https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Thinkstock

Bioometric identification

IoT privacy and the tricky question of data ownership

IoT privacy advocates ask: If data is the new currency, why are so many people giving it away for free?
  • Written by Brian Buntz
  • 24th August 2017

“The Party seeks power entirely for its own sake. We are not interested in the good of others; we are interested solely in power, pure power.” — George Orwell in 1984

Collect data first, ask questions later. That seems to be the unofficial motto for many organizations when it comes to data gleaned from IoT devices and other connected devices like smartphones.

But the fact is, we are now living in a big data world, and organizations across the world are seeing that they can realize unexpected benefits to data gleaned from IoT devices. “My view generally is all of this data is being used against us,” said Ari Scharg, a Chicago-based partner at the law firm Edelson PC. “Companies might say they are using it to benefit their customers, but that’s just a tagline. What they really mean is that they want to know everything they can about their customers’ personal lives so that they can predict and capitalize on their needs and behaviors.” The market for such insights is considerable. The U.S. data brokerage industry generated some $202 billion in revenue in 2014, according to the Direct Marketing Association, and it’s poised to expand in tandem with the Internet of Things. “Just think about how valuable the data collected by your smart refrigerator about what you eat and drink every day would be to a life insurance company that is pricing your policy,” Scharg explained. “In many ways, personal data is being weaponized and used to help corporations manage their own risk.” 

IoT data, crime and punishment 

One example of the potential of IoT data to be used in unexpected ways comes courtesy of Ross Compton, an Ohio man whom police have charged with aggravated arson and insurance fraud. Compton claimed a fire broke out in his house, and that he quickly grabbed a few things before escaping. Police were suspicious early on, according to a Washington Post article. He didn’t just grab a few things — he grabbed 15, which seemed like a high number for someone fleeing a fire. And investigators smelled gasoline at the site where Compton’s $400,000 house had burned, and also identified gasoline on his shoes, hands and shirt. Investigators also noted that the fire appears to have broken out in multiple locations across the house, which could be further evidence for arson.

But the most damning evidence against Compton came courtesy of biometric data gathered from his pacemaker, a medical device that is an early example of the Internet of Things in medicine. Investigators got a search warrant to download data from the connected device. According to court documents cited by the Middletown Journal-News, a cardiologist, after examining the pacemaker data, testified that “it is highly improbable Mr. Compton would have been able to collect, pack and remove the number of items from the house, exit his bedroom window and carry numerous large and heavy items to the front of his residence during the short period of time he has indicated due to his medical conditions.”

[IoT Security Summit, co-located with Blockchain360 and Cloud Security Summit, explores how industry-wide security, privacy and trust can be established to unlock the full potential of IoT. Get your ticket now.]

Compton has pleaded not guilty in the case, and the judge in the case has allowed the data from the pacemaker to be used in the trial. The defendant’s attorney had argued that, in obtaining the pacemaker data, police intruded on Compton’s Fourth Amendment Right against unreasonable search and seizures. 

No matter what the outcome, the case could be a harbinger of things to come in the legal field, as IoT data becomes an important class of evidence, explained Peter Tran, RSA’s Advanced Cyber Defense general manager and senior director. “There’s a forensics principle known as Locard’s exchange principle that applies across the board to cyber including for IoT,” said Tran. “The principle basically states that whenever criminals walk into or leave a room, they leave something behind, whether they see it or not,” Tran explained. “In essence, the cyber version of the principle states that whenever data or a connection is made or transmitted, there is trace evidence that’s left behind, whether it is at rest or in transit, stored or in other memory.” 

The threat of capturing extremely personal information

Another notable case study of what can go wrong in terms of IoT privacy comes courtesy of the We-Vibe, an internet-connected vibrator. Its manufacturer, Standard Innovations, recently agreed to settle a $3.75 million class action settlement related to the data it had collected from tens of thousands of customers. The lawsuit alleged that the product logged the date, temperature of the device, time and duration of each session on its cloud server, correlating the data with the email address of registered users. The manufacturer denies any wrongdoing.    

Scharg helped represent the Chicago-area woman who brought that lawsuit.

The We-Vibe device was also featured at the 2016 Defcon security conference in a session titled “Breaking the Internet of Vibrating Things.” A pair of security researchers who went by the name of g0ldfisk and follower explained that they could have succeeded in reverse-engineering the wireless functionality of the We-Vibe device. The duo also was able to launch a man-in-the-middle attack to control the device and intercept data from it. The researchers pointed out that the devices’ geo-tracking capability posed a risk to users where such products are illegal, which is the case in a handful of countries and, in the U.S., in Mississippi and in one town in Georgia. The two pointed out that the privacy policy for the device states that the manufacturer “reserve[s] the right to disclose your personally identifiable information if required to by law.”

Facial recognition in the public and private sectors 

A further hot-button IoT privacy issue is facial recognition, which essentially works by drawing patterns from IP cameras found throughout public spaces including everything from airports and train stations to retail and corporate locations. 

The potential privacy implications of the technology, whose roots stretch back decades, came to the fore recently in a pilot project at a train station in Berlin, Germany. While officials stated that the program was intended to fight terrorism and for cracking down on graffiti, the technology “holds an enormous potential for misuse,” according to Maja Smoltczyk, an official responsible for protecting data protection rights in Berlin. 

Former Rep. Jason Chaffetz (R-Utah) reached a similar conclusion in a meeting of the Full House Committee on Oversight and Government Reform in March. Acknowledging that the technology could be a powerful law enforcement tool, he stated that the technology could be used by bad actors to “harass or stalk” individuals and that it could “chill free speech” and could potentially “track people’s location throughout the day.” 

According to the Guardian, roughly half of U.S. adults are in FBI’s facial recognition database “without their knowledge or consent.” “Imagine how valuable that database would be if [the FBI] had the facial recognition of every single American in their system,” Chaffetz said at the March hearing. “What does it mean if that information was to get into the wrong hands?” 

In the rough and tumble world of the internet, the answer to such questions may depend on who you ask.

Data brokerage and biometrics set to grow

Given the proliferation of data generated by IoT devices, smartphones and elsewhere, the role of data brokerage seems destined to play an even more important role in the economy. A recent report summary from Transparent Market Research acknowledges that “customers are unaware of data being collected, thus privacy issues occur consistently. This is expected to provide hurdles in the growth of the data brokers market.”

According to Gartner, three-fourths of analytics technologies “will incorporate 10 or more data sources from second-party partners or third-party providers.”

On a global basis for IoT, the major challenge for biometric data in general is the massive volume of collection involved, which can complicate the prospect of maintaining appropriate access, authorization and authentication, Tran said. “If the collection sample isn’t sufficient and accurate at the point of collection, the biometric ‘compass’ becomes fuzzy and gets far off course very quickly as biometric data repositories build over time with IoT being a force multiplier,” he added. “Error rates, misidentification, and exposure to nefarious manipulation of data become serious problems.” 

Given the vast amounts of data available, the lines between government and private sector databases are already blurring in some cases, with law enforcement and government agencies feeding, for instance, data from social media into their databases, which include biometric data.

There is, of course, the argument that people shouldn’t worry about being tracked if they are not doing anything wrong. “This is something that often comes up in the context of geolocation information,” Scharg said. “Some people might say: why would I care if a company is tracking where I am going? I’m not going anywhere sketchy. Putting aside the major invasion of privacy, the bad guys that hack your data don’t care about where you go. They care about when you leave your house in the morning and when you leave work to come home,” he added. “The idea that we shouldn’t care about being tracked if we’re not doing anything wrong is crazy, and frankly, it’s un-American.”

Tags: Article Security Strategy Technologies

Related


  • IoT Security Firm to Acquire Medical Security Startup
    Claroty is set to acquire Medigate to grow its foothold in securing the Internet of Medical Things
  • Ransomware Attack Could Impact Paychecks
    The Kronos ransomware attack affected the company’s private cloud service over the weekend, knocking it offline just before the holidays
  • Image shows an abstract digital big data concept.
    BotenaGo Malware Targets Millions of IoT Devices
    AT&T Alien Labs identified the malware that has left millions of IoT devices exposed.
  • IoT Startup Raises $10M
    Platform aims to bolster network security with automated device configurations and visibility.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • DevSecOps Brings Payoffs through Security by Design
  • NIST’s Quantum Security Protocols Near the Finish Line
  • Securing an Open Source OS for IoT
  • IoT Device Security at the Edge Poses Unique Challenges

Roundups

View all

IoT Product Roundup: PTC, Nokia, Arm and More

19th May 2022

IoT Deals, Partnerships Roundup: Intel, Nauto, Helium and more

14th May 2022

IoT Product Roundup: Amazon, Synaptics, Urban Control and More

27th April 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Dylan Kennedy of EMQ

Embedded IoT World 2022: Dylan Kennedy of EMQ

Dylan Kennedy, EMQ’s VP of global operations, sat down with Chuck Martin at Embedded IoT World 2022.

Embedded IoT World 2022: Omdia’s Sang Oh Talks Vehicle Chip Shortage

Omdia’s automotive semiconductor analyst sits down with Chuck Martin at this year’s event

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

Europe’s First Automated Gas Station Convenience Store dlvr.it/SR45J9 https://t.co/eDJDJ7CxkI

25th May 2022
IoTWorldToday, IoTWorldSeries

Zero-Emission, Autonomous Cargo Ship Under Development dlvr.it/SR3xgb https://t.co/3oU7CrKWkW

25th May 2022
IoTWorldToday, IoTWorldSeries

Hannover Messe 2022: 5 Key Themes at This Year’s Show dlvr.it/SR3wtW https://t.co/j0fQUiU2LW

25th May 2022
IoTWorldToday, IoTWorldSeries

Can AI Help Stop Mass Shootings? dlvr.it/SR3tqK https://t.co/VxPBdajWA3

25th May 2022
IoTWorldToday, IoTWorldSeries

China has revealed an autonomous marine drone carrier dlvr.it/SR3qXs https://t.co/yMiiqeMNrZ

25th May 2022
IoTWorldToday, IoTWorldSeries

ISQ’s #UAV inspection drones will be on display at this year’s @hannover_messe dlvr.it/SR35dg https://t.co/U6QOQtMbGw

25th May 2022
IoTWorldToday, IoTWorldSeries

👀 Looking to integrate #AI into your manufacturing process? Explore how #manufacturers can begin the process of… twitter.com/i/web/status/1…

25th May 2022
IoTWorldToday, IoTWorldSeries

The U.S. Army is getting a 5G boost for #AR #VR capabilities from #5G network provider @OceusNetworks.… twitter.com/i/web/status/1…

24th May 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X