The U.S. Federal Trade Commission (FTC) used a one-day workshop to highlight security and privacy issues prompted by so-called “Internet of Things.” But attendees at the event may have walked away with a more ambiguous message, as prominent technologists and industry representatives questioned whether conventional notions of privacy had much relevance in a world populated by billions of Internet-connected devices.
“I don’t feel like privacy is dead,” keynote speaker Vint Cerf, a Vice President and Chief Internet Evangelist at Google, told an audience at the FTC workshop. “I do feel like privacy will be increasingly difficult for us to achieve,” Cerf warned.
And Cerf wasn’t alone in wondering whether that might not be such a bad thing – or even that unusual. “Is privacy an anomaly?” Cerf wondered aloud, recalling his experience living in a small, German town where the “postmaster knew what everyone was doing.” Our modern concept of being ‘alone in the crowd’ is a fairly recent one, borne of the industrial revolution and the growth of urbanization, Cerf said.
Addressing the workshop (PDF), Commissioner Maureen Ohlhausen said that The Internet of Things has “the potential to transform many fields, including home automation, medicine, and transportation.” However, “the ability to collect large amounts of information and, in some cases, to act on that information also raises important consumer privacy and data security issues.”
The FTC, she said, should use its traditional role as a consumer advocate to investigate IoT technology and provide consumers with a reliable source of information on the dangers that the technology poses. It should also use its enforcement powers to identify and punish “bad actors” that might damage the overall reputation of the IoT, she said. The FTC has already warned publicly about the dangers posed by shoddily developed and deployed IoT products. In September, the Commission announced settled a complaint against TRENDnet, the maker of the SecurView home security cameras. The FTC had charged the Torrance, California company with selling “faulty software that left (the cameras) open to online viewing” by anyone who knew the device’s IP address. But security issues with IoT products aren’t uncommon, and there are many cases to the SecurView case where the Commission has yet to take action.
Tensions between the social benefits and costs of new technologies and the Internet of Things cropped up in many discussions during the one-day event, which featured workshops on Internet-connected “Smart Homes,” “Connected Vehicles,” and “Connected Health and Fitness.” The panel on “Connected Vehicles” saw noted researcher Tadayoshi Kohno of the University of Washington sparring with Christopher Wolf of the tech industry-backed Future of Privacy Forum.
Kohno argued that the sophistication and number of different computers and wireless sensors in modern vehicles created the potential for malicious actors to remotely attack and control them – potentially in ways that could cause harm or death. Wolf countered that the safety and health benefits of features like GPS sensors, remote monitoring and control and crash detection systems far outweighed the dangers. Apparently a Tesla owner, Wolf noted that his car maker that very day pushed out a firmware update for the car that automatically raised its suspension, preventing accidents or fires.
Not everyone saw it as an ‘either-or’ situation. Jeff Hagins, the Co-Founder and CTO of SmartThings, an IoT platform provider, said that important questions about security and privacy need to be answered. “From a security and privacy perspective, (IoT) companies do not have skill sets they need or they’re not applying it properly so that they can be secure from top to bottom,” he said. Hagins also said that important questions need to be resolved about who owns the volumes of data produced by IoT products. “As a consumer, I’m concerned. We as consumers and owners of things need to own data that comes from them,” he said. “They’re our things, it should be our data.”
It was Cerf, an éminence grise of the technology industry, who seemed to strike the most balanced view. Cerf helped develop the TCP/IP protocol that is the Internet’s lingua franca. Speaking on Tuesday, he acknowledged that the headlong pace of technological change was challenging social norms that have developed over centuries – or even millennia.
The interplay of ubiquitous, Internet-connected sensors and devices might cause unforeseen problems. “Technology use today has far outstripped our social intuition,” Cerf said, using the example of how an individual inadvertently captured in a vacation snapshot might subsequently get “tagged” in the photo and be in the position of having to explain his or her presence at that location and time. However, he said that social norms would have to adapt by trial and error. “We will live through situations where people get embarrassed or go to jail because of these technologies. We may need to develop social conventions that are more respectful of people’s privacy,” Cerf said.
Pingback: The Security Week In Review: Same Breach, Different Day | The Security Ledger
Pingback: Privacy and Cybersecurity Weekly Digest | The CACR Supplement
Pingback: Amphion Forum: Spotlight on Security and Internet of Things | The Security Ledger
Pingback: Cars Become Gadget-ized, Govt. Warns On Privacy Risk | The Security Ledger