The internet of things (IoT) has the power to make our lives more convenient and more connected than ever before, but many critical thinkers have admitted concern about consumer privacy. Consumer groups, corporations, and even governments have spoken out about the dangers of IoT being exploited, but are these truly worthy of the concern and proactive action of consumers?
Scale and Future
Part of the problem is due to the sheer scale of connectivity that IoT can provide. A little over a decade ago, most people only connected to the internet with one device—a home desktop or a laptop. Today, most consumers have at least a handful of connected devices, including smartphones, smart TVs, and even upgraded kitchen appliances designed to make life easier. Big families deciding which home appliances to buy, typically need to think about factors like the size of a refrigerator or the number of burners on a stove, but today have the option of also including internet connectivity and other high-tech features. In the next several years, the IoT boom will pump out billions of additional connected devices, and in a decade, if the trend continues, the average home could have dozens of devices within it.
If every device has a privacy concern associated with it, or an inherent security vulnerability, the multiplication of owned devices will multiply the total risk that the average family faces. In other words, if IoT devices had the same level of risk that your laptop did back in 2005, and you own dozens of connected devices, you’ll be dozens of times more vulnerable than you were back then.
One of the biggest concerns from consumer privacy organizations is the fact that your devices could be constantly listening to you. Any device with a microphone, such as your smartphone or smart speaker, could be listening to you even when you aren’t directly engaging it—or even when you think you’ve turned it off. Amazon’s Echo speakers, for example, need to constantly monitor for vocal commands, which means they can “hear” your conversations.
Imagine having a conversation with a friend in your kitchen about a sensitive matter, such as speculating about the possibility of divorce. If your smart refrigerator or stove happens to tune in, it could feed that information back to its manufacturer, who could then use that information to advertise specific services to you. It doesn’t take much imagination to think up a problematic scenario, such as a spouse seeing advertisements for a divorce attorney because they use the same Wi-Fi router.
Most major tech corporations have pledged to use consumer data responsibly, either implicitly, or in their terms of service. However, there’s often little stopping companies from selling your data to another provider, or lending them data in exchange for money. Data is incredibly valuable in today’s society, which means companies are eager to get their hands on it. In the span of a few transactions, your data could end up in the hands of a much less reputable company, or may eventually be accessible to the public.
IoT is constantly growing more sophisticated, in part because every device you own has the potential to connect with other devices. In the near future, smart speakers and other devices that “stitch” together your home networks will become more common, and it won’t be outrageous to think that your toaster, your TV, and your Bluetooth speakers can all talk to each other and share information about your habits.
On some level, this will lead to more convenience; your TV viewing habits could generate a list of recommended groceries, or your exercise habits could prompt your thermostat to lower the temperature in the home when you come back from a run. But all those information exchanges can also make you more vulnerable; a malicious user that can access just one of your devices could feasibly gain access to your entire network. A single vulnerability in the chain could lead to its widespread failure.
Another factor to consider is the perceived innocuousness of many IoT devices. Modern kids are growing up with connected devices as playthings, and many adults wear fitness bands or smartwatches without regularly considering the fact that they have a constantly connected device attached to them. It’s hard to see your “smart microwave” as a tech security hazard.
That complacency makes people underestimate the potential privacy and security issues associated with IoT. Just because something seems like it’s no big deal, or seems like it can’t pose a threat, doesn’t mean it’s harmless.
Lack of Oversight
Right now, there’s almost no governmental or regulatory oversight for how IoT should be designed or manufactured. Instead, we leave it to corporations to determine what “responsible IoT” is, and use that information to create their products. That puts consumers in a dangerous situation. There aren’t any requirements for companies to make their devices meet a certain security standard, nor are there any transparency initiatives that force companies to disclose exactly how they gather or use data (though the EU is making a concentrated effort to push for better standards).
Governmental authority isn’t necessarily the answer, but a complete lack of third-party oversight is a glaring weakness—and one that complicates all the other weaknesses already associated with IoT.
Should You Be Concerned?
So should you, the average consumer, be concerned about your loss of privacy, or the security issues inherent in IoT?
- What do you have to lose? What would you, personally, have to lose from a loss of personal information? In a worst-case scenario, a vulnerability in a connected device could lead you to lose your important passwords, such as bank account logins. But on a less impactful level, the worst you may have to fear is having your conversations overheard. Based on what we know, the rate of truly damaging hacks will be low—but if you have a lot to lose, or if you greatly value your privacy, you should be more concerned than most.
- Personal exposure. How much personal exposure are you going to have to these issues? For starters, consider how many connected devices you have and how many you plan to get; obviously, the more smart devices you have in your home, the more vulnerable you’re going to be. Your specific smart devices choices will also come into play; purchasing smart devices from reputable, transparent companies will make you far less vulnerable than buying them from newly emerging startups, or companies with a history of questionable practices. Always do your research before buying, and if you’re especially concerned about IoT privacy, consider limiting your number of connected devices.
- Personal habits and best practices. You can mitigate many of the shortfalls of IoT by doubling down on good personal habits and best practices. For example, you can make sure you choose strong passwords for all your devices, and change those passwords on a regular basis. You can read the terms and conditions of the devices and services you use, and make sure to encrypt your local Wi-Fi network. You can also customize your device settings to minimize or control which information is sent to external tech companies.
- Toward a new era. Finally, consider how the state of IoT is going to develop. This is a technology that’s still in its infancy, so it doesn’t make sense to get too upset or too complacent this early on. Keep watch for new developments, such as new governmental regulations and new trends, or new vulnerabilities found in smart devices, and use your knowledge of those developments to inform your decisions.
Concerns about IoT privacy and security shouldn’t stop you from buying that latest gadget, nor should it trigger any kind of existential crisis in you—but these are questions and problems worth considering. The ethics of big data and IoT have yet to be fully explored or resolved, so until they are, it’s your responsibility as an informed consumer to understand the products you’re buying, the companies behind them, and how those products could be exploited.