Childproofing the Internet of Things
The one-year Childproofing the Internet of Things project began in November 2017 and is being funded by the Engineering and Physical Sciences Research Council (EPSRC) via the PETRAS IoT Hub.
With applications for games, for safety, for education; there are many connected smart toys for children on the market, and many more IoT devices they can access and use. There are known security and privacy risks associated with these gadgets. What isn’t yet known is what the risks are when children are able to programme their own toys and build their own IoT devices. Lancaster University’s Childproofing the Internet of Things project aims to identify the risks and deliver practical guidance to help protect children and help them navigate safely in a world where everything is on the internet.
Dr Bran Knowles, the Data Science Lecturer at Lancaster University who is leading the project, explains: “The IoT brings new and different routes to children for potential predators, in particular to private spaces like children’s bedrooms. Because those routes aren’t yet understood in the way we understand and teach about online and mobile safety, they could be easily exploited.”
The aims of the project is to help children understand how and when they might leak personal information to potential predators, what kind of information they are revealing, what the risks are in doing so and how they can protect themselves. The emphasis of the project is around privacy and security, but it may also encompass concerns around health and wellbeing such as addiction or isolation.
Utilising the BBC micro:bit as an example IoT platform, the project is looking at platforms designed to be programmable by children as these become increasingly popular. Dr Joe Finney, Computing and Communications Lecturer at Lancaster and co-investigator on the project, helped develop the micro:bit and the university continues to support it with engineering resources and data analytics-based education research.
What is the micro:bit?
The brainchild of the BBC, the micro:bit is a tiny programmable computer with built-in sensors that was designed to help young people learn to code and become confident and creative with technology, and to help level the playing field between genders. Recognising the potential security risks, the developers of the micro:bit took a considered ethical approach and deliberately restricted the functionality before it was taken to market, such as anonymising radio communications and strengthening the security of the Bluetooth pairing.
The micro:bit launched in the 2015-16 school year when over 750,000 were distributed to Year 7 (aged 11-12) pupils and teachers in schools across the UK. The non-profit Micro:bit Educational Foundation was established in September 2016 to help bring micro:bits to schools and pupils around the world. They are now used in countries around the world, from Iceland to India.
What does the project involve?
In the first stage of the project, the team is spending the day in schools with children aged nine to 12, learning about how they want to use micro:bit and similar tools and what they want to build. It is also interviewing those involved in teaching e-safety and mobile safety to identify gaps in the curriculum. The aim is to develop “use scenarios” about what the children want to build and what they will actually be able to programme.
In collaboration with the National Society for the Prevention of Cruelty to Children (NSPCC) in the UK and the Family Online Safety Institute (FOSI) in the US, the team will map the use scenarios to potential threats. The final stage will involve working with these partners to develop new policy guidance and educational guidance that incorporates IoT and programmable devices. This will be used by teachers in schools as well as by children and their parents to understand and protect against the risks. The team will also work with the Micro:bit Educational Foundation to develop educational exercises for the micro:bit that will teach children the fundamentals of how to safely programme and use their own devices, with hands-on understanding and experience of the risks.
The main aim is to provide guidance and practical help for children, parents and educators around programmable IoT devices, and the idea is that children will be able to apply this learning to their wider online activity. The hope is that the NSPCC and FOSI will be able to leverage their channels to generate interest among policymakers.
An added bonus would be if manufacturers took the findings and recommendations on board when developing connected devices for children, but Dr Knowles isn’t optimistic. “The fact is there are already tools out there that have not been ethically vetted,” she says. “The micro:bit is an exception where they have thought about the risks and been very cautious in what they’ve enabled users to do as a result.”