Internet of things – consumer dream or privacy nightmare?

16 Jun 2015, 12:28 pm

By Jos Creese, CreeseConsulting Ltd and former CIO, Hampshire County Council

The potential social and business benefits of sensors embedded into everyday objects and connected across the internet are becoming widely recognised. In theory this ‘Internet of Things’ (IoT) will make our lives richer, safer, healthier, more efficient and connected in ways that give us more control, especially work-life balance.

It will make businesses and governments more efficient and help to save the planet by finding better ways to use scarce energy and other resources. It will solve and prevent crimes through sophisticated monitoring, as well as establish the causes of accidents and reduce likelihood of recurrence. And it’s already here.

Jos-Creese---LD-FuturesYet at the same time there is growing concern; will all this data that is being collected about our lives and then linked and analysed be abused? Is there a risk that the data about us captured quietly in the background by ambient devices could be hacked and misused to our cost? What new skills might we need as citizens to balance the risks with the benefits of IoT?

What should be the role of democratic governments in protecting us and our civil liberties from the technology which is there to serve us? And do we trust our governments and corporations to look after our data and protect it, let alone to change our behaviours?

At present, IoT is still primarily about embedding sensors into equipment that allows us to monitor and manage our homes, the energy we consume and safety (e.g. in cars). But we can expect a future where biochips are implanted into our bodies and every object we touch or own could have a sensor capturing data which is shared and linked online. Light bulbs monitoring our movements will protect elderly people in their homes and sensors in pills will remind us to take medicine and check its effectiveness.

Cisco predicts that by 2020 there will be 50 billion devices on the Internet able to talk to each other, growing exponentially after that. An even more conservative estimate from Gartner suggests that there will be 26 billion connected devices by 2020. Potentially every object will be able to tell its own story, often about us, and will be able to think, feel and talk to each other.

The IoT is today growing quietly through the proliferation of smart sensors, miniature cameras, and embedded software, all linked by intelligent systems and tiny switches. That intelligence is already being interpreted and acted upon through our mobile phones, our online shopping habits, and our use of social media.

Currently, intelligent connections between these different devices are limited by a lack of common standards, but standardisation will come, driven by our own personal desires as well as the potential commercial value. This will allow the different digital ‘Lego blocks’ to connect together to uncover patterns in our lives and our habits that others can read like a book.

The chips that allow this to happen can cost less than a penny and can fit onto a pinhead. They need tiny amounts of energy to run for years, often using solar or minuscule batteries. It is this massive explosion in the proliferation of data which is underpinning the “big data” programmes, and governments are amongst the biggest investors in IoT.

George Osborne announced £40m for IoT in the last budget, President Obama has spoken of its importance to the US economy and the Chinese government is putting significant efforts into IoT research. They all want societies which are safer, more productive and have more influence in the world.

But IoT can also be used for surveillance and control. it’s easy to spy in the interests of safety, productivity and influence. No longer are we talking about bugs under tables or fitted into telephones, but the ability to intercept and to use data captured by sensors in equipment already existing in our homes, in our cars, in our streets, our offices and in our personal devices, monitoring our movements and activities and sharing them with businesses and governments.

What will the world really be like when others have the ability to analyse the digital traces that we leave from the way that we interact with the many smart devices around us? How comfortable will we be when our behaviour is tracked and targeted?

Any small discretion such as staying a few minutes late on a parking meter, or speeding 1kmph over the limit, will immediately be picked up. Will everything about us be reported to the authorities? Do we risk losing personal freedom as well as our privacy? Could we be unintentionally creating a Maoist state where it is embedded sensors in everyday equipment which reports us to the authorities, rather than envious or well-meaning neighbours, if we are not conforming in some way?

Moreover, as our devices do things for us automatically for us such as re-ordering shopping from the fridge, how far do we wish machines to do the thinking for us, even if they do it better, and who decides?

What about hidden sensors in devices which lie dormant until the right circumstances arise and are then triggered into action, collecting and transmitting data. Or what if they get used in the future for purposes for which they were never intended?

How do we control this in our homes, in the work environment and in our smart cities? Are we sure that international companies building IoT sensors to be sold across the globe will not be tempted to over-engineer these to capture data or sell our data onto others in the future?

Recent incidents of smart TVs collecting too much information about us and eavesdropping on this in our homes have been widely reported. Children’s toys exist today that interact with our children using the internet, recording dialogue and other information from within our homes. Apps are widely used which allow us to track our children, our spouses and our friends.

Given that we currently cannot protect our networks and Internet use from cybercrime, what is the danger when every device is connected and collecting information about us? What happens if that data is hacked by others who wish to extort money or favour from us? Rather than increasing our safety, does the IoT actually make us more vulnerable?

What happens when machines malfunction and the wrong or inaccurate data is recorded about us, and so make incorrect interpretations about us? How will the more vulnerable or less well-educated members of our societies protect themselves.

It is not the collection of individual data sets that is the biggest concern. I don’t mind if my Facebook page is publicly available (it’s my choice). The real risk lies in the connection between different data sets about us that can create much more subtle intelligence that define us as individuals and allow others to take commercial or other advantage.

In the near future, others could know more about us that we know about ourselves! The capacity to correlate data will be immense, and our devices are no longer the products, we are.

This may be all scaremongering and science fiction. But it is easy to lose sight of the potential risks alongside the commercial and public service enthusiasm about IoT and ‘big data’.

Research that talks about the ‘democratisation of data analytics’ without considering the risks, are just being naive. So we need to put in place some protections as we become increasingly transparent to governments, businesses and anyone else with an interest in finding out more about us.

Without some protection we may have to pay in future to remain private (like avoiding adverts on free services such as YouTube or Spotify) and those who cannot pay may, for example, be less able to get health care or insurance if information collected about them suggests that they are more expensive because of personal habits which do not conform to commercial or public service norms.

I believe that there are five areas which need attention, with international agreement that will allow the benefits of IoT whilst protecting individual privacy:

  1. User consent and anonymity. The ability for us to be able to decide how and when information about us is gathered. This includes a right to know what data has been captured about us, how we are being tracked, a well as how our data is being used and shared and how long it is held. This would include the right to challenge and to correct any errors. Few may choose in practice to opt out from much, but many will opt out from some – and the choice is important.
  1. Transparency. It’s important that nothing is hidden in what is being captured about us and where devices are collecting data in our homes, offices and streets. A rule of Open Data for business and governments is probably the biggest safeguard we can have.
  1. Regulation and legislation which place the emphasis and controls in favour of the citizen. This implies international regulation with appropriate consequences for breaches. For the UK this should be covered by the Data Protection Act – but a review is needed against the emerging issues from IoT.
  1. The availability of free IoT vulnerability tracking apps, like current internet security and virus checking and web filtering. Such facilities would scan for devices in our homes, identify what they collect, alert us to any changes and allow them to be blocked or switched off on our local networks when appropriate.
  1. Education. Everyone needs to be aware of the risks as well as the benefits of IoT and to be equipped with the knowledge and skills so we can ensure we retain control. There is a responsibility of governments, agencies, schools, colleges and businesses to raise digital literacy levels in their communities and customer base.

It is easy to be frightened of technology and to whip up a picture of the future which has more of a place in a sci-fi movie.

The Internet of Things is the next exciting stage in harnessing the power of IT for social, environmental and economic good. It is also inevitable. But we should be under no illusions regarding the potential risks, and ensure in democracies at least, that we as individuals remain in control. That way we will be able to strike the balance between the benefits and our individual and community freedoms.


Image: Jos Creese speaking at last week’s Local Digital Campaign event on the Internet of Things held in London.