The Internet of Things (IoT) – Implications for Privacy in an Increasingly Connected World

The Internet of Things - Implications for Privacy in an Increasingly Connected World - VueVille

This article by William Wetzel was the best entry in the 2017 VueVille Future Technology Scholarship winning $1000 towards his college education.

Looking at the most ubiquitous IoT device, there are 204 million smart phones in use in the United States1Anderson, M. (2015, October 19). Technology Device Ownership: 2015. Retrieved January 25, 2017, from http://www.pewinternet.org/2015/10/29/technology-device-ownership-2015/. Apple is highly credited with releasing the first modern smart phone in 2007. Over the next 10 years dozens of companies invested significant R&D into the security of their customers mobile data2Campbell, M. (2015, October 28). Apple R&D spending hit $8.1B in 2015, suggests continued work on massive project. Retrieved January 26, 2017, from http://appleinsider.com/articles/15/10/28/apple-rd-spending-hit-81b-in-2015-suggests-continued-work-on-massive-project. Despite the billions spent, there have been dozens of hacking cases involving these relatively secure devices3Watercutter, A. (2016, May 26). Watch Edward Snowden Teach Vice How to Make a Phone ‘Go Black’. Retrieved January 26, 2017, from https://www.wired.com/2016/05/snowden-vice-cell-phone-hack/4N. (2013, July 13). Phone hacking: David Cameron announces terms of phone-hacking inquiry. Retrieved January 25, 2017, from http://www.telegraph.co.uk/news/uknews/phone-hacking/8634757/Phone-hacking-David-Cameron-announces-terms-of-phone-hacking-inquiry.html5N. (2016, April 22). San Bernardino phone hack ‘cost FBI more than $1m’ Retrieved January 25, 2017, from http://www.bbc.com/news/technology-36110236. Along with the consumer data collection that the companies who produce these phones take part in6Chen, B. X. (2011, April 21). Why and How Apple Is Collecting Your iPhone Location Data. Retrieved January 25, 2017, from https://www.wired.com/2011/04/apple-iphone-tracking/, these devices with their audio, video, and GPS sensors allow for data to be collected on someone in real-time.


It is estimated that there will be fifty billion objects on the IoT in just three years7Evans, Dave (April 2011). “The Internet of Things: How the Next Evolution of the Internet Is Changing Everything” (PDF). Cisco. Retrieved 15 February 2016. We must realize, that an IoT device doesn’t need all the functionality of a cell phone to be a serious privacy challenge. James Lyne the global head of security research at Sophos claims that:

IoT devices are coming in with security flaws which were out-of-date ten years ago you wouldn’t dream of seeing on a modern PC

While an IoT large-scale data breach has not yet occurred, we have already seen these devices be hijacked on a large scale. The DDoS attack which overwhelmed the DNS for most of the Eastern United States was done with a botnet consisting of IoT devices, primarily digital cameras, DVRs, and routers8Newman, L. H. (16, October 21). What We Know About Friday’s Massive East Coast Internet Outage. Retrieved January 26, 2017, from https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/.

Unfortunately if history is any indicator, it seems to be a question of when and not if there will be a large IoT data breach. To date, reputable tech companies such as Yahoo, Tumblr, eBay and Daily Motion have lost the personal information of billions of users in hacks9N. (2016, December 13). World’s Biggest Data Breaches. Retrieved January 27, 2017, from http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/. These are companies, which deal solely in creating technology platforms. With such a high data loss to date, will the public be able to trust manufacturers of smart fridges, smoke detectors, cars, watches, etc., to protect their personal data from malicious actors?

Of course protecting peoples privacy not only relies on stopping the bad guys, it also requires informed consumers. There is a $125 billion market involving collecting and analyzing consumer’s personal data10Press, G. (2014, December 11). 6 Predictions For The $125 Billion Big Data Analytics Market in 2015. Retrieved January 25, 2017, from http://www.forbes.com/sites/gilpress/2014/12/11/6-predictions-for-the-125-billion-big-data-analytics-market-in-2015/#29bdc1ef2b20. If a consumer buys a smart fridge that tracks all of their purchasing and knows their most intimate dietary habits, the company which manufactures this fridge could have the option to sell this information to a third-party. A study by MeasuringU predicts at a maximum, 8% of users actually read a software EULA11Sauro, J. (2011, January 11). DO USERS READ LICENSE AGREEMENTS? Retrieved January 25, 2017, from http://measuringu.com/eula/. There needs to be a more transparent option to identify company’s data policies, few people will have the initiative to read and comprehend hundred page documents for every IoT product bought.

As it stands, if you read every user agreement and only bought products that didn’t track data, and were able to guarantee you were never hacked – government agencies would still potentially have access to your personal information. Many countries such as the United States and Sweden, have laws which allow government agencies to monitor all internet traffic coming through their country12T. (Director). (2013, October). How the nsa betrayed the world’s trust time to act [Video file]. Retrieved January 25, 2017, from https://www.ted.com/talks/mikko_hypponen_how_the_nsa_betrayed_the_world_s_trust_time_to_act. Today, anytime you use Skype, Facebook, or a service based in the US, the NSA has access to the data you’ve transmitted.

The Internet of Things (IoT) - Implications for Privacy in an Increasingly Connected World - Coffee - VueVilleLet’s pretend a US company started selling millions of smart espresso makers all around the world. The espresso makers contain a camera, microphone, and remember all of your past coffee habits. Under PRISM, all your data use on that espresso maker could be recorded and viewed by the US government if it were transmitted through a US server13Gellman, B. (2013, June 7). U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program. Retrieved January 26, 2017, from https://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html?utm_term=.966eb220b38a. This means if you live in Norway and use your espresso maker to video chat your friend in Iran, because your call could be routed through a US based server, that call could be monitored. Later if the United States (or any other country) created or altered a secret law such as the Patriot Act, one can only imagine the potential to collect information about an individual just because they purchased a specific product.

While there are many potential privacy pitfalls with the coming IoT, there is evidence that regulatory agencies are looking at ways to tackle them. The United States Federal Trade Commission has made recommendations to protect consumer choice and ownership of data14“The ‘Internet of Things’: Legal Challenges in an Ultra-connected World”. Mason Hayes & Curran. 22 January 2016. Retrieved 23 October 2016.. A resolution passed by the US senate states the need to create a national policy on IoT data security and management15Lawson, Stephen (2 March 2016). “IoT users could win with a new bill in the US Senate”. MIS-Asia. Retrieved 23 October 2016, and the National Highway Traffic Safety Administration is preparing cyber security recommendations to make soon to arrive autonomous cars more secure16Pittman, P. (2016, February 2). Legal Developments in Connected Car Arena Provide Glimpse of Privacy and Data Security Regulation in Internet of Things . Retrieved January 25, 2017, from http://www.lexology.com/library/detail.aspx?g=fd6bc26e-dd20-4c4f-897a-5d62484d37ba.

In addition to governmental regulation, we can only hope companies are sufficiently motivated to adopt sufficient cyber security and ethical standards. Yahoo is estimated to have lost 1 billion dollars of its market cap after their massive data hack in 201617Fuscaldo, D. (2016, December 27). Verizon Likely to Complete Yahoo Buy Despite Hacks. Retrieved January 26, 2017, from http://www.investopedia.com/news/verizon-likely-complete-yahoo-buy-despite-hacks/, and data breaches are costing consumer service companies on average $174 per record stolen as of 201618Bradley, B. (2016, October 1). What is the True Cost of a Data Breach? It May Not Be that Easy. Retrieved January 26, 2017, from https://digitalguardian.com/blog/what-true-cost-data-breach-it-may-not-be-easy. Once again, the consumer has the potential to play a huge role. Currently data breaches have little effect on company stock prices19Kvochko, E., & Pant, R. (2015, March 31). Why Data Breaches Don’t Hurt Stock Prices. Retrieved January 26, 2017, from https://hbr.org/2015/03/why-data-breaches-dont-hurt-stock-prices. It will take consumers caring about their data, and fiscally punishing institutions who violate their trust to alter the current IoT landscape.

Digiprove sealCopyright protected by Digiprove

References   [ + ]

1. Anderson, M. (2015, October 19). Technology Device Ownership: 2015. Retrieved January 25, 2017, from http://www.pewinternet.org/2015/10/29/technology-device-ownership-2015/
2. Campbell, M. (2015, October 28). Apple R&D spending hit $8.1B in 2015, suggests continued work on massive project. Retrieved January 26, 2017, from http://appleinsider.com/articles/15/10/28/apple-rd-spending-hit-81b-in-2015-suggests-continued-work-on-massive-project
3. Watercutter, A. (2016, May 26). Watch Edward Snowden Teach Vice How to Make a Phone ‘Go Black’. Retrieved January 26, 2017, from https://www.wired.com/2016/05/snowden-vice-cell-phone-hack/
4. N. (2013, July 13). Phone hacking: David Cameron announces terms of phone-hacking inquiry. Retrieved January 25, 2017, from http://www.telegraph.co.uk/news/uknews/phone-hacking/8634757/Phone-hacking-David-Cameron-announces-terms-of-phone-hacking-inquiry.html
5. N. (2016, April 22). San Bernardino phone hack ‘cost FBI more than $1m’ Retrieved January 25, 2017, from http://www.bbc.com/news/technology-36110236
6. Chen, B. X. (2011, April 21). Why and How Apple Is Collecting Your iPhone Location Data. Retrieved January 25, 2017, from https://www.wired.com/2011/04/apple-iphone-tracking/
7. Evans, Dave (April 2011). “The Internet of Things: How the Next Evolution of the Internet Is Changing Everything” (PDF). Cisco. Retrieved 15 February 2016
8. Newman, L. H. (16, October 21). What We Know About Friday’s Massive East Coast Internet Outage. Retrieved January 26, 2017, from https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/
9. N. (2016, December 13). World’s Biggest Data Breaches. Retrieved January 27, 2017, from http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
10. Press, G. (2014, December 11). 6 Predictions For The $125 Billion Big Data Analytics Market in 2015. Retrieved January 25, 2017, from http://www.forbes.com/sites/gilpress/2014/12/11/6-predictions-for-the-125-billion-big-data-analytics-market-in-2015/#29bdc1ef2b20
11. Sauro, J. (2011, January 11). DO USERS READ LICENSE AGREEMENTS? Retrieved January 25, 2017, from http://measuringu.com/eula/
12. T. (Director). (2013, October). How the nsa betrayed the world’s trust time to act [Video file]. Retrieved January 25, 2017, from https://www.ted.com/talks/mikko_hypponen_how_the_nsa_betrayed_the_world_s_trust_time_to_act
13. Gellman, B. (2013, June 7). U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program. Retrieved January 26, 2017, from https://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html?utm_term=.966eb220b38a
14. “The ‘Internet of Things’: Legal Challenges in an Ultra-connected World”. Mason Hayes & Curran. 22 January 2016. Retrieved 23 October 2016.
15. Lawson, Stephen (2 March 2016). “IoT users could win with a new bill in the US Senate”. MIS-Asia. Retrieved 23 October 2016
16. Pittman, P. (2016, February 2). Legal Developments in Connected Car Arena Provide Glimpse of Privacy and Data Security Regulation in Internet of Things . Retrieved January 25, 2017, from http://www.lexology.com/library/detail.aspx?g=fd6bc26e-dd20-4c4f-897a-5d62484d37ba
17. Fuscaldo, D. (2016, December 27). Verizon Likely to Complete Yahoo Buy Despite Hacks. Retrieved January 26, 2017, from http://www.investopedia.com/news/verizon-likely-complete-yahoo-buy-despite-hacks/
18. Bradley, B. (2016, October 1). What is the True Cost of a Data Breach? It May Not Be that Easy. Retrieved January 26, 2017, from https://digitalguardian.com/blog/what-true-cost-data-breach-it-may-not-be-easy
19. Kvochko, E., & Pant, R. (2015, March 31). Why Data Breaches Don’t Hurt Stock Prices. Retrieved January 26, 2017, from https://hbr.org/2015/03/why-data-breaches-dont-hurt-stock-prices

GET THE BEST DIY HOME SECURITY AND AUTOMATION STUFF IN YOUR INBOX

DOn't worry, I hate spam too!

We will be happy to hear your thoughts

Leave a reply

Compare items
  • Compare IP Cameras (0)
Compare
0