Home » cyber security » The Internet of Things: Super Cool. Absolutely Terrifying.
big brother

The Internet of Things: Super Cool. Absolutely Terrifying.

“The poster with the enormous face gazed from the wall. It was one of those pictures which are so contrived that the eyes follow you about when you move. BIG BROTHER IS WATCHING YOU, the caption beneath it ran.”

Remember this line from the beginning of George Orwell’s 1984? I hope it doesn’t become the unofficial tagline of the burgeoning Internet of Things (IoT). But before I dive into the potential of devolving into a dystopia, let’s make sure we understand the IoT.

The IoT refers to the connectivity of devices to each other and the internet. These devices are largely “smart” objects, like phones and televisions, but they can also be refrigerators, automobiles, washing machines, electrical meters, wearables (watches and even socks), trash cans and street lights. And these smart objects are everywhere.

Consider this…

You wake up to a pleasant 68 degrees in your bedroom. (The temperature was set by your Smart home capabilities.) You check your Fitbit dashboard to see how restful your sleep was, and then you head down to the kitchen. The LCD on your smart fridge let’s you know that you’re low on milk.  You grab your freshly brewed cup of coffee from your smart coffeemaker, which you set to brew last night using your smartphone. And you’re out the door for the morning commute. Getting into your car, which identified you with its facial recognition software, you hope for no traffic. But even if you’re a few minutes behind, you’re not worried because your administrative assistant is tracking your progress on her tablet using your on-board location system.  You whiz by the new smart streetlights, and hope the sensors on the light poles aren’t recording your speed as you drive 38 mph in a 35 mph-zone.

You haven’t even arrived at work yet, and you’ve already been subjected to all of these IoT objects. And these things will continue to mature and permeate every aspect of daily life. Eventually, the IoT will seep into every facet of our lives. A network of data-gathering sensors will automatically order your groceries, gauge the stress level in the concrete supporting bridges to alert of a collapse before it happens, and track your movements from your bed to the gym to the office to the bar to your dinner table and back to bed.

When I first heard the term Internet of Things, I didn’t know what it was. It was a buzzword that I assumed was something only techies and engineers would be concerned with. As a non-technical healthcare and data privacy consultant, I didn’t pay much attention to the IoT. But I should have. Because even though I don’t care much about the how of the IoT, the effect of the how is worth serious consideration.

We already live in an info-centric world.  There’s no denying it, and our attempts at securing the confidentiality and privacy of our information has proven completely inadequate. Now, we’re seeing rampant and ever-increasing data sharing among people, their Smart devices and other devices. Literally and figuratively, we’re constantly surrounded by a whirling storm of data. So how do we protect this information? The technology is science-fiction cool, but its consequences are identity loss terrifying.

Think about it.  A torrent of your personal data is rushing around your town, state, county and the world. It’s all susceptible to hackers who want to steal your information, blackmail you or just ruin your day. It’s also susceptible to unauthorized monitoring by Big Brother. As the smart grid expands, you can bet the government will have access to it, and will know exactly where you are and what you’re doing at any time. Or at least that’s where we’re headed. So, how do we enjoy the IoT’s benefits while limiting its weaknesses?

The most obvious fix is to apply security practices in device development, production and use. We also need to follow the Privacy by Design (PbD) principles to ensure that devices aren’t collecting more information than they need (a.k.a data minimization); or that the info is being stored somewhere unnecessarily. Further, device manufacturers have to provide clear, comprehensive and accurate notice to consumers about what will happen to the data the device collects, and provide individuals a choice regarding that use. I’d like to know if my smart oven is sharing my data with Kraft Foods – it is my data after all. I like to think that legislation to protect consumers is somewhere on the horizon, but we’ll have to patiently wait for the law to catch up with technology.

In all, using the IoT can make your life more convenient, and provide opportunities for the collective good. On the flip side, it can have disastrous consequences. Now is the time to develop strategies to curtail the IoT’s drawbacks. And by now I mean right this second.

About Joshua Merkel

Josh is Lunarline's Director of Privacy. He is a licensed attorney and holds CIPP and CIPM certifications. In addition to data privacy consulting, Josh acts as a subject matter expert supporting HIPAA compliance assessments, and leads FISMA/NIST efforts for several clients.