Synopsis:
Consumer devices that we daily interact with, such as doorbells, baby monitors, robot vacuum cleaners process a wide variety of user data from sensors and transmit them across complex hardware-software stacks to cloud environments. This webinar presents a privacy-focused security analysis of these devices, emphasizing the relationship between sensor data, trust boundaries, and privacy guarantees. It outlines key threats with real-world examples that illustrate common architectural flaws. Towards the end, a few foundational privacy and security enhancement strategies such as transformation, gating, filtering, access control, isolation, and retention are presented which strengthen privacy and data protection in hardware-constrained environments.
Problem Statement:
As the future rolls on, we will see more devices such as smart glasses with long-duration video and audio recording integrated with AI assistants. All these physical devices have the potential to collect, store, and process significant amounts of personal data, both locally and in connected cloud services. Consumers however continue to have a limited understanding of the privacy and security controls that have been placed in such devices. While there is a very welcome push by organizations to implement Privacy by Design (PbD), run Data Protection Impact Assessments (DPIAs) and bring privacy early on in the software development lifecycle, much less is discussed about privacy in the hardware development lifecycle – more specifically how the design of hardware itself can make or break privacy. Hardware privacy sits in a unique space since modern hardware involves physical design decisions as well as software design decisions that both simultaneously affect privacy implications when people interact with them.
Related Privacy Enhancing Technologies (PETs):
Anonymization, On-device processing, Trusted execution environments (TEEs), Data masking
Pre-Discussion Resources:
Pre-Discussion Recording: Privacy Analysis of Consumer Hardware Devices | PETed Pre-Discussion Recording
Guest Expert: Suchakra Sharma
Suchakra is the Chief Scientific Officer at Whirly Labs, where he leads the Security and Privacy Research and Education team. He brings over 10 years of experience in the security and privacy industry, having worked with Fortune 500 clients and government agencies across the finance, transportation, FMCG, and healthcare sectors. His work includes developing custom tools, conducting trainings and secure code reviews, and delivering tailored solutions to address fundamental security and privacy challenges. He holds a Ph.D. in Computer Engineering from Polytechnique Montréal where he worked on hardware and software analysis. Most recently, he served as the Chief Scientist at Privado AI, where he introduced static code analysis to the privacy engineering space. Prior to that, he was a founding member of Qwiet.ai.
A prolific speaker, Suchakra has delivered talks, trainings, and lectures on software analysis and cybersecurity at venues such as RSA, Black Hat, Carnegie Mellon University, USENIX LISA, USENIX Enigma, the UN Internet Governance Forum, and NorthSec. He is also a regular contributor to IEEE, serving as a reviewer for leading research journals.
Moderator: Nicole Nguyen
Nicole Nguyen is an enthusiastic privacy professional, deftly bridging technology, business, and law. Beginning in intellectual property and patent prosecution, she gained practical legal insights and technical acumen, which she later applied to data privacy across various regulated industries. She honed her skills across operations, regulatory analysis, and engineering, to streamline data handling, shape privacy policies, and drive privacy-by-design principles. Recognized for her leadership and technical prowess, Nicole guides strategic decisions, resolves complex issues, and bolsters business resilience. Her passion lies in crafting comprehensive data governance programs, weaving security, privacy, and risk disciplines into robust frameworks that safeguard business value and promote a future-ready, privacy-conscious culture. B.S. Chemical and Electrical Engineering and M.S. Information Systems, Cybersecurity and Business Intelligence.
