Apr 082014
 

I’m excited about the Internet of Things (IoT), and I expect it to create incredible opportunities for companies in almost every industry. But I’m also concerned that the issues of security, data privacy, and our expectations of a right to privacy, in general — unless suitably addressed — could hinder the adoption of the IoT by consumers and businesses and possibly slow innovation. So, with all the hype of the IoT, I’m going to play devil’s advocate, because these issues tend to receive limited coverage when considering the impact of new technology developments on society.

First of all, I am amazed at all the connected products and services that are starting to appear. These include, for example: those for connected buildings and homes, like heating and air conditioning, thermostats, smoke detectors, and so on; entertainment systems; and sensor-enabled pill boxes and remote healthcare monitoring devices. There are also a lot of consumer devices (in addition to smartphones and tablets), such as smart watches and Internet-enabled eye glasses, connected kitchen appliances like crock pots and refrigerators, wearable exercise trackers and pet trackers, and too many more to practically list.

But the more we come to depend on Internet connectivity for every aspect of our lives, the more vulnerable we, as — individuals and as a society as a whole — become to cyber attacks. And judging from the number of data breaches and hacking incidents reported by the press, it’s apparent that the current state of systems security is lacking to the point that we all should be nervous about the idea of so many devices going online.

Another question I’m hearing from colleagues concerns all the consumer data that’s going to get generated by all the IoT devices and get collected by the various vendors and service providers (some of this data could be considered sensitive because it provides insight into user life styles, activities, diet, health, etc.). How will it be used? And how will it be shared and with whom? These questions are important because, without sufficient consumer trust, we can expect resistance to the widespread use of connected devices. Moreover, we’ve been living with these issues for some time now, and they do not seem to be very near to getting resolved.

Then there’s the matter of our expected, and cherished, right to privacy. How will individuals and, for that matter, governments respond to the reality that almost every aspect of our lives — whether at work, at home, at the store, or in a restaurant or bar — is being recorded, monitored, and measured?

Current events indicate some will react strongly against these changes. Take Google Glass. Already we see resistance to Glass wearers by those who do not care to be recorded in public. In San Francisco, we’ve even seen altercations in bars and restaurants, and it’s become almost trendy for some establishments to prohibit patrons from wearing such devices.

How should companies and, for that matter, governments react when citizens start visiting businesses and government offices, for example, while wearing camera-equipped glasses and other devices? You can now buy a camera you can wear on a necklace that will snap and upload a picture every five seconds or record video, which is very hard to distinguish from a piece of jewelry. Some will respond by passing legislation making such activities a crime. We are seeing this today with some US states passing laws making it illegal to secretly record farming and livestock facilities — areas you would hardly consider important to national security.

One could also argue that the rise of the IoT could provide the final straw that ends any reasonable expectation of privacy. To be honest, I sometimes question if privacy isn’t already more of an illusion than an actual right today. The amount of data capturing and sharing and cameras and other recording devices now used by businesses and governments is staggering — and not just in the more heavy-handed areas like Russia and China, but in democracies as well.

Ongoing revelations by Edward J. Snowden of the US National Security Agency’s (NSA’s) spying and data collection have further eroded expectations of privacy — especially when it comes to electronic communications. I wonder if we may see the rise of large grassroots efforts — like those against animal cruelty or GMOs but which will focus on passing strong privacy legislation — turn into popular mass movements. Already some people are participating in so-called unplugging events, where they forgo the use of electronic devices and Facebook, and so on, for a few days to “reconnect” with family, friends, and the “real world.”

That said, it remains to be seen if such issues will stifle the growth of the IoT over the long run. For the concepts of security and privacy tend to get less attention than the proposed benefits offered by new technologies; and regulators typically seem to be way behind on keeping up with such developments. Of course, consumers and businesses and governments all love the idea of the convenience and enhanced productivity that new technologies offer, and most of us are easily enticed to trade information and privacy for such promises.

Yes, the IoT has the potential to transform and improve consumer lifestyles, healthcare, transportation, manufacturing, law enforcement, retail, government, and more in unprecedented ways, but I worry that, unless these issues are addressed through industry standards and practices and government efforts, we could end up limiting its true possibilities.

Discussion

  4 Responses to “Will the Rise of the IoT Mean the Fall of Privacy?”

  1. avatar

    Excellent and brief article. The social inertia that technology is outstripping will certainly create an environment of adversity for many people. People wanting to retain privacy are already called Luddites, and the tech zealots are clueless about the consequences of their new, shiny things. Google Glasses is a perfect example. This tension will only increase and legislation will have no affect on it.

    • Thanks! I think you are right on in your response. The next few years are going to be very interesting concerning development and acceptance of the IoT. What IoT proponents seem to overlook is that all these connected devices just add another way for companies and organizations to track and keep tabs on you. I also question whether consumers have the time and patience to add yet another layer of complexity to their lives with a bunch of new connected devices.

  2. avatar

    I would suggest that as cyber security life cycle practices fall behind the deployment of ioT devices and applications so will addressing issues through industry standards, practices and government effort fall behind. It my take those creating the appliances to work in collaboration with standards groups and practices. Government efforts have issued regulations and compliance that become overwhelming and too outpace enforcement. Recent stories on one major broadcasting company about data brokers, many most citizens are/were not aware of should shock us all about what is being collected and reinforces your point Curt that some of this is in our rearview mirrors. What is in front of us a daunting challenge. Wonder what Dr. Everett M. Rogers would think or how this would have shaped a sixth edition of “Diffusion of Innovations”. Good article Curt and thank you.

  3. Hi Craig, I think that you make a great point. The numbers of possible devices going online is going to be huge. Already I am amazed at all the products coming out. For example, just last week the NY Times devoted a section to the IoT covering various devices. Moreover, If the pundits are correct, the IoT is going to create literally billions of new end points that must be secured. How this will happen when we are, let’s face it, not able to secure what we already have today is the Big Question. Some organizations have been formed to help bring standards to the IoT (the Industrial Internet Consortium, AlSeen, etc.); but for the most part, they seem more concerned with establishing standard platforms and practices for connecting and integration various devices and data, than for protecting data. Also, i can’t recall any mention of standards for sharing among partners, etc. Thanks for your input!

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)