Will Your Internet of Things Device Testify Against You?

Will Your Internet of Things Device Testify

Imagine this:  Your wearable device is subpoenaed to testify against you.  You were driving when you were over the legal alcohol limit and data from a smart Breathalyzer device is used against you. Some might argue that such a use case could potentially safeguard society. However, it poses a bigger concern about how data from the broader spectrum of Internet of Things (IoT) devices could be used against you.  Doesn’t it seem reminiscent of George Orwell’s dystopian universe, Nineteen Eighty Four where children were indoctrinated to inform on suspicious activity, only now it’s an IoT device? But, this time it’s you who chose to use the device or network of devices that could start working in concert against you.

IoT devices range from wearables such as wristbands, shirts, and goggles to a range of household and other real-world objects that are increasingly being connected to the Internet using RFID chips, barcodes, sensors, bots via mobile applications. And as the technology has become cheaper and more efficient these devices have become enmeshed in our daily lives. Runners like myself regularly slip sensors into our shoes to track our distance and times.  Many people wear fitness bands with the goal of optimizing their sleep, diet and lifestyle patterns. There is also a certain coolness and addictive factor associated with these devices and many rush to have the latest and greatest in these devices.

Data Brokers Are Waiting

What most people don’t think about is most if not all of the analysis of the data is not carried out on the device and is analyzed and often shared with third party data brokers via a cloud backend depending on the privacy policies in place.  These third parties may share information and the aggregated data used to create profiles, which at best case may be use for marketing purposes but over time what’s to stop insurers and law enforcement gaining access to this information?

Earlier this year Federal Trade Commission (FTC) Chair Edith Ramirez warned of the privacy risks when at the CES tradeshow, she posed the question ”Or will the information flowing in from our smart cars, smart devices, smart cities just swell the ocean of “big data,” which could allow information to be used in ways that are inconsistent with consumers’ expectations or relationship with a company?”   The Electronic Privacy Information Center has also written at length on the risks of the “hidden collection” of sensitive data from IoT devices.  In Accenture’s survey report on the “Internet of Things” many of the 2000 respondents polled in the United States indicated they would be willing to share personal data in return for discounts and coupons.

Transparency, Standards And Data Confidentiality

I am a fan of IoT and the potential a great many of these devices offer for improved quality of living and safety, health, greater home and environmental efficiencies.  However, consumers need clear standards for secure connections from the devices to a backend cloud and standards around data confidentiality, and transparency of that data stored and processed in the backend cloud.  Until these standards are in place, I encourage users to be vigilant and to press manufacturers for clear answers on the following at minimum:

  1. Will your data shared with third parties? This is particularly important for any device that collects sensitive data about you. It may be challenging given the volume and legalese of privacy policies but well worth the time investment given it’s your private data.
  2. Understand how your information is transmitted. And, once in storage, who has access to the information?  Is the information stored on a third party’s cloud?  When you stop using the device, what happens to your data?
  3. Take time to understand your device’s privacy settings. Have you configured the device’s settings maximum privacy? Are you only sharing what you are comfortable sharing publicly?

The tension between convenience and privacy is at it’s most strained and hopefully that will accelerate the move towards much needed digital safeguards.  But in the interim, a more cautious and defensive approach will help you preserve your privacy.

By Evelyn de Souza

The Sticky Note.png
The Report.png
Byod.png
The Backup.png
Wealth Management Software Solutions - ServiceNow
Financial wealth management services (Updated: 06/29/2022) Many want to live in abundance, but very few people have what it takes to harness true wealth. True wealth is harnessed through the effective management of resources. Despite ...
Tiago Ramalho
More equitable future for food distribution with AI At best, only 70% of food gets used in the United States. The rest goes to waste. Although devastating, the good news is this massive waste of ...
Rakesh Soni
Customer Experience: Living In A Connected World and Winning the IoT Race IoT and smart interconnected systems have already created an invisible aura of convenience, usability, and a rich user experience around us. However, when ...
Jen
VoIP and PBX Phone Systems The cloud is already providing businesses with such a range of advanced tools and services, optimizing communication across channels, improving global cooperation, and supporting collaboration between teammates and partners both ...
Dmitry Chekalin
How Much Should a Modern Website Cost? A website is a valuable instrument for growing your business. Your website presents your brand to users. Also, it compels your prospects to become your customers. So, how ...
  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.