Security of the Internet of Things

The Internet of Things (IoT) heralds a whole new era of connected devices and smart technology. But for some, it also brings with it a host of serious security concerns about personal data and how it is used. We are volunteering more and more of our information without thinking of the consequences.

It may seem harmless, even advantageous, to have your home devices record and transmit your data, but do we know where this information is going? Recently, the PETRAS IoT Research Hub in the U.K. investigated a connected kettle, called Polly, which transmitted user data to a server in Iceland, without the knowledge or approval of the user. This may well be a harmless way for the company to gather data and improve designs, but where do we draw the line?

Apparently, even harmless data, gathered through fun surveys and quizzes, can be used to allegedly to influence events on a grand scale. This field of so-called psychographics, using behavioral data to influence behavior, is a huge worry to a lot of people. Indeed, the U.K. Information Commissioner Elizabeth Denham told the BBC World Service program, Click, that she was concerned about fair democracy is under threat if data is used in this way, without the individual’s knowledge.

Unfortunately, as with so many technological advances, companies are rushing to market, keen to be the first and establish a vanguard, while regulation and legislation lag, sadly. Yes, all these companies have terms and conditions, but how many of us ever read them before ticking the box to say we have?

The new European data laws, known as General Data Protection Regulations or GDPR go some way toward changing things. The rules mean companies will have to be much more open about how our data is gathered and stored, and perhaps more importantly, what they will be using it to accomplish.

Even so, many of us will still be volunteering our data more freely than is good for us, often without even knowing it. The famous internet connected fridge might seem like a great idea — reordering beer and pizza when we run low — but do we want big businesses and politicians to know such private data as our eating and drinking habits? Apparently, such harmless data could be used to influence a wide range of things from medical insurance premiums to job prospects.

We are much more careful when knowingly giving our data online, such as internet banking or shopping and gaming online, and companies in these sectors have responded with multiple levels of security. NatWest Bank in the U.K. now offers facial recognition as a secure login, Amazon has introduced two-step verification for logins and PokerStars provides a security token to try to reassure us. Yet as the IoT grows, we may be surrendering much more data than we realize, without even knowing it.

It is, of course, far too late to put the IoT genie back into the bottle. However, the ethics and the regulations need to catch up quickly with the full implications of this massive data sharing if we are to be properly protected from nefarious use. We need to know that when we ask Alexa to order a new book or Polly to put the kettle on, that this information is not going to be used in ways in which we never intended.

Related Posts

About The Author