You Want to Measure What? Maintaining Privacy With the IoT

The Internet of Things (IoT) and vague concepts, like the connected home, are no longer futuristic concepts, but physical things. In fact, we are surrounded by hundreds of inter-connected systems. According to the Federal Trade Commission (FTC), experts estimate in 2015 that there will be 25 billion devices connected within the IoT. By 2050, that number could increase to 50 billion. Wearable technologies like the Fitbit and Google Glass go beyond regular Internet connectivity and extend to connected cars and homes. You no longer need to be physically present to raise your thermostat or check a security camera. Data from Smart TVs, Smart Meters, and the Smart Grid are available at the tap of a screen. But where do we draw the line between innovative technologies and misuse of personal information? Despite attempts to pre-emptively incorporate security and privacy measures into inter-connected devices, the truth is that most are susceptible to risks. The whole of personal activity and preferences, from physical activity to daily home routines, are inherently mappable, trackable, and easily accessible.

While the IoT offers numerous benefits, particularly within the health, energy, and safety sectors, it also presents an array of privacy risks through misuse of personal data. At the crux, the perceived threat lies in the ability to gather large quantities of information on individuals’ lifestyles over a long period of time. Many organizations use the IoT to mine publicly available customer data and verify preferential information, technically with the customer’s permission. So how do you protect yourself and your organization from IoT risks? Surprisingly, protecting the IoT is not much different from the mundane ways you protected previous devices, like a home computer:

  • IoT situational awareness. First and foremost, do not include sensitive personal information if it is not required. Always closely examine privacy policy and permissions before using an app or new device and turn off Wi-Fi or Bluetooth when not needed. Lastly, cautiously use social sharing features, which act as entry points for those interested in your sensitive information.
  • Collect what you need. Only accumulate and retain the data you or your organization truly requires. Reasonably minimizing data, and disposing of it once you no longer need it, makes you a less attractive target and reduces the risk of misuse.
  • Secure your networks. We’ve all heard this one before. Regularly change your network passwords and disable any guest networks entirely. It is also possible to set up multiple SSIDs for varying devices – everything from computers to Smart TVs. Most vulnerabilities exist when data is en route. By creating multiple SSIDs, even if one of your networks is compromised, your other devices remain safe.

In an interconnected world where all objects can connect and communicate with other objects and people, safe and effective use of the IoT is surprisingly not dependent upon device privacy measures; it is dependent upon the user implementation of device privacy measures.

 

Guide to the Internet of Things