Big Data // Hardware/Architectures
Commentary
6/30/2014
09:06 AM
Marc Loewenthal
Marc Loewenthal
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Internet Of Things: Current Privacy Policies Don't Work

Traditional ways to deliver privacy guidelines, such as online postings or click-through mechanisms, don't work with the Internet of Things.

The Internet of Things has gone mainstream. Consumers can use devices to control things in their houses from appliances to pet-food dispensers. Applications on mobile devices can measure how far and how fast the wearer has run or walked and can track heart rate and blood pressure. Connected sensors and devices, and their potential uses, are proliferating.

But discussions about the data created are far more likely to focus on how to use the data rather than how to protect it. While devices and applications are generally designed and implemented with data protection in mind, that is unlikely to be enough. Developers and users must consider the broader implications for individual privacy as vast amounts of information -- about health, browsing history, purchasing habits, social and religious preferences, and finances, among other things -- accumulates.

Internet of Things data, for now, is collected indiscriminately, and users have little inkling about how the data collected can be used for marketing, identification, and tracking. They typically ignore the privacy notices or terms of use, and the mechanisms for delivering the notices are often awkward, inconvenient, and unclear.

The crucial question for the owner of the app or the device is whether data collection is limited to an identified purpose. The crucial question for users is whether they can determine when, how, and to what extent their information is communicated to others.

[You may not get a second chance. See IoT: Get Security Right The First Time.]

Traditional privacy notions rely upon the Fair Information Practice Principles. While we can certainly look to FIPPs for guidance, they can't adequately address the issues posed by the Internet of Things because the traditional ways to deliver privacy guidelines -- posting them online, mailing them, and online click-through mechanisms -- don't really work with IoT. Today, the data being collected on these devices is largely invisible to us. For instance, a driver behind the wheel has little discretion over traffic sensors that transmit speed, license-plate numbers, and location. Given the number of devices transmitting information during the course of a day, requiring notice and choice quickly becomes unwieldy, and innovation suffers.

(Source: Tilemahos Efthimiadis on Flickr)
(Source: Tilemahos Efthimiadis on Flickr)

The Federal Trade Commission has taken the position that developers of devices and apps must consider both use and collection restrictions and, in conjunction with the development of devices and apps, consider privacy by design, simplified choice, and transparency -- i.e., address the privacy issues by incorporating the core principles of FIPPs.

That FTC expectation is difficult to meet in practice. Use restrictions are generally ineffective because they depend upon self-enforcement or third-party enforcement, and confidential information can't be retrieved once it is released. The same is true of collection restrictions: It is impossible to monitor every device to confirm that the data being collected is consistent with the purpose intended. Enforcement is complicated because there are multiple players -- the manufacturer, service networks, advertisers, and carriers, to start with -- and only the most egregious offenders are likely to attract regulators' attention.

Developers and users can address some of the questions that the IoT raises by studying new approaches to protecting privacy, starting with those that account for the continuous communication of individual information. New approaches to IoT privacy should:

  • Abandon traditional forms of privacy notices and instead adopt codes of conduct and terms of use based upon usage. Consider establishing frameworks for different types of connected devices. For example, common terms-of-use for any devices tied to smart grids that track electricity and water usage might be used to reward individuals for conservation and assist in determining utility pricing.

  • Clearly and completely state the purpose for collection and the related context, including potential benefits to the individual. Collecting personal health data such as pulse rate, blood pressure, activity, and other vital statistics might be expected when it is being transmitted to an individual's healthcare provider which, in turn, may lead to more efficient medical and health treatment. But individuals may not know that a fitness bracelet or a mobile phone app that transmits such data might also be used to market other products or medications to them.

  • Make personally identifiable data anonymous whenever possible in ways that prevent re-identification, so that users don't need to be concerned about the nature and use of data gathered by IoT devices.

  • Explain the criteria used to gather and retain data, and communicate whether data is being retained to improve products, enhance further research, enhance security, etc. This sounds easy in the context of traditional privacy notices, but it may be problematic with products like Google Glass that gather data from all kinds of sources in the surrounding environment, making it impossible to state with specificity what is being gathered and retained by the user. Finding ways to keep personally identifiable data anonymous with these types of devices may be the way to address this problem.

  • Monitor data transmissions so that misuses can be blocked or trigger notices to affected users.

  • Provide users reasonable access to their personally identifiable information, and give them the ability to change or correct it.

The traditional privacy notice did not conceive of an Internet of Things. As the number of connected devices expands, the data collected will undoubtedly yield social benefits. However, the challenge will be finding a privacy paradigm that respects individual rights and accommodates choice and makes sure that the social benefits don't come at the cost of individual privacy. Progress won't wait for us to develop new ways to deal with this challenge, which is why we must give serious consideration to new approaches now.

Marc Loewenthal is speaking on these issues July 10 at the Internet of Things Privacy Summit, hosted by TRUSTe.

InformationWeek's new Must Reads is a compendium of our best recent coverage of the Internet of Things. Find out the way in which an aging workforce will drive progress on the Internet of Things, why the IoT isn't as scary as some folks seem to think, how connected machines will change the supply chain, and more. (Free registration required.)

Marc Loewenthal is Director at Promontory Financial Group, where he advises clients on governance risk and compliance matters with a particular emphasis on privacy and information security. His areas of expertise include advice on privacy governance and privacy management, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tekedge
50%
50%
tekedge,
User Rank: Moderator
6/30/2014 | 11:52:07 PM
Intenet of things
I think it is a tall order and really wonder how this can be achieved. It looks good in theory but how to get it to work is a big question in my mind. With so many apps out there where do we stop to protect privacy.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
6/30/2014 | 5:57:39 PM
Re: Pay attention to the possible consequences instead of always focusing on the positive.
Well said. The IoT looks a lot more appealing with the data owner is the only one with access to the data. 
GAProgrammer
50%
50%
GAProgrammer,
User Rank: Ninja
6/30/2014 | 1:16:33 PM
Pay attention to the possible consequences instead of always focusing on the positive.
IoT is great when it is ONLY YOUR data and devices being monitored and can usher in a new era of detailed information. See John Deere and CSX.

However, for every plus, you have to deal with the minuses.  For example:

" Consider establishing frameworks for different types of connected devices. For example, common terms-of-use for any devices tied to smart grids that track electricity and water usage might be used to reward individuals for conservation and assist in determining utility pricing."

Tthis sounds great until you realize that it can also be used to PUNISH anyone who doesn't comply with some arbitrary measurement of "conservation" or even worse, a government definition (see "healthy" as defined by the US Govt - a 5'10" male should be 145lbs. That is just sickly!)

Ironically, most of the purported benefits of IoT go away when you anonymize the info for privacy purposes.

We should always strive to innovate and find better ways of doing things - but not when the solution causes or creates more issues than the original problem.
Laurianne
50%
50%
Laurianne,
User Rank: Author
6/30/2014 | 1:16:07 PM
IoT Data correction
"Provide users reasonable access to their personally identifiable information, and give them the ability to change or correct it." I agree with this goal, but scratch my head at how hard this will be to achieve.

There is little incentive for Whirlpool to create an "appliance data clearinghouse," right?
In A Fever For Big Data
In A Fever For Big Data
Healthcare orgs are relentlessly accumulating data, and a growing array of tools are becoming available to manage it.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.