Skip to main content

When everything is connected, how will we keep creeps out and private data in?

intelligence director warns iot spying connected privacy
Image used with permission by copyright holder
Here’s a test for you: Pull out your smartphone or tablet and open an app. Without going into your settings, do you know what data it’s collecting from you? What about how it’s transmitting that data, what it’s doing with that data, and with whom it’s sharing that data? “That’s a concern we all face,” says Raj Samani, CTO for EMEA at Intel Security and special advisor to the European Cybercrime Center.

It’s a concern, but it’s not one many people actively consider. “I think most people err on the side of, ‘I’m just going to permit everything, because I’m sure the people who made the application know what they’re doing,’” says Samani’s colleague Scott Montgomery, CTO for the Americas for Intel Security. But they don’t always have your best interests in mind. Samani once discovered a simple flashlight app, for instance, that was quietly accessing the phone’s contacts and sending the information back to the app’s makers. “People had no idea,” he says.

T-Mobile’s Kim Kardashian Super Bowl commercial had the tagline “It’s your data. Keep it.” Of course, it wasn’t referring to your personal data, but it’s that kind of information that people hand out like candy. Or to get candy. Samani says he’s witnessed people in department stores giving out all kinds of personal details just to get a bar of chocolate. “We need to be able to demand a fair value of our data. Sadly, what I see is people using loyalty cards and giving away their data for literally peanuts,” he says. “I think it’s getting worse. I think the perceived value of personal data is gradually decreasing.”

“We need to be able to demand a fair value of our data.”

Samani lives in the United Kingdom and is working with the European Commission to develop security and privacy standards for smart meters and the smart grid. He’s also involved with the European Privacy Directive 95/46/EC, which is aimed at providing guidance in regards to data privacy. One other project he’s very passionate about is working with governments to implement “personal data economies.” If this one had a Kardashian-style slogan, it could be “It’s your data; charge for it.”

The personal data economy is the idea that consumers should get more benefit — specifically financial — for their data, instead of just gaining access to an app. By 2020, the European personal data economy will be worth €1 trillion ($1.14 trillion), and individuals will see a €670-billion ($763-billion) slice of that pie, according to the Boston Consulting Group. Samani pictures it like an insurance site, where you plug in your information, receive a bunch of bids for it, and choose which one you want to sell your data to.

“If you go to a car manufacturer for example, they may be willing to pay up to $500 to get information about your car, what car you want to buy, your preferences, and so on and so forth,” he says. “You could actually monetize that data.”

If that idea makes you feel a little uncomfortable, Samani says you’re already monetizing your data — you’re just making very little profit. “When you use an app, and that particular app takes data from your phone, you’re monetizing that,” he explains. “The challenge becomes how can I begin to increase the value of that data, because people give away their personal data on social-media sites.”

Right now, it’s the companies that are benefiting from users’ data. Some people are happy to grant permissions to every app, letting them control the phone’s camera, access the contact, and see their locations. Others may not be aware that all this is taking place. “If I printed out the iTunes user agreement, and I rolled it up, and I hit you over the head with it, you could die. That’s how big it is. But no one pays any attention to what it says before they simply click through and agree to it,” says Montgomery.

The Federal Trade Commission recently released a report on the Internet of Things. While it stopped short of recommending legislation to regulate users’ privacy and security, it did have many strong warnings and suggestions for how consumers can protect themselves and how companies should behave. For example, makers of these devices shouldn’t store users’ data for eternity, and they shouldn’t use it for purposes that they haven’t disclosed. It may surprise some that such regulations don’t exist.

piper_photo_06_
Image used with permission by copyright holder

“I spend a lot of time working on cyber-crime issues, and we all rail against cyber criminals for utilizing the Internet for monetizing your personal data,” says Montgomery. “They steal aspects of your personal data, and they monetize it. Well, we’re really letting the industrial internet do the same thing; it’s just legal.”

Unlike in the E.U., there are also no legal repercussions in the U.S. for a company if a third party steals users’ data. But Montgomery thinks that could change. “When that becomes the vector [through which] their data is exposed and there is no regulatory oversight that protects them in those cases, that’s when I think you’ll see people sit up and take notice, because it does affect them,” he says. “I think a lot of people are going to have to suffer from that before people change their behavior.”

Smart-home device hacking is more a matter of “when” than “if.” A recent HP study found that every Internet-connected home security system it tested had critical flaws that made them vulnerable to spying. These include encryption issues, a lack of a lockout feature when trying to guess passwords, and a failure to require strong and complex passwords. Virtually every website you log into stipulates that your password must contain a mix of numbers and letters, at least so many characters long. These top security systems do not.

It’s possible that such specifications are built into the software, says Daniel Meissler, Practice Principal of the HP Fortify Team, but a decision was made by these companies to favor simplicity over security. For Meissler, it’s not surprising that device manufacturers are so lax on security; he says it’s familiar territory. We saw similar issues with networks, applications, and mobile. “Every time we switch from one space to another, we make all sorts of mistakes there,” he says. With the IoT, “We have to relearn these lessons.”

“If I printed out the iTunes user agreement, and I rolled it up, and I hit you over the head with it, you could die.”

However, he says these are not difficult problems to fix. “They have been solved already. There are people that know how; the question is will they make this investment.” In order for that to happen, he adds, consumers need to start putting pressure on manufacturers by opting for devices that make security a priority.

Part of the problem, Meissler believes, is a lack of awareness. But even when people know how dangerous lax security can be, they still choose “123456” and “qwerty” for their passwords. “It seems to be some sort of human limitation not fixable by a report or article,” he says.

Luckily, we may be approaching the day when passwords are a thing of the past. “This is one where there is certainly light at the end of the tunnel, purely around the area around authentication,” says Montgomery. “We’ve heard about the promise of biometrics or the ability to use physical characteristics about your own body to be your authentication mechanism, and I don’t think we’ve ever been closer as an industry to realizing that.”

He envisions a future where it will be a bit like Mission Impossible to get into your house; there could be retina and fingerprint scans, voice identification and facial recognition barriers before you’d be let in the door. More likely, though, it would be a two-factor authentication process. Turning on certain smart devices, especially ones that could compromise your physical safety, such as a smart car or a connected medical device, would require both a pin and a fingerprint scan, for example. It’s not a bulletproof solution, he says, but it’s much safer than what we’re doing now.

One area of research that excites Montgomery is using electrocardiograms for determine a person’s identity. “Your heartbeat is as unique a snowflake as you are,” he says, and this is true whether you’ve been exercising, sleeping, or startled.

It’s a little ironic that we may eventually have to give up these new pieces of personal data — the sound of our voice, the rhythm of our hearts, the pattern of our prints — to keep the rest of our information secure. Still, it seems nothing is stopping our march towards a fully connected world, and this could make us safer. “IoT will just be considered normal,” Meissler predicts. “I think it will come down to acceptance; both the security risks and the benefits.”

Jenny McGrath
Former Digital Trends Contributor
Jenny McGrath is a senior writer at Digital Trends covering the intersection of tech and the arts and the environment. Before…
Best Ninja Foodi deals: Pressure cookers, grills, and air fryers
Unloading food from the Ninja Foodi 10-in-1 Smart XL.

The Ninja Foodi lineup offers a range of small kitchen appliances such as air fryers and pressure cookers, and it’s even known to make some impressive blenders and indoor grills. All of these appliances are in play for some savings right now, as there are some great Ninja Foodi deals to shop. They even include some of the best air fryer deals we’ve seen lately. We’ve rounded up all of the best Ninja Foodi deals you can shop right now and you can find them all below in addition to some information on why each device might be the right one to add to your kitchen. There are also several other ways to save while adding to your smart kitchen out there right now. You can shop refrigerator deals and oven deals if you’re looking for larger appliances, or there are some really great coffee maker deals worth shopping and they include both Keurig deals and Nespresso deals.
Ninja Foodi PossibleCooker Pro — $120, was $150

The Ninja Foodi PossibleCooker Pro is capable of saving you a lot of counter space, as it can replace 14 different cooking tools and appliances. It can slow cook, steam, warm, sauté, steam, and roast, and it can do the work of appliances such as cast iron skillets, saucepans, stock pots, and Dutch ovens. It’s perfect for entertaining, as it has an 8.5-quart capacity that allows you to make foods like chili for up to 20 people. The Ninja Foodi PossibleCooker Pro cooks up to 30% faster than conventional ovens, and offers easy cleanup with a nonstick pot.

Read more
Fitness deals: treadmills, ellipticals, weights on sale
nordictrack x32i treadmill review press lifestyle

It's not talked about often, but staying healthy and exercising regularly can really help with your mental health, and if you're the sort of person who struggles to stay active, it can be tough. Luckily, there is a lot of great fitness equipment that can help motivate you to keep going with minimal effort. That's why home gym deals can be quite beneficial for those who struggle with exercise, but if you're just looking to start out with basics, then there are some great fitness deals on things like treadmills and dumbells available. We've collected some of our favorites below, but it's also worth checking out these NordicTrack deals and Bowflex deals.
Adjustable Dumbbell 25-pound 5-In-1 Single — $85, was $130

One of the worst things about dumbbell training is having too many dumbbells. They can take over your whole gym. This deal (on a SINGLE dumbbell, so buy two!) can take the place of five dumbbells in your complete gym kit. Instead of one 55-pound dumbbell, you're getting an 11-pound dumbbell, a 22-pound dumbbell, and so on up until the 55 pounder. This is advantageous if you're just starting out with working out and don't know what weight you need to start with or if you want to do different exercises with different weights. Finally, note that the design of the adjustable dumbbell is quite safe as you can only adjust the weights (via a simple handle turning mechanism) while they are laid carefully on tray. Once they're off, the weight is "locked in" so to speak until you return them to the try. No lost toenails here!

Read more
Best Dyson deals: Cordless vacuums, purifying fans, and beauty
The Dyson V15 Detect cordless vacuum with its laser.

If you aren't familiar with Dyson, it's a company that was first made famous by those fancy-looking bladeless fans but that has now taken that tech and spread out to a huge selection of products, including vacuum cleaners and hair straighteners. Unfortunately, it is a high-end brand, which means that all of its devices are pretty expensive; even the basic stuff, like its SuperSonic Hair Dryer, can cost up to $500, which is a lot of cash. Luckily, there are a lot of great deals floating around that you can take advantage of, and we've collected some of our favorites below.

That said, if you haven't quite found what you're looking for, you can check out these vacuum deals, cordless vacuum deals, and air purifier deals instead.
Best Dyson fan deals

Read more