Frameworks to Address IoT Privacy Risks

Now that we’ve explored what the IoT is, examined some of the many views of privacy, and considered the privacy risks the IoT portends, we can turn to different frameworks and tools that can be brought to bear on those risks.

Historical Methods of Privacy Protection

In many ways, IoT privacy risks reflect general historical privacy risks: surveillance, unbridled collection, poor security practices, limited privacy management knowledge inside companies, weak consent models, and loss of user control. Similarly, there are established, general tactics that we can employ at various layers of IoT system design:

Data minimization
Emerging from the 1970s, one of the oldest strategies in privacy and data protection is to minimize collection and use. The idea is very simple: limit the amount and type of data collected, limit its use, and limit its storage. As the FTC neatly states: “Thieves cannot steal data that has been deleted after serving its purpose; nor can thieves steal data that was not collected in the first place.”67 Further, limiting use helps to ensure that the data is used in the context in which it was collected, thereby avoiding function creep. In the IoT, minimization can occur at two levels:
 
Design: Designers should include only the sensors, functions, and capabilities necessary for a device’s core feature set versus including the ability to capture information for a future yet-undetermined use.
 
Storage: Devices and systems ...

Get Privacy and the Internet of Things now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.