Those cool new watches that will connect to smartphones are part of the Internet of Things (IoT), but how many of us have considered what that will mean for our privacy? Sure, it will be great to have our vital signs monitored for our own use, count our steps, or enjoy all the other things these devices do to make our life easier and better. The problem is, Internet of Things devices like this can reveal intimate details about our lives and activities to unknown systems, companies, and people.
Google Glass has already spawned the contempt of people in public places like restaurants and bars, which has led to those businesses banning such IoT devices. To wit, years ago I once snapped a photo at a restaurant in Washington, DC, without thinking twice. An employee immediately came over to me and informed me that photos are not allowed. The concern boiled down to privacy—who was seen with whom in a location like that.
Admittedly, it would certainly be handy to walk into meeting and have a reminder of the names and titles of people you have previously met or should know displayed privately in your eyeglasses. But, what if you are on the other side of this scenario and the IoT device is providing its user with far more than this about you?
What can and do they know about us?
A movie once depicted scenes in which sensors ascertained the presence or absence of people by detecting their genes in the environment. Companies may not have to go that far however if the IoT keeps moving in the current direction and privacy experts don’t get their way.
Ever use a free app on your phone and notice that the little ad it displays is remarkably related to things you are interested in? We all know that is because advertising companies like Google, DoubleClick, and Quantcast gather information about us so they can serve ads that are focused on our interests.
Many companies learned long ago that they could addict us to free services then skim enough data to market back to us and make money doing so. In other words, we pay for the free services with data about ourselves, whether we know it or not.
It is not hard to comprehend then that all these devices and apps that are providing convenience and benefits are also collecting information about us as we use them. Not just location or health data, but who we are near, how fast we are going, and many other things we never imagined are either already being collected or will be.
Is the data safe from prying eyes?
With all this data, some being considered highly sensitive, there is reason to be concerned about it getting into the wrong hands. For some people, even having it get into the right hands causes apprehension. How many of us actually don’t mind the idea of others knowing your location at any given moment?
With so many IoT devices and apps introducing new types of data to collect, our cars, homes, work environments, and even our clothing will be producing terabytes of what is often called Big Data about us. That data may just seem to be a big pile of information, but it can be mined by people who know what they are looking for—usually something they feel will help refill their wallets.
Of course, there is always concern that people with bad intent will be able to access data about us. The feeds that these devices are sending out might be quite susceptible to hacking. Indeed, Secure Socket Layer (SSL) 3.0, the long go-to encryption method was found to have a flaw called POODLE ((Padding Oracle On Downgraded Legacy Encryption). So any of these devices already deployed or that will be and use that encryption method have a built-in security leak.
Legal IoT issues are a hot topic
Laws in the US require that you sign a fairly simply-stated release for your doctor to disclose any of your health information to anyone. The same is true of your financial data when you apply for a loan. The Payment Card Industry Data Security Standard (PCI DSS) obligates any company that collects credit card information for payment to meet PCI compliance requirements that protect cardholder data. The same cannot be said about other data collected from us.
Laws do not currently give the protection most of us think we need. Fortunately, people concerned with privacy and security are holding conferences and forming committees to work on changing this. For example, in In July 2014 TRUSTe hosted the first Internet of Things Privacy Summit.
They and most others who understand what is going on believe we need laws to manage this. Any legislation would need to include restrictions on use, right to use, privacy rights similar to use of image or voice laws, and would have to be international in purview due to the global scope of Internet connectivity.
Taking our privacy back
Most of us likely want to put the user back in control despite the move to the Internet of things. Each of us needs to be diligent with our own use of IoT devices however. Keeping an eye on the data collected and the settings of our devices is key. Make sure your use of the Internet of Things does not compromise your privacy in ways you don’t want to allow.
What are you doing to retain privacy on the Internet of Things?