Skip to main content

When everything is connected, how will we keep creeps out and private data in?

intelligence director warns iot spying connected privacy
Image used with permission by copyright holder
Here’s a test for you: Pull out your smartphone or tablet and open an app. Without going into your settings, do you know what data it’s collecting from you? What about how it’s transmitting that data, what it’s doing with that data, and with whom it’s sharing that data? “That’s a concern we all face,” says Raj Samani, CTO for EMEA at Intel Security and special advisor to the European Cybercrime Center.

It’s a concern, but it’s not one many people actively consider. “I think most people err on the side of, ‘I’m just going to permit everything, because I’m sure the people who made the application know what they’re doing,’” says Samani’s colleague Scott Montgomery, CTO for the Americas for Intel Security. But they don’t always have your best interests in mind. Samani once discovered a simple flashlight app, for instance, that was quietly accessing the phone’s contacts and sending the information back to the app’s makers. “People had no idea,” he says.

T-Mobile’s Kim Kardashian Super Bowl commercial had the tagline “It’s your data. Keep it.” Of course, it wasn’t referring to your personal data, but it’s that kind of information that people hand out like candy. Or to get candy. Samani says he’s witnessed people in department stores giving out all kinds of personal details just to get a bar of chocolate. “We need to be able to demand a fair value of our data. Sadly, what I see is people using loyalty cards and giving away their data for literally peanuts,” he says. “I think it’s getting worse. I think the perceived value of personal data is gradually decreasing.”

“We need to be able to demand a fair value of our data.”

Samani lives in the United Kingdom and is working with the European Commission to develop security and privacy standards for smart meters and the smart grid. He’s also involved with the European Privacy Directive 95/46/EC, which is aimed at providing guidance in regards to data privacy. One other project he’s very passionate about is working with governments to implement “personal data economies.” If this one had a Kardashian-style slogan, it could be “It’s your data; charge for it.”

The personal data economy is the idea that consumers should get more benefit — specifically financial — for their data, instead of just gaining access to an app. By 2020, the European personal data economy will be worth €1 trillion ($1.14 trillion), and individuals will see a €670-billion ($763-billion) slice of that pie, according to the Boston Consulting Group. Samani pictures it like an insurance site, where you plug in your information, receive a bunch of bids for it, and choose which one you want to sell your data to.

“If you go to a car manufacturer for example, they may be willing to pay up to $500 to get information about your car, what car you want to buy, your preferences, and so on and so forth,” he says. “You could actually monetize that data.”

If that idea makes you feel a little uncomfortable, Samani says you’re already monetizing your data — you’re just making very little profit. “When you use an app, and that particular app takes data from your phone, you’re monetizing that,” he explains. “The challenge becomes how can I begin to increase the value of that data, because people give away their personal data on social-media sites.”

Right now, it’s the companies that are benefiting from users’ data. Some people are happy to grant permissions to every app, letting them control the phone’s camera, access the contact, and see their locations. Others may not be aware that all this is taking place. “If I printed out the iTunes user agreement, and I rolled it up, and I hit you over the head with it, you could die. That’s how big it is. But no one pays any attention to what it says before they simply click through and agree to it,” says Montgomery.

The Federal Trade Commission recently released a report on the Internet of Things. While it stopped short of recommending legislation to regulate users’ privacy and security, it did have many strong warnings and suggestions for how consumers can protect themselves and how companies should behave. For example, makers of these devices shouldn’t store users’ data for eternity, and they shouldn’t use it for purposes that they haven’t disclosed. It may surprise some that such regulations don’t exist.

piper_photo_06_
Image used with permission by copyright holder

“I spend a lot of time working on cyber-crime issues, and we all rail against cyber criminals for utilizing the Internet for monetizing your personal data,” says Montgomery. “They steal aspects of your personal data, and they monetize it. Well, we’re really letting the industrial internet do the same thing; it’s just legal.”

Unlike in the E.U., there are also no legal repercussions in the U.S. for a company if a third party steals users’ data. But Montgomery thinks that could change. “When that becomes the vector [through which] their data is exposed and there is no regulatory oversight that protects them in those cases, that’s when I think you’ll see people sit up and take notice, because it does affect them,” he says. “I think a lot of people are going to have to suffer from that before people change their behavior.”

Smart-home device hacking is more a matter of “when” than “if.” A recent HP study found that every Internet-connected home security system it tested had critical flaws that made them vulnerable to spying. These include encryption issues, a lack of a lockout feature when trying to guess passwords, and a failure to require strong and complex passwords. Virtually every website you log into stipulates that your password must contain a mix of numbers and letters, at least so many characters long. These top security systems do not.

It’s possible that such specifications are built into the software, says Daniel Meissler, Practice Principal of the HP Fortify Team, but a decision was made by these companies to favor simplicity over security. For Meissler, it’s not surprising that device manufacturers are so lax on security; he says it’s familiar territory. We saw similar issues with networks, applications, and mobile. “Every time we switch from one space to another, we make all sorts of mistakes there,” he says. With the IoT, “We have to relearn these lessons.”

“If I printed out the iTunes user agreement, and I rolled it up, and I hit you over the head with it, you could die.”

However, he says these are not difficult problems to fix. “They have been solved already. There are people that know how; the question is will they make this investment.” In order for that to happen, he adds, consumers need to start putting pressure on manufacturers by opting for devices that make security a priority.

Part of the problem, Meissler believes, is a lack of awareness. But even when people know how dangerous lax security can be, they still choose “123456” and “qwerty” for their passwords. “It seems to be some sort of human limitation not fixable by a report or article,” he says.

Luckily, we may be approaching the day when passwords are a thing of the past. “This is one where there is certainly light at the end of the tunnel, purely around the area around authentication,” says Montgomery. “We’ve heard about the promise of biometrics or the ability to use physical characteristics about your own body to be your authentication mechanism, and I don’t think we’ve ever been closer as an industry to realizing that.”

He envisions a future where it will be a bit like Mission Impossible to get into your house; there could be retina and fingerprint scans, voice identification and facial recognition barriers before you’d be let in the door. More likely, though, it would be a two-factor authentication process. Turning on certain smart devices, especially ones that could compromise your physical safety, such as a smart car or a connected medical device, would require both a pin and a fingerprint scan, for example. It’s not a bulletproof solution, he says, but it’s much safer than what we’re doing now.

One area of research that excites Montgomery is using electrocardiograms for determine a person’s identity. “Your heartbeat is as unique a snowflake as you are,” he says, and this is true whether you’ve been exercising, sleeping, or startled.

It’s a little ironic that we may eventually have to give up these new pieces of personal data — the sound of our voice, the rhythm of our hearts, the pattern of our prints — to keep the rest of our information secure. Still, it seems nothing is stopping our march towards a fully connected world, and this could make us safer. “IoT will just be considered normal,” Meissler predicts. “I think it will come down to acceptance; both the security risks and the benefits.”

Jenny McGrath
Former Digital Trends Contributor
Jenny McGrath is a senior writer at Digital Trends covering the intersection of tech and the arts and the environment. Before…
This new air purifier from SwitchBot features a HEPA filter and can charge your smartphone
The SwitchBot Air Purifier Table near a bed.

SwitchBot has officially launched two new air purifiers -- the SwitchBot Air Purifier and the SwitchBot Air Purifier Table. Both are equipped with a HEPA filter to tackle all sorts of air particulates and allergens, though the Air Purifier Table offers several additional features that make it a more versatile member of your smart home.

Regardless of which air purifier you choose, you’ll get a capable device that can clean a 215-square-foot space in just over seven minutes. For a larger 1,800-square-foot space, that gets bumped up to an hour. Carrying a clean air delivery rate (CADR) of 236 cubic feet per minute and capable of operating at a quiet 20dB, it should be a solid choice for both standard bedrooms and larger living spaces. Along with a HEPA filter to remove bacteria, the SwitchBot Air Purifiers feature a carbon filter to extract pet odors from the air along with a pre-filtration layer to trap pet fur.

Read more
Serta’s Presidents Day Sale: Save Nearly $1,000 on Adjustable Mattress Sets
A couple in a Serta bed.

You don’t have to wait for a major holiday to snag deals on mattresses. Serta is offering up to $925 off select styles that’ll save you nearly $1,000 during their Presidents Day sale — and serve you with some hotel-worthy comfort. Whether you’re looking to upgrade your existing bed or are buying your first-ever mattress for a new home, refresh your bedroom without having to pay full price.

The best part? That’s not the only sale Serta is hosting. In addition to Presidents Day discounts, the mattress brand is celebrating their 25th anniversary and is giving you $25 Extra Birthday Bucks that’ll drop the price on certain mattresses and more sleep essentials. Keep reading to learn how you can get close to $1,000 off on a new mattress.

Read more
This Eufy robot vacuum is on sale with a $90 discount, but you need to hurry
The slim version of the Eufy BoostIQ Robovac 11s, with the power button glowing faintly.

If you need extra help in cleaning your floors, you should take advantage of robot vacuum deals. Here's an offer from Amazon that you wouldn't want to miss -- the Eufy 11S Slim for an affordable $160, following a 36% discount on its original price of $250. That's $90 in savings that don't appear often, and there's no telling how much longer this bargain will remain available. Buy this robot vacuum right now if you want to get it for a much lower price than usual.

Why you should buy the Eufy 11S Slim robot vacuum
The Eufy 11S Slim is a thinner and more budget-friendly version of the Eufy 11S Max, but it's still capable of getting the job done with its suction power of 1300Pa. With thickness of just 2.85 inches, it can slide under most furniture with ease, so it will be able to pick up dirt and debris that are hidden, and with the brand's BoostIQ technology, the robot vacuum will automatically increase its suction power whenever extra strength is necessary to finish cleaning.

Read more