IoT: Convenience vs. Privacy. Where do you draw the line?

We all accept that terms and conditions of use are a part of our relationship with technology these days. But where does the line of “acceptable use” and “legal collection of data” get drawn? Adults make this decision and often disregard the implication because they are just that, adults and often don’t care about their data enough.

But what about the children?

When children become involved it often becomes another matter. Our friend Kayla is just one example and lawsuits in the US around children’s toys that act similarly are in progress (see Disney and COPPA compliance).

The question that should be asked is should the line be raised or lowered?

We all seem to agree that children have the right to a private life but we seem to acknowledge that as adults we accept that our information is the price of admittance to the internet. Should it be?

The question really boils down to “is the internet a public entity which is the right of humanity to access as part of a democratic planet?” or “is the internet the sole ownership of private firms with oversight by the government which makes it a media source like any other?”.

Let’s break this down

The first question implies a freedom to do or say anything as free speech but falls apart as voices that are unsavoury appear or exercise this right or collect and abuse data which the user never intended to disclose. The latter implies a system where free market rules apply but with the caveat that it won’t necessarily be a fair playing field which is more akin to a shopping mall and the AOL approach to internet engagement and a walled garden/ISP approach. Yes, they still exist, and yes, they still have large numbers of users, with 2.1 million of them still on dial up.

…and the IoT?

IoT lives with a foot in each camp. It espouses great potential and bleeding edge technology while actually requiring monetisation of data it collects, it presents itself as a utopian dream of making our lives easier through technology but has little restrictions on how that technology might be abused, copied, mishandled or fail to operate long term.  It also breaks the trust model we have come to expect from our technology.

We might expect our toaster to remember what our toast setting should be for crumpets in the morning, but we don’t expect it to rat on us if we are late leaving for work and it notifies someone that we didn’t leave the house till 5 minutes after the train departed so our story of “just missing it” has resulted in an angry boss who and an all too smug toaster. While we aren’t in this position yet, we aren’t far off elements of it.

This isn’t just a “public” problem. Those in the military have stated that our gadgetry has exposed us to vectors we never had to deal with before: https://defensesystems.com/articles/2017/05/09/article_0.aspx . Todays army is “followed” by a tech trail that anyone good, bad or indifferent in terms of political views can collect. This creates a problem in modern warfare and it creates a similar security issue at home. As Lt. Gen Robert Ashley puts it. Technology per se is not a menace but the “real game changer is how you operationalize it,” Predicting that usage is hard if not impossible.

So ask yourself three simple questions when you apply technology in your home or carry it with you. This applies to the hardware, the operating systems it uses and the applications you install on it.

1. What do I use this for and how often do I use it?

If the answer is “limited” or “rarely” think of powering it down when not in use (saving energy) or uninstalling it (for apps) from the device and reinstalling it once it’s needed again. A quick review of my own old devices revealed that about 1 in 5 apps I installed and used less than 10 times in the life of the phone (over a 2 year period). Looking back I could have easily uninstalled them and downloaded them again when they were required.

2. If you do need the technology or the app regularly then be aware of what data it collects, what permissions it needs, and will it remain active and “alive” even when it’s not doing the thing it is designed to do for you?

Many apps and devices serve alternative purposes such as polling other apps to see what you ARE using more regularly than it, and other devices in its general area. If your toaster asks for access to your outlook calendar, then just be aware it may not be just thinking about how brown your toast needs to be.

3. If you don’t understand the technology then either you should understand it more, or consider not using it.

This one is hard. We, as humans, want what we want, but we don’t always understand the consequences of those actions. The onus will always be on the user (at present) to do their homework and sometimes there isn’t study material to work from. This goes for business too, and any admin should understand the implications of bringing a device with unknown protocols and comms traffic into a secure environment.

If you are a business consider implementing an “IoT” network, where all devices of unknown communication status live, disconnected from the rest of the wider network unless there is a satisfactory business purpose AND security review. Home users – you’ll have to learn more and that means demanding more from suppliers to clearly indicate what a technology does and how it does it. Similar to food labelling we should one day see “this device is internet enabled” with clear marking on the data it may collect and how much of a risk it poses to you if unsecured, lost or stolen.

Wherever your personal line is, I suggest you regularly assess what technology you have that might cross it. There may always be exceptions out there and you may even be limited by suppliers as they integrate this tech into our lives. Understanding how technology might covertly collect information about us isn’t easy, and it never will be, but in the end you always have the power to choose, even if the only way to win is not to play.