The Internet of Things will give us extraordinary insights into the mechanics of our world, our environment, our infrastructures and even ourselves. But companies that fail to acknowledge, mishandle or ignore these three privacy issues are undermining the future of the IoT.
Challenge #1: The Balance Between Features and Privacy
At the core of the Internet of Things is data. The more data a given IoT system obtains from its end users, the more value the system produces for application development, improved customer experiences and increased operational efficiency. But the secret to the IoT’s success will be in striking the right balance between the limitless amount of personalized data from connected devices (between the end users and their personal products, and between multiple, inter-connected devices) and the preservation of privacy.
Remember that just a few pieces of data from different sources can digitally “fingerprint” individual consumers. For example, a 2013 study on mobiles showed that, based on tracking our distance from mobile antennas every hour, four points in a dataset were enough to recognize 95 percent of individuals using the system. Today, both Google Now and Apple‘s iBeacons use unique user identities and location to provide seamless services that feel like magic.
The problem is that personalization via consumer-generated data and profiles is key for the IoT to truly take off in consumer-facing applications. To accelerate progress, we need IoT systems that not only manage and protect this data, but also glean powerful insights on individual identities based on just a few data points. The key will be to ensure that consumers have control over what information is shared, and how, and that they can share it with whoever they feel will give them a positive cost-benefit balance.
Challenge #2: Granular Data Sharing
The true value of the IoT comes from sharing data between systems (for example, cross-referencing information across devices and applications rather than looking at “one device, one protocol, one application” use cases). But this can significantly amplify privacy issues if it’s not managed properly.
I recently purchased a Jawbone activity tracker that could sync my Withings smart bathroom scales so I could gain a more holistic view of my fitness status and receive better training advice. However, there was no way for me to set up or restrict my data permissions—I had to share all of my personal data between products or none at all.
EPCglobal‘s own evolution of standards foreshadowed the need for the IoT to have better sharing schemes with greater granularity. Since then, a number of innovative solutions and standards have been applied, such as the use of sharing proxies based on fine-grained Web application programming interfaces (APIs)—using Representational State Transfer (REST), for instance—or social graphs combined with delegated Web authentication mechanisms, such as oAuth. The EVRYTHNG IoT smart products platform is architected on this Social Web of Things approach with data-sharing open APIs, based on many years of research. For the IoT to progress in 2015, the industry must understand that the absence of clear and simple controls to granular data management can kill the promise of data sharing.
Challenge #3: Providing Transparency and Controlling Access to Data
“Who owns the data?” The answer to this fundamental question will become more convoluted as more devices become connected, and it may differ depending on who is being asked. So creating solutions that provide transparency into who has access to IoT data will be central to policing privacy.
The ideal scenario would be to provide transparency and educate consumers to understand what they truly give away, creating a data democracy. The reality, however, is that analytical techniques combined with incidental data logging (your mobile phone connecting to a nearby antenna, for example) makes true data democracy a utopia unless clear governmental regulations are put in place.
Privacy Precedents to Come for the IoT
The question shouldn’t be “Will the IoT respect our privacy?” but “Will we find enough value to embrace IoT technologies even if we need to feed them with private data?” Private data, inevitably, will be exchanged, exposed and leveraged—there’s no going back from where the Web, social-media networks and smartphones have already taken us. However, we should ensure that these exchanges happen inside certain frameworks:
• Standardization of data-exchange protocols to ensure a transparent transport and a fine-grained sharing of private data
• Regulations to specify the boundaries of what companies can and can’t do with private data
• Simplification, standardization and regulation of data-sharing models to ensure that customers understand what they share without reading the small print
It is now time for privacy to become a new currency that lies in the hands of the people or enterprises to which it belongs—a currency that can be exchanged in an open market in which benefits and costs can be assessed easily and efficiently.
Luckily, we have history to learn from—through the evolution of technologies such as social networks and RFID systems, we understood the crucial balance between features and the hunger for private data. As a consequence, technologists were able to craft innovative ways to mitigate against growing data concerns. There is no doubt we will be able to triumph again.
Dominique Guinard is the co-founder and CTO of EVRYTHNG. Previously, Guinard co-founded the WebofThings.org and the Web of Things conference series. He was a visiting researcher at the MIT Mobile Experience Lab and at the MIT Auto-ID Labs. Prior to that, he worked for SAP, developing scalable software architectures and infrastructures for integrating real-world objects with business systems. Guinard also served as a researcher at the Auto-ID Labs Zurich, and worked on using mobile phones as gateways to the Internet of Things for Nokia. Before this, he worked on scalable IoT enterprise software architectures for RFID and embedded devices in collaboration with Sun Microsystems.