The rise of the sensor could have numerous benefits for organisations and individuals, but will user privacy be eroded in the wake of the Internet of Things revolution?
18 March 2014 - 21 March 2014
IOT Curator and Director for Strategy & Business Transformation at Intel
Friend or foe? Protector or Big Brother?
Security and privacy conjure up many negative thoughts: viruses, identity theft, hacking, criminal activity, malware and more. And the flip side of this, is how to protect our personal information and also how to ensure business continuity and build resilience. Does the lauded Internet of Things (IoT) increase the risk for security and mean the end to data privacy?
Traditional security attacks come at us from applications, they are moving down the stack into the operating system layer (and VM and even hardware). It makes sense for us individually through strong passwords and hardware providers and makers to build a multilayered approach to security to combat this. We all play a part in reducing the risk, from using encryption, to storing our data securely, demanding services and hardware that include security. If you are an IT professional or run buildings, services or transport systems, you owe it to your customers to secure your systems.
And so to privacy. On a business level, what personal data do I need to manage a better customer experience for my customers? To enable me to market products or services that are more likely to be of interest what do I use? On a personal level, ehy might I want to share my data? What do I gain?
Take a day in the life of a 40-something tech professional. School run, stop at shop, commute to office, meetings, lunch out with a client, reverse and stop for dry cleaning on way… planning for supper tonight and live gig at the weekend.
I want my phone and sat nav to know my route to school, as I take it five days a week, and tell me there is a block and reroute me. I would like know the impact on my calendar of the delay. It would be useful to know where I can park - reserve the spot please - to get into the shops and maybe leave my car there and catch a train to London; based on air quality it would be nice not to add to the issues.
I, of course, want this to be seamless, easy to use and cost balanced, and as much as possible done with minimal new action, so save my card details, book the parking slot, pay for parking and the train ticket. My customer has reserved his favourite place for lunch, and knows my allergy and previous choices.
Minor issue: I spill coffee down my shirt as I step off the train. I step in front of a digital sign that knows me as I choose to share some personal info with the service provider and it shares a suitable brand of clothing, I click and on my phone I get a discount code, a map and off I go. I walk in the store, it knows my size as I choose to share and save that data. I get offered a digital image of me in the new blouse, I use my code to get a 20 percent discount, and I buy two as they are on offer and have the other one sent home - they have my address details stored.
Work is as busy as ever and I have a five-minute break. I reserve tickets for a weekend gig, online of course. I don’t have to type in my card details as I use the service often. I resume meetings, emails and calls, I take a cab to my lunch meeting, using mobility as a service I quickly choose a cab as my quickest transport mode today; yesterday the tube was faster.
Lunch and a great meeting, paid discreetly as they have my details. And reverse until I get home.
The data involved, gathered and shared in this 'average day' is vast, the sensors that capture and create much of the info are phenomenal. This is all in the here and now, this is not the future, it's today. Yet today I have little control over what is shared and with whom. Do I care? Yes. There is some data that I am happy to share (my food preferences and allergies), some that I am happy it is gathered anonymously (my journey and timings), some I want to know about to help me make decisions (air quality, prices, availability).
For IoT to be truly successful, and for businesses and individuals to quickly realise the gains possible from connecting the 'things', open standards providing interoperability are the way forward. Open standards does not have to mean insecure. So where do you start? Is it possible to create and sustain such a system, or system of systems?
Security is now a table stake for any kind of IoT building block from the ground up. Companies have not only a duty in law to protect our data, but do they also have a moral duty? Millions of dollars, pounds, Euros and yen, if not billions are made trading or brokering data. With the vast volume of data created by the 'things', how do we ensure privacy and yet create better outcomes? Do we want to be advertised to generically or do we prefer relevant information? I am not currently in need of over 60s get active clubs, nor toddler tumble classes, yet without access to our data we are destined to continue to receive this useless information.
Is it possible for people to own their own data? Instead of companies charging others to have lists or access data, can we imagine a time when we charge or are rewarded - in the same way as loyalty cards do or even with real money - for sharing our information?
I would pose that the security solutions are there today in silicon, in hardware and in software. The bigger issue for privacy may be who decides. Who decides what of our data is private and what is available to be bought and sold. Who decides whether to use the most popular websites we have to sign away all our rights, or is there an alternative where we get to be the decision maker? Will privacy come full circle and just like domain names did, I'll have the right to use my name or brand and no one can hold me to ransom.
One thing is for sure, IoT is becoming a reality. The benefits for business and consumers are potentially massive, along with the ability to improve quality of life and manage our environment. Technology companies like Intel along with the service companies will be investing energy and resources into the solutions to protect data and the individual.