Experts warn of privacy fears caused by Internet of Things
In many cases firms collecting data via IoT don't need public's trust or permission, says expert panel
Experts have warned that new internet of things technologies and applications do not respect individuals' privacy, and that most consumers don't understand the privacy implications of the technology they use.
Speaking at the IPExpo conference in London recently, Harvey Lewis, director at Deloitte MCS pointed to CCTV networks in many large cities as an example of a connected technology that risks infringing privacy rights.
"CCTV cameras and other sensors are watching you and recording information about you, and algorithms can recognise and track you as you move from place to place," said Lewis. "Even if you're not instrumented yourself, data about you, your lcoation and your health, can be monitored even though you're not connected.
"There's a Japanese company which has invented a technology which can measure your pulse and breathing rate using nothing but the modulation of WiFi signals in a room," he said.
James Hatch, director of BAE systems applied intelligence, explained that there is a difference in the dangers of IoT use when it affects consumers, as opposed to its more mature use in industrial environments.
"The challenges for IoT around security and privacy are not solved," Hatch began. "In the industrial world, with companies being responsible for the safety and reliability of their systems, that's manageable. But in this world where the IoT and the consumer world overlap, individuals don't have the time, incentive or expertise to make intelligent decisions."
Hatch explained that the same dangers caused by a lack of consumer understanding are present when people download apps onto their mobile devices.
"You download an app, it asks if you're happy with its terms and conditions, and we just accept them. When that's not just taking abstracted data off your phone but taking physical data connected to it, there is a danger there that we overstep ourselves. There is a change in level of concern people have, new generations don't have big concerns about privacy."
Hatch continued to raise concerns about the growing importance of technologies which have yet to have such fundamental concerns resolved.
"I'm worried about the creeping business criticality of these things. WiFi has only been widescale for five years or so. You start using it and think it's amazing, but it's now almost a fundamental human right. So you get to a situation where some people take IoT technologies up thinking they're convenient, but they soon become critical to our lives.
"It will be critical in healthcare first, then we'll find we're dependent on it and no one's in charge of security and privacy," argued Hatch.
[Turn to page 2]
Experts warn of privacy fears caused by Internet of Things
In many cases firms collecting data via IoT don't need public's trust or permission, says expert panel
Lewis said that it's important to help consumers understand the deals they're really making when they consume free services.
"On the consumer side it is about establishing a clear contract between an organisation and the consumer about the benefit they get in exchange for their data. You see that working successfully in some industries, like satellie navigation services. You receive information about the density of traffic on your route, and you give away your location data for that. Those examples and use cases need to be out there so you understand the value of interconnected devices, and the reason for giving away your data," he explained.
But Alicia Asin Perez, CEO and co-founder of IoT platform provider Libelium, felt that organisations have been abusing individuals' privacy for years, and IoT does nothing worse than what is now seen as standard practise in retail.
"There's a lot of hypocrisy about privacy," said Perez. "The only thing people know about privacy is they now don't have it. But loyalty cards in supermarkets have existed for a long time, and people use them.
"The real debate is not about how far can we go, because many services are free, and we know if the product is free, then the product is you. So you must be able to assert your right to disconnect and disappear. There's been so much debate lately on social networks about that right, and we still don't have it," argued Perez.
Hatch added that organisations need to earn their customers' trust before they start playing fast and loose with their data, but admitted concerns that the IoT will create an environment where individuals have no idea how their data is being harvested and used, and so that trust simply isn't needed.
"We have an enduring relationship with some organisations like our mobile phone provider. Where you have that formal realtionship, the rules there are getting better, with new EU regulations coming.
"But firms must understand that if they want an enduring relationship with consumers and if they want to earn money from that, they have to be trusted. But where that corporation doesn't need our trust, the IoT will create more of those situations and it will be harder for that standardisation to happen."