Who should and should not be talking to your fridge?
A reflection on the social impacts of smarter hardware in the physical world.
Get notified when our free report “Privacy and Security in the Internet of Things,” by Gilad Rosner, becomes available.
Here’s the scenario today: I am out of milk, and my refrigerator sits there, mute and unsympathetic. Some time in the 90s, I was promised a fridge that would call the store when I was out of milk, and it would then be delivered while I, ignorant of my dearth of dairy, went about my business. Apparently such predictions were off. Someone forgot to tell my fridge manufacturer to put sensors, software, and networking gear into their products.
But there is hope. The dumb objects in the analog physical world are being slowly upgraded. From the very sexy telemetry systems in new BMWs to the very unsexy pallets of lettuce in a warehouse, Things That Heretofore Were Blind and Mute are getting eyes, ears, mouths, and in some cases, brains. This is evolution, not revolution, and while it is still slow-moving, it’s beneficial to reflect on some of the social impacts of smarter hardware in the physical world.
Returning to my fridge — or for that matter, the smart meter or thermostat that adjusts house conditions based on some criteria — an implication of Things getting smarter and more aware of their surroundings is the ability to act upon new inputs. RFIDs on pallets in a warehouse can aid in location-finding and detect changes in temperature, but is that localized intelligence, or merely sensing, leaving the intelligence to other parts of a system?
When Things like fridges and cars and thermostats can take action, autonomously or when connected to other devices, a qualitative change has occurred. Again, this is evolution: for years, anti-lock brakes in cars have performed software-based autonomous actions based on sensor input. What’s different today is the amount of sensing, the diversity of sensing, network connectivity, more local storage, more local software intelligence, and much greater potential for the collection of personal data.
“The Internet of Everyone Else’s Things”
The world of dumb, blind objects has many virtues, an essential one being that they tell no tales. Your lamp doesn’t remember when you turned it on or off, your clothes don’t know how you smell, and your non-luxury, non-GPS enabled car doesn’t know where you’ve been. But when they do, who owns that data? If recent history is any guide, it’s not going to be you. It will not be owned; it will be shared by default, and you will have varying degrees of control over it. And while more software intelligence in the physical world will enable some autonomous, offline functions, it’s inevitable that a profound amount of data will be exchanged with services and other devices.
This moves us beyond the traditional system concerns of confidentiality, integrity, and availability. Service agreements, end user licenses, and useful external analysis introduce third parties into relationships between you and your Things. But, are users ready to navigate more data relationships? If notice and consent is tricky now, how hard is it to design devices to expose the nature of their monitoring and sharing in meaningful, actionable ways? Dave Birch of Consult Hyperion calls this problem, “The Internet of Everyone Else’s Things” — succinctly put, “who should and should not be talking to your pants?”
The democratization of making
These smarter sensing devices are coming from a wide spectrum of product makers — from traditional manufacturers to makers tinkering at the kitchen table and everywhere in between. An important difference between these two poles is the way that privacy risks are considered and dealt with. On the manufacturer side, large industrial corporations have historically been part of a regulatory fabric: safety concerns, labor laws, environmental impact rules, information security, and, yes, sometimes privacy. And while adding software, sensors, and communications to dumb objects does pose challenges to the manufacturers (the subject of a forthcoming post), companies are at least usually accustomed to some kind of compliance regimes.
On the opposite pole are the makers. While individuals might have been exposed to compliance regimes in their careers, many will not have had to deal directly with such concerns. The holding of personal data and concomitant privacy risks will be a new set of challenges to the maker community; one likely to be ill-served by mere legal regimes such as data protection law. Though often seen as insufficient, the ethos of self-regulation will play a vital role in the design of the coming tens of billions of connected devices.
The language of privacy values and the tools of privacy-enhancing technologies must be made available to everyone involved in making devices smart. Privacy thinkers with roots in computer science, law and policy, such as McAfee’s Michelle Dennedy, are helping to translate privacy ideas into toolboxes for the wide variety of makers and managers putting smarter devices into the physical world.
Does it really need to be in the cloud?
More software intelligence and storage in devices means a potential decreased reliance on cloud-based analysis. That is, as devices increase their computational capacity, there are opportunities to do more work on the devices themselves. This has advantages for privacy-preserving architectures. When data is processed in the cloud, user control can be weakened. In a recent conversation, professor Derek McAuley of the Horizon Digital Economy Research Institute noted to me: “Who gets to see the raw data, and what processing do they do in the dark corners of their data centres?”
If more devices means more monitoring, then there is a clear need for designers to consider how to prevent the unauthorized or unconsidered spread of personal data by holding identifying information on devices and enabling granular user control for sharing it. As processing capacity goes up and power demands go down, connected devices can support more local encryption and privacy-preserving architectures.
When someone finally builds me that fridge, I want to control who it’s talking to and what it says. It’s not for the manufacturer to determine who gets to know I prefer half-and-half to 2% milk. It’s not for BMW to decide who gets to see my driving-style data or to share where I’ve been this month. I bought the fridge; I bought the car — I want to control the data.