No, the IoT does not need strong privacy and security to flourish
The Internet of Things will happily march along with lousy privacy and security, and we will be the poorer for it.
Get notified when our free report “Privacy and Security in the Internet of Things,” by Gilad Rosner, becomes available.
“Without addressing privacy and trust, the Internet of Things will not reach its full potential.”
This refrain can be heard at IoT conferences, in opinion pieces in the press and in normative academic literature. If we don’t “get it right,” then consumers won’t embrace the IoT and all of the wonderful commercial and societal benefits it portends.
This is false.
It’s a nice idea, imagining that concern for privacy and security will curtail or slow technological growth. But don’t believe it: the Internet of Things will develop whether or not privacy and security are addressed. Economic imperative and technology evolution will impel the IoT and its tremendous potential for increased monitoring forward, but citizen concern plays a minor role in operationalizing privacy. Certainly, popular discourse on the subject is important, but developers, designers, policy-makers and manufacturers are the key actors in embedding privacy architectures within new connected devices. Read more…
The Intimacy of Things
At what layer do we build privacy into the fabric of devices?
Sign-up to attend Solid 2015 to explore the convergence of privacy, security, and the Internet of Things.
In 2011, Kashmir Hill, Gizmodo and others alerted us to a privacy gaffe made by Fitbit, a company that makes small devices to help people keep track of their fitness activities. It turns out that Fitbit broadcast the sexual activity of quite a few of their users. Realizing this might not sit well with those users, Fitbit took swift action to remove the search hits, the data, and the identities of those affected. Fitbit, like many other companies, believed that all the data they gathered should be public by default. Oops.
Does anyone think this is the last time such a thing will happen?
Fitness data qualifies as “personal,” but sexual data is clearly in the realm of the “intimate.” It might seem like semantics, but the difference is likely to be felt by people in varying degrees. The theory of contextual integrity says that we feel violations of our privacy when informational contexts are unexpectedly or undesirably crossed. Publicizing my latest workout: good. Publicizing when I’m in flagrante delicto: bad. This episode neatly exemplifies how devices are entering spaces where they’ve not tread before, physically and informationally. Read more…
There is room for global thinking in IoT data privacy matters
The best of European and American data privacy initiatives can come together for the betterment of all.
Editor’s note: This is part of a series of posts exploring privacy and security issues in the Internet of Things. The series will culminate in a free webcast by the series author Dr. Gilad Rosner: Privacy and Security Issues in the Internet of Things will happen on February 11, 2015 — reserve your spot today.
As devices become more intelligent and networked, the makers and vendors of those devices gain access to greater amounts of personal data. In the extreme case of the washing machine, the kind of data — who uses cold versus warm water — is of little importance. But when the device collects biophysical information, location data, movement patterns, and other sensitive information, data collectors have both greater risk and responsibility in safeguarding it. The advantages of every company becoming a software company — enhanced customer analytics, streamlined processes, improved view of resources and impact — will be accompanied by new privacy challenges.
A key question emerges from the increasing intelligence of and monitoring by devices: will the commercial practices that evolved in the web be transferred to the Internet of Things? The amount of control users have over data about them is limited. The ubiquitous end-user license agreement tells people what will and won’t happen to their data, but there is little choice. In most situations, you can either consent to have your data used or you can take a hike. We do not get to pick and choose how our data is used, except in some blunt cases where you can opt out of certain activities (which is often a condition forced by regulators). If you don’t like how your data will be used, you can simply elect not to use the service. But what of the emerging world of ubiquitous sensors and physical devices? Will such a take-it-or-leave it attitude prevail? Read more…
Who should and should not be talking to your fridge?
A reflection on the social impacts of smarter hardware in the physical world.
Attend Solid 2015 to explore the IoT’s impact on privacy and security.
Here’s the scenario today: I am out of milk, and my refrigerator sits there, mute and unsympathetic. Some time in the 90s, I was promised a fridge that would call the store when I was out of milk, and it would then be delivered while I, ignorant of my dearth of dairy, went about my business. Apparently such predictions were off. Someone forgot to tell my fridge manufacturer to put sensors, software, and networking gear into their products.
But there is hope. The dumb objects in the analog physical world are being slowly upgraded. From the very sexy telemetry systems in new BMWs to the very unsexy pallets of lettuce in a warehouse, Things That Heretofore Were Blind and Mute are getting eyes, ears, mouths, and in some cases, brains. This is evolution, not revolution, and while it is still slow-moving, it’s beneficial to reflect on some of the social impacts of smarter hardware in the physical world. Read more…