Privacy experts warn of 'ambient intelligence' risks

A group of European technology researchers and academics has warned industry and policy makers of the privacy and security risks posed by gathering and using so-called "ambient intelligence" — data gathered from ubiquitous technology.

A book published on Thursday, Safeguards in a World of Ambient Intelligence, claims both customers and citizens could be alienated if information collected by embedded devices, such as RFID tags, as well as surveillance technologies, biometrics and communications devices, is not properly controlled.

"Our feeling is that [technological] proliferation, while benefiting industry and the economy, needs to be looked at very carefully," said David Wright, one of the researchers and editors of the book and co-founder of technology consultancy Trilateral Research & Consulting.

"If companies are not careful with the technologies they install or the security measures they employ, once it becomes known that their systems, technologies or services are impacting [on] privacy or have led to a data breach, the company could suffer damage [to its reputation]," added Wright.

Following a number of recent reports of data breaches affecting both public and private-sector organisations, companies should look on the implementation of privacy-enhancing technologies as an investment or insurance against the costs of a security incident, the researchers claimed.

Costs incurred by data breaches include the notification of people affected and dealing with increased regulatory scrutiny, said Wright. "Companies may find the costs of dealing with those situations are not ones they'd like to bear," he added.

Wright also recommended that companies make it standard practice to perform privacy-impact assessments before embarking on any major technology projects. Privacy-impact assessment guidance for the UK can be downloaded from the website of the Information Commissioner's Office (ICO). "The ICO [privacy-impact assessment] handbook is excellent," he said.

Policy makers and government institutions also face damage to their reputations from security incidents and risk losing public trust if they don't safeguard citizen data, the authors claimed.

"In view of what's happened in the UK in the last few months, policy makers can see the harmful impact on reputation and how they are perceived by the public," said Wright. "There's a real trust issue here."

Policy makers in the UK should ensure procurements and processes have privacy and security safeguards — such as those laid out in ISO 17799 — built in from the beginning, said Wright. Research funding should also be allocated in part by how security is going to be built into a project. Legislation also needs to be overhauled to make it more future-proof and governments should implement data-breach notification laws, he added.