IoT and data protection: when the smart home is listening
05-08-2020 Author: Jan TisslerThe Internet of Things (IoT) is rapidly growing and in the same breath, so too is the amount of data that IoT devices and servers are collecting, storing and processing. This is a treasure trove of data that arouses desires and can sometimes reveal surprising information.
The Internet of Things is already big and is only going to get bigger: Juniper Research predicts , that there will be 50 billion active IoT devices worldwide by 2022. And that's counting offers only for consumers, not “smart” offices, buildings and factories. Cisco, in turn, estimates , that there will be an average of 14.8 appliances and devices connected to the internet in Western European households by 2022 – light switches, lights, heating controls, security cameras, blinds, doorbells, loudspeakers and much more.
IoT entices with comfort, security and efficiency
Where did this boom come from? A “smart home” promises more comfort, added security and can save energy. Arguments that are obviously well received by customers.
The smart doorbell, for example, has an installed video camera. Not only does it send a live image to the connected smartphone, but it can also use face recognition to identify the person standing at the front door. Modern security cameras work in a similar way: they only sound the alarm if they detect an unknown person.
These types of functions are practical, but of course have further consequences. Because what serves your own security can also be used to monitor others.
Back door surveillance
Example: The Amazon company Ring willingly cooperated with the US police. And that's not all: Ring even encouraged police to recommend the cameras to citizens so as to gain easier access to the images. The company did their best to keep the details under wraps. Data protection officials fear that this will create a network of surveillance cameras beyond state control and regulation.
Another example: Amazon's voice assistant Alexa has been improved with the help of human teams, who listened to audio snippets recorded by devices such as the company's “Echo” speakers. However, Amazon failed to inform its customers about this practice, which nonetheless was soon brought to light. Apple, for example, acted in a similar way with Siri. In the meantime, users can switch off this function and delete their audio data. Whether this is enough is currently being examined by the Irish Data Protection Authority.
Even seemingly harmless devices such as light switches, lights or thermostats can tell a lot about a household: for example when someone is at home or whether a family is currently on holiday.
The valuable wealth of data is growing
Companies like Google or Amazon are already in the data business anyway. That is what makes them so valuable. Based on this information, they can make business decisions, submit offers or provide their insights to third parties.
But even if the manufacturers of the IoT devices themselves don't have a primary interest in the data, this doesn't automatically mean they are in good hands. The safety of such devices is repeatedly criticized. Passwords are either weak or never set, or private data can end up on an open server due to a configuration error.
These issues become even more important when it's not just your own household in play. Our world is becoming increasingly networked thanks to the many advantages this offers. It enables our cities to be organized more efficiently. Office buildings save energy and thus protect the environment. In an emergency, hospitals have all the information about a patient at hand. It all sounds great, but of course there needs to be a set of rules in place.
The need for clear rules and regulations
"The Internet of Things has potentially huge benefits for consumers, but it also has significant implications for privacy and security," said Edith Ramirez, , then chair of the U.S. Consumer Protection Agency, FTC, back in 2015.
She called for what has since been incorporated into the European Union's General Data Protection Regulation. This includes collecting only data that is actually needed (“data economy”), considering privacy protection as the standard (“privacy by design”) and the need for each company to disclose which information it collects and how it is processed.
However, the difficulty lies in figuring out how this can be implemented in the Internet of Things. Because while we consciously and actively use the commercially available Internet, we are always passively recorded in the IoT. Suffice it to walk past a surveillance camera.
IT professor Margo Seltzer has therefore declared that privacy as we've always known it is no longer possible. At the same time, however, she doesn't propose simply giving up. Rather, it's about corresponding laws, she told TechCrunch. And these shouldn't be specific to a special technology such as IoT, but rather be a general set of rules. Because: "Technology itself is neither good nor bad."