Skip to main content

When everything is connected, how will we keep creeps out and private data in?

intelligence director warns iot spying connected privacy
Image used with permission by copyright holder
Here’s a test for you: Pull out your smartphone or tablet and open an app. Without going into your settings, do you know what data it’s collecting from you? What about how it’s transmitting that data, what it’s doing with that data, and with whom it’s sharing that data? “That’s a concern we all face,” says Raj Samani, CTO for EMEA at Intel Security and special advisor to the European Cybercrime Center.

It’s a concern, but it’s not one many people actively consider. “I think most people err on the side of, ‘I’m just going to permit everything, because I’m sure the people who made the application know what they’re doing,’” says Samani’s colleague Scott Montgomery, CTO for the Americas for Intel Security. But they don’t always have your best interests in mind. Samani once discovered a simple flashlight app, for instance, that was quietly accessing the phone’s contacts and sending the information back to the app’s makers. “People had no idea,” he says.

T-Mobile’s Kim Kardashian Super Bowl commercial had the tagline “It’s your data. Keep it.” Of course, it wasn’t referring to your personal data, but it’s that kind of information that people hand out like candy. Or to get candy. Samani says he’s witnessed people in department stores giving out all kinds of personal details just to get a bar of chocolate. “We need to be able to demand a fair value of our data. Sadly, what I see is people using loyalty cards and giving away their data for literally peanuts,” he says. “I think it’s getting worse. I think the perceived value of personal data is gradually decreasing.”

“We need to be able to demand a fair value of our data.”

Samani lives in the United Kingdom and is working with the European Commission to develop security and privacy standards for smart meters and the smart grid. He’s also involved with the European Privacy Directive 95/46/EC, which is aimed at providing guidance in regards to data privacy. One other project he’s very passionate about is working with governments to implement “personal data economies.” If this one had a Kardashian-style slogan, it could be “It’s your data; charge for it.”

The personal data economy is the idea that consumers should get more benefit — specifically financial — for their data, instead of just gaining access to an app. By 2020, the European personal data economy will be worth €1 trillion ($1.14 trillion), and individuals will see a €670-billion ($763-billion) slice of that pie, according to the Boston Consulting Group. Samani pictures it like an insurance site, where you plug in your information, receive a bunch of bids for it, and choose which one you want to sell your data to.

“If you go to a car manufacturer for example, they may be willing to pay up to $500 to get information about your car, what car you want to buy, your preferences, and so on and so forth,” he says. “You could actually monetize that data.”

If that idea makes you feel a little uncomfortable, Samani says you’re already monetizing your data — you’re just making very little profit. “When you use an app, and that particular app takes data from your phone, you’re monetizing that,” he explains. “The challenge becomes how can I begin to increase the value of that data, because people give away their personal data on social-media sites.”

Right now, it’s the companies that are benefiting from users’ data. Some people are happy to grant permissions to every app, letting them control the phone’s camera, access the contact, and see their locations. Others may not be aware that all this is taking place. “If I printed out the iTunes user agreement, and I rolled it up, and I hit you over the head with it, you could die. That’s how big it is. But no one pays any attention to what it says before they simply click through and agree to it,” says Montgomery.

The Federal Trade Commission recently released a report on the Internet of Things. While it stopped short of recommending legislation to regulate users’ privacy and security, it did have many strong warnings and suggestions for how consumers can protect themselves and how companies should behave. For example, makers of these devices shouldn’t store users’ data for eternity, and they shouldn’t use it for purposes that they haven’t disclosed. It may surprise some that such regulations don’t exist.

piper_photo_06_
Image used with permission by copyright holder

“I spend a lot of time working on cyber-crime issues, and we all rail against cyber criminals for utilizing the Internet for monetizing your personal data,” says Montgomery. “They steal aspects of your personal data, and they monetize it. Well, we’re really letting the industrial internet do the same thing; it’s just legal.”

Unlike in the E.U., there are also no legal repercussions in the U.S. for a company if a third party steals users’ data. But Montgomery thinks that could change. “When that becomes the vector [through which] their data is exposed and there is no regulatory oversight that protects them in those cases, that’s when I think you’ll see people sit up and take notice, because it does affect them,” he says. “I think a lot of people are going to have to suffer from that before people change their behavior.”

Smart-home device hacking is more a matter of “when” than “if.” A recent HP study found that every Internet-connected home security system it tested had critical flaws that made them vulnerable to spying. These include encryption issues, a lack of a lockout feature when trying to guess passwords, and a failure to require strong and complex passwords. Virtually every website you log into stipulates that your password must contain a mix of numbers and letters, at least so many characters long. These top security systems do not.

It’s possible that such specifications are built into the software, says Daniel Meissler, Practice Principal of the HP Fortify Team, but a decision was made by these companies to favor simplicity over security. For Meissler, it’s not surprising that device manufacturers are so lax on security; he says it’s familiar territory. We saw similar issues with networks, applications, and mobile. “Every time we switch from one space to another, we make all sorts of mistakes there,” he says. With the IoT, “We have to relearn these lessons.”

“If I printed out the iTunes user agreement, and I rolled it up, and I hit you over the head with it, you could die.”

However, he says these are not difficult problems to fix. “They have been solved already. There are people that know how; the question is will they make this investment.” In order for that to happen, he adds, consumers need to start putting pressure on manufacturers by opting for devices that make security a priority.

Part of the problem, Meissler believes, is a lack of awareness. But even when people know how dangerous lax security can be, they still choose “123456” and “qwerty” for their passwords. “It seems to be some sort of human limitation not fixable by a report or article,” he says.

Luckily, we may be approaching the day when passwords are a thing of the past. “This is one where there is certainly light at the end of the tunnel, purely around the area around authentication,” says Montgomery. “We’ve heard about the promise of biometrics or the ability to use physical characteristics about your own body to be your authentication mechanism, and I don’t think we’ve ever been closer as an industry to realizing that.”

He envisions a future where it will be a bit like Mission Impossible to get into your house; there could be retina and fingerprint scans, voice identification and facial recognition barriers before you’d be let in the door. More likely, though, it would be a two-factor authentication process. Turning on certain smart devices, especially ones that could compromise your physical safety, such as a smart car or a connected medical device, would require both a pin and a fingerprint scan, for example. It’s not a bulletproof solution, he says, but it’s much safer than what we’re doing now.

One area of research that excites Montgomery is using electrocardiograms for determine a person’s identity. “Your heartbeat is as unique a snowflake as you are,” he says, and this is true whether you’ve been exercising, sleeping, or startled.

It’s a little ironic that we may eventually have to give up these new pieces of personal data — the sound of our voice, the rhythm of our hearts, the pattern of our prints — to keep the rest of our information secure. Still, it seems nothing is stopping our march towards a fully connected world, and this could make us safer. “IoT will just be considered normal,” Meissler predicts. “I think it will come down to acceptance; both the security risks and the benefits.”

Jenny McGrath
Former Digital Trends Contributor
Jenny McGrath is a senior writer at Digital Trends covering the intersection of tech and the arts and the environment. Before…
Eve MotionBlinds Upgrade Kit and Blinds Collection join the Matter lineup
The Eve MotionBlinds Upgrade Kit being installed.

Eve is a prominent name in the smart home world, with the company responsible for a variety of devices covering everything from smart plugs and security cameras to smart light switches and motion sensors. Its catalog is growing even more enticing today, with the Eve Blinds Collection and MotionBlinds Upgrade Kit gaining Matter support.

The MotionBlinds Upgrade Kit will likely appeal to more customers, as it costs just $200 and works with most existing setups. Installation is as simple as removing your shades, placing the MotionBlinds Upgrade Kit through the roller rod, then reinstalling the unit on your windows. Blinds with a roller between 1.5 inches and 2.0 inches are compatible with the upgrade kit.

Read more
Philips Hue lights have a rare discount, but there’s a catch
A TV with ambient backlighting from Philips Hue.

One of the cool things about Philips Hue lighting is how much freedom it gives you over creating the perfect ambiance in your home. One of the cool things about buying Philips Hue products over at Best Buy right now is how much freedom Best Buy is giving you over what you buy to save money. Right now, when you buy two or more select Philips Hue smart lighting product in Best Buy's offer builder, you can save 15%. Tap the button below to start building your own bundle and see all of the products available. While they don't include the best smart light bulbs that Philips produces, you'll be amazed by the versatility of the lightstrips. Or keep reading for an overview of some of the top picks from the bundle.

What you should purchase from the Philips Hue offer builder
The place to start with this deal is the and the if you don't already have them. These are the devices that take your movies, music, and games and syncs them to your lights.

Read more
Samsung’s futuristic Jet Bot AI+ robot vacuum is $400 off
The Samsung Jet Bot AI+ Robot Vacuum cleaning the floor.

For families who need a lot of help in keeping their floors spotless, the Samsung Jet Bot AI+ is an investment that you'll want to make. It's pretty expensive at its original price of $1,300, but a $400 discount from Samsung pulls it down to $900. It's still not cheap, but this futuristic robot vacuum could be the only device that you need to keep dirt, debris, and pet hair away from your sight. You're going to have to complete your purchase for it as soon as possible though, as there's no telling when the offer expires.

Why you should buy the Samsung Jet Bot AI+ robot vacuum
The Samsung Jet Bot AI+ checks all the boxes in the features that are recommended by our guide on how to choose a robot vacuum. It's equipped with powerful sensors and object recognition technology that allows it to avoid furniture when it's cleaning your floors, while LiDAR technology allows it to create accurate maps of the rooms in your home so that it can properly navigate and clean more efficiently. The robot vacuum also features a five-layer filtration system that allows it to release clean air, and when it's done, it goes back to its Clean Station where it empties its contents.

Read more