The Internet of Things (IoT) is here and is growing faster than the blink of an eye. Today it has the potential to simplify life's everyday tasks; tomorrow it will drive your car. The IoT is so big, it has been described as the next "Industrial Revolution" ( Business Insider). This is a major, but exciting change to our world, but of course we need to be weary of the potential dangers. For instance, we need to be extremely cautious about inherent private information exposure.
The Electronic Information Privacy Center ( EPIC) states that, "Protecting consumer privacy will become increasingly difficult as the Internet of Things becomes increasingly prevalent." IoT devices are not built with the appropriate security precautions or features such as identity protection in effort to keep costs low and save time due to their increasing demand. Alan Grau, an IoT professional, expressed, "Security requirements must take into consideration the cost of a security failure (economic, environmental, social, etc.), the likelihood of attack, available attack vectors and the cost of implementing a security solution (Icon Labs)."
A scary, but common theme discussed across multiple IoT conversations is the uninformed user. This means that user's personal information can be captured and analyzed through the use of a connected device without their permission. Unfortunately, this is innate to the majority of consumers. An extensive amount of user ambiguity exists today and the industry lacks any formal type of disclosure upon sale of an IoT device. The fact that these devices do not contain proper security functionalities is not well-known or disclosed. In many cases, the gathering of private information can be seen as a productive means of learning and innovation, but can also be used to benefit a third parties at expense of the device user. Below are three major areas where red flags are raised regarding privacy concerns within the IoT.
Home automation encompasses many different IoT devices. This includes everything from automated kitchen appliances, automated thermometers, smart lighting, smart meters and more. The collection of these items is referred to as the "Smart Home."
An example of an in-home smart device that is at risk of leaking private information is smart meters. Upon installment of a smart grid, the user can monitor how much electricity is used at any specific time and what object is using it. This feature empowers consumers to make better decisions around energy use, but also allows companies to identify traits and patterns of the people who live in the home. With limited regulation in regards to the use of this data, third party companies purchase these data sets for their own research and use. National Geographic points out the value this data holds and how it could be of use to insurance companies, marketing firms and scariest of them all, a burglar.
Health and fitness tracking organizations provide consumers with accurate, real-time, insightful information about their health, fitness and sleeping habits. This information is very specific to each individual with sensitive health related information and is often location specific. Many consumers do not realize that the overwhelming amount of personal information collected by these devices could be of great use to a medical, pharmaceutical or insurance companies to expand profits and market share. This generates many questions in regards to ethical and social responsibility of the large companies involved. Various health and fitness tracking organizations have implemented privacy initiatives and consumer consent requirements to introduce consumers to the exposure possibilities.
The Health Insurance Portability Act and Accountability Act of 1996 ( HIPAA) prevents the abuse of medical information and records. Believe it or not, many health and fitness tracking companies have not been registered as HIPPA compliant. Although, last fall, one of the largest fitness tracking companies, FitBit, announced their HIPPA compliance. This was a very productive business move for Fitbit, as their products and services are being purchased by more and more companies and organizations (Ars Technica).
Another growing concern is the interaction children are beginning to have with the IoT. The market for connected toys is rapidly growing. This goes beyond the kid friendly tablets and gaming devices, but focuses on bringing to life the inanimate toys that previously have been left to the imagination. Children can now communicate with their toys in a two-way conversation. To name a few, Mattel and CogniToys have recently released interactive toys that listen to and speak with children ( Mutual Mobile). Many parents see great value in these toys, as they promote speech and social development. The concern comes into play when the toy does not specifically pick up the voice of the child, but any voice within reach. Parents are concerned with the information being recorded on the other end of the two-way conversation that does not belong to the child, but others in the vicinity of the toy.
The IoT targets almost every individual in some capacity. These devices simplify everyday tasks and activities, saving time and money, but also provides avenues for personal information to reach the hands of an unwanted third parties. IoT apprehension is enhanced when a single consumer uses multiple IoT connected devices, as the data captured from these devices begin to tell a story. This story can belong to an individual, a household or a family. For more information on how to help better protect your consumer's privacy, please contact Excelacom at firstname.lastname@example.org.