Why privacy on the internet of things doesn’t scare me

The debate about the internet of things often centres on privacy, but here is why privacy on the internet of things doesn’t scare me as much as digital rights management.

I tend to suspect that issues relating to privacy on the internet of things will be sorted out as a result of consumer and government expectations enshrined in privacy regulations.

A key capability that is enabled by the internet of things is that vendors can keep charging us for services related to their device. One reason why businesses are so excited by the internet of things is it allows them to move from selling a device as a one-off sale and towards ongoing fees for services associated with that device.

This phenomenon will enable internet of things companies to increase their revenue streams and to drive sales of additional services. Thus the value of an internet of things device is not so much in the hardware as in the software and services.

Take the pacemaker as an example. If you have a pacemaker installed and the vendor decides to charge a monthly service fee to keep the device going, what happens if you miss a payment? If the vendor has, very sensibly, implemented digital rights management on your pacemaker service then they will be able to turn it off if you miss a few payments.

If this sounds far fetched, it’s not, it is already here. Last December I test drove a new electric car, the Renault Zoe, at a conference in Paris. This car has implemented digital rights management.

If you do not pay the ongoing rental fee on the battery for your Renault Zoe then you will not be allowed to recharge the battery.

Also, chipmaker FTDI,whose chips are found in many consumer electronics products, recently announced that they will kill third party chips remotely via driver updates. This will likely render useless the devices that consumers have purchased in good faith which have counterfeit chips installed.

This is why digital rights management scares me more than privacy in the brave new world of the internet of things.

Welcome to the digital revolution and our networked future.

 

 

Internet of things, data security and privacy

I’ve been attending the 36th International Conference of Privacy and Data Commissioners in Mauritius, presenting on the Internet of Things (IoT) privacy and security to the attendees.

Kate Carruthers
Pic of Kate Carruthers by John Edwards, NZ Privacy Commissioner

It has made me very conscious of the tension between privacy/security and the drive to bring products to market quickly.

Further, it seems that the challenges of data protection have not been fully considered for many Internet of Things products and services.

An important realisation has been that we are building the Internet of Things on the somewhat rickety security foundations provided by the existing internet. We face a situation where many devices cannot apply security patches because source code is not available.

Finding way to build a safer and more secure Internet of Things and to ensure that we do not increase risk for business and consumers is critical.

An interesting approach to privacy is that taken by the Apple privacy team, who had some people in attendance at the conference. Their inclusion of privacy engineers into development teams seems like a good approach. The idea of privacy by design seems like a useful and pragmatic way to ensure that privacy is not a mere afterthought in the design and product engineering process.

Will post my slides on SlideShare shortly.