When everything is connected, how will we keep creeps out and private data in?

intelligence director warns iot spying connected privacy
Here’s a test for you: Pull out your smartphone or tablet and open an app. Without going into your settings, do you know what data it’s collecting from you? What about how it’s transmitting that data, what it’s doing with that data, and with whom it’s sharing that data? “That’s a concern we all face,” says Raj Samani, CTO for EMEA at Intel Security and special advisor to the European Cybercrime Center.

It’s a concern, but it’s not one many people actively consider. “I think most people err on the side of, ‘I’m just going to permit everything, because I’m sure the people who made the application know what they’re doing,’” says Samani’s colleague Scott Montgomery, CTO for the Americas for Intel Security. But they don’t always have your best interests in mind. Samani once discovered a simple flashlight app, for instance, that was quietly accessing the phone’s contacts and sending the information back to the app’s makers. “People had no idea,” he says.

T-Mobile’s Kim Kardashian Super Bowl commercial had the tagline “It’s your data. Keep it.” Of course, it wasn’t referring to your personal data, but it’s that kind of information that people hand out like candy. Or to get candy. Samani says he’s witnessed people in department stores giving out all kinds of personal details just to get a bar of chocolate. “We need to be able to demand a fair value of our data. Sadly, what I see is people using loyalty cards and giving away their data for literally peanuts,” he says. “I think it’s getting worse. I think the perceived value of personal data is gradually decreasing.”

“We need to be able to demand a fair value of our data.”

Samani lives in the United Kingdom and is working with the European Commission to develop security and privacy standards for smart meters and the smart grid. He’s also involved with the European Privacy Directive 95/46/EC, which is aimed at providing guidance in regards to data privacy. One other project he’s very passionate about is working with governments to implement “personal data economies.” If this one had a Kardashian-style slogan, it could be “It’s your data; charge for it.”

The personal data economy is the idea that consumers should get more benefit — specifically financial — for their data, instead of just gaining access to an app. By 2020, the European personal data economy will be worth €1 trillion ($1.14 trillion), and individuals will see a €670-billion ($763-billion) slice of that pie, according to the Boston Consulting Group. Samani pictures it like an insurance site, where you plug in your information, receive a bunch of bids for it, and choose which one you want to sell your data to.

“If you go to a car manufacturer for example, they may be willing to pay up to $500 to get information about your car, what car you want to buy, your preferences, and so on and so forth,” he says. “You could actually monetize that data.”

If that idea makes you feel a little uncomfortable, Samani says you’re already monetizing your data — you’re just making very little profit. “When you use an app, and that particular app takes data from your phone, you’re monetizing that,” he explains. “The challenge becomes how can I begin to increase the value of that data, because people give away their personal data on social-media sites.”

Right now, it’s the companies that are benefiting from users’ data. Some people are happy to grant permissions to every app, letting them control the phone’s camera, access the contact, and see their locations. Others may not be aware that all this is taking place. “If I printed out the iTunes user agreement, and I rolled it up, and I hit you over the head with it, you could die. That’s how big it is. But no one pays any attention to what it says before they simply click through and agree to it,” says Montgomery.

The Federal Trade Commission recently released a report on the Internet of Things. While it stopped short of recommending legislation to regulate users’ privacy and security, it did have many strong warnings and suggestions for how consumers can protect themselves and how companies should behave. For example, makers of these devices shouldn’t store users’ data for eternity, and they shouldn’t use it for purposes that they haven’t disclosed. It may surprise some that such regulations don’t exist.

piper_photo_06_

“I spend a lot of time working on cyber-crime issues, and we all rail against cyber criminals for utilizing the Internet for monetizing your personal data,” says Montgomery. “They steal aspects of your personal data, and they monetize it. Well, we’re really letting the industrial internet do the same thing; it’s just legal.”

Unlike in the E.U., there are also no legal repercussions in the U.S. for a company if a third party steals users’ data. But Montgomery thinks that could change. “When that becomes the vector [through which] their data is exposed and there is no regulatory oversight that protects them in those cases, that’s when I think you’ll see people sit up and take notice, because it does affect them,” he says. “I think a lot of people are going to have to suffer from that before people change their behavior.”

Smart-home device hacking is more a matter of “when” than “if.” A recent HP study found that every Internet-connected home security system it tested had critical flaws that made them vulnerable to spying. These include encryption issues, a lack of a lockout feature when trying to guess passwords, and a failure to require strong and complex passwords. Virtually every website you log into stipulates that your password must contain a mix of numbers and letters, at least so many characters long. These top security systems do not.

It’s possible that such specifications are built into the software, says Daniel Meissler, Practice Principal of the HP Fortify Team, but a decision was made by these companies to favor simplicity over security. For Meissler, it’s not surprising that device manufacturers are so lax on security; he says it’s familiar territory. We saw similar issues with networks, applications, and mobile. “Every time we switch from one space to another, we make all sorts of mistakes there,” he says. With the IoT, “We have to relearn these lessons.”

“If I printed out the iTunes user agreement, and I rolled it up, and I hit you over the head with it, you could die.”

However, he says these are not difficult problems to fix. “They have been solved already. There are people that know how; the question is will they make this investment.” In order for that to happen, he adds, consumers need to start putting pressure on manufacturers by opting for devices that make security a priority.

Part of the problem, Meissler believes, is a lack of awareness. But even when people know how dangerous lax security can be, they still choose “123456” and “qwerty” for their passwords. “It seems to be some sort of human limitation not fixable by a report or article,” he says.

Luckily, we may be approaching the day when passwords are a thing of the past. “This is one where there is certainly light at the end of the tunnel, purely around the area around authentication,” says Montgomery. “We’ve heard about the promise of biometrics or the ability to use physical characteristics about your own body to be your authentication mechanism, and I don’t think we’ve ever been closer as an industry to realizing that.”

He envisions a future where it will be a bit like Mission Impossible to get into your house; there could be retina and fingerprint scans, voice identification and facial recognition barriers before you’d be let in the door. More likely, though, it would be a two-factor authentication process. Turning on certain smart devices, especially ones that could compromise your physical safety, such as a smart car or a connected medical device, would require both a pin and a fingerprint scan, for example. It’s not a bulletproof solution, he says, but it’s much safer than what we’re doing now.

One area of research that excites Montgomery is using electrocardiograms for determine a person’s identity. “Your heartbeat is as unique a snowflake as you are,” he says, and this is true whether you’ve been exercising, sleeping, or startled.

It’s a little ironic that we may eventually have to give up these new pieces of personal data — the sound of our voice, the rhythm of our hearts, the pattern of our prints — to keep the rest of our information secure. Still, it seems nothing is stopping our march towards a fully connected world, and this could make us safer. “IoT will just be considered normal,” Meissler predicts. “I think it will come down to acceptance; both the security risks and the benefits.”

Smart Home

This Silicon Valley studio rents for $1,500 per month — to 2 cats

A man in San Jose, California, rents a studio apartment for $1,500 per month for a very important reason: So his daughter's two cats have a place to call their own. It may be the swankiest cat pad on the West Coast.
Photography

From DIY to AAA, here's how to take a passport photo in 6 different ways

If you're applying for a passport or renewing one, you need to submit a photo in your official application. There are strict guidelines, but fortunately, it's something you can do at home. Here's how to take a passport photo.
Computing

Yes, Android apps can run on your PC, and it's easier than you think

Wish you knew how to run Android apps in Windows? It's easier than you might think and there are a number of different ways to do it. In this guide, we break down the steps so you can follow along with ease.
Home Theater

Here’s why you’re not getting Netflix in HD or 4K, and how to fix it

Are you having trouble watching your favorite movies or TV shows on Netflix in HD or 4K? We explain why loading takes so long, why the picture quality fluctuates, and what you can do about it.
Mobile

Is your smartphone frozen? Here's how to reset your iPhone

You can do a lot with an iPhone, but if you ever run into an issue with it, the first thing you should do is restart it. In this guide, we tell you how to reset your iPhone, and explain how it differs from a factory reset.
Deals

Amazon drops prices on Roomba robot vacuums by up to $150

Amazon is offering discounts on iRobot Roombas and other robot vacuums to help you get a leg-up on those chores. We've rounded up the best deals available now and put them all in one place.
Emerging Tech

CES 2019 recap: All the trends, products, and gadgets you missed

CES 2019 didn’t just give us a taste of the future, it offered a five-course meal. From 8K and Micro LED televisions to smart toilets, the show delivered with all the amazing gadgetry you could ask for. Here’s a look at all the big…
Smart Home

Speed up cooking with one of the best pressure cookers on the market

Not all pressure cookers are created equally. You have to choose between stovetop cookers, multicookers, canners, and even microwave cookers. Our pressure cooking buyer's guide includes our picks for the best in each category.
Smart Home

Brew it fast, hot, and flavorful with our favorite coffee makers

Whether you're looking for a simple coffee maker to get you through the morning or a high-end brewer that will impress your taste buds and your friends, you'll find some of the best coffee makers around on this list.
Smart Home

This just in: Alexa can now deliver the news like a professional newscaster

The Amazon Alexa team has given Alexa a newscaster voice that improves the way she delivers the news and reads Wikipedia articles, making the smart assistant easier to understand.
Product Review

Ring Video Doorbell 2 is the simplest entry into a smarter doorway

The Ring Video Doorbell 2 may lack the style and sophistication of premium door-dingers, but few can match its simplicity and versatility. The device, available in both wired and wireless configurations, is easy to set up and adds instant…
Smart Home

Ring security camera catches man licking the doorbell for hours

A family in Salinas, California had their Ring camera capture something pretty unexpected: a man licking the doorbell outside of their home for more than three hours. The incident took place around 5:00 a.m.
Smart Home

GHSP makes a (back)splash with its touchscreen concept kitchen

One of the coolest concept kitchens from CES 2019 came from GHSP. It created a backsplash entirely made of touchscreens. That means the control panel for your kitchen is accessible no matter where you are.
Product Review

Kwikset Kevo Contemporary review

Tired of carrying around keys? Make keyless entry so easy that all you have to do is have your phone nearby to open the door. It’s a little pricey, but sleek lines and simple features make the Kwikset Kevo Contemporary a great choice for…