Hear that? It’s the sound of all our smart devices, chattering away to each other just below the threshold of consciousness.
As I walk between my desk and the snack machine (for the second time this morning), the Jawbone Up on my wrist is quietly counting my footsteps, the better to chide me later for not getting enough exercise. At home, my Nest Thermometer is monitoring my movements and learning my habits to ensure I don’t waste electricity and money heating an empty house.
My Vivant home security system is making sure the doors and windows are locked and sending me text alerts when they are not. Strategically placed Web cams let me see when the kids have arrived home and if they’ve brought any friends with them (a fact that truly annoys them, much to my delight).
An Audiovox Car Connection gizmo in our old beater minivan lets me know when my son has left home and arrives at school, as well as where else he’s been and how well he’s been driving.
These are all part of the Internet of Things, and if you haven’t heard that phrase before, you will hear it ad nauseam in the years to come. As more devices become smart and connected, just about everything you use will become a part of it.
Today, as I type this, the FTC is holding a day long session on the IoT and its implications for privacy and security, of which there are many. If I happened to live near DC, I’d be there right now.
In one sense, these are the same issues raised by any type of data collection: Who controls this data? How can we keep it secure? What could happen if it leaks? But the Internet of Things is both much larger and much more personal.
Data be the day
To be sure, the data my various devices are collecting about me and my family are for beneficial purposes. But that won’t necessarily always be the case. For example:
* The Jawbone Up could share information with my health insurance carrier, which could raise my rates if I don’t hit my daily 10,000-step quota for a week.
* The Nest could alert the local authorities if I am using an usual amount of electricity for a single family dwelling. Maybe there’s a drug factory in the basement.
* If Audiovox can track my son’s location, as well as a history of his locations over time, so can anyone else who has access to that data. And location data, as I’ve written before, can unlock a trove of other information about you – your political opinions, your drug habits, your sexual proclivities, etc.
Do I really believe these things are happening? No. If I did, I wouldn’t use these devices. But we are in the very early days of the Internet of Things. When companies introduce new technology, they tend to be very cautious about how they use data, lest they spook their customers. Fast forward ten years, though, when every device is smart and connected, and the situation changes.
Just look at what happened to Web tracking. At first, it was a handful of companies depositing cookies to deliver ads. Now there are more than 1300 Web trackers – those are just the ones we know about – doing Lord knows what with our data.
What’s different with the IoT data is that, unlike tracking cookies, very little of it is anonymous. The Up is on my wrist, connected to my iPad app; the Nest is in my hallway, at my home address; the Audiovox is connected to the onboard computer in my son’s car.
And, of course, there are no rules whatsoever about what these companies can do with the data.
Rand on the run
The fact the Feds have deigned to acknowledge the emergence of vast new fields of highly personal data has caused severe knotting of the knickers among certain pro-privacy advocates. Yes, I’m talking about the die-hard Libertarians, to whom all government regulation is borne on the backs of evil flying monkeys.
At The Technology Liberation Front, privacy wonk Adam Thierer worries the FTC hearing is “the beginning of a regulatory regime for a new set of information technologies that are still in their infancy” that could “encourage preemptive controls on this exciting new wave of digital age innovation, based almost entirely on hypothetical worst-case scenarios they have conjured up.”
In a nutshell, Thierer argues that attempting to regulate the Internet of Things will kill innovation. If that sounds familiar, it’s because it’s the same argument the fossil fuels industry uses to fight limits on carbon emissions. Substitute “environment” for “Internet of Things” and “jobs” for “innovation,” and it’s identical.
If Thierer has actual proof that regulating data use harms innovation, I’d like to see it. Because that point of view is just as theoretical as the “hypothetical horribles” and “boogieman scenarios” he rails against. In fact, the truly innovative companies will be the ones who figure out how to use this data and keep it secure and private.
What happens when regulation is absent or reduced? Things like the BP Deepwater Horizon oil spill and the Wall Street-induced 2008 meltdown of our economy. Once upon a time they were hypothetical horribles, too.
When an oil derrick blows up, everyone knows about it and everyone knows who’s responsible. When the economy melts down because Wall Street bankers gambled with other people’s money and lost, that’s also obvious, even if our government lacks the will to prosecute the bastards.
With data, though? Not so much. Some algorithm is triggered by some piece of data from some unknown source, and now your car insurance has doubled. Once data is out there, it’s gone. There’s no retrieving it, there’s no erasing it.
I’m not saying a data spill will kill millions of fish and birds or kick millions of people out of their jobs and homes. But over the last year we have all witnessed enough wholesale accumulation of data by friends in No Such Agency to be wary of any hypotheticals.
I am as cynical about our government’s general level of competence as the next guy, most especially when it comes to regulating technology. I don’t think most members of Congress can find their hindquarters with both hands and a GPS.
But this is not rocket science. The biggest privacy problems stem from a) collecting data that’s unnecessary, b) keeping it for longer than needed, and c) using it for purposes other than the ones under which it was collected. There’s also d) being stupid about how you protect it.
The more data you have, and the longer it sits around, the more likely some party will come up with “innovative” ways to use it that may or may not be to your benefit and/or it will get lost or stolen.
For example, data collected from EZ Passes – which were created to reduce lines at toll booths and smooth the flow of traffic during rush hour – is being used in criminal and civil litigation to track people’s movements. That’s not what anybody signs on for when they plunk down money every month.
So here’s what I propose. We need some basic rights delineated here. Something simple that says it’s my data and I get to say what happens to it. Period, full stop. You want to use it for some other purpose, you have to go through me first. And, by the way, I’d like you to destroy it immediately after it's used, to reduce the risk of a data spill. That’s too difficult for you? Maybe you should try to be more innovative.
Don’t get me wrong. I think the Internet of Things has amazing potential to do great things for our society. I just think the companies building it need to know the rules of the road before they start pouring the cement.
The way regulation usually works in this country is that Congress waits for things to get really bad, then offers half hearted measures to mitigate some of the problems they’ve caused – usually watered down after a fierce lobbying battle by entrenched industry interests.
Let’s not let that happen this time. We are now surrounded by smart devices. Can’t we be just a little bit smarter ourselves?
Got a question about social media or privacy? TY4NS blogger Dan Tynan may have the answer (and if not, he'll make something up). Follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to's, follow ITworld on Twitter and Facebook.
Now read this: