For several years we have been carefully observing the evolution of the Internet of Things (IoT). For those not familiar with the term, it refers to the connectivity of virtually every modern “smart” device that is being manufactured for the home, office, automobile … you name it. If it has a “chip” and can access Internet, then it is at least potentially linked to — and sharing information with — all of the other connected devices scattered across the globe.
Much has been written about this evolutionary advance in technology in books, blogs and magazine articles and writers are generally divided into two camps: those who espouse the IoT and all the benefits it brings to society, and, those who warn of its dangers, especially as concerns the security of all those connected “things.”
On the one hand, as Justin Zeefe notes in Cybersecurity in Our Digital Lives, “Increasing the number of connected devices proportionately increases the available attack surface for malicious actors(.)” Tech journalist Cliff Saran expresses the flip side of this cautious proposition in an article for Computer Weekly: “The internet of things will transform everyday life, from managing airports’ passenger flows to heating buildings and caring for the elderly.”
While these two camps debate the positives and negatives of the IoT, what no one seems to be concerned with is its financial ramifications. Who will benefit financially from all the connectivity? And further, as Dr. Ian Malcolm says in Jurassic Park, “Your scientists were so preoccupied with whether or not they could, that they didn’t stop to think if they should.” Are we obliged to connect every computer-enabled thing to every other computer-enabled thing just because we can?
While there certainly will be benefits to the consumer, the organizations that harvest the enormous reams of data generated by the IoT are likely to be the big winners financially. For example, based on your buying habits, and information shared by your appliances, appliance companies will be able to offer you a deal on a new refrigerator just as your old unit breaks down. Say your vehicle needs new tires. The IoT reports that information to tire retailers, who then bombard you with e-mails for great deals.
Even seemingly insignificant purchases could lead to an intrusive landslide of sales offers. Sites like Amazon already track your every click in a mad attempt to anticipate your next purchase. Imagine if your printer were to indicate that it needs a new cartridge and then report that via the internet. You might soon be awash in streaming ads tailored to your printing needs.
Passive devices that rarely if ever command your direct attention could potentially contribute to the invasion of your privacy. As home thermostats share information on energy consumption, consumers can anticipate receiving customized offers from HVAC firms offering more efficient systems, or from power companies offering streamlined power consumption plans.
Writing for data titan MAPR, Kirk Borne says, “The economic impact and benefits of the IoT will be huge. Gartner predicts that the aggregated value and economic benefit of the IoT will exceed $1.9 trillion in the year 2020 alone.” Organizations that can quickly monitor your activities and needs, and then be first to entice you to buy, sell, or trade, will be the winners.
What about privacy? There are many who enjoy sharing minute details of their personal lives via social media. This is a voluntary activity — and not often smart. The problem with the IoT is that, as it entwines deeper and deeper into our lives, third-party data harvesting tools observe, record and share, with an unknown number of people, very sensitive details of our day-to-day activities. To the detriment of the average individual, there are few if any filters in place to sift out information we might not wish to share.
Imagine if you were denied auto insurance, or asked to pay higher premiums, because your car reported that you habitually exceed speed limits, brake too hard, or drive aggressively? Some U.S. cities are already shifting to utility payment programs that replace tiers (home, business, and so forth) in water plans with actual usage data. Good for conservation, but potentially bad for your wallet.
And how much are you willing to have known about your shopping purchases? There’s no telling either the number or substance of the diverse interests that might be served by tracking how many rolls of toilet paper you buy each week, or that you purchase 70 percent lean hamburger instead of the more healthy 90 percent, or that you use whole milk instead of lowfat. Who wants to know that you never purchase yogurt, but weekly buy sugared-cereal? Who, indeed.
We may not be that far from an era in which you receive a notice of concern from the government, or from your health care provider, advising you to eat smarter or face health insurance increases. Perhaps you’ll be instructed to schedule a visit with a counselor. Is your 60-inch HDTV being monitored by some organization that notes what you say and do in your living room? In a Guardian newspaper article titled “Samsung rejects concern over ‘Orwellian’ privacy policy,” Alex Hern quotes George Orwell’s 1984:
“Any sound that Winston made, above the level of a very low whisper, would be picked up by it, moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork.”
Are we really ready for our thermostats to report our energy consumption to an environmental agency that might then send us a letter of concern about excessive usage?
While there has been discussion of the IoT for a few years now, in fact it is still being sorted out and we just don’t know for sure where it is taking us. Some envision a more utopian society with massive connectivity taking care of our needs even before we fully realize them. Others foresee a frightening dystopian society where the most minute personal information is observed and scrutinized, forcing us into a mold that is within a governmentally approved envelope of acceptability and conformity.
And all of this overlooks the truly insidious question that, even if the data being harvested is mostly banal and its application largely benign, who or what is protecting all of that potentially lucrative data in transit? And what’s being done to prevent malicious actors from entering our homes and lives through any or all of these connected devices?
No one has all of the answers, either regarding data collection and usage, or the myriad security vulnerabilities. What we do know is that we are quickly headed down a perilous technological turnpike at ever-increasing speed.
Quoting Geoff Webb, senior director of solution strategy at identity and access management firm NetIQ, Shelly Kramer notes, “The scariest thing is that we don’t know what the scariest thing is.”
This post was first published on Certification Magazine.
Jane LeClair is chief operations officer at the National Cybersecurity Institute at Excelsior College in Washington, D.C. LeClair has held numerous posts in education and technology, including teaching at Syracuse University and consulting with the International Atomic Energy Agency. You can connect with her on LinkedIn.
