Data privacy in the IoT Era

Published On January 27, 2018

How data privacy fits into the landscape of the IoT.

It’s appropriate that this year’s Data Privacy Day (January 28) takes place just three weeks after the giant Consumer Electronic Show (CES). CES is an amazing showcase of the latest gadgets for home and personal use, and this year the Internet of Things (IoT) was a focal point. How about the GeniCan, a trashcan that reads bar codes on items you discard and automatically adds them to your shopping list? Or iSmartAlarm, a home security system that automatically takes videos of unusual activity around your house, including license plates of unfamiliar vehicles, and alerts you to risk?

In this IoT era, the arrival of 50 million connected devices over the next three years will unquestionably make life easier. However, they will also raise questions about our willingness to trade off data privacy for convenience. As our digital trails are captured and stored, the potential for bad guys to wreak havoc with this information grows.

Online privacy concerns

Public concern is growing. The National Cyber Security Alliance (NCSA) reported last year that 92% of Americans worry about their online privacy and 45% are more worried than they were a year ago.

The title of a TED Talk by security expert Avi Rubin tells why with chilling clarity: “All your devices can be hacked.” Rubin tells how white-hat hackers showed how they could take over the computer systems of standard production automobiles and control acceleration, braking and displays. They could even secretly turn on the in-vehicle microphone and listen in on conversations while tracking the vehicle’s location using its own navigation system.

Another experiment took videos of bus riders tapping on their smartphones and then used computer analysis of the reflections in their glasses to figure out what they were typing. In another remarkable TED Talk, Google research scientist Michael Rubinstein explained how a team was able to listen in on conversations in a closed conference room by decoding vibrations in a bag of potato chips.

Surveillance is now so common that we don’t even think of it. The U.K. has one video camera for every 10 people. Hackers long ago figured out how to co-opt smartphones to secretly activate cameras and microphones, essentially turning them into surveillance devices that we willingly carry around in our pockets.

Data privacy business challenges

Businesses have more latitude than public spaces. For example, many fleet managers now have dashboard cameras mounted in their delivery and service vehicles to keep an eye on drivers as they make their rounds. Video, email and phone call monitoring are usually OK if justified by business results. But managers must also be aware of the potential for abuse, mischief or worse.

Online security and data privacy are now closely intertwined. As consumers, we can take some basic precautions to protect ourselves. Don’t store credit card numbers on e-commerce accounts. Create strong passwords and don’t reuse them (password management software makes this easy). Install a security app on your smartphone. Think carefully about personal information you enter into online profiles and social networks.

Businesses need to tell employees that they’re being monitored and what is done with that information. Employers should clarify data lifecycle policies that specify what’s stored and when personal data is destroyed. Personal information collected for business purposes, such as medical and criminal records, are afforded special protections. Rules vary by industry and location. FindLaw has a good basic overview for U.S. firms.

The growing number of high-profile cyber-attacks that have dominated the headlines over the last couple of years should have everyone thinking about protecting their privacy. Breaches may be inevitable, but we can at least reduce the odds of becoming a victim. The NCSA has distributed a terrific list of facts, tips and resources about personal information protection. Make a note to read it on Jan. 28.