Protecting consumer privacy becomes increasingly tricky as the IoT becomes more prevalent. More devices are connected to different types of devices and this increase in connectivity and data collection results in less control. Both controls of data and control of the very devices that are connected are at stake.
Control can be lost if someone hacks into the smartphone or computer acting as a remote for the other devices. In the case of computers and smartphones, this hacking can be done remotely and often undetected. Smartphones, just like computers, carry an enormous amount of personal information about their owners. They often link to bank accounts, email accounts, and in some cases, household appliances. Stolen data can result in serious problems. Vehicles contain many computers that control their function. Initially, these computers could not be hacked into. With the increased connectivity of the IoT, however, vehicles are now at risk due to being connected to the Internet.
In another sense, control can be lost as more and more companies collect data about users. This data often paints a detailed picture of individual users through the collection of activities online. Everything you search, all of your activities online, are being tracked by companies that use that data [1]. These companies often use the data to improve the user's experience, but they also use this data to sell users products or sell to other companies who sell users products.
Innovation in this realm means that companies must alter the privacy policies that are in place as well as how they interact with these devices. Companies will need to take another look at the policies that they have in place to ensure that consumers are offered opportunities to access and control their data. Consumers will become increasingly aware of the privacy implications of this level of connectivity through interaction with the IoT and exposure to the policies that companies provide to them.
Frank Pasquale, law professor and EPIC advisory board member [2] discusses privacy concerns related to the IoT in a May 2014 Pew Research Report. Pasquale states that the expansion of the IoT will result in a world that is more “prison-like” with a “small class of 'watchers' and a much broader class of the experimented upon, the watched.” In another article, he reinforces the idea that the IoT “will be a tool for other people to keep tabs on what the populace is doing.
EPIC President, Marc Rotenberg, explains in the Pew Research Report that the problem with the IoT is that “users are just another category of things,” and states that this “is worth thinking about more deeply about in the future.”
There are many real issues with IoT privacy, and all of them must be in detailed explored, but here are general ways IoT developers can improve IoT privacy[3].
Minimize data acquisition: software architects should look at the frequency and type of data collected in the context of the application and should not collect more data than the task requires. The platform should control which data an application receives.
Minimize the number of data sources: aggregation of data from multiple sources allows malicious parties to identify sensitive personal information of an individual that could lead to privacy violations.
Minimize raw data intake: raw data could lead to secondary usage and privacy violation. Therefore, IoT platforms should consider converting or transforming raw data into secondary context data.
Minimize knowledge discovery: IoT applications should discover only the knowledge necessary to achieve their primary objectives. For example, if the objective is to recommend food plans, the app should not attempt to infer users’ health status without their explicit permission.
Minimize data storage: raw data should be deleted once a secondary context is derived.
Minimize the data retention period: more extended retention periods give malicious parties more time to breach and exfiltrate data.
Support hidden data routing: to make it more difficult for internet activities to be traced back to the users, this guideline suggests that IoT applications should support and employ an unknown routing mechanism.
Anonymize data: remove personally identifiable information (PII) before the data gets used by IoT applications so that the people described by the data remain anonymous.
Encrypt data communications: typically, device-to-device communications are encrypted at the link layer using specialised electronic hardware included in the radio modules. Gateway-to-cloud communication is generally secured through HTTPS using Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
Encrypt data during processing: sometimes the party processing the data should not be able to read the data or the computational results. Process data while they are in encrypted form. For example, homomorphic encryption is a form of encryption that allows computations to be carried out on cypher-text, thus generating an encrypted result that, when decrypted, matches the result of operations performed on the plain-text.
Encrypt data in storage: encrypted data storage reduces any privacy violations due to malicious attacks and unauthorised access.
Reduce data granularity: IoT applications should request the minimum level of granularity that is required to perform their primary tasks. A higher level of granularity could lead to secondary data usage and eventually, privacy violations. For example, location can be coarse, based on cell tower location or fine, based on the address.
Query answering: raw data can lead to identification and privacy violations due to secondary usage. Instead of providing a numeric response to a query a relative scale, e.q. 1–5 should be used.
Block repeated queries: query responses should block multiple queries that maliciously could discover knowledge that violates user privacy, such as analysing intersections of multiple results.
Distribute data processing: distributed data processing avoids centralized large-scale data gathering and exfiltration.
Distribute data storage: distributed data storage reduces any privacy violation due to malicious attacks and unauthorised access. It also lowers privacy risks due to unconsented secondary knowledge discovery.
Knowledge discovery based on aggregated data: new knowledge, such as the visitors to the park were young students during a time period, is sufficient for a gift shop to perform time series sales analysis. But the exact timing of their movement is not necessary.
Aggregate geography-based data: geographic data should be aggregated within boundaries. For example, how many electric vehicles are in use in each city should not store details about individual vehicles.
Aggregate data based on the time period: energy consumption of a given house can be acquired and represented in aggregated form as 160 kWh per month instead of gathering energy consumption daily or hourly.
Aggregate data based on category: aggregating based on a category that meets the needs of the analysis rather than exact data prevents secondary use. For example, categorising a household’s energy use in the range of 150–200 kWh instead of specific usage.
Disclose information to users: data subjects should be adequately informed whenever data they own is acquired, processed or disseminated.
Apply controls: it is the software architects’ responsibility to consider what kind of controls are useful to data owners, especially when data owners are not knowledgeable. Some of the considerations: 1) data granularity; 2) anonymisation technique; 3) data retention period; 4) data dissemination.
Log events: logging of activities during all phases will allow both internal and external parties to examine what happened in the past to make sure a given system performed as promised.
Perform regularly audits: regular, independent audits and examination of the logs, procedures, processes, hardware and software specifications should periodically be performed. Non-disclosure agreements should bind outside parties.
Make apps open source: wherever possible IoT applications should be made available under an open-source license so that outside parties can review the code and compliance demonstrated.
Use data flow diagrams: data flow diagrams used by unified modelling language will allow interested parties to understand the data streams of a given IoT application and how data is treated for a demonstration of compliance.
Get IoT apps certified: certifications given by a neutral authority will add trustworthiness to IoT applications.
Use industry standards: industry-wide standards such as AllJoyn and the All Seen Alliance typically inherit security measures that would reduce some privacy risks.
Comply with policies and regulations: adherence to policies, laws, and regulations such as ISO 29100, OECD privacy principles and the European Commission’s rules on the protection of personal data will reduce privacy risks.