Awareness : Security Awareness Tips

The Internet of Things and Privacy

Most people access and share information by connecting to the internet via a computer, tablet, or smartphone. Many individuals are willingly sharing information via FaceBook, Twitter, LinkedIn, Google +, Instagram and Pinterest. There is also a certain, uneasy understanding between consumers and these sites about the terms of use. However, as technology continues its advance, numerous, new devices are also capable of accessing the Internet and transmitting data.  This “Internet of Things” can be thought of as a collection of “smart devices” that continuously collect and transmit data via the Internet, without the need for any active human action. This data is continuously being uploaded to the cloud to augment the already enormous amounts of data already collected about every individual on the grid. These internet-enabled smart devices use sensors that can measure and transmit information about location, temperature, speed, or even vital signs such as blood pressure, pulse rate and blood sugar levels.

The Internet can be thought of as evolving into an “always on” tool of surveillance. Some examples of these smart devices include:

  • Wearable devices with ability to record events (Google Glasses, Fitbit, Nike Fuel band)
  • Medical devices that continuously monitor blood pressure and other vital signs
  • Home security devices (including surveillance cameras, baby monitors)
  • Thermostat controls (Google Nest)
  • Smart grid appliances (FPL smart meters)
  • Motor vehicle “black boxes” (GPS, toll transponders)

While these smart devices have the potential to save time and energy and improve safety and health, the benefits come with significant privacy and security risks. The data collection and potential sharing of that information with others, unknown to the average consumer, are significant concerns. Even tiny amounts of collected data can, in the aggregate, reveal a great deal about our personal lives. Medical information could be mined and used inappropriately, pricing might be adjusted in a discriminatory manner, and advertisements might be targeted based upon analysis of collected data.

The Federal Trade Commission (FTC) examined the consumer privacy and security issues posed by the growing connectivity of consumer devices, such as cars, appliances, and medical devices at a public workshop held on November 21, 2013 in Washington, D.C. 

Some of the pressing issues include:

  • What are the various technologies that enable this connectivity (e.g., RFID, barcodes, wired and wireless connections)?
  • What are the unique privacy and security concerns associated with smart technology and its data?
  • What steps can be taken to prevent smart devices from becoming targets of or vectors for malware or adware?
  • How should privacy risks be weighed against potential societal benefits, such as the ability to generate better data to improve health-care decision making or to promote energy efficiency?

What can consumers do? Most of these devices have, or will have, privacy settings. In most cases these settings are remarkable not for how much privacy they afford, but how much they deny. Similar to your files stored on Google Drive, DropBox, your pictures on Instagram, your searches on Google or Bing, and your text messages from your phone -all of this data is being saved by those companies – and many others – correlated, and then bought and sold. Your only option is to really pay attention to the limited privacy settings and to use those that you are allowed. Or simply choose not to use certain devices. The regulatory framework will have to evolve to protect consumers, it has not yet.

For More Information