou, M. Welling, Z. Ghahramani, and K. Q. Weinberger, editors, Advances in Neural Information Processing Systems 26, pages 1223--1231. Curran Associates, Inc., 2013.

Digital Library

[15]

Identity Theft Resource Center. ITRC Breach Statistics 2005--2015. http://www.idtheftcenter.org/images/breach/2005to2015multiyear.pdf, 2016.

[16]

J. P. A. Ioannidis. Informed consent, big data, and the oxymoron of research that is not research. American J. Bioethics, 13(4):40--42, Mar. 2013.

[17]

C. M. Johnson and T. W. A. Grandison. Compliance with data protection laws using hippocratic database active enforcement and auditing. IBM Systems Journal, 46(2):255 --264, 2007.

Digital Library

[18]

A. Madhavapeddy, R. Mortier, C. Rotsos, D. Scott, B. Singh, T. Gazagnaire, S. Smith, S. Hand, and J. Crowcroft. Unikernels: Library operating systems for the cloud. In Proc. ACM ASPLOS, pages 461--472, 2013.

Digital Library

[19]

R. Mortier, H. Haddadi, T. Henderson, D. McAuley, and J. Crowcroft. Human-data interaction: The human face of the data-driven society. Technical Report 2508051, SSRN, 2014.

[20]

R. Mortier, T. Rodden, P. Tolmie, T. Lodge, R. Spencer, A. Crabtree, J. Sventek, and A. Koliousis. Homework: Putting interaction into the infrastructure. In Proc. ACM UIST, 2012.

Digital Library

[21]

M. Naehrig, K. Lauter, and V. Vaikuntanathan. Can homomorphic encryption be practical? In Proc. ACM Cloud Computing Security Workshop, pages 113--124, 2011.

Digital Library

[22]

D. Narayanan, A. Donnelly, R. Mortier, and A. Rowstron. Delay aware querying with Seaweed. The VLDB Journal, 17(2):315--331, Mar. 2008.

Digital Library

[23]

E. Papadopoulou, A. Stobart, N. K. Taylor, and M. H. Williams. Enabling data subjects to remain data owners. In Agent and Multi-Agent Systems: Technologies and Applications, pages 239--248. Springer, 2015.

[24]

R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan. CryptDB: processing queries on an encrypted database. CACM, 55(9), 2012.

Digital Library

[25]

E. G. Rieffel, J. T. Biehl, W. van Melle, and A. J. Lee. Secured histories: computing group statistics on encrypted data while preserving individual privacy. CoRR, abs/1012.2152, 2010.

[26]

Strategic Headquarters for the Promotion of an Advanced Information and Telecommunications Network Society. Policy outline of the institutional revision for utilization of personal data. http://japan.kantei.go.jp/policy/it/20140715_2.pdf, 2014.

[27]

P. Tolmie, R. Mortier, T. Rodden, M. Önen, K. Elkhiyaou, and A. Friedman. D 4.1: Requirements, Ethics and Security Models for Privacy Preserving Data Management. Technical Report D4.1, EU FP7 User Centric Networking deliverable, Sept. 30 2014.

[28]

US Consumer Privacy Bill of Rights. Consumer data privacy in a networked world: A framework for protecting privacy and promoting innovation in the global digital economy. https://www.whitehouse.gov/sites/default/files/privacy-final.pdf, 2012.

[29]

World Economic Forum. Rethinking personal data: A new lens for strengthening trust. http://www3.weforum.org/docs/WEF_RethinkingPersonalData_ANewLens_Report_2014.pdf, 2014.

Cited By

Clos JMcClaughlin EBarnard PTom TYajaman S(2024)LOOM: a Privacy-Preserving Linguistic Observatory of Online MisinformationProceedings of the Second International Symposium on Trustworthy Autonomous Systems10.1145/3686038.3686062(1-9)Online publication date: 16-Sep-2024
https://dl.acm.org/doi/10.1145/3686038.3686062
Saheed YAbdulganiyu OTchakoucht T(2024)Modified genetic algorithm and fine-tuned long short-term memory network for intrusion detection in the internet of things networks with edge capabilitiesApplied Soft Computing10.1016/j.asoc.2024.111434155(111434)Online publication date: Apr-2024
https://doi.org/10.1016/j.asoc.2024.111434
Fallatah KBarhamgi MPerera C(2023)Personal Data Stores (PDS): A ReviewSensors10.3390/s2303147723:3(1477)Online publication date: 28-Jan-2023
https://doi.org/10.3390/s23031477
Show More Cited By

Index Terms

Personal Data Management with the Databox: What's Inside the Box?
1. Security and privacy
  1. Software and application security
    1. Domain-specific security and privacy architectures

Recommendations

Providing Occupancy as a Service with Databox
CitiFog'18: Proceedings of the 1st ACM International Workshop on Smart Cities and Fog Computing

Occupancy modelling for efficient energy management of indoor spaces has gained significant recent attention. Unfortunately, many such models rely on copying sensor data to the cloud for third-party services to process, creating risks of privacy breach. ...
Using personal portfolios to manage customer data
DPM'11: Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security

Transactions today are conducted in a way that leaves no real option to the customers to protect their privacy. Sensitive private information is left uncontrolled at the companies' disposal and is often (un)intentionally leaked to unauthorized parties. ...
Blockchain-based access control system for efficient and GDPR-compliant personal data management
Abstract
New digital technologies generate large amounts of information. This data is processed by Service Providers in order to improve and develop new services and products, but also to fund themselves. However, processing personal data may result in ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CAN '16: Proceedings of the 2016 ACM Workshop on Cloud-Assisted Networking

December 2016

80 pages

ISBN:9781450346733

DOI:10.1145/3010079

General Chairs:
Murat Yuksel
University of Central Florida, USA
,
Timothy Wood
George Washington University, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 December 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CoNEXT '16

Sponsor:

SIGCOMM

CoNEXT '16: The 12th International Conference on emerging Networking EXperiments and Technologies

December 12, 2016

California, Irvine, USA

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

45
Total Citations
View Citations
611
Total Downloads

Downloads (Last 12 months)37
Downloads (Last 6 weeks)9

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Clos JMcClaughlin EBarnard PTom TYajaman S(2024)LOOM: a Privacy-Preserving Linguistic Observatory of Online MisinformationProceedings of the Second International Symposium on Trustworthy Autonomous Systems10.1145/3686038.3686062(1-9)Online publication date: 16-Sep-2024
https://dl.acm.org/doi/10.1145/3686038.3686062
Saheed YAbdulganiyu OTchakoucht T(2024)Modified genetic algorithm and fine-tuned long short-term memory network for intrusion detection in the internet of things networks with edge capabilitiesApplied Soft Computing10.1016/j.asoc.2024.111434155(111434)Online publication date: Apr-2024
https://doi.org/10.1016/j.asoc.2024.111434
Fallatah KBarhamgi MPerera C(2023)Personal Data Stores (PDS): A ReviewSensors10.3390/s2303147723:3(1477)Online publication date: 28-Jan-2023
https://doi.org/10.3390/s23031477
Manohar ASengul CChen J(2023)Inclusive Privacy Control at Home for Smart HealthHuman Data Interaction, Disadvantage and Skills in the Community10.1007/978-3-031-31875-7_9(151-176)Online publication date: 1-Aug-2023
https://doi.org/10.1007/978-3-031-31875-7_9
Fernandez CBraud THui PLiKamWa RHengartner U(2022)Implementing GDPR for mobile and ubiquitous computingProceedings of the 23rd Annual International Workshop on Mobile Computing Systems and Applications10.1145/3508396.3512880(88-94)Online publication date: 9-Mar-2022
https://dl.acm.org/doi/10.1145/3508396.3512880
Zhao ZMa CYuan HWang Z(2022)A DTP and SoLiD based Service for Multi-Source Semantically-Heterogeneous Personal Data Management2022 International Conference on Service Science (ICSS)10.1109/ICSS55994.2022.00047(255-262)Online publication date: May-2022
https://doi.org/10.1109/ICSS55994.2022.00047
Javet LAnciaux NBouganim LPucheral P(2022)Edgelet Computing: Pushing Query Processing and Liability at the Extreme Edge of the Network2022 22nd IEEE International Symposium on Cluster, Cloud and Internet Computing (CCGrid)10.1109/CCGrid54584.2022.00025(160-169)Online publication date: May-2022
https://doi.org/10.1109/CCGrid54584.2022.00025
Kühtreiber PPak VReinhardt D(2022)A survey on solutions to support developers in privacy-preserving IoT developmentPervasive and Mobile Computing10.1016/j.pmcj.2022.10165685:COnline publication date: 1-Sep-2022
https://dl.acm.org/doi/10.1016/j.pmcj.2022.101656
Tsai LSchwarzkopf MKohler EAngel SKasikci BKohler E(2021)Privacy heroes need data disguisesProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3458336.3465284(112-118)Online publication date: 1-Jun-2021
https://dl.acm.org/doi/10.1145/3458336.3465284
Jiang HStarkman JLee YChen HQian XHuang M(2021)Distributed Deep Learning Optimized System over the Cloud and Smart Phone DevicesIEEE Transactions on Mobile Computing10.1109/TMC.2019.294149220:1(147-161)Online publication date: 1-Jan-2021
https://doi.org/10.1109/TMC.2019.2941492
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents