Introduction
Hey Alexa! Can you make sure I remembered to lock my apartment this morning? Ok Google… It’s freezing today. Can you turn on the thermostat to 70 degrees before I get home? Hey Siri, I’m running late! Could you find me the closest available parking spot to my classroom?
A world in which our handheld devices could actually answer these questions for us is not too far from reality as a result of the ongoing development of the Internet of Things (IoT). The Internet of Things is a term coined to envelope all technology that creates a network of physical things in our everyday lives by sensing, sharing, and analyzing data with the ultimate goal of increasing the quality and ease of human life [1]. The possibilities are literally endless, with sensor locations ranging from our refrigerators and cars to our very own bodies.
However, with revolutionary technology like this, which has the potential to completely rewrite the daily lifestyles of the average population, it is important that we, as engineers, closely consider the risks associated with the development of this novel system. This article begins with a brief discussion of the technological hurdles that still stand in the way of consumerizing the IoT, which leads to privacy concerns raised by this new level of surveillance technology. The crucial fact is that engineers must constantly be mindful of the possible risks associated with their work before they develop life-changing technologies, such as IoT, in order to maintain consumers’ security, privacy, and possibly even freedom [2].
Technical Obstacles
Before considering the privacy issues raised by a future with the Internet of Things, engineers must face the obstacles surrounding the practical implementation of such a system. Although interpersonal connectivity has increased immensely over the past few decades as a result of the internet and its devices, such as smart phones and computers, this level of connectivity has yet to be applied to the majority of the machines in our daily lives, for instance refrigerators or cars.
While some personal devices such as phones and computers are ready to be the data processors in the IoT system, the sensors needed to gather relevant information have yet to catch up [3]. For instance, to resolve the user side of my request to Alexa above, a phone app could easily be built to allow a customer to remotely check whether their doors are locked. In fact, many home security systems have already begun to provide this functionality. However, most residential locks themselves are not yet internet-connected; therefore, locking one’s home remotely is still impossible.
In order for the Internet of Things to achieve its full potential, the reinvention of a wide array of machines may be required in order to transform them into effective sensors. For instance, residential locks would have to be redesigned to support remote locking and unlocking through a newly implemented web interface. In fact, any item that doesn’t currently support internet functionalities would face drastic redesign before being incorporated into the IoT world. Unfortunately, in addition to the huge cost behind replacing these devices, the development of this pervasive sensor technology introduces major privacy concerns by providing the technological platform for extreme individual surveillance [1]. Although many of the sensors and the data they collect may initially seem trivial, security and privacy are crucial challenges to consider in the development of the IoT as they have much greater implications than individual customers may realize [2].
Privacy Concerns
Despite the technical obstacles that require attention from engineers working on the IoT, the largest challenges in this field concern the privacy issues regarding total surveillance [1]. Consider, for example, the residential application of the Internet of Things. Sensors on one’s blinds, kitchen and bathroom appliances, and thermostat can be used to infer the number of residents in a home as well as the times at which they wake in the morning [2]. In conjunction with sensors in the user’s phone or car, further data can confirm this residential headcount as well as record the locations of residents throughout the day.
Who cares if my approximate sleep schedule has been documented somewhere on the internet? Much of this information may at first seem harmless to record. However, the mere fact that detailed information on our individual lives may be chronicled through the use of these technologies is somewhat disconcerting for many consumers [4]. Although trivial, information such as when I drink my cup of coffee each morning or what temperature I prefer to keep my home at night is not information that I would want recorded somewhere online and accessible to others. Furthermore, data that seems trivial individually may in fact become much more concerning when combined with other data from the same user and used to make inferences about that user’s behaviors, as explained further below. Therefore, engineers must consider the possible risks associated with this technological advancement and proceed with these in mind.
Small-Scale Safety Risks – Hackers
First and foremost, the most obvious safety risk associated with the Internet of Things is hackers obtaining access to private data and sensors [4]. Consider the residential IoT example above. If a robber gains access to the cumulative data of a home’s residents, the robber may use this information to identify when the home is unoccupied and thus most vulnerable, planning the targets accordingly. Similarly, sensors such as security cameras may themselves be hacked into, elevating the security risk even further [4]. While robbers used to physically stake out neighborhoods and eavesdrop on private conversations to find targets in the past, the ability to hack into private data would make this stakeout phase infinitely easier by eliminating the physical limitations on the process. Through hacking, a criminal could theoretically parse large amounts of data from the comfort of their own home, covering a much larger stakeout range than they would be able to cover otherwise. In addition, the introduction of sensors such as security cameras makes consumers even more vulnerable by allowing hackers to look in at their targets before actually proceeding with an attack. Obviously the threat to the consumer’s security is concerning when it comes to the implementation of the Internet of Things.
Large-Scale Risks – Loss of Human Privacy
On an even larger scale, the development of IoT technology opens the gates for misuse by both private companies and the government, thus threatening individual privacy. As data is transferred from individual devices to the cloud, users risk having their data accessed and misused by unwanted third parties, such as insurance companies [5]. For example, with access to location data from your car or phone, automobile insurance companies could calculate the speeds at which you drive and analyze your driving safety from these calculations, adjusting your insurance rates accordingly [4]. Similarly, health insurance rates could be adjusted using data from your refrigerator reporting your eating habits, and advertising agencies could cater their products to your habits even more precisely than they already do using internet browsing information [1]. In all these cases, IoT technology would allow third parties to adjust their business with you based on intimate glances into your daily life [6].
However, these invasions of privacy are arguably not all negative. For instance, safe driving and healthy eating may earn you benefits and lower rates. In addition, built-in features such as a speed limit enforcer on cars or meal suggestions provided by your refrigerator demonstrate the many positive applications of IoT technology in our everyday lives. The ability of advertising agencies to cater their media to you may actually lead you to a product you never knew about and now can’t live without. In fact, the implementation of IoT technology may allow us to improve our individual lives significantly by connecting information and services available online with our personal lives more efficiently than in the past, at the cost of the privacy that we now take for granted.
However, this is a crucial tradeoff to consider before the Internet of Things can become a widely used technology. In the interest of complete transparency, the best solution lies in users having the ability to specify their own preferences. For instance, an individual may choose to hide their data from auto and ad companies for the sake of preserving their privacy, but choose to allow insurance providers to access it in order to provide better emergency services [5]. However, even when providing the consumer with full control over their own data, certain risks present themselves which may not immediately occur to the everyday user. In addition, the common practice of accepting legal terms and conditions without reading the actual document means consumers may be gradually giving up their privacy to companies without even realizing it [6]. Therefore, engineers must consider these possibilities as they develop IoT technology and work not only to prevent these risks to the best of their ability, but also to educate users about the implications of utilizing these technological advancements.
The final and somewhat dystopian fear associated with the development of the IoT is the concern that the unwanted viewers may extend beyond private institutions to include the government. This possibility goes beyond individual security or privacy concerns by calling into question the effects this technology could have on the future of human rights and independence. This risk presents significantly more of a threat than those posed by individuals or private organizations because civilization relies on governments to maintain order and enforce generally moral behavior among their citizens. When done by private organizations or individuals, the criminal acts described above, such as hacking, robbing, and secretly accessing private data, can theoretically be regulated by the government through fines and punishments. However, if and when the ideals of the government itself shift away from the pillars of independence and freedom that we now take for granted, there is no higher institution to regulate those changes besides revolutionary action from the people themselves.
Therefore, if a drastic shift in the political sphere brings about dictatorial power in the future, IoT technology would facilitate extreme policing of civilians and even make it exponentially harder for them to create a successful uprising due to the extreme surveillance. Imagine a future in which our government wants to micromanage what we eat, when we sleep, or how we like to wind down after a long day. While this seems like a far-fetched possibility in modern political times, the infiltration of connected technologies in every aspect of our homes facilitates this form of government control technology-wise. Our country and the world overall may eventually go down the road imagined in literature such as The Brave New World or modern films such as The Circle, where every detail of an individual’s life has been stripped of its privacy. In the case of this political shift, the existence of IoT would enable the government to effectively have an “eye” in all private residences.
How the Engineer Can Respond
Engineers must then consider that their attempts to make human life slightly more convenient today may in fact have an extreme bearing on not only the immediate security of its customers, but also on our independence and the structure of life as we know it. However, with proper security measures, we may be able to enjoy the benefits of IoT while avoiding its possible downsides. For example, the implementations of the IoT can be structured around local data storage instead of data storage on the cloud to minimize security risks expressed above.
In order to mediate the role of privacy policy in the development of the Internet of Things, non-profit organizations should be created to provide users with explanations of their privacy options and to promote legislation designed to protect consumers. This way, consumers can make informed decisions about the uses of their own data [6]. In addition, privacy must be addressed engineer-side through smart, secure programming and through providing complete transparency, anonymization, and user control as explained below.
First and foremost, developers must ensure security of data by deciding on the safest methodologies for information transfer and storage. Next, in order to avoid the eventual misuse of this technology by large institutions or the government, companies developing IoT technologies should work with legal counsel to set up guidelines that explicitly establish the privacy rules regarding this technology before it becomes widely used. By keeping privacy at the forefront, developers can prevent these technologies from being misused in a way that threatens individual rights to privacy. Among these policies, developers of IoT technology must do their best to ensure the following for their users: transparency regarding the access rights to one’s data, the anonymization of data for group statistics, and control over data deletion. For instance, consumers should be given a full tutorial outlining the possible implications of their privacy decisions before being directed to choose whether or not their personal data is stored, for how long, and how deeply it is encrypted to ensure anonymity. By educating consumers about the risks associated with this new technology and allowing them to control how their data is used and stored, engineers provide the framework for individuals to stay in charge of how this new technology affects their lives. With these policies in place, users’ rights to privacy will be well protected despite the potential risks associated with the Internet of Things.
Conclusion
The main challenge for privacy in the context of IoT remains the management of the vast amount of data collected. In order to maintain the users’ rights to privacy, industry standards must be created which stop the unregulated sharing of data by providing users with the transparency and control necessary to dictate the legal uses for their data. Obviously, IoT has the potential to completely change how we live, but we as a society, and especially as engineers implementing the technology, must first take into consideration whether this is the direction we’d like to move as a civilization. We must analyze the potential drawbacks of developing this technology and weigh them against the positives.
Although close analysis may make the potential drawbacks of an Internet of Things seem too extreme to make the benefits worth it, by properly planning to prioritize consumer privacy, engineers can avoid these security and privacy risks to the best of their abilities and make this technology worth being developed. As with any big technological advancement that has the potential to change how we live, the Internet of Things has a large risk factor when it comes to the misuse of technology. Therefore, as the creators of this new world, engineers are ethically responsible to ensure that their technological developments don’t cause excessive security and privacy concerns for their customers and thus adversely affect their lives. This situation reminds us of the importance of discussing these potential drawbacks before and throughout the development of new technology.
By Nikkan Ghosh, Viterbi School of Engineering, University of Southern California
Works Cited
[1] M. Dixit, J. Kumar, and R. K. Kumar, “Internet of Things and its Challenges,” in International Conference on Green Computing and Internet of Things, pp. 810–814, Jan. 2016.
[2] R. H. Weber, “Internet of things: Privacy issues revisited,” Computer Law and Security Review, vol. 31, no. 5, pp. 618–627, Oct. 2015.
[3] D. Munjin and J.-H. Morin, “Toward Internet of Things Application Markets,” in IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing, pp. 156–162, Feb. 2013.
[4] A. Meola, “How The Internet Of Things Will Affect Security & Privacy”. Business Insider, 2017. Web. [Accessed 3 May 2017].
[5] M. Henze, L. Hermerschmidt, D. Kerpen, R. Ha, B. Rumpe, and K. Wehrle, “User-driven Privacy Enforcement for Cloud-based Services in the Internet of Things,” in International Conference on Future Internet of Things and Cloud, pp. 191–196, Dec. 2014.
[6] A. Wall, “Privacy And The Internet Of Things: Everything Around You Is Collected Your Private Data”. Radarfirst.com. 2017. Web. [Accessed 3 May 2017].