Chapter 9Data Privacy Issues in Distributed Security Monitoring Systems

Jeffery A. Mauth1 and David W. Archer2

1National Security Directorate, Pacific Northwest National Laboratory, USA

2Galois, Inc., USA

9.1 Information Security in Distributed Data Collection Systems

With many minute-by-minute details of private life recorded by smart devices and disseminated via the Internet of Things (IoT), the risk of privacy loss to individuals is substantial. Instead of “getting over it” as Scott McNealy suggested (as quoted by Stephen Manes in 1999), in this chapter, we suggest technologies and policies that can protect user privacy (and other security properties of user-provided data) in the emerging IoT age, and thus engender the trust of users in the smart devices they carry and with which they interact. We describe these technologies and policy approaches at a summary level only and provide references where appropriate to more detailed descriptions.

To motivate this discussion, targeted to inform technology developers for the IoT, we begin with a question: Why should a provider of technology designed to collect information care about the privacy of end users who use that technology and thus provide that information? The salient reason is the legal and financial liability associated with losing control of that information. For example, Government Executive reported that “GSA expects the contracts [to Identity Theft Guard Solutions LLC for remediations due to the well-published data ...

Get Security and Privacy in Cyber-Physical Systems now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.