Recent news has pointed to the increasing popularity of human microchipping in Sweden. Within the past three years, thousands have opted to insert a microchip underneath their skin that carries all sorts of personal information, ranging from credit card details to digital house keys to gym passes.
For the 3,000 Swedes who’ve opted for the chip, the ability to use their own bodies, rather than keys or cards, is a revolution in convenience. For the IoT world, it’s a different kind of revolution. No longer is the Internet of Things the exclusive domain of things; it now includes living, breathing human beings.
IoT has become–quite literally–an inextricable part of every aspect of our personal lives. While that’s part of the beauty and fascination of modern technological advancement, it’s also a cause for concern when it comes to data sharing and potential security breaches.
With the increasing involvement of IoT in our personal lives, it isn’t enough to tell consumers to read the fine print. Those on the production side–developers and tech companies–and perhaps, eventually, policymakers, need to be responsible for ensuring that the IoT ecosystem is genuinely safe and secure for users.
Certainly, there are lots of benefits to our increasingly connected, data-driven world, ranging from the personalization of online content to assistance for refugees. But before we rush to integrate anything–whether human being or ordinary household device–into the Internet of Things, we need to assess potential security risks and adapt the new technology accordingly.
Areas for Security Concern
While the microchip is the most salient example of the necessity for IoT data protection and privacy, the potential for security risk begins at a far more basic level. Even the most mundane and seemingly harmless household devices gather deeply personal data about users’ day-to-day lives
A smart household thermostat, for example, doesn’t just collect data about users’ home temperature preferences. It also collects data about when users are and aren’t home, as well as the number of people living in the household. Likewise, an IoT connected car, based on user activity throughout the day, can infer personal information about its users, such as where they work, where they live, and what their shopping preferences are.
While such opportunities for data collection might seem obvious to those in the tech industry, many consumers, content with the ease and convenience of IoT, don’t realize the extent to which their personal data is analyzed and used.
Data Misuse and Abuse
Even for consumers who simply don’t mind the legal collection of their personal information, security is still a risk. Companies aren’t just taking advantage of data for innocuous advertising or marketing. Some companies are willing to sell data to individuals or companies who have more harmful intentions. As the United States federal government has acknowledged, the gathering of massive amounts of personal data could be used in ways that reinforce discrimination based on demographic characteristics such as race or disability.
This poses particular risk in the housing, employment, credit, and insurance industries, where the collection of private data could make it harder for certain individuals to access the services they need. Companies could also use data to publicly expose information about an individual that that person would rather keep private, such as by sending them targeted content based on illness or financial status. Even when these companies don’t have bad intentions, the careless use or mishandling of personal data can have harmful consequences for individuals.
The misuse of consumer data extends beyond the individual, too, with dire consequences for society at large. We saw how, in Facebook’s Cambridge Analytica scandal, user data was abused for political purposes, wielding a dangerous amount of influence over public opinion as a result.
These risks aren’t just applicable to social media or apps. User data collected by any IoT connected device could be used for similarly nefarious purposes if it gets into the wrong hands.
IoT Security Hacks and Vulnerabilities
Even when companies use consumer data responsibly, hacks and security breaches can result in data theft and misuse. IoT security company Senrio recently revealed just how easy it is for hackers to access consumer data through the IoT devices of large companies. Companies often have hundreds or thousands of IoT devices, which makes it difficult to monitor them, install updates, and check for bugs. A hacker can infiltrate an entire network, and steal consumer data in the process, just by accessing a single webcam. In other words, connecting so many IoT devices to a single network is like putting all your eggs in one (highly vulnerable) basket.
Hackers can misuse and tamper with consumer data by hacking personal devices, too. Home assistants, like Amazon’s Alexa, are particularly notorious for opening up windows for intrusion into people’s personal lives.
As medical devices join home assistants and smart home appliances as part of the Internet of Things, data security becomes even more important. The hacking of certain medical devices can pose a physical threat to the very same individuals those devices are designed to help. A 2017 report from CNN reveals the particularly dangerous example of cardiac devices at St. Jude’s hospital, which had vulnerabilities that could allow hackers to drain the devices’ battery or administer incorrect shocks. Owlet’s 2016 wifi baby heart monitor, which was similarly vulnerable to hackers, further highlights the growing necessity to assess all possible security vulnerabilities before the release and sale of a product.
IoT security also becomes increasingly urgent as companies like Tesla and Waymo race to make self-driving cars the way of the future. The lack of a human driver isn’t the only safety risk. Ensuring protection against hackers, who could potentially direct a car off the road or into a crash, is an even more critical concern.
How to Protect Against IoT Vulnerability
This isn’t just a bunch of old-fashioned paranoia or technophobia. Professionals are also worried about the security vulnerability brought by an increasingly connected world. Gartner recently predicted that worldwide spending on IoT security will reach $1.5 billion this year. This is a 28 percent increase from spending in 2017, which amounted to $1.2 billion, and it might just be the next lucrative opportunity for the cybersecurity industry.
In my view, effective threat prevention is threefold. First, companies and individuals alike can make use of third-party providers for IoT device protection, rather than leaving security in the hands of device manufacturers alone. Cybersecurity companies like Imperva, which specializes in data security and breach prevention, are not only helping companies protect against traditional software threats, but are also working to detect and prevent detrimental IoT hacks. As third-party companies emerge to tackle the threats in the IoT sector, consumers no longer need to depend on device developers to ensure their online security.
Second, the production side, and not just the consumer, needs to take more responsibility in securing personal data. Companies that handle this data should themselves take preventative measures against hacking and data theft, and they need to make sure they sell the data only to companies that are reputable and thoroughly vetted for security.
At the same time, companies should be very clear and explicit with their customers about exactly how their data is being collected and used. That means no lengthy or difficult-to-read terms and conditions, and no deliberately vague or misleading language.
On the policy side, lawmakers need to take steps to ensure that those who develop IoT products, or who otherwise make use of the corresponding data, will not mishandle consumer information. This could range from increased laws for assessing the security of products before their release, to increased punishments for violation.
There’s still a long way to go with IoT security and, unfortunately, precautions are rarely taken until disaster strikes. But it’s urgent that we figure out how to harness all the benefits and conveniences that IoT brings while minimizing the potential for harm. That way, consumers will no longer have to compromise security for convenience.