9.1 Information Security in Distributed Data Collection Systems

With many minute-by-minute details of private life recorded by smart devices and disseminated via the Internet of Things (IoT), the risk of privacy loss to individuals is substantial. Instead of “getting over it” as Scott McNealy suggested (as quoted by Stephen Manes in 1999), in this chapter, we suggest technologies and policies that can protect user privacy (and other security properties of user-provided data) in the emerging IoT age, and thus engender the trust of users in the smart devices they carry and with which they interact. We describe these technologies and policy approaches at a summary level only and provide references where appropriate to more detailed descriptions.

To motivate this discussion, targeted to inform technology developers for the IoT, we begin with a question: Why should a provider of technology designed to collect information care about the privacy of end users who use that technology and thus provide that information? The salient reason is the legal and financial liability associated with losing control of that information. For example, Government Executive reported that “GSA expects the contracts [to Identity Theft Guard Solutions LLC for remediations due to the well-published data ...