IoT Security in the Home
As more and more household products are developed with Internet integration in mind, the shift towards an all-connected “Internet of Things” necessarily puts security in the spotlight. Since any Internet-connected device can be hacked, manipulated, and mined for personal information, how will security factor into the design, development, and implementing of these integrated household items? In other words — how can manufacturers ensure security in not only the connection between user and technology, but between different devices?
Since IoT is a network of devices exchanging data to allow for an easier integration between user and device, security is an essential part of making this integration more organic and seamless. As these devices are consistently exchanging personal data (particularly movement and behavioural sensors in household products), securing this data exchange, and allowing a transparent platform for the consumer to access the data, is crucial for the next step forward in integrated technologies.
Behaviour, Data, and Storytelling
Items like smart meters use data to represent behaviour, patterns, and other things about the consumers using them. While it is certainly important for energy companies to gather this kind of data about energy usage, what of the consumer? Just having the information there is useful (for the customer to predict monthly/weekly energy usage), but the dimensions of “ownership” are more crucial to note. Does the power company own the data sent off by the consumer, or does it belong to the consumer exclusively?
Legal and ethical issues like this are at the core of IoT development, especially when “painting a picture” of human behaviour through data exchange, pattern recognition, and self-automated machines. Ensuring an integration between user and object that is both natural and seamless as well as secure and transparent is a crucial step in making IoT the mainstream for everyday objects and services.
An IoT “Bill of Rights”
A few attempts at a “bill of rights” for the Internet of Things have been proposed and drafted over the past five years, but nothing has been set in stone as of yet. The debate essentially comes down to who owns the data exchanged between the user and the company that manufactured the product that passes on the data.
A key tenet of this consumer right to privacy and data access would be an initiative such as the green button system, in which consumers can securely and freely access information from integrated systems such as smart hydro meters and other objects that collect household data and usage patterns. While this is already in use in Canada and the U.S. for smart meters, seeing a similar system more widely implemented into other kinds of integrated objects and devices would ensure another level of security between user and software.
It would also highlight the idea of “ownership” regarding the consumer; a tenet of a bill of rights would be transparent ownership of data collected about the subject. This means that it must be freely accessible, and the consumer must give full consent of the use of their private information, as well as the right to deny companies' access to this information.
Identity and Data
How much data is too much? With some governments initiating more exhaustive online tracking legislation with sometimes-arbitrary security concerns (such as Canada's Bill C-51), your privacy has never been more important. Usually, data collected by IoT devices tracks usage and other behaviours, but what of more specific things, such as ethnic background, political affiliations, and Internet search history? With movements being tracked, and data being collected from those movements and actions, what kind of assumptions can governments make from this gathered data that could be erroneous, false, or politically motivated?
Having an established, standardized method of transparency and accountability for data exchange between consumers, companies, and governments, will be crucial in the coming years when IoT technologies become more commonplace. Security is certainly important, on a national scale as well as a personal one, but privacy and transparency between the private and public sectors is as well.
In short, the shift into a more organically integrated system of machines needs to have security and transparency as a top concern. This is not only a practical route of thinking about and designing IoT products, but a focus on security will ease sceptics who (rightfully) have reservations about security and the relationship between the private and public sectors.