ICFE eNEWS #16-31 - Sep 7 2016
View this eNEWS online

Using The Internet of Things (IoT) or Privacy: A Tough Choice

By Yan Ross, Director of Special Projects, ICFE

True to the long-standing observation that security and convenience are at opposite ends of the spectrum, the advent of the "Internet of Things" (IOT) has caused consumers and businesses alike to make difficult decisions.
As much as people generally say they value their privacy, in practice it is often the case that applications of the latest "whiz-bang" technology often overcome privacy concerns. To date, most of these applications are based on mobile communications technology, usually in the form of smartphones.
However, connectivity with the internet using less obvious but more ubiquitous devices is quickly becoming the highest growth sector in consumer technology. With this phenomenon comes the sometimes reckless abandonment of privacy concerns. Somehow the convenience, and even demonstration of being up to date appears to have overcome concerns for privacy about the transmission, storage, access, and distribution of highly personal and sensitive information.
Some examples include the popular Echo from Amazon, Nest thermostats and other home system control devices, automobile information and control modules, and even "wearables" - devices that are worn, not carried, and report many personal activities and characteristics, including medical data.
The interoperability of these internet-connected devices present both convenience and security challenges. The value of monitoring and controlling medical devices, such as an insulin pump for a diabetic, is certainly of great value to both patient and healthcare provider. But it's also an opportunity for identity thieves and others with ulterior motives to access sensitive information, abuse medically confidential data, and even control the device.
Although there is no statistically sound way of assessing the implementation of encryption or other means of securing the information flow of such devices, there has to date been no credible assurance of the security, and thus privacy, of these systems. As fast as bugs are discovered and reported, manufacturers work to fix them - but in the meantime, new issues appear to arise on a regular basis.
Indeed, media reports abound regarding such intrusions as hacking the computer control systems of late-model automobiles, pirating the camera and microphone programs on desktop, laptop and tablet computers, and even interfere with internet-enabled televisions and kitchen appliances.
That describes the illicit hacks of IoT devices, but there are also privacy implications for users who willingly permit what appear to be unintended uses. A notable example is the consumer's willy-nilly acceptance of the "Terms of Use" for these devices. Without accepting these End User Agreements, they just don't work. But the terms can place the consumer in a disadvantageous position with respect to privacy concerns.
For example, interactive speakers such as the Echo, are able to record and report to the sponsoring server all of the requests of the user. As the information in these requests is logged in, it is analyzed for preferences, products and service interests, and other indicia to create targeted advertising that comes back to the user in subtle and blunt forms. It may come in pop- up ads on relate or unrelated web sites, e-mail prospecting, or even robo-calls.
It is not a long leap to see how such collection, analysis, sale, and use of such information could be used for political as well as commercial purposes. Remembering that political phone calls are exempt from the federally-mandated Do Not Call list, is it likely that the intention of the user is to give the electoral candidates a candid peek into the most personal preferences?
The purpose of this article is not to cripple or create obstacles to the use of the Internet of Things. To be sure, that is unlikely in any case. Rather, we seek to raise awareness of consumers in the acquisition and use of the interface devices that may subject them to unwanted invasions of their valued privacy, especially in cases where they inadvertently give permission for such incursions.
ICFE continues in its mission to educate and assist consumers in the issues and challenges that face them as they integrate technological solutions into their daily lives.

Yan Ross is ICFE's Director of Special Projects, and the author of the Certified Identity Theft Risk Management Specialist ® XV CITRMS® course. As an accredited educator for over 20 years, he has addressed Identity Theft Risk Assessment and management for consumers, organizations holding personally identifiable information, and professionals who work with individuals and organizations who are at risk of falling victim to identity thieves.

ICFE eNEWS is available FREE upon request by visiting the ICFE's Web site and filling out the contact form, selecting "Yes" for "Add to Mailing List." Please pass this eNEWS on to your peers and interested others and invite them to subscribe for free. Also, visit the ICFE's new Web site: StudentDebtHelp.org

Sent by:

Paul S. Richard
President - Executive Director
Institute of Consumer Financial Education (ICFE)

ICFE - Institute of Consumer Financial Education - ICFE.info - 619.239.1401