Can Sensing Be Safe? Designing Privacy-Aware Wireless Systems

Introduction

From fitness trackers to smart speakers, mobile sensing has quietly become ubiquitous, embedding itself into our daily lives. These devices are capable of monitoring motion, detecting presence, identifying user activities, and even inferring health conditions, sometimes without any user interaction. As these applications grow and become central to smart environments, a critical question arises: Can sensing systems be designed to be both safe and ethical?

While mobile and wearable sensing generally involves explicit user interaction and participation, passive sensing mechanisms blend seamlessly into the environment. Unlike cameras or microphones, wireless sensing systems that rely on technologies such as WiFi Channel State Information (CSI), Bluetooth Low Energy (BLE), RF radars, or Ultra-Wideband (UWB) often operate invisibly. More importantly, users may not even realize they are being tracked making ethical design not just a best practice but a social responsibility.

The Case for Privacy-Conscious Sensing

Ambient and passive sensing systems don’t require user interaction, which makes them ideal for convenient and intelligent automation. For example, smart homes can automatically adjust lighting and the temperature based on when the user enters, or the assisted living sensing systems can summon help in the event of a fall. Additionally, many of these technologies can enhance user privacy compared to traditional video surveillance. Wireless sensing methods such as WiFi CSI or mmWave radar do not record visuals or audio. Instead, they infer presence and motion without linking behavior to identifiable faces or voices. This approach avoids collecting personally revealing details such as facial features, clothing, or speech. In smart home contexts, cameras are often seen as unnecessarily intrusive, and many users are uncomfortable with being recorded in personal spaces.

However, privacy concerns remain. Research from Carnegie Mellon University shows that WiFi signals can be repurposed to detect human presence through walls, raising questions about user awareness and consent. In this study, a deep neural network was developed to map the phase and amplitude of WiFi signals to coordinates across 24 human body regions. The model demonstrated the ability to estimate human poses with accuracy comparable to image-based systems while using only WiFi signals as input. While scientifically impressive, these capabilities highlight the potential privacy leaks in sensing systems.

Principles for Privacy-Aware Design

Designing ethical wireless sensing systems begins with a core commitment to user dignity. This includes prioritizing user consent, data transparency, and control. The following principles are central to responsible development:

• Minimize Data Collection: Systems should capture only the data necessary for the intended functionality. For example, occupancy detection may not require detailed motion or indoor location tracking.
• Maintain Transparency: Users should be clearly informed when sensing is active and aware about the data being collected.
• Ensure Informed Consent: Participation in sensing systems should be a deliberate choice, presented in understandable terms without relying on complex terms and conditions.
• Enable User Controls: Users should have access to intuitive methods which are both physical and digital, to disable or adjust sensing features.

These principles are not new, but they require fresh interpretation in the context of ambient sensing, where conventional indicators like cameras or microphones may not be present.

Best Practices in Implementation

While theoretical principles around privacy are the first step, researchers and product teams must build them into their systems. Here are some practices that engineering teams should follow:

• Edge Computing: Whenever possible, data inference and machine learning models should run locally on the device. This reduces exposure to external threats and gives users more control over their data.
• Anonymization and Encryption: Personally identifiable data should be removed or obfuscated before storage or transmission. Secure transport protocols and rotating identifiers, such as BLE and WiFi MAC addresses, help prevent device tracking.
• Privacy by Default: Devices should launch with the most privacy-preserving settings enabled, requiring no additional action from users to protect their data.
• Audit Trails and Logging: Maintaining logs of data access and sharing ensures transparency and accountability, making it easier for users to understand how their data is being used.

Case Study: Responsible Innovation in Action

Consider the use of mmWave radar for detecting user presence and gestures. Smart TVs, home assistants, and motion sensors are now incorporating radar technology to pause playback when the user walks away and transition into low-power mode due to inactivity. These systems process radar signals locally, do not infer user identity, and delete the data immediately after processing. In some cases, an LED indicator is included to visibly signal when sensing is active. These approaches maintain a thoughtful balance between user functionality and trust.

Another example is Apple’s Find My network or Amazon’s Sidewalk. Designed to extend low-power connectivity using BLE and other protocols, these networks emphasize privacy in their architecture. Amazon publishes detailed whitepapers outlining how data is end-to-end encrypted, segmented, and anonymized. Sidewalk transmits only small data packets such as motion sensor updates or device location beacons without sharing any personal user data. Similarly, Apple’s Find My network forwards the identity beacons emitted by the Apple devices through encrypted links to the iCloud, making it impossible to access any user data locally.

The Path Forward

Ambient sensing is becoming increasingly widespread, and its integration with AI will only make it more capable. However, just because we are now able to detect and infer more than ever before does not mean we should. Ethical sensing is not only a technical concern, it is also a design philosophy.

Creating sensing systems that are both effective and privacy-conscious requires collaboration among engineers, designers, policymakers, and users. This ongoing dialogue is essential to ensure that the future of sensing remains trustworthy, transparent, and respectful of human boundaries.

About the Author

Amod K. Agrawal, Applied Scientist
Amazon Lab126
IEEE Member
amoagraw@amazon.com
www.linkedin.com/in/agrawalamod
https://agrawalamod.github.io