IoT and Privacy – Can They Co-exist?
Google Home, Alexa, and Smart TV’s have pretty much taken the consumer side of the Internet of Things (IoT) industry by storm. Each has sold millions of units in the United States alone. Based on that amount of sales, we can infer that there is a demand for more convenience and easier access to information. With that, consumers tend to think that this convenience and easy access to information via these IoT devices only cost a few hundred dollars or less. However, there is a hidden cost that consumers may not be cognizant of. This hidden cost has cyber security experts expressing increasing levels of concern as the IoT industry continues to expand. That cost, if you haven’t guessed, is privacy.
We are in an information rich world and quick access to that information is vital. When Alexa and Google Home where being introduced, everyone got excited about the possibilities. Now, I know what you are thinking, we have been using voice activated searches on mobile devices for years, and you are correct. However, having that ability without the need to pick-up a hand held device and key in a passcode is fairly new. Consumers having the ability to merely speak words into the atmosphere while walking through their home and having actions follow is exciting.
But, let’s dig a little deeper. As I mentioned earlier, we are literally bartering our privacy for access. For example, in order for devices such as Google Home and Alexa to be useful, they must be readily listening for the keywords that will activate its functionality and features. That means, these devices offer a “hot” microphone that is always on and connected to the internet. Think of the potential for invasion of privacy. Imagine the audio from some of your most intimate moments being listened to by a potential attacker and them using that information against you in the form of blackmail. Think of the things you say when you think no one is listening. We are in the age of the proliferation of ransomware. What might you say in private that if known publicly could destroy your reputation? Think of the executive who is working from home and discussing confidential mergers and acquisitions that could be used by the listening attacker to purchase the right stock at just the right time.
Ponder this scenario: you commit a horrible crime and the information that was recorded using your google home or alexa device can be used to convict you in a court of law. Will the courts rule that the information heard or recorded by these devices will be admissible as evidence. Think about that. Your home device will be able to be used against you. Now, this is not anything new, it is just pointing out something that most don’t consider when they purchase these types of devices.
Google Home and Alexa are just examples of the Internet of Things (IoT). IoT actually emcompasses much more. IoT can be defined as physical devices, vehicles, and smart devices that use sensors, electronics, and network connectivity to enable these objects to collect and exchange data. In other words, it is every device connected to the internet that is able to build a profile of your electronic footprint Therein lies the danger of IoT. Consider this, your phone is connected to your home alarm system, vehicle, hvac, and maybe your medical monitoring devices. So, if someone hacks your phone, they potentially could have access to everything that your phone accesses. Again, I know that has been a legitimate concern for quite some time. However, now we are talking about the ability for some hacker or outside entity (aka Government Agency) to have full access to your home and by extension, your life, because of the increased level of connectivity through the IoT. Consider the hack back on October 21st, 2016. Some hacker was able to take over home based IoT devices all over the country, then execute a distributed denial of service attack on a company that handled domain name services for a large number of corporations on the East Coast. The attack was possible because of all of the interconnections between home devices and the internet. Also, because your IoT devices are typically not, themselves, being scanned or monitored for malware. How would you know you were infected?
So, to conclude, after reading all of this, I am sure you would like me to put a nice bow on the primary point. I will oblige. The point is, we are coming to a day of reckoning. At some point, we are going to need to make a decision on how much access is worth our privacy. The problem with that simple question is there the answers vary in degrees of complexity and depend on each individual’s personal situation. Therefore, developing a real consensus could be a time consuming ordeal. Unfortunately, with the rate at which we are developing these new technologies and capabilities, we don’t have much time. As for the question of can IoT and privacy co-exist, I think the answer is yes, but more than likely the degree to which they co-exist will have one prioritized over the other.
Rouse, M., & Wigmore, I. (n.d.). What is Internet of Things (IoT)? – Definition from WhatIs.com. Retrieved May 07, 2017, from http://internetofthingsagenda.techtarget.com/definition/Internet-of-Things-IoT