Without a doubt, the Internet of Things can improve the function and reliability of many things including cars, appliances and indoor living and working environments, but at what cost? Does this function and reliability have to be at the expense of our personal privacy?
Every device connected to the Internet runs the risk of exposing sensitive personal data to those who would abuse it. Saying “who cares?” may be tempting when the implication is making thermostat data accessible to others. But consider that even such innocuous information such as thermostat data can be used to determine when you are home, when you are out, how many people are in your home and so on.
What about your car? Data about your driving habits can potentially be used to determine your location at certain times of the day, where you shop and so forth. Of course, a criminal could use that information to rob you or do you harm. But a much more likely scenario is that you would be bombarded by unwanted ads and spam emails. And personal privacy isn’t all that’s at stake; industrial data can also be compromised in the same way.
How can an individual’s data get misused? The company that collects data may choose to abuse the data, or sell the data to someone who has nefarious intent with it. Alternatively, a company that collects the data for legitimate reasons may get hacked, and the hacker steals the data. Systems in companies collecting data may have data leaks that transmit data to other companies using those systems or they may have exposures that allow hackers to steal customer data from those systems.
This scenario in turn can open the companies collecting the data to costly privacy mitigation efforts, lawsuits and it may even impact branding. Consider the recent rash of credit card identity thefts that have occurred at retail stores and the costly recovery efforts the hacked companies have had to perform. Now expand that risk to the tens of billions of points of data collection predicted to arise in the Internet of Things industry.
A manufacturer or operator choosing an Internet of Things provider needs to understand two things: privacy policies about their own use of their data and the precautions to take to protect that data from others. In cases of extreme sensitivity, processing data at the point of collection on private hardware rather than shipping it to a remote cloud-based system for processing may be necessary. At the very least, the data needs to be encrypted before being shipped to a cloud-based platform for further processing.