Welcome to the dystopian Internet of Things, powered by and starring you

The data trail we leave behind could be used against us in unexpected ways.
Written by Steve Ranger, Global News Director

While the tech industry is looking to connected homes, cars, and wearable tech for new sources of profits, critics are already warning of the security and privacy headaches ahead.

In a speech at this week's CES in Las Vegas, the chairwoman of the US Federal Trade Commission Edith Ramirez warned that by embedding sensors in every object we interact with, and allowing them to record nearly everything we do, the Internet of Things will throw up some difficult and as yet unresolved questions for businesses and consumers.

She said that while the IoT has the potential for enormous benefits for consumers, there are also "significant privacy and security implications" which could undermine trust in the technology. "Trust is as important to the widespread consumer adoption of new IoT products and services as a network connection is to the functionality of an IoT device," she said.

Ramirez said companies building IoT products should focus on security, minimise the amount of data they gather, and give consumers more notice about the information that the devices collect and how it's used.

Ramirez said that in the not too distant future, many, if not most, aspects of our everyday lives will leave a digital trail.

"That data trove will contain a wealth of revealing information that, when patched together, will present a deeply personal and startlingly complete picture of each of us - one that includes details about our financial circumstances, our health, our religious preferences, and our family and friends. The introduction of sensors and devices into currently intimate spaces - like our homes, cars, and even our bodies - poses particular challenges," she said.

The potential scale of the data generated by IoT devices means companies can conduct analysis that would not be possible otherwise, "providing the ability to make additional sensitive inferences and compile even more detailed profiles of consumer behaviour," she warned.

"Will the information flowing in from our smart cars, smart devices, and smart cities just swell the ocean of big data which could allow information to be used in ways that are inconsistent with consumers' expectations or relationship with a company?" she asked.

Ramirez painted a grim picture of a connected world that could be used by businesses in unexpected and unwelcome ways.

"Your smart TV and tablet may track whether you watch the history channel or reality television, but will your TV-viewing habits be shared with prospective employers or universities? Will they be shared with data brokers, who will put those nuggets together with information collected by your parking lot security gate, your heart monitor, and your smartphone?

"And will this information be used to paint a picture of you that you will not see but that others will - people who might make decisions about whether you are shown ads for organic food or junk food, where your call to customer service is routed, and what offers of credit and other products you receive?" she asked.

The answer to all these questions is likely to be 'yes', unless consumers and regulators force change: just as with social networks much of the value that comes from IoT devices is likely to be in the data they generate about us.

Ramirez noted: "And, as businesses use the vast troves of data generated by connected devices to segment consumers to determine what products are marketed to them, the prices they are charged, and the level of customer service they receive, will it exacerbate existing socioeconomic disparities? We cannot continue down the path toward pervasive data collection without thinking hard about all of these questions."

She warned that the small scale and limited processing power of many connected devices could inhibit their ability to use encryption and other robust security measures and, because such devices will be effectively disposable, it may be all but impossible to update the software or apply a security patch.

She said companies should conduct a privacy or security risk assessment as part of the design process and test security measures before products launch, and consider encryption, particularly for the storage and transmission of sensitive information, such as health data.

She also said companies should limit the amount of data they collect: "Consumers know, for instance, that a smart thermostat is gathering information about their heating habits, and that a fitness band is collecting data about their physical activity. But would they expect this information to be shared with data brokers or marketing firms? Probably not."

Further reading on the Internet of Things

Editorial standards