Trusting the Internet of Things: Balancing Privacy and Opportunity
By Luc Delany
Trusting the Internet of Things: Balancing Privacy and Opportunity
10 Apr 2015 - Data Ownership

The worldwide ‘Internet of Things Day’ took place yesterday (April 9th 2015).  It was started by the Internet of Things Council in 2011 and its main premise is to “start having the important conversations on the technologies, security, data privacy, and enormous potential that an “Internet of Things” is capable of.” It seems as good a time as any then to do just that.

The Internet of Things has the potential to have a greater impact on society than the first digital revolution.” So said a recent report (December 2014) by the UK government’s chief scientific adviser, Sir Mark Walpot. Given that the first digital revolution effectively resulted in every internet-based service in use today, that’s quite a bold claim.

Industry, however, has been talking about the Internet of Things (IoT from here onwards) for years. And there are many possible visions of it. At a very simplistic level – it’s what happens when sensors, wireless chips and ubiquitous internet connectivity collide: devices can talk to each other, making it easier to control and automate tasks – and collect data. “The internet of things” was first coined in 1999 by British visionary Kevin Ashton who used it to describe how internet-connected devices would change our lives. He forecasted a futuristic world of seamlessly connected devices that would save us both time and money.

If we stop and think about how many gadgets there are in the world today, it’s not surprising that the IoT is being viewed with such excitement. ABI Research estimates that there are already more than 16bn wireless connected devices, an increase of 20% from a year earlier and by 2020, Gartner forecasts that the market will generate incremental revenue of more than $300bn. Evidently, the potential for new business ventures is vast. And unsurprisingly technology companies are entering the fray. This year alone Amazon launched Dash, IBM announced a major Internet of Things strategy, Facebook rolled out a new software development kit for app developers  and Microsoft made a big play with a new Microsoft Azure IoT Suite.

Governments too are seeing the potential. The UK Chancellor of the Exchequer, George Osborne promised £40 million investment into IoT related projects in the recent March Budget, describing the  IoT as “the next stage of the information revolution.” (See our previous post on the Budget here).

But while we stand at the cusp of an exciting IoT era and can only imagine where the technology will  take us, significant concerns have yet to be addressed. Transparency. Privacy. Control over where the data resides. Data Ownership. Who does it belong to – the brands, the user or the framework holders? Do you need to ‘own’ the data to use the data? (See our previous post on Policy concerns holding back the rise in wearable tech). Recent breaches show how important security infrastructure is.

According to Europol, growing interest in IoT could mean a field day for cyber criminals as it creates a “wider attack surface and more attack vectors.” And this is seemingly backed up by a study last year by HP Security Research which concluded that 70% of the most commonly used Internet of Things devices had serious security flaws with 90% of the devices using unencrypted network service and 70% vulnerable through weak passwords. It seems obvious to state it but technological advances and smarter systems do not necessarily equate to better security.

A Machine to Machine Communication (M2M – the connection of ‘smart devices’ through a common infrastructure) briefing paper from the UK Parliamentary Office of Science and Technology, notes that the volume and detail of data collected using M2M will introduce new risks to security and privacy. While baseline privacy protection exists in the UK, many leading data privacy and security experts feel that the UK is not doing enough to promote this way of thinking and address the privacy and security issues in M2M.

A European Commission report from 2013 states that for M2M and the IoT to flourish, strong data protection practices must be put in place and cannot be treated as an afterthought. This is also the opinion of the US Federal Trade Commission (FTC) who produced a report on the IoT in January earlier this year in which it urged businesses to take greater action to protect both the privacy and security of consumers. The FTC has now indicated that it is getting ready to regulate the Internet of Things through a new Office of Technology Research and Investigation (OTRI) in an effort to protect consumers’ privacy and security. Among the specific areas it will regulate are cars and new mobile-payment methods such as Apple Pay.

Public consent as well as transparency around how IoT sourced data will be used may be vital to the future of its development. In 2013, smart bins capable of recording footfall data from passing smartphones were banned by the City of London amid accusations that they breached people’s privacy. And if we look at the news this week, with Facebook being sued for alleged violations of European privacy laws and the Federal Communications Commission reaching a $25 million settlement with AT&T over a consumer data breach, there seems to be an even greater need for an agreed framework in which a consistent approach to issues surrounding privacy, protection and control can be delivered from.

One of the most important discussions surrounding the IoT debate today involves the need to balance privacy against enormous technology growth opportunities found in IoT. As the amount of data mined, moved and stored grows, how will we ensure that the IoT ecosystem remains reliable and trustworthy? Currently, while no agreed framework exists, responsibility lies with the businesses who collect and hold that data. To address these current concerns businesses should consider investing in consumer privacy online, both in terms of education and increased security. Greater transparency and effective self-regulation may well be provide the most constructive answer in a rapidly changing area.

Photo Credit: Wired.com

-->