The Internet of Things Takes Over: Are We Sacrificing Our Privacy and Security for Convenience?
By Ian Grecco, Staff Writer
How society uses the Internet is constantly transforming. The Internet of Things (IoT) is a relatively new concept and uses the Internet to control objects for people’s everyday life. The IoT lacks a concrete definition, but one definition describe the IoT as things such as devices or sensors -normally excluding computer, smartphones – that connect, communicate, or transmit information between other devices through the use of the internet, creating a massive interconnected system that sends and receives data.[1] The IoT includes over 25 billion connected devices worldwide, including fitness trackers, Wi-Fi connected appliances, home automation systems that turn on your front porch light when you leave work, house thermometers, and many more items. [2] Experts expect this number to double or even triple to 50-75 million connected devices worldwide.[3] Even though the IoT has been relevant for more than a decade, its rapid use in present day raises some significant concerns to the public and the branches of government.
Congress recently attempted to frame legislation to address potential privacy and security problems of the IoT. As history has shown, the Internet provides vast opportunities for hackers to access personal data from the public. This is a major concern for the government to try to protect the public’s 25 billion connected devices from being susceptible to hackers. For the past several years, President Obama persistently advocated for consumer rights for “Big Data” relating to online privacy consumer rights.[4] The president urged Congress to pass data-breach notification requirements for consumers, and a separate plan limiting data collection on children and teenagers, but the tech companies greatly opposed the legislation, complaining it would suppress innovation.[5] President Obama supports firmer rules for notifying customers of attacks, specifically a 30-day deadline.[6] President Obama also proposed his “Consumer Privacy Bill of Rights” which attempts to give Internet users more control over what personal data organizations collect from them.[7] In this manner, anyone who has used the Internet for shopping knows that when shopping for a specific item such as a television, inevitably leads to other browsing websites advertising televisions for days, if not weeks, after a user shopped for a television.[8] Attempting to limit this access to individuals’ personal data is a major concern to the public, and is not an easy issue for any branch of Government to resolve.
Even though recently Congress has been proactive in trying to create an appropriate legislation for the IoT, there is too much to try to predict in creating effective guidelines relating to privacy and security. Additionally, Congress normally must understand as much as possible about an issue before legislating, tending its legislative history of being reactive rather than proactive. Donald Ritchie, a recently retired Senate historian, explains this best as he stated “Congress is often a little behind the curve. They have to perceive there’s a problem. And the advocates and lobbyists have to tell them there’s a problem before they actually do something about it.”[9] In regards to the IoT, there has yet to be a massive breach releasing personal data from IoT devices, which ultimately creates a wait and see approach for Congress to address these issues. There are simple scenarios that expose the public to even a breach in their homes, such as a hacker controlling the house thermostat and emailing the homeowner, refusing to release control of the thermostat unless a stated monetary amount is sent online. This is not a farfetched example and the ability to breach these types of devices was shown by researches.[10] Thus, Congress must try to be as proactive as possible, especially its IoT Caucus consisting of 13 members.
The Federal Trade Commission (FTC) recently weighed in on the issue by issuing a 71-page report on the IoT. In this report, the FTC urged the tech companies to research and implement its own security measures from the start of each new released product, in an attempt to minimize the amount of data the new device collects from the start.[11] Additionally, the FTC recommended that when a security risk is identified, consider a “defense-in-depth” strategy whereby multiple layers of security may be used to defend against a particular risk; and consider measures to keep unauthorized users from accessing a consumer’s device, data, or personal information stored on the network.[12] These recommendations would help to provide more security to the individual.
As the IoT continues to grow, the threat of potential breaches of the millions of devices will be more prevalent and widespread. Even with Congress and the President aware of the potential risks, inevitably some personal data of individuals will be accessed by hackers. However, how much of this personal data will depend primarily upon security advances made by companies of the IoT devices. We have all witnessed large-scale data breaches of giant retail stores such as Target, and even the recent example of hackers accessing over 21 million peoples’ personal information stored in the Office of Personnel Management computer system.[13] Thus, data breaches will most definitely occur in the future, but with the IoT, these breaches may be even more personal as devices in the homes of millions of people will potentially be hacked. Even in their own homes, people may never have privacy and feel completely secure as the IoT takes over everyday life
[1] https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf
[2] http://www.troutmansanders.com/the-internet-of-things–is-legislation-coming-02-03-2015/?utm_source=Mondaq&utm_medium=syndication&utm_campaign=View-Original
[3] Id.
[4] http://www.politico.com/agenda/story/2015/06/internet-of-things-caucus-legislation-regulation-000086
[5] Id.
[6] Id.
[7] Id.
[8] http://www.afcea.org/mission/intel/documents/InternetofThingsFINAL.pdf
[9] http://www.politico.com/agenda/story/2015/06/internet-of-things-caucus-legislation-regulation-000086
[10] http://www.darkreading.com/perimeter/the-internet-of-things-7-scary-security-scenarios/d/d-id/1316659?image_number=3
[11] https://www.ftc.gov/news-events/press-releases/2015/01/ftc-report-internet-things-urges-companies-adopt-best-practices
[12] Id.
[13] http://www.cnn.com/2015/07/09/politics/office-of-personnel-management-data-breach-20-million/
