We spent last week at the Consumer Electronics Show (aka CES) in Las Vegas, with over 180,000 of our closest friends. And with 4,500 exhibitors present, you’d have less than 30 seconds at each booth if you wanted to talk to all of them. Many articles have covered the cool new things, so in this blogpost we are going to discuss our overall impressions as they relate to our work on consumer IoT security and privacy.
Not surprisingly, there were many interesting conference sessions and a wide variety of innovative products on display, including some that seemed to push the bounds of credibility in their claims. Integration of devices with voice-driven and other platforms was everywhere – Amazon Alexa, Google Assistant, Apple HomeKit, and Samsung SmartThings being the most widely adopted to date. 5G was a hot topic, especially for its improved speeds and flexibility, though specifics about its availability are still hard to pin down.
Everything these days is getting connected to the Internet – from cat toys to sports simulators to home automation. One area that seems to be gaining more traction because it has gone beyond the “gadget” stage and is solving real problems is health and wellness services for the home. These range from tools to monitor and improve your health to tools that monitor elderly or disabled people and send alerts or provide assistance. These connected devices all around us are collecting and transmitting a great deal of data about us – about our habits, our interests, our movements (both physically and online), our communications (including our spoken conversations in many cases), and what other connected devices we use. Machine learning and artificial intelligence are being applied both to analyze activity (what is the camera seeing?) and proactively control surroundings (turning on lights and firing up a playlist as you come home from work).
This leads to many questions, including:
- What happens to all of this data after it is collected and transmitted into the cloud? Who has access to it, and under what circumstances?
- What is happening behind the scenes, within and between manufacturers, to correlate and analyze the collected data and derive conclusions about us and our lives?
- What ability, if any, do users have to understand and control what is being collected and transmitted, and how it is being used?
- Do users have the ability to review the data being held, and to delete some or all of it upon their request?
- How much can we as consumers expect industry to monitor and police itself?
- What ought to be the role of regulators and policy authorities in protecting consumers from inappropriate actions on the part of manufacturers and related service providers?
While security and privacy were discussed in a few specific sessions, focus on features, functionality, and convenience ruled the day. Because frequent headlines about security and privacy lapses in consumer IoT services have raised awareness and concerns for both consumers and policymakers, we believe industry has an opportunity to proactively address security and privacy and make it part of the core conversation. To help provide guidance on implementing appropriate levels of security and privacy, the Online Trust Alliance (OTA), an Internet Society initiative, has produced the IoT Trust Framework. This set of 40 principles covers security, privacy, and long-term sustainability (lifecycle) issues. It is intended as a guide for IoT manufacturers, for procurement (including governments), and for retailers to use as a “filter” by which to evaluate the products and services they choose to sell.
How can you learn more? The Internet Society has produced a number of resources about the various issues surrounding IoT, including with our partner Consumers International (the membership organization for consumer groups around the world), such as:
- The Internet of Things: An Overview – Understanding the Issues and Challenges of a More Connected World a whitepaper that examines many important aspects of the Internet of Things
- IoT Policy Brief to help understand the policy implications of IoT
- IoT Security for Policymakers to learn how policymakers can help build IoT we can trust
- IoT Privacy for Policymakers, coming soon
- Minimum Standards for Tackling IoT Security (joint effort between Internet Society, Consumers International, and Mozilla)
- The Online Trust Alliance’s IoT Trust Framework
- ConnectSMART – in partnership with Consumers International
And lastly, our IoT resource center at https://www.internetsociety.org/iot/.
The connected future is here. Imagine the possibilities. #GetIoTSmart