Privacy professionals tracking the development of the Internet of Things (IoT) have raised fundamental concerns around privacy, security and user notice and choice. How will we protect our privacy into the future when every appliance in our home will have the capacity to collect and share data? With the right understanding of the issues, we can build privacy into our future. It’s a complex challenge, but not beyond our reach. Working together we can ensure privacy in all things includes the Internet of Things.
Understanding the Implications of IoT Data
The Internet of Things will generate data on a scale beyond anything we’ve experienced to date. While there’s a lot of talk about “Big Data” as a source for both tremendous insights and mega scale breaches of privacy, it’s important to understand the types of data common to IoT and how companies and institutions hope to leverage it.
Broadly speaking, IoT data includes status data, location data, personalized data, and actionable data. As David Friedman explains in his article for Readwrite, this information will help manage resources more efficiently, create greater transparency in supply chains, manage systems automatically, and persuade people to change their behavior.
It all sounds rather utopian until you consider the contrary perspective of journalists like Maria Farrell, who brings up some rather troubling, politically charged and not-unreasonable opinions about where IoT data may lead us:
“The internet of things will be as much determined by its own revenue imperatives and ownership structures as our society is by inequality, consumerism and the politics of fear. The internet of things is a set of heavily invested capabilities in search of long and deep profit. Where it meets individuals, its goal is to hoover up information about us, use that to optimise processes, nudge us to earn more, consume more, depend on each other less.”
Farrell goes on to say the idea that we’re willing to trade some of our privacy for convenience is a myth:
“US research found that individuals accept online and physical tracking by businesses because they believe that if they refuse it will happen anyway: … people feel they cannot do anything to seriously manage their personal information the way they want. Moreover, they feel they would face significant social and economic penalties if they were to opt out of all the services of a modern economy that rely on an exchange of content for data. So they have slid into resignation.”
But not all privacy concerns are centered on the data. The devices gathering the information are also subject to security breaches.
A Call for IoT Industry Standards
Recently the Online Trust Alliance has called for industry standards for IoT, and formed a working group to “support the future of IoT trust.” The IoT Trustworthy Working Group (ITWG) is “a multi-stakeholder initiative to develop a framework for adoption of voluntary best practices in security, privacy and sustainability.” The emphasis is on home automation and home-connected products as well as wearable health and fitness devices.
The effort is admirable in that it hopes to cultivate privacy and security-by-design practices for IoT, with an end goal of providing a certification program for IoT devices. Not only would this help maximize consumer trust, but it would provide a meaningful way for people to consider IoT devices in light of their own privacy practice.
The current discussion draft of the IoT Trust Framework (PDF) includes 23 minimum requirements and 12 additional recommendations which track the Fair Information Practice Principles. The requirements cover everything from privacy policy disclosure to encryption best practices and breach response plans.
The OTA is not alone in this effort. Industry giants are also concerned. Intel recently announced it was working on a chip-level protocol called Enhanced Privacy Identification to help make IoT more secure.
If you have thoughts you’d like to share with the OTA, they are inviting public and industry comment until September 14, 2015.
The Internet of Things will present us with many unforeseen and complicated societal changes, but we do not have to sacrifice privacy to explore IoT’s power. It is up to us to decide how we want to preserve our privacy along the way.