ABSTRACT
Brain-Computer Interfaces (BCIs) facilitate communication between brains and computers. As these devices become increasingly popular outside of the medical context, research interest in brain privacy risks and countermeasures has bloomed. Several neuroprivacy threats have been identified in the literature, including brain malware, personal data being contained in collected brainwaves and the inadequacy of legal regimes with regards to neural data protection. Dozens of controls have been proposed or implemented for protecting neuroprivacy, although it has not been immediately apparent what the landscape of neuroprivacy controls consists of. This paper inventories the implemented and proposed neuroprivacy risk mitigation techniques from open source repositories, BCI providers and the academic literature. These controls are mapped to the Hoepman privacy strategies and their implementation status is described. Several research directions for ensuring the protection of neuroprivacy are identified.
- Agarwal, A., Dowsley, R., McKinney, N. D., Wu, D., Lin, C.-T., Cock, M. D., & Nascimento, A. (2018). Privacy-preserving linear regression for brain-computer interface applications. Proceedings of the IEEE International Conference on Big Data (Big Data), Seattle, WA. https://doi.org/10.1109/BigData.2018.8621861Google ScholarCross Ref
- Agarwal, A., Dowsley, R., McKinney, N. D., Wu, D., Lin, C.-T., Cock, M. D., & Nascimento, A. (2019). Protecting privacy of users in brain-computer interface applications. IEEE Transactions on Neural Systems and Rehabilitation Engineering, 27(8), 1546--1555. https://doi.org/10.1109/TNSRE.2019.2926965Google ScholarCross Ref
- Bak, S., Pyo, Y., & Jeong, J. (2019). Protection of EEG data using blockchain platform. Proceedings of the International Winter Conference on Brain-Computer Interface (BCI), Gangwon, South Korea, 1--3. Piscataway, NJ: IEEE. https://doi.org/10.1109/IWW-BCI.2019.8737260Google ScholarCross Ref
- Bernal, S. L., Celdrán, A. H., Pérez, G. M., Barros, M. T., Balasubramaniam, S. (2019). Cybersecurity in brain-computer interfaces: state-of-the-art, opportunities, and future challenges. ArXiv:1908.03536.Google Scholar
- Bonaci, T., Herron, J., Matlack, C., & Chizeck, H. J. (2014). Securing the exocortex: A twenty-first century cybernetics challenge. Proceedings of the 2014 IEEE Conference on Norbert Wiener in the 21st Century (21CW), Boston, MA. https://doi.org/10.1109/NORBERT.2014.6893912Google ScholarCross Ref
- Bonaci, T. (2015). Security and Privacy of Biomedical Cyber-Physical Systems. University of Washington, ProQuest Dissertations and Theses.Google Scholar
- Brigham, K., & Kumar, B. V. K. (2010). Imagined Speech Classification with EEG Signals for Silent Communication: A Preliminary Investigation into Synthetic Telepathy. Proceedings of the International Conference on Bioinformatics and Biomedical Engineering, Chengdu, China, 1--4. Piscataway, NJ: IEEE. https://doi.org/10.1109/ICBBE.2010.5515807Google ScholarCross Ref
- Cannon, JC. (2014). Privacy in Technology: Standards and Practices for Engineers and Security and IT Professionals. Portsmouth, NH: International Association of Privacy Professionals.Google Scholar
- Chizeck, H. J., & Bonaci, T. (2014). U.S. Patent Application No. 14/174,818.Google Scholar
- Colesky, M., Hoepman, J.-H., & Hillen, C. (2016). A critical analysis of privacy design strategies. 2016 IEEE Security and Privacy Workshops (SPW), San Jose, CA, 33--40. Piscataway, NJ: IEEE. https://doi.org/10.1109/SPW.2016.23Google ScholarCross Ref
- Cronk, J. (2018). Strategic privacy by design. Portsmouth, NH: International Association of Privacy Professionals.Google Scholar
- Dennedy, M. F., Fox J., Finneran, T. (2014). The privacy engineer's manifesto: getting from policy to code to QA to value. New York, NY: ApressGoogle ScholarCross Ref
- Denning, T., Matsuoka, Y., & Kohno, T. (2009). Neurosecurity: security and privacy for neural devices. Neurosurgical Focus, 27(1), E7. https://doi.org/10.3171/2009.4.FOCUS0985Google ScholarCross Ref
- Dustman, R. E., Shearer, D. E., & Emmerson, R. Y. (1999). Life-span changes in EEG spectral amplitude, amplitude variability and mean frequency. Clinical neurophysiology, 110(8), 1399--1409. https://doi.org/10.1016/s1388-2457(99)00102-9Google Scholar
- Emotiv. (2018, May 25). EMOTIV privacy policy. EMOTIV. https://id.emotivcloud.com/eoidc/privacy/privacy_policy/Google Scholar
- Emotiv. (2019). Mobile and Secure EEG Cloud Database. EMOTIV. https://www.emotiv.com/emotiv-eeg-cloud/Google Scholar
- Finn, R. L., Wright, D., & Friedewald, M. (2013). Seven types of privacy. European data protection: coming of age, 3--32. Dordrecht: Springer. https://doi.org/10.1007/978-94-007-5170-5_1Google Scholar
- Frank, M. Hwu, T., Jain, S., Knight, R.T., Martinovic, I., Mittal, P., Perito, D., Sluganovic, I., & Song, D. (2017). Using EEG-based BCI devices to subliminally probe for private information. Proceedings of the 2017 Workshop on Privacy in the Electronic Society (WPES'17), Dallas, TX, 133--136. https://doi.org/10.1145/3139550.3139559Google ScholarDigital Library
- Gladden, M. E. (2017). The Handbook of Information Security for Advanced Neuroprosthetics, (2nd ed.). Indianapolis, IN: Synthypnion Academic.Google ScholarDigital Library
- Hallinan, D., Schütz, P., Friedewald, M., & de Hert, P. (2013). Neurodata and neuroprivacy: Data protection outdated? Surveillance & Society 12(1), 55--72. https://doi.org/10.24908/ss.v12i1.4500Google ScholarCross Ref
- Hoepman, J.-H. (2014). Privacy design strategies. Proceedings of the IFIP International Information Security Conference (SEC), Marrakech, Morocco. 446--459. https://doi.org/10.1007/978-3-642-55415-5_38Google ScholarCross Ref
- Hoepman, J.-H. (2019). Privacy design strategies (the little blue book). Groningen: De Privacy Coach. https://www.cs.ru.nl/J.H.Hoepman/publications/pds-booklet.pdfGoogle Scholar
- Ienca, M. (2015). Neuroprivacy, neurosecurity and brain-hacking: Emerging issues in neural engineering. Bioethica Forum. 8(2), 51--53. Schwabe.Google Scholar
- Ienca, M., & Haselager, P. (2016). Hacking the brain: brain--computer interfacing technology and the ethics of neurosecurity. Ethics and Information Technology, 18(2), 117--129. https://doi.org/10.1007/s10676-016-9398-9Google ScholarDigital Library
- Inzlicht, M., McGregor, I., Hirsh, J. B., & Nash, K. (2009). Neural markers of religious conviction. Psychological Science, 20(3), 385--392. https://doi.org/10.1111/j.1467-9280.2009.02305.xGoogle ScholarCross Ref
- Kokoon. (2019). Privacy policy. Kokoon. https://kokoon.io/policies/privacy-policyGoogle Scholar
- Li, Q., Ding, D., & Conti, M. (2015). Brain-computer interface applications: Security and privacy challenges. Proceedings of the 2015 IEEE Conference on Communications and Network Security (CNS), Florence, Italy. https://doi.org/10.1109/CNS.2015.7346884Google Scholar
- Martinovic, I., Davies, D., Frank, M., Perito, D., Ros, T., & Song, D. (2012). On the feasibility of side-channel attacks with brain-computer interfaces. Proceedings of the 21st USENIX Security Symposium, Bellevue, WA, 143--158. https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/martinovicGoogle ScholarDigital Library
- Muse. (2019, April 27). Privacy policy. muse. https://choosemuse.com/legal/Google Scholar
- NeuroSky. (2018, May 25). Effective learner privacy policy. Effective Learner Cloud. https://effectivelearnercloud.com/el/policies/?privacyGoogle Scholar
- The Committee on Science and Law. (2005). Are your thoughts your own? Neuroprivacy and the legal implications of brain imaging. New York, NY: New York City Bar Association.Google Scholar
- Github. (2018, June 27). Open brain consent. Github Blob. https://github.com/con/open-brain-consent/blob/master/docs/source/ultimate.rstGoogle Scholar
- P.N. Rao, R. (2013). Brain-computer interfacing: an introduction. Cambridge: Cambridge University Press.Google ScholarCross Ref
- Sempreboni, D., & Viganò, L. (2018). Privacy, security and trust in the internet of neurons. ArXiv:1807.06077.Google Scholar
- Solove, D. J. (2006). A taxonomy of privacy. University of Pennsylvania Law Review, 154, 477--560.Google ScholarCross Ref
- Spiekermann, S., & Cranor, L. F. (2009). Engineering privacy. IEEE Transactions on Software Engineering, 35(1), 67--82. https://doi.org/10.1109/TSE.2008.88Google ScholarDigital Library
- Stopczynski, A., Greenwood, D., Hansen, L. K., & Pentland, A. (2014, April 21). Privacy for personal neuroinformatics. SSRN Electronic Journal. https://doi.org/10.2139/ssm.2427564Google Scholar
- Takabi, H. (2016). Firewall for brain: towards a privacy preserving ecosystem for BCI applications. Proceedings of the 2016 IEEE Conference on Communications and Network Security (CNS), Philadelphia, PA. https://doi.org/10.1109/CNS.2016.7860516Google ScholarCross Ref
- Takabi, H., Bhalotiya, A., & Alohaly, M. (2016). Brain computer interface (BCI) applications: privacy threats and countermeasures. Proceedings of the International Conference on Collaboration and Internet Computing (CIC), Pittsburgh, PA, 102--111. Piscataway, NJ: IEEE. https://doi.org/10.1109/CIC.2016.026Google ScholarCross Ref
- Wu, D., Lawhern, V. J., Gordon, S., Lance, B. J., & Lin, C. (2017). Driver drowsiness estimation from EEG signals using Online weighted Adaptation Regularization for Regression (OwARR). IEEE Transactions on Fuzzy Systems, 25(6), 1522--1535. https://doi.org/10.1109/TFUZZ.2016.2633379Google ScholarDigital Library
- Zhang, S., Yuan, S., Huang, L., Zheng, X., Wu, Z., Xu, K., & Pan, G. (2019). Human mind control of rat cyborg's continuous locomotion with wireless brain-to-brain interface. Scientific reports, 9(1), 1--12. https://doi.org/10.1038/s41598-018-36885-0Google Scholar
Index Terms
- An Inventory of Existing Neuroprivacy Controls
Recommendations
Privacy in the Age of Neurotechnology: Investigating Public Attitudes towards Brain Data Collection and Use
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications SecurityBrain Computer Interfaces (BCIs) are expanding beyond the medical realm into entertainment, wellness, and marketing. However, as consumer neurotechnology becomes more popular, privacy concerns arise due to the sensitive nature of brainwave data and its ...
Privacy and brain-computer interfaces: identifying potential privacy disruptions
Brain-Computer Interfaces (BCIs) interpret neural activity, applying it to the control of external devices. As BCIs approach market viability, ethical implications come under consideration. This paper identifies potential privacy disruptions. BCI ...
On the Size of the Universal Dictionaries Used in EEG P300 Spelling Paradigm Based on Compressed Sensing
ICBBT '17: Proceedings of the 9th International Conference on Bioinformatics and Biomedical TechnologyIn this work we discuss, analyze and compare results regarding a new compression method for electroencephalographic signals aimed at P300 detection spelling paradigm based on the concept of compressed sensing (CS). The method uses a universal mega-...
Comments