WOT logo

Hey Alexa, Send My Regards To The CIA – Connected Devices in The Age of Snowden

IoT Devices

Welcome to the future! ‘Smart’, web-connected devices represent a cosmic shift in the way we interact with the world. This is called the Internet of Things (IoT). Your watch listens to your heart and tracks your every movement, your phone knows you better than your therapist, and cars whiz about roads autonomously. Meanwhile, AI assistants perch innocently in our kitchens; listening, listening, listening…

The Internet has spread from the desk, to the pocket, to the home. Each evolution brings new and challenging questions. As the Internet of Things continues to propagate into more intimate spaces, how can we ensure that we move forward with an eager, but not naïve, stride? How can we ensure that Kubrick’s 2001: A Space Odyssey remains a cautionary tale, and not a prophecy?

This is Now

In 2015, security researchers hacked a Jeep Cherokee while it was on the road and assumed full control of the vehicle. That same year, Mattel (the toy company) faced criticism for sending audio files of children interacting with their ‘smart Barbie’ to third parties. Malware is a nuisance when it is erasing precious computer files, but we’re entering a completely new paradigm in which malware can commandeer a car with loved ones, or send our children’s voices to unknown entities. Just this year, WikiLeaks revealed that the CIA is capable of secretly activating some smart TV cameras for surveillance purposes.

The list of hypotheticals is endless. A hacker with malicious intent could alter a diabetic’s insulin pump so that they no longer receive medicine. Unauthorized access to security cameras or baby monitors bears obvious risks. Fitness devices could reveal location habits. Hacking into energy meters could help burglars determine whether homeowners are away. Compromised IoT devices could give access to their host network or lead to denial-of-service attacks.

As detailed in an exhaustive report by the Federal Trade Commission: “The sheer volume of data . . . is stunning. Fewer than 10,000 households . . . can generate 150 million discrete data points a day or approximately one data point every six seconds for each household. Such a massive volume of granular data allows . . . analyses that would not be possible with less rich data sets. Researchers are beginning to show that existing smartphone sensors can be used to infer a user’s mood, stress levels, personality type, bipolar disorder, demographics (e.g., gender, marital status, job status, age), smoking habits, overall well-being, progression of Parkinson’s disease, sleep patterns, happiness, levels of exercise, and types of physical activity or movement.”

So what can you do?

1. Brands matter
Big-name brands are held to higher public scrutiny, so it may not be worth saving a couple bucks on knockoff products.

2. Follow the money
Determine where a company’s incentives are. Corporations love paying lip service to privacy concerns, but the truth is that almost all of them are finding business models to monetize around your data (such as Facebook, Google, and Microsoft). Apple, on the other hand, still make their money by selling expensive hardware, so they have less incentive to collect your data.

3. Read privacy policies
They’re long and boring, but that’s where the truth is hidden. Samsung recently came under fire for a line in their smart TV privacy policy that rang uncomfortably Orwellian:
“Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.”

4. Create strong passwords
How secure is your password? Brute forcing a device’s password is the easiest way to gain access. Research shows that the most common password today is still 123456. WOT suggests using password managers like 1Password to generate strong, randomized passwords.

5. Care!
Privacy, it turns out, may not be so valuable after all. The Helsinki Privacy Experiment studied the psychological effects of surveillance in the home. Their conclusion was that “most [people] simply got used to it.” For the masses, the convenience of connected devices outweighs privacy concerns. Remember when browser cookies were controversial? Today, they’re standard fare.

Forgive and forget should not remain the approach. Those of us who do care, the informed consumers, should fight for a better future. Hold IoT companies responsible, be conscious consumers, support legislation that advocates security and privacy protections, reward companies that are forthright about how they use our data. Perhaps we could even require a privacy label (and kill switch) on our gadgets, the same way we require nutrition labels on our food.

It is impossible to predict the many potential avenues of this future. The Internet of Things will continue to mesh the virtual world with the physical in ways that are difficult to imagine today. Gartner estimates that 20 billion connected devices will be available in the market by 2020; we cannot, nor should we, try to stop progress. What we can do is ensure that we are evermore informed and knowledgeable. This is a turning point in history, the consequences of which may outweigh the invention of the Internet itself. The thought processes and values that we define today will provide the foundation for all future discussions in this field. Your wallet is a weapon – aim carefully!

Leave a Reply

Your email address will not be published. Required fields are marked *