A2: Privacy Violations Non-Unique – Facebook, Etc
IoT privacy violations more systemic and consist of more personal data
Perera, et al, 2014, Privacy of Big Data in the Internet of Things Era, Charith Perera (Australian National University), Rajiv Ranjan (CSIRO Digital Productivity Flagship), Lizhe Wang (Chinese Academy of Sciences), Samee U. Khan (North Dakota State University), and Albert Y. Zomaya (University of Sydney)
Golbeck and Mauriello [9] have shown that the average Facebook users significantly underestimate the amount of data they that they give access to third party applications. Moreover, they also noted that most of us tend to overlook the privacy [8] terms and policies on the Web. In the IoT era, the amount of user data that can be collected can be significantly higher. For example, recent wearable technologies, such as Google Glass, Apple iWatch, Google Fit, Apple Health Kit, and Apple Home Kit may collect very sensitive information about users, ranging from their health conditions to financial status by observing/recording daily activities. It is noteworthy to mention that to succeed in the IoT marketplace, product and service providers need to gain the consumer confidence [10].
Even advocates agree I O T advancement means no privacy
Janna Anderson and Lee Raine, 2014, The Internet of Things Will Thrive by 2025, http://www.pewinternet.org/2014/05/14/internet-of-things/ Pew Research Center DOA: 9-28-16
Vint Cerf, vice president and chief Internet evangelist for Google, gave a response that touches on many of the key likely issues. “The benefit is that these appliances will be coordinated to improve our daily lives,” he wrote. “The risk is that inimical forces may gain control and create serious problems. Wearables will monitor health and also draw computers into the context of our daily lives, conversations, and activities. A big opportunity for AI [Artificial Intelligence] awaits. Privacy will be hard to come by.
I oT means substantially less privacy
Janna Anderson and Lee Raine, 2014, The Internet of Things Will Thrive by 2025, http://www.pewinternet.org/2014/05/14/internet-of-things/ Pew Research Center DOA: 9-28-16
A significant number of respondents said the Internet of Things is well under way already now and there will be much more development by 2025. Joel Halpern, a distinguished engineer at Ericsson, responded to our questions, “As devices become smaller, lower power, and easier to interact with, the effect will be pervasive. The environment itself will be studded with sensors that can provide accurate and useful information. People moving through the environment will find it easy to find information, objects, people, and situations of interest. This is likely to result in far more efficient resource utilization and far more robust environments. For example, bridges with sensors will know how much they are being used, how much they are wearing out, and will provide real-time information to people about conditions. At the same time, this amplifies… problems…. If everything is connected and communicating, everything we do is potentially known. We will likely have to accept somewhat (maybe even much) less privacy, even as I hope we take steps to ensure we do have some privacy.
There will be massive collection of personal data
Janna Anderson and Lee Raine, 2014, The Internet of Things Will Thrive by 2025, http://www.pewinternet.org/2014/05/14/internet-of-things/ Pew Research Center DOA: 9-28-16
Pamela Wright, chief innovation officer for the US National Archives, predicted, “Previously acceptable social lies will become more difficult to impossible because you will be constantly tracked and known by the Internet. ‘Hey, you said you were out of town this weekend, but your bed reported that you got eight hours of quality sleep Saturday night at home. And your wine bottle confirmed it.’ We will know more about our society as a whole based on statistical data flowing out of the wearable and embedded devices. Data points about our health, spending habits, everything we do, will provide a clearer picture of our needs as a society. Poverty, public health, crime, and much more will be easily tracked. In general, we will have more facts to inform our decisions. Politicians will probably twist those facts as much as they always have. People will be able to know more very easily. When they look at a monument, rather than wondering who the guy on the horse is, and what did he do, they will easily see information that provides historical depth and knowledge about it. Same for everything from trees to buildings—all things will have more information available, including historical data. The ignorance that we live with now will be unacceptable to those in the future, and they will look on this time as we look on the time before the written word.”
Smart devices enables the collection of contextually-enriched data
Perera, et al, 2014, Privacy of Big Data in the Internet of Things Era, Charith Perera (Australian National University), Rajiv Ranjan (CSIRO Digital Productivity Flagship), Lizhe Wang (Chinese Academy of Sciences), Samee U. Khan (North Dakota State University), and Albert Y. Zomaya (University of Sydney)
Data collected through smart wearable and smart home devices can be used to generate contextually [2] enriched information. Device owners should remain in charge of such data at alltime despite they may give access to their data to external parties temporarily in order to accomplish a specific task.
IoT is about the collection of big data and the monitoring of users
Wikipedia, no date Internet of Things, https://en.wikipedia.org/wiki/Internet_of_things DOA: 9-25-16
In order to hone the manner in which things, media and big data are interconnected, it is first necessary to provide some context into the mechanism used for media process. It has been suggested by Nick Couldry and Joseph Turow that practitioners in media approach big data as many actionable points of information about millions of individuals. The industry appears to be moving away from the traditional approach of using specific media environments such as newspapers, magazines, or television shows and instead tap into consumers with technologies that reach targeted people at optimal times in optimal locations. The ultimate aim is of course to serve, or convey, a message or content that is (statistically speaking) in line with the consumer's mindset. For example, publishing environments are increasingly tailoring messages (advertisements) and content (articles) to appeal to consumers that have been exclusively gleaned through various data-mining activities.[65]
The media industries process big data in a dual, interconnected manner:
-
Targeting of consumers (for advertising by marketers)
-
Data-capture
Thus, the internet of things creates an opportunity to measure, collect and analyse an ever-increasing variety of behavioural statistics. Cross-correlation of this data could revolutionise the targeted marketing of products and services.[66] For example, as noted by Danny Meadows-Klue, the combination of analytics for conversion tracking with behavioural targeting has unlocked a new level of precision that enables display advertising to be focused on the devices of people with relevant interests.[67] Big data and the IoT work in conjunction. From a media perspective, data is the key derivative of device interconnectivity, whilst being pivotal in allowing clearer accuracy in targeting. The internet of things therefore transforms the media industry, companies and even governments, opening up a new era of economic growth and competitiveness.[68] The wealth of data generated by this industry (i.e. big data) will allow practitioners in advertising and media to gain an elaborate layer on the present targeting mechanisms used by the industry.
Privacy risks increase across the network
Hewlett Packard Enterprise, November 2015, Internet of things research study, https://www.hpe.com/h20195/V2/GetPDF.aspx/4AA5-4759ENW.pdf DOA: 9-25-16
Privacy concerns With many devices collecting some form of personal information such as name, address, data of birth, health information, and even credit card numbers, those concerns are multiplied when you add in cloud services and mobile applications that work2 alongside the device. And with many devices transmitting this information unencrypted on your home network, users are one network misconfiguration away from exposing this data to the world via wireless networks. Cloud services, which we discovered most of these devices use, are also a privacy concern as many companies race to take advantage of the cloud and services it can provide from the Internet. Do these devices really need to collect this personal information to function properly? OWASP internet of things
Top 10–I5 Privacy Concerns
Insufficient authentication and authorization
An attacker can use vulnerabilities such as weak passwords, insecure password recovery mechanisms, poorly protected credentials, etc. to gain access to a device. A majority of devices along with their cloud and mobile components failed to require passwords of sufficient complexity and length with most allowing passwords such as “1234” or “123456.” In fact, many of the accounts we configured with weak passwords were also used on cloud websites as well as the product’s mobile application. A strong password policy is Security 101 and most solutions failed.
Lack of transport encryption
Transport encryption is crucial given that many of these devices are collecting and transmitting data that can be considered sensitive in nature. We found that a majority of the devices failed to encrypt network services transmitting data via the Internet and the local network. The importance of transport encryption rises significantly when you consider that data is being passed between the device and the cloud, and a mobile application. OWASP internet of things Top 10–I4 Lack of Transport Encryption
Insecure Web interface
Six of the 10 devices we tested displayed concerns with their Web interface. These concerns were issues such as persistent crosssite scripting, poor session management, and weak default credentials. We identified a majority of devices along with their cloud and mobile counterparts that enable an attacker to determine valid user accounts using mechanisms such as the password reset features. These issues are of particular concern for devices that offer access to devices and data via a cloud website. OWASP internet of things Top 10–I1 Insecure Web Interface
Insecure software and firmware
Given that software is what makes these devices function, it was rather alarming that 60 percent of devices displayed issues including no encryption during downloading of the update along with the update files themselves not being protected in some manner. In fact some downloads were intercepted, extracted, and mounted as a file system in Linux® where the software could be viewed or modified. OWASP internet of things Top 10–I9 Insecure Software/Firmware
IoT gives third parties more data access
Adrian McWewen & Hakim Casimally, 2014, Designing the Internet of Things, http://madsg.com/wp-content/uploads/2015/12/Designing_the_Internet_of_Things.pdf Adrian McEwen is a creative technologist and entrepreneur based in Liverpool. He has been connecting devices to the Internet since 1995—first cash registers, then mobile phones, and now bubble machines and lamps. He founded MCQN Ltd., an Internet of Things product agency and (along with Hakim and others) is co-founder of DoES Liverpool, a hybrid co-working/ makerspace that incubates Internet of Things startups in NW England. He is also CTO of Good Night Lamp, a family of Internet-connected lamps. He was one of the first employees at STNC Ltd, which built the first web browser for mobile phones and was acquired by Microsoft in 1999. Adrian concentrates on how the Internet of Things intersects with people’s lives and how heterogeneous networks of devices should work together, and lectures and speaks on these issues internationally. Despite an education in Italian and English literature, once Hakim Cassimally discovered software development, he hasn’t looked back. He is a staunch proponent of Perl and was one of the organisers of YAPC::EU 2010 in Pisa. These days, however, he is likely to be writing Python for 3D printers or for civic hacking projects with mySociety.org. He co-founded (with Adrian and others) DoES Liverpool
We’ve looked at a number of examples of the Internet of Things, so what is the common thread that binds them together? And why the name? All the cases we saw used the Internet to send, receive, or communicate information. And in each case, the gadget that was connected to the Internet wasn’t a computer, tablet, or mobile phone but an object, a Thing. These Things are designed for a purpose: the umbrella has a retractable canopy and a handle to hold it. A bus display has to be readable to public transport users, including the elderly and partially sighted and be able to survive poor weather conditions and the risk of vandalism. The sports bracelet is easy to wear while running, has a display that is large enough and bright enough to read even when you are moving, and will survive heat, cold, sweat, and rain.
The Internet of Things devices that we own aren’t the only ones that should concern us when it comes to matters of trust. With more sensors and devices watching us and reporting data to the Internet, the privacy of third parties who cross our sensors’ paths (either by accident or design) is an important consideration. Designers of an Internet of Things service will need to balance these concerns carefully
Integrated IoT data is a substantial privacy threat
Adrian McWewen & Hakim Casimally, 2014, Designing the Internet of Things, http://madsg.com/wp-content/uploads/2015/12/Designing_the_Internet_of_Things.pdf Adrian McEwen is a creative technologist and entrepreneur based in Liverpool. He has been connecting devices to the Internet since 1995—first cash registers, then mobile phones, and now bubble machines and lamps. He founded MCQN Ltd., an Internet of Things product agency and (along with Hakim and others) is co-founder of DoES Liverpool, a hybrid co-working/ makerspace that incubates Internet of Things startups in NW England. He is also CTO of Good Night Lamp, a family of Internet-connected lamps. He was one of the first employees at STNC Ltd, which built the first web browser for mobile phones and was acquired by Microsoft in 1999. Adrian concentrates on how the Internet of Things intersects with people’s lives and how heterogeneous networks of devices should work together, and lectures and speaks on these issues internationally. Despite an education in Italian and English literature, once Hakim Cassimally discovered software development, he hasn’t looked back. He is a staunch proponent of Perl and was one of the organisers of YAPC::EU 2010 in Pisa. These days, however, he is likely to be writing Python for 3D printers or for civic hacking projects with mySociety.org. He co-founded (with Adrian and others) DoES Liverpool
We’ve looked at a number of examples of the Internet of Things, so what is the common thread that binds them together? And why the name? All the cases we saw used the Internet to send, receive, or communicate information. And in each case, the gadget that was connected to the Internet wasn’t a computer, tablet, or mobile phone but an object, a Thing. These Things are designed for a purpose: the umbrella has a retractable canopy and a handle to hold it. A bus display has to be readable to public transport users, including the elderly and partially sighted and be able to survive poor weather conditions and the risk of vandalism. The sports bracelet is easy to wear while running, has a display that is large enough and bright enough to read even when you are moving, and will survive heat, cold, sweat, and rain.
If you could mine the data to see subtle peaks, associated with kettles being switched on for tea or coffee, perhaps you could infer what television programmes a household watches. If there are four longer peaks in the morning, this might suggest that four family members are getting up for an electric shower before going to school or work. Now what if you triangulate this data with some other data—for example, the water meter readings? Smart electricity meters are currently being rolled out across Europe and will, in fact, soon be compulsory. Giovanni Buttarelli, assistant director of the European Data Protection Supervisor, has warned that “together with data from other sources, the potential for extensive data mining is very significant” (www.guardian.co.uk/environment/2012/jul/01/ household-energy-trackers-threat-privacy). The idea of analysing multiple huge datasets is now a reality. There are smart algorithms, and there is the computing power to do it. By combining both ends of the long tail (the cheap, ubiquitous Internet of Things devices on the one hand and the expensive, sophisticated, powerful data-mining processors on the other), it is possible to process and understand massive quantities of data. How powerful this ability will be may well depend on what data you have available to compare. If an electricity supplier was also able to buy data from, say, supermarket loyalty card schemes, the supplier could compare the information from inside the household with the family’s shopping or fuel bills. Of course, it’s currently unlikely that a supermarket would sell that kind of individual data. But as our attitude to privacy changes, it is not outside the realms of possibility.
Aggregate data can leak information
Adrian McWewen & Hakim Casimally, 2014, Designing the Internet of Things, http://madsg.com/wp-content/uploads/2015/12/Designing_the_Internet_of_Things.pdf Adrian McEwen is a creative technologist and entrepreneur based in Liverpool. He has been connecting devices to the Internet since 1995—first cash registers, then mobile phones, and now bubble machines and lamps. He founded MCQN Ltd., an Internet of Things product agency and (along with Hakim and others) is co-founder of DoES Liverpool, a hybrid co-working/ makerspace that incubates Internet of Things startups in NW England. He is also CTO of Good Night Lamp, a family of Internet-connected lamps. He was one of the first employees at STNC Ltd, which built the first web browser for mobile phones and was acquired by Microsoft in 1999. Adrian concentrates on how the Internet of Things intersects with people’s lives and how heterogeneous networks of devices should work together, and lectures and speaks on these issues internationally. Despite an education in Italian and English literature, once Hakim Cassimally discovered software development, he hasn’t looked back. He is a staunch proponent of Perl and was one of the organisers of YAPC::EU 2010 in Pisa. These days, however, he is likely to be writing Python for 3D printers or for civic hacking projects with mySociety.org. He co-founded (with Adrian and others) DoES Liverpool
We’ve looked at a number of examples of the Internet of Things, so what is the common thread that binds them together? And why the name? All the cases we saw used the Internet to send, receive, or communicate information. And in each case, the gadget that was connected to the Internet wasn’t a computer, tablet, or mobile phone but an object, a Thing. These Things are designed for a purpose: the umbrella has a retractable canopy and a handle to hold it. A bus display has to be readable to public transport users, including the elderly and partially sighted and be able to survive poor weather conditions and the risk of vandalism. The sports bracelet is easy to wear while running, has a display that is large enough and bright enough to read even when you are moving, and will survive heat, cold, sweat, and rain.
It is very important to note that even aggregate data can “leak” information. If you can see data collected for a street, for example, then comparing a week when a household is away on holiday with a normal week when they are at home might tell you about their usage. Some very interesting questions can be raised about this: should companies be prevented from trading data with each other? Should there be legal limits to what data can be kept or what analyses performed on it? Or do we have to think the unthinkable and admit that privacy is no longer possible in the face of massive data combined with data mining?
Massive data collection makes tyranny easier
Adrian McWewen & Hakim Casimally, 2014, Designing the Internet of Things, http://madsg.com/wp-content/uploads/2015/12/Designing_the_Internet_of_Things.pdf Adrian McEwen is a creative technologist and entrepreneur based in Liverpool. He has been connecting devices to the Internet since 1995—first cash registers, then mobile phones, and now bubble machines and lamps. He founded MCQN Ltd., an Internet of Things product agency and (along with Hakim and others) is co-founder of DoES Liverpool, a hybrid co-working/ makerspace that incubates Internet of Things startups in NW England. He is also CTO of Good Night Lamp, a family of Internet-connected lamps. He was one of the first employees at STNC Ltd, which built the first web browser for mobile phones and was acquired by Microsoft in 1999. Adrian concentrates on how the Internet of Things intersects with people’s lives and how heterogeneous networks of devices should work together, and lectures and speaks on these issues internationally. Despite an education in Italian and English literature, once Hakim Cassimally discovered software development, he hasn’t looked back. He is a staunch proponent of Perl and was one of the organisers of YAPC::EU 2010 in Pisa. These days, however, he is likely to be writing Python for 3D printers or for civic hacking projects with mySociety.org. He co-founded (with Adrian and others) DoES Liverpool
We’ve looked at a number of examples of the Internet of Things, so what is the common thread that binds them together? And why the name? All the cases we saw used the Internet to send, receive, or communicate information. And in each case, the gadget that was connected to the Internet wasn’t a computer, tablet, or mobile phone but an object, a Thing. These Things are designed for a purpose: the umbrella has a retractable canopy and a handle to hold it. A bus display has to be readable to public transport users, including the elderly and partially sighted and be able to survive poor weather conditions and the risk of vandalism. The sports bracelet is easy to wear while running, has a display that is large enough and bright enough to read even when you are moving, and will survive heat, cold, sweat, and rain.
As with questions about privacy, there are almost always good reasons for giving up some control. From a state perspective, there may be reasons for collective action, and information required to defend against threats, such as that of terrorism. The threat of one’s country becoming a police state is not merely a technological matter: institutions such as democracy, the right to protest, free press, and international reputation should balance this. But, of course, with the processing power and information available now, there is a much greater temptation and capability to become an effective Big Brother regime. In Tibor Fischer’s novel The Thought Gang, a character muses on her experiment in hotel surveillance: The biggest lesson was how hard it is to keep tabs on people. I’m not surprised police states tend to be poor. It takes so much effort. —The Thought Gang, (Scribner, 1997)
Internet gives countries the possibility of progoganda and monitoring
Adrian McWewen & Hakim Casimally, 2014, Designing the Internet of Things, http://madsg.com/wp-content/uploads/2015/12/Designing_the_Internet_of_Things.pdf Adrian McEwen is a creative technologist and entrepreneur based in Liverpool. He has been connecting devices to the Internet since 1995—first cash registers, then mobile phones, and now bubble machines and lamps. He founded MCQN Ltd., an Internet of Things product agency and (along with Hakim and others) is co-founder of DoES Liverpool, a hybrid co-working/ makerspace that incubates Internet of Things startups in NW England. He is also CTO of Good Night Lamp, a family of Internet-connected lamps. He was one of the first employees at STNC Ltd, which built the first web browser for mobile phones and was acquired by Microsoft in 1999. Adrian concentrates on how the Internet of Things intersects with people’s lives and how heterogeneous networks of devices should work together, and lectures and speaks on these issues internationally. Despite an education in Italian and English literature, once Hakim Cassimally discovered software development, he hasn’t looked back. He is a staunch proponent of Perl and was one of the organisers of YAPC::EU 2010 in Pisa. These days, however, he is likely to be writing Python for 3D printers or for civic hacking projects with mySociety.org. He co-founded (with Adrian and others) DoES Liverpool
We’ve looked at a number of examples of the Internet of Things, so what is the common thread that binds them together? And why the name? All the cases we saw used the Internet to send, receive, or communicate information. And in each case, the gadget that was connected to the Internet wasn’t a computer, tablet, or mobile phone but an object, a Thing. These Things are designed for a purpose: the umbrella has a retractable canopy and a handle to hold it. A bus display has to be readable to public transport users, including the elderly and partially sighted and be able to survive poor weather conditions and the risk of vandalism. The sports bracelet is easy to wear while running, has a display that is large enough and bright enough to read even when you are moving, and will survive heat, cold, sweat, and rain.
As the Canadian open government activist David Eaves has eloquently discussed, it is not only authoritarian states such as Iran and China which are intent on controlling their Internet but also democratic ones. The US, UK, Canada, France, and others have already enacted various laws to give the state and its favoured corporations greater control over its citizens’ use of the Internet, and every month one hears news of other suggested legislation which, to a technical specialist, may seem not just badly thought out and unworkable but also immensely dangerous. Just as the printing press gave the state a greater degree of control via propaganda, the Internet gives hitherto unknown possibilities for propaganda and monitoring (http:// eaves.ca/2012/06/18/the-end-of-the-world-the-statevs-the-internet/).
Democracy
Big data collection threatens democracy
Crump & Harwood,, 2014, Tomgram: Crump and Harwood, The Net Closes Around Us, http://www.tomdispatch.com/post/175822/tomgram%3A_crump_and_harwood%2C_the_net_closes_around_us/ [Catherine Crump is a staff attorney with the ACLU’s Speech, Privacy, and Technology Project. She is a non-residential fellow with the Stanford Center for Internet and Society and an adjunct professor of clinical law at NYU. Her principal focus is representing individuals challenging the lawfulness of government surveillance programs. Follow her on Twitter at @CatherineNCrump.Matthew Harwood is senior writer/editor with the ACLU. A TomDispatch regular, his work has been published by Al-Jazeera America, the American Conservative, the Columbia Journalism Review, the Guardian, Guernica, Reason, Salon, Truthout, and the Washington Monthly. He also regularly reviews books for the Future of Freedom Foundation. Follow him on Twitter at @mharwood31., DOA: 9-26-15
Big Data, Little Democracy?
Here are two obvious questions for our surveillance future: Who controls the data generated by our devices? Without doing anything except buying and installing them, do we somehow consent to having every piece of data they generate shared with Big Business and sometimes Big Brother? No one should have to isolate themselves from society and technology in the ascetic mold of Henry David Thoreau -- or more ominously, Ted Kaczynski -- to have some semblance of privacy. In the future, even going all Jeremiah Johnson might not have the effect intended, since law enforcement could interpret your lack of a solid digital footprint as inherently suspicious. This would be like a police officer growing suspicious of a home just because it was all dark and locked up tight. When everything is increasingly tracked and viewed through the lens of technological omniscience, what will the effect be on dissent and protest? Will security companies with risk assessment software troll through our data and crunch it to identify people they believe have the propensity to become criminals or troublemakers -- and then share that with law enforcement? (Something like it already seems to be happening in Chicago, where police are using computer analytic programs to identify people at a greater risk of violent behavior.) There’s simply no way to forecast how these immense powers -- disproportionately accumulating in the hands of corporations seeking financial advantage and governments craving ever more control -- will be used. Chances are Big Data and the Internet of Things will make it harder for us to control our own lives, as we grow increasingly transparent to powerful corporations and government institutions that are becoming more opaque to us.
Dehumaniztion
Growing rich-poor gap between those with wearables and those without snowballs and makes some less than fully human
Janna Anderson and Lee Raine, 2014, The Internet of Things Will Thrive by 2025, http://www.pewinternet.org/2014/05/14/internet-of-things/ Pew Research Center DOA: 9-28-16
K.G. Schneider, a university librarian, wrote, “Right now, Google Glass follows the pattern of other technology adoptions, where what I see are a handful of first-world white men touting their shiny new toys. Put this in context with someone struggling to get by on a daily basis—in the US or in other countries: what these devices primarily signify is a growing gulf between the tech haves and have-nots. That said, I’m not boycotting these devices—I see them as interesting and important. But just as students today are burdened if they don’t have home Internet—and at the university where I work, that is true of some of our commuter students, much as people might find that hard to believe—there will be an expectation that successful living as a human will require being equipped with pricey accoutrements… Reflecting on this makes me concerned that as the digital divide widens, people left behind will be increasingly invisible and increasingly seen as less than full humans.”
A2: If You Didn’t Do Anything Wrong You Have Nothing To Hide
Other reasons to protect privacy
Adrian McWewen & Hakim Casimally, 2014, Designing the Internet of Things, http://madsg.com/wp-content/uploads/2015/12/Designing_the_Internet_of_Things.pdf Adrian McEwen is a creative technologist and entrepreneur based in Liverpool. He has been connecting devices to the Internet since 1995—first cash registers, then mobile phones, and now bubble machines and lamps. He founded MCQN Ltd., an Internet of Things product agency and (along with Hakim and others) is co-founder of DoES Liverpool, a hybrid co-working/ makerspace that incubates Internet of Things startups in NW England. He is also CTO of Good Night Lamp, a family of Internet-connected lamps. He was one of the first employees at STNC Ltd, which built the first web browser for mobile phones and was acquired by Microsoft in 1999. Adrian concentrates on how the Internet of Things intersects with people’s lives and how heterogeneous networks of devices should work together, and lectures and speaks on these issues internationally. Despite an education in Italian and English literature, once Hakim Cassimally discovered software development, he hasn’t looked back. He is a staunch proponent of Perl and was one of the organisers of YAPC::EU 2010 in Pisa. These days, however, he is likely to be writing Python for 3D printers or for civic hacking projects with mySociety.org. He co-founded (with Adrian and others) DoES Liverpool
We’ve looked at a number of examples of the Internet of Things, so what is the common thread that binds them together? And why the name? All the cases we saw used the Internet to send, receive, or communicate information. And in each case, the gadget that was connected to the Internet wasn’t a computer, tablet, or mobile phone but an object, a Thing. These Things are designed for a purpose: the umbrella has a retractable canopy and a handle to hold it. A bus display has to be readable to public transport users, including the elderly and partially sighted and be able to survive poor weather conditions and the risk of vandalism. The sports bracelet is easy to wear while running, has a display that is large enough and bright enough to read even when you are moving, and will survive heat, cold, sweat, and rain.
A common argument is “if you’ve got nothing to hide, then you’ve got nothing to fear.” There is some element of truth in this, but it omits certain important details, some of which may not apply to you, but apply to someone:
◾ You may not want your data being visible to an abusive ex-spouse.
◾ You might be at risk of assassination by criminal, terrorist, or state organizations.
◾ You might belong to a group which is targeted by your state (religion, sexuality, political party, journalists). More prosaically, you change and your persona changes.
Yet your past misdemeanours (drunken photos, political statements) may be used against you in the future.
Security is Relevant to Privacy
Lack of IoT privacy makes cyber security attacks possible
Perera, et al, 2014, Privacy of Big Data in the Internet of Things Era, Charith Perera (Australian National University), Rajiv Ranjan (CSIRO Digital Productivity Flagship), Lizhe Wang (Chinese Academy of Sciences), Samee U. Khan (North Dakota State University), and Albert Y. Zomaya (University of Sydney)
The consequences of releasing or selling private data of users could result in users’ receiving annoying customized target advertising. In more extreme circumstances, criminals may use such data to perform different types of criminal activities that could harm individual consumers (e.g. identifying user behavioural patterns to invade houses) or entire communities (e.g. identifying critical timeframes to destruct water supply or energy distribution channels).
Hackers hack into private feeds on the IoT
Chris Clearfield is a principal at System Logic, an independent consulting firm that helps organizations manage issues of risk and complexity, September 18, 2013, Forbes, Why the FTC Can’t Regulate the Internet of Things, http://www.forbes.com/sites/chrisclearfield/2013/09/18/why-the-ftc-cant-regulate-the-internet-of-things/#773db45c53ae DOA: 9-215-16
The “Internet of Things” has become a favored buzzword of consultants and tech journalists. But beware, there be dragons that neither regulators nor privacy advocates can vanquish.
In an early salvo against the manufacturer of a connected device that is part of the Internet of Things, the Federal Trade Commissionbrought an action against TRENDnet, a developer of web-enabled video cameras that failed to live up to the security claims that the company had made to users: in 2012, hackers found a flaw that exposed users’ private video feeds without their knowledge. The settlement imposes a twenty-year security compliance audit program on TRENDnet and potential fines for future violations. Thus, for security vulnerabilities in their connected cameras, TRENDnet joins the likes of Google and Facebook, which are subject to similar settlements and privacy audits for past violations of users’ online privacy.
Security intrusions result in privacy violations
Adrian McWewen & Hakim Casimally, 2014, Designing the Internet of Things, http://madsg.com/wp-content/uploads/2015/12/Designing_the_Internet_of_Things.pdf Adrian McEwen is a creative technologist and entrepreneur based in Liverpool. He has been connecting devices to the Internet since 1995—first cash registers, then mobile phones, and now bubble machines and lamps. He founded MCQN Ltd., an Internet of Things product agency and (along with Hakim and others) is co-founder of DoES Liverpool, a hybrid co-working/ makerspace that incubates Internet of Things startups in NW England. He is also CTO of Good Night Lamp, a family of Internet-connected lamps. He was one of the first employees at STNC Ltd, which built the first web browser for mobile phones and was acquired by Microsoft in 1999. Adrian concentrates on how the Internet of Things intersects with people’s lives and how heterogeneous networks of devices should work together, and lectures and speaks on these issues internationally. Despite an education in Italian and English literature, once Hakim Cassimally discovered software development, he hasn’t looked back. He is a staunch proponent of Perl and was one of the organisers of YAPC::EU 2010 in Pisa. These days, however, he is likely to be writing Python for 3D printers or for civic hacking projects with mySociety.org. He co-founded (with Adrian and others) DoES Liverpool
We’ve looked at a number of examples of the Internet of Things, so what is the common thread that binds them together? And why the name? All the cases we saw used the Internet to send, receive, or communicate information. And in each case, the gadget that was connected to the Internet wasn’t a computer, tablet, or mobile phone but an object, a Thing. These Things are designed for a purpose: the umbrella has a retractable canopy and a handle to hold it. A bus display has to be readable to public transport users, including the elderly and partially sighted and be able to survive poor weather conditions and the risk of vandalism. The sports bracelet is easy to wear while running, has a display that is large enough and bright enough to read even when you are moving, and will survive heat, cold, sweat, and rain.
Even if these devices are themselves respectful of your privacy, their security or lack thereof might allow an attacker to get information. For example, if it were possible to read an IP packet going from the goodnightlamp.com servers to a household, could you find out that the associated “big lamp” had been switched off? Even if this packet is encrypted, could an attacker infer something by the fact that a packet was sent at all? (That is, will the servers have to regularly send encrypted “nothing happened” packets?) These risks are to be considered very carefully by responsible makers of Internet of Things devices! We would refer the reader back to Chapters 7 and 10, where we discuss the technical details of how to approach securing the online component of your product.
Tyranny Tracking every moment is Orwellian
Janna Anderson and Lee Raine, 2014, The Internet of Things Will Thrive by 2025, http://www.pewinternet.org/2014/05/14/internet-of-things/ Pew Research Center DOA: 9-28-16
Some participants expressed concern over the acceleration of already-worrying trends. A professor specializing in surveillance wrote, “These technologies already mess up everyday life and tamper with social relations—why not in 2025, when there is no sign yet that the ideology in place now will be altered? The Internet will be even more driven by consumption and standardisation—to control commerce and people.” A social science research supervisor warned, “The capacity to have every movement tracked forges ahead into an almost Orwellian atmosphere: destructive.” A retired defense systems executive observed, “In the social environment, there will be nowhere to hide.” An anonymous respondent wrote, “The continued evolution of this area just increases Big Brother.”
Internet of Things (I o T) leads to a society of complete control
Rob Von Kranenburg, no date, Panopticon as a metaphor for the Internet of Things? Why not? But What if it were the opposite? http://www.theinternetofthings.eu/sites/default/files/Rob%20van%20Kranenburg/Panopticon%20as%20metaphor%20for%20the%20IoT_GS%20Dec2011.pdf
Recently, the ‘Council on the Internet of Things’ website published an article in Chinese1 by Yongmou Liu, Associate Professor of Philosophy of Science and Technology, School of Philosophy, Renmin University of China, which is a warning against the danger of the Internet of Things becoming “a domineering tool”. The Panopticon is used as a metaphor for describing a “surveillance society” where technology is extensively and routinely used to track and record human activities and movements in ways which are invisible to ordinary people as they are watched and monitored. We can find already today examples of this in the tracking and recording of travel and use of public services, the frequent use of CCTV, the analysis of buying habits and financial transactions, and the workplace monitoring of telephone calls, e-mail and Internet use. A few days following that publication, I had an interesting e-mail exchange with Rob van Kranenburg on the concept of Panopticon, and this reminded me of his book on the Internet of Things2 , in which science fiction author David Brin3 was evoked by Sean Dodson in his Introductory Chapter, to expand on the vision of a City of Trust that would emerge in place of a City of Control: “In our future cities (…) instead of a nest of cameras atop each lamppost, lies a near invisible network of wireless frequencies where almost any object and space can be located and monitored, found and logged as easily as an item on eBay or the price of a flight on easyJet (…) The City of Control is a place where the deployment of radio frequency identification tags (RFID) have become not just commonplace but ubiquitous. Objects, spaces and, yes, even people are tagged and given a unique number, just like web addresses are today. Notions of public and private have begun to dissolve; or are rendered irrelevant; notions of property are rapidly being rethought. Security is the defining issue for those who can afford it, but also for those that cannot. Very soon, access to parts of the city is being carved off: allowing the rich and powerful entry where they please and the poor have access where they are lucky. Every item you buy at the supermarket is being tracked and potentially data-mined, lest there be a combination of goods in your basket that the authorities don’t like. Your movements are watched, not by the use of crude cameras (which it transpires were rather poor at fighting crime anyway) but by tags embedded in your gadgets or in your clothes or even under your skin. Transmitted wirelessly and instantly they connect with satellite systems that record your digital footprint endlessly. Everything you buy, every person you meet, every move you make. They could be watching you. (…) The City of Trust on the surface looks very similar to the City of Control. But here the citizens have been given much more control; here pervasive systems have been embedded, but offered as an option rather than as a default. You
leave your laptop on the train, no problem – with the ‘internet of Things’ you can locate it on
a search engine, even arrange for it to be delivered back to your door.”
Let’s remember what the Panopticon is. The concept designed by British philosopher and
social theorist Jeremy Bentham in the late 18th century, refers to a type of building where an
observer is allowed to observe (-opticon) all (pan-) inmates without them being able to tell
whether or not they are being watched. Bentham devoted most of his efforts to developing a
design for a Panopticon prison, but the concept is equally applicable to hospitals, schools, and
other institutions.
The essential feature of Bentham's design was that the custodians should be able to view the
prisoners at all times (including when they were in their cells), but that the prisoners should
be unable to see the custodians, and so would never know when they were under surveillance.
This goal was extremely difficult to achieve within the constraints of the technology then
available, but something close to a realisation of Bentham’s vision became possible through
20th century technological developments, especially closed-circuit television (CCTV)
cameras.
In the mid-70s, the Panopticon prison design was invoked by French philosopher Michel
Foucault as metaphor for modern “disciplinary” societies and their pervasive inclination to
observe and normalise. Foucault claimed that all hierarchical structures like the army, prisons,
schools, hospitals and factories had evolved through history to resemble Bentham's
Panopticon. He suggested that power and knowledge were interlinked in the Panopticon
society – the essence of power itself could be summarised by the ability to “see-withoutbeing-seen,”
to have knowledge of the others that the others could never obtain.
Building on Foucault, contemporary essayists often assert that technology has allowed for the
gradual and invisible deployment of panoptic structures throughout society. After Brin,
Jensen and Draffan
4
, among others, have demonstrated how our society is being pushed
towards a panopticon-like state, thanks to the proliferation of surveillance technologies. If we
accept that vision of modern society, it comes to mind that the Internet of Things holds the
potential of pushing the limits far beyond what has been until now state of the art of such
technologies. I believe that person-to-object, object-to-person and object-to-object
communications – the Internet of Things – will open up tremendous opportunities for market
expansion and business profitability. But more fundamentally, a new proletariat – the
proletariat of objects – will arise throughout the 21st century, taking over from the 18th
century’s proletariat of peasants, the 19th century’s proletariat of workers and the 20th
century’s proletariat of consumers. The driving force of the economy will no longer be the
labour force or the purchasing power but actually the technical standards of the “smart”
objects created by the humans. A time could come when the trillions of smart objects
interacting with people in a “brave new world” – from gizmos to spimes to biots, according to
Bruce Sterling’s typology –will bring about their own revolution, rise up in revolt, herd the human race into Panopticon prisons, and punish those humans least able to respect their laws and jargon and to rid themselves of the specifically human characteristics which hold them at a distance from the centre of social activity. Human behaviour could be deterministically governed by processes outside human control, i.e. processes governed by technologies such as smart cameras, peer-to-peer surveillance networks, remote biometric identification, very short wavelength radio waves, Trusted Computing and Digital Rights Management, cognitive radio, remote interrogation of RFID “dust”, chemical analysers, and data mining. The pressure to adopt these technologies springs from the current political discourse as nations struggle to confront ill-defined threats. The perception that we live in a dangerous world grows and so grows also the social call for safety. By comforting a form of government characterised by omniscient surveillance and mechanical law enforcement, the Internet of Things would make that humans will lose control over sensing and actuating objects. Let’s imagine if the data from all social networks were combined with all the location data, call and SMS records for all mobile phones; then let’s imagine combining all that data with data from retailer databases, credit agencies, voter registration records, real estate transactions, and so on. If all today’s fragments of data were put together to form a coherent whole, this would create a powerful Panopticon society. The chance of such a society is high as the world is getting increasingly global and interconnected. Furthermore, surveillance technologies will increasingly be “managed” by individuals themselves – the “threat” may actually come from ourselves. Using various technologies, such as GPS-enabled smartphones, we are beginning to measure ourselves in granular detail – how long we sleep, where we drive, what we breathe, what we eat, how we spend our time. We are storing these data casually, somewhere in the “cloud,” and giving third-parties broad access. There are more and more people using a wearable sensor that tracks their movement 24 hours a day to produce a record of their steps taken, their calories burned, and even the quality of their sleep; data is wirelessly uploaded to the Web so that they can monitor their activity and compare it with that of their friends.5 This practice of self-surveillance will obviously decrease information privacy in quite challenging ways.
Security Links
Hacksters can use the IoT to kill
The Globe and Mail, August 2013, 8 ways the Internet will change the way we live and work, http://www.theglobeandmail.com/report-on-business/rob-magazine/the-future-is-smart/article24586994/, DOA: 9-25-16
First off, there’s the language barrier. Smart home devices—one of the more developed realms within the Internet of Things—currently speak a Babel of wireless languages, depending on the manufacturer. Your home’s thermostat and HVAC system might communicate in Bluetooth, the fridge and coffeemaker in ZigBee, the locks and blinds in Z-Wave and the smoke detector in WiFi. Plus, making sense of the data produced by these machines—not to mention finding space to store giga-, tera-, exa- and even zettabytes of it—poses a huge challenge. Security is anoth-er ongoing concern. One IT expert recently demonstrated how easily he could hack into a radio-frequency-controlled insulin pump and remotely administer lethal doses to a diabetic. Other experts have claimed that hackers might, if motivated, access the software in smart cars to take control of their speed, brakes and steering.
I o T devices vulnerable to cyber hackers/criminals
Janna Anderson and Lee Raine, 2014, The Internet of Things Will Thrive by 2025, http://www.pewinternet.org/2014/05/14/internet-of-things/ Pew Research Center DOA: 9-28-16
Jerry Michalski, founder of REX, the Relationship Economy eXpedition, wrote, “The Internet of Things (IoT) is too complex. It will break, over and over. Given my reply to the cyberwarfare question, most of the devices exposed on the Internet will be vulnerable. They will also be prone to unintended consequences: they will do things nobody designed for beforehand, most of which will be undesirable. We aren’t evolved enough as a species or society to create apps and services that are useful to humanity in the Internet of Things. We’ll try to create efficiencies but be thwarted by Nature’s complexity. False positives from contextual movements will break people’s willingness to have devices track their expressions and thoughts. Try using speech recognition in a crowded room. Now, imagine that it is your thoughts being tracked, not merely speech. Google Glass has already attracted backlash, before a thousand people are in the world using it. Our surveillance society feels oppressive, not liberating. No comfortable truce will be found between the privacy advocates and the ‘screen everything’ crowd.”
The more devices are integrated, the greater the security risks
Chris Clearfield is a principal at System Logic, an independent consulting firm that helps organizations manage issues of risk and complexity, September 18, 2013, Forbes, Why the FTC Can’t Regulate the Internet of Things, http://www.forbes.com/sites/chrisclearfield/2013/09/18/why-the-ftc-cant-regulate-the-internet-of-things/#773db45c53ae DOA: 9-215-16
While privacy violations cannot be brushed aside, cameras can only observe (and occasionally broadcast audio). Compared with connected houses, cars,electronic locks (where flaws in one such design have been used to burglarize hotel rooms), and wireless medical equipment, an insecure camera’s effect on users is limited. Rather, the ability to hack cars and open doors directly affects users’ physical safety. As more devices become connected, they will provide an increasing set of features (like integration with Facebook, social media accounts, and apps), creating a larger and increasingly vulnerable attack surface for hackers to exploit. The ongoing integration of connected devices into our lives and the security challenge inherent in these devices pose threats that should temper the excitement of Internet of Things evangelists. To make matters worse, even though the FTC recognizes the problem, it can do little to protect consumers as the Internet of Things grows.
Wearables vulnerable to cyber attack
Janna Anderson and Lee Raine, 2014, The Internet of Things Will Thrive by 2025, http://www.pewinternet.org/2014/05/14/internet-of-things/ Pew Research Center DOA: 9-28-16
Karen Sulprizio, a marketing and business consultant, wrote, “Consumers want ease-of-use and are not accustomed to the kind of technology for instant information and gratification. The next generation of easy-to-use technologies will be the ‘wearables’ and ‘scannables.’ However, with that said, this will also open up the potential for cyber attack, if the security is not included/embedded in the devices. This topic is already being considered with wireless, Net-based medical devices. Remote access to these can allow a ‘hacker’ to control everything from heartbeat, release of insulin, as well as control of artificial limbs.”
IoT can be used to shut-down nuclear power plants and disrupt will intentioned uses of IoT
Hewlett Packard Enterprise, December 2015, Securing the Internet of Things: Exploring Security and Privacy in an Interconnected World https://www.hpe.com/h20195/V2/GetPDF.aspx/4AA6-3369ENW DOA: 9-25-16
The security and privacy implications for IoT are vast for enterprises and individuals. IT and security managers need to consider the security of information from development through to consumption and retirement. IoT will be important, whether you’re using your smartphone to track your workout, ordering a car ride, arranging delivery of your groceries, or selling an item. In other scenarios, you might be remotely adjusting your thermostat before returning from vacation, unlocking your doors, turning on your lights, monitoring for water leaks, checking on your children, or using sensors to stay in driving lanes or parking in a tight spot. All are conveniences and safety improvements that can, and unfortunately will, be used for ill. Operational technology (OT) for IoT includes connected processes, systems, and sensors of the industrial Internet. This combines traditional manufacturing plant and control systems to make physical things with sensors and IT. This convergence of connectedness and dependence on information raises the possibilities of cause and effect of impacting the physical environment. One example is the StuxNet virus;3 specifically created as IT malware that attacked plant process logic controllers (PLC) of nuclear plant centrifuges.
Many new systems will not have adequate security and privacy protections
Hewlett Packard Enterprise, December 2015, Securing the Internet of Things: Exploring Security and Privacy in an Interconnected World https://www.hpe.com/h20195/V2/GetPDF.aspx/4AA6-3369ENW DOA: 9-25-16
With the democratization of the data lifecycle, there’s no more monopoly on how data gets created. From data acquisition to data analysis, the “do it yourself” approach will continue to proliferate. Subject-matter experts on data repositories and security policies will not necessarily be consulted. So, developers with little knowledge or training in security and privacy will build new systems.
Industrial manufacturing systems targeted by hackers
Hewlett Packard Enterprise, December 2015, Securing the Internet of Things: Exploring Security and Privacy in an Interconnected World https://www.hpe.com/h20195/V2/GetPDF.aspx/4AA6-3369ENW DOA: 9-25-16
—In the industrial Internet, convergence of cyber with the physical environment raises expanded concerns. With industrial control systems and manufacturing plants connected via PLCs and supervisory control and data acquisition (SCADA) to other enterprise network environments, these systems become subject to malicious attack. This can have downstream impact, such as affecting energy supplies and manufacturing qualities, and also be a path into your “secure,” process-control environments. So, the convenience of having remote access to the information control panel for the beer brewing process adds additional opportunities for compromise of the physical systems using information or disinformation.
Hackers can attack planes and trains
Hewlett Packard Enterprise, December 2015, Securing the Internet of Things: Exploring Security and Privacy in an Interconnected World https://www.hpe.com/h20195/V2/GetPDF.aspx/4AA6-3369ENW DOA: 9-25-16
Connected cars, buses, airplanes, and trains are all mobile networks. On a bus that accepts electronic payments, hackers have infiltrated the system so as not to pay or require payment. Security researchers have already demonstrated the ability to change the speed and kill a car’s engine.12 Another researcher presented lab findings on how networks can serve as an attack vector into airplane systems.13
Hackers will adapt and continue to attack IoT infrastructure
Hewlett Packard Enterprise, December 2015, Securing the Internet of Things: Exploring Security and Privacy in an Interconnected World https://www.hpe.com/h20195/V2/GetPDF.aspx/4AA6-3369ENW DOA: 9-25-16
The New Style of Business means there are new models to protect. Unfortunately, the criminals are smart and always seemingly one step ahead. With the changing landscape of technology and applications in the connected world, threat actors and attack vectors are expected to morph as well. In the beginning, threat actors will most likely be motivated by fame, focused on the newly interesting, novel technology. They’ll want to showcase their hacking expertise and expose vulnerabilities. But as IoT adoption spreads, the technology will be attacked or compromised based on the value to the attacker—monetary, ideology, or business disruption. Since real-time interactions are key to IoT value, actors may use jamming and interference of communications. This may include misrouting of information, impersonation, or flooding and draining of resources, which could cause DoS or at least confusion. Many legacy industrial security controls assume the “protected” perimeter with walled environments. The connectivity into broader networks may inadvertently impact the physical security.
More devices mean an exponential increase in security risks
Hewlett Packard Enterprise, November 2015, Internet of things research study, https://www.hpe.com/h20195/V2/GetPDF.aspx/4AA5-4759ENW.pdf DOA: 9-25-16
Suddenly, everything from refrigerators to sprinkler systems are wired and interconnected, and while these devices have made life easier, they’ve also created new attack vectors for hackers. These devices are now collectively called the internet of things (IoT). IoT devices are poised to become more pervasive in our lives than mobile phones and will have access to the most sensitive personal data such as social security numbers and banking information. As the number of connected IoT devices constantly increase, security concerns are also exponentially multiplied. A couple of security concerns on a single device such as a mobile phone can quickly turn to 50 or 60 concerns when considering multiple IoT devices in an interconnected home or business. In light of the importance of what IoT devices have access to, it’s important to understand their security risk.
A2: Smart Grid Advantage
Britain proves smart meters won’t work
Ian Brown, University of Oxford, 2013, Britain’s Smart Meter Program: A Case Study in Privacy by Design, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2215646 DOA: 9-26-15
Member States have justified privacy interference from smart meters as being in the interests of the ‘economic well-being of the country’. Quantification of increased energy efficiency from different types of smart meter configuration and programmes would strengthen this justification. There have been significant questions raised about the costs and benefits of the British programme, with a review for the government concluding that the scheme’s ‘ever-increasing complexity’ was likely to lead to an ‘IT disaster’.13
GMOS Links
GMOS bad turn
Patrick Tusker, 2014, The Naked Future, Kindle edition, page number at end of card, Patrick Tucker is a science journalist and editor. Tucker’s writing on emerging technology has appeared in The Atlantic, Defense One, Quartz, National Journal, Slate, Salon, The Sun, MIT Technology Review, Wilson Quarterly, The Futurist, BBC News Magazine, and Utne Reader, among other publications. Tucker, Patrick. The Naked Future: What Happens in a World That Anticipates Your Every Move? . Penguin Publishing Group. Kindle Edition.
Is Climate Corporation an infinite forecast machine? No. The weather is growing less predictable, but our modeling abilities are advancing more quickly. In this way, Climate Corporation is much closer to von Neumann’s dream of influencing the weather than is the IPCC. Whereas the importance of the IPCC is waning precisely because it can offer nothing but a number of scenarios, Climate Corporation has learned how to make money by predicting what the weather will cost. Unless you’re fighting a war, knowing what the weather will cost you is as valuable as knowing what the weather conditions will be. That’s the difference between the big data present and the naked future where people have telemetric data to make individual decisions about what to do next. Are we any closer to controlling the weather? The answer is both yes and no. The ability to mitigate risk is a form of control. It is worth noting that Climate Corporation was recently bought by Monsanto, the controversial company most closely associated with genetically modified foods and for a number of patent lawsuits with farmers. Monsanto may use Climate Corporation’s data to engineer new, genetically novel seeds that are more resistant to heat and water stress, which could be a boon to the fight against global hunger. But not all of Monsanto’s business practices are in line with the public interest and they may take the same protective approach to climate data as they have taken to seeds, restricting access to this important resource. Tucker, Patrick. The Naked Future: What Happens in a World That Anticipates Your Every Move? (pp. 85-86). Penguin Publishing Group. Kindle Edition.
Share with your friends: |