Chapter 5: The Internet of Things
26 Privacy and Security within the IoT
From https://en.wikipedia.org/wiki/Internet_of_things
Privacy, autonomy and control
Philip N. Howard, a professor and author, writes that the internet of things offers immense potential for empowering citizens, making government transparent, and broadening information access. Howard cautions, however, that privacy threats are enormous, as is the potential for social control and political manipulation.[127]
The concern over the privacy was led many to consider the possibility that Big Data infrastructures such as the IoT and Data Mining are inherently incompatible with privacy.[128]Writer Adam Greenfield claims that these technologies are not only an invasion of public space but are also being used to perpetuate normative behavior, citing an instance of billboards with hidden cameras that tracked the demographics of passersby who stopped to read the advertisement.[129]
The Council of the Internet of Things compared the increased prevalence of digital surveillance due to the Internet of Things to the conceptual panopticon described by Jeremy Bentham in the 18th Century.[130] The assertion was defended by the works of French philosophers Michel Foucalt and Gilles Deleuze. Foucalt wrote in his novel Discipline and Punish: The Birth of the Prison that the panopticon was a central element of the discipline society developed during the Industrial Era.[131] Foucalt also argued that the discipline systems established in factories and school reflected Bentham’s vision of panopticism.[131] In his 1992 paper “Postscripts on the Societies of Control,” Delueze wrote that the discipline society had transitioned into a control society, with the computer replacing the panopticon as an instrument of discipline and control while still maintaining the qualities similar to that of panopticism.[132]
A research team of the National Science Foundation and University of Arkansas at Little Rock discovered that the privacy of households using smart home devices could be compromised by analyzing network traffic.[133][134]
Peter-Paul Verbeek, a professor of philosophy of technology at the University of Twente, Netherlands, writes that technology already influences our moral decision making, which in turn affects human agency, privacy and autonomy. He cautions against viewing technology merely as a human tool and advocates instead to consider it as an active agent.[135]
Justin Brookman, of the Center for Democracy and Technology, expressed concern regarding the impact of IoT on consumer privacy, saying that “There are some people in the commercial space who say, ‘Oh, big data — well, let’s collect everything, keep it around forever, we’ll pay for somebody to think about security later.’ The question is whether we want to have some sort of policy framework in place to limit that.”[136]
Tim O’Reilly believes that the way companies sell the IoT devices on consumers are misplaced, disputing the notion that the IoT is about gaining efficiency from putting all kinds of devices online and postulating that “IoT is really about human augmentation. The applications are profoundly different when you have sensors and data driving the decision-making.”[137]
Editorials at WIRED have also expressed concern, one stating “What you’re about to lose is your privacy. Actually, it’s worse than that. You aren’t just going to lose your privacy, you’re going to have to watch the very concept of privacy be rewritten under your nose.”[138]
The American Civil Liberties Union (ACLU) expressed concern regarding the ability of IoT to erode people’s control over their own lives. The ACLU wrote that “There’s simply no way to forecast how these immense powers – disproportionately accumulating in the hands of corporations seeking financial advantage and governments craving ever more control – will be used. Chances are Big Data and the Internet of Things will make it harder for us to control our own lives, as we grow increasingly transparent to powerful corporations and government institutions that are becoming more opaque to us.”[139]
Researchers have identified privacy challenges faced by all stakeholders in IoT domain, from the manufacturers and app developers to the consumers themselves, and examined the responsibility of each party in order to ensure user privacy at all times. Problems highlighted by the report[140] include:
- User consent – somehow, the report says, users need to be able to give informed consent to data collection. Users, however, have limited time and technical knowledge.
- Freedom of choice – both privacy protections and underlying standards should promote freedom of choice.
- Anonymity – IoT platforms pay scant attention to user anonymity when transmitting data, the researchers note. Future platforms could, for example, use TOR or similar technologies so that users can’t be too deeply profiled based on the behaviors of their “things”.
In response to rising concerns about privacy and smart technology, in 2007 the British Government stated it would follow formal Privacy by Design principles when implementing their smart metering program. The program would lead to replacement of traditional power meters with smart power meters, which could track and manage energy usage more accurately.[141]However the British Computer Society is doubtful these principles were ever actually implemented.[142] In 2009 the Dutch Parliament rejected a similar smart metering program, basing their decision on privacy concerns. The Dutch program later revised and passed in 2011.[142]
Security
Concerns have been raised that the internet of things is being developed rapidly without appropriate consideration of the profound security challenges involved[143] and the regulatory changes that might be necessary.[144] According to the Business Insider Intelligence Survey conducted in the last quarter of 2014, 39% of the respondents said that security is the biggest concern in adopting internet-of-things technology.[145] In particular, as the internet of things spreads widely, cyber attacks are likely to become an increasingly physical (rather than simply virtual) threat.[146] In a January 2014 article in Forbes, cybersecurity columnist Joseph Steinberg listed many Internet-connected appliances that can already “spy on people in their own homes” including televisions, kitchen appliances,[147] cameras, and thermostats.[148]Computer-controlled devices in automobiles such as brakes, engine, locks, hood and truck releases, horn, heat, and dashboard have been shown to be vulnerable to attackers who have access to the onboard network. In some cases, vehicle computer systems are internet-connected, allowing them to be exploited remotely.[149] By 2008 security researchers had shown the ability to remotely control pacemakers without authority. Later hackers demonstrated remote control of insulin pumps [150] and implantable cardioverter defibrillators.[151] David Pogue wrote[152] that some recently published reports about hackers remotely controlling certain functions of automobiles were not as serious as one might otherwise guess because of various mitigating circumstances; such as the bug that allowed the hack having been fixed before the report was published, or that the hack required security researchers having physical access to the car prior to the hack to prepare for it.
The U.S. National Intelligence Council in an unclassified report maintains that it would be hard to deny “access to networks of sensors and remotely-controlled objects by enemies of the United States, criminals, and mischief makers… An open market for aggregated sensor data could serve the interests of commerce and security no less than it helps criminals and spies identify vulnerable targets. Thus, massively parallel sensor fusion may undermine social cohesion, if it proves to be fundamentally incompatible with Fourth-Amendment guarantees against unreasonable search.”[153] In general, the intelligence community views internet of things as a rich source of data.[154]
As a response to increasing concerns over security, the Internet of Things Security Foundation (IoTSF) was launched on 23 September 2015. IoTSF has a mission to secure the internet of things by promoting knowledge and best practice. Its founding board is made from technology providers and telecommunications companies including BT, Vodafone, Imagination Technologies and Pen Test Partners.[155][156]