Identity, security and the Internet of Things
On the Internet, nobody knows you're a toaster
08 December, 2014
category: Biometrics, Corporate, Digital ID, Financial, Government, Health, Library, NFC
There’s an electric toothbrush that will communicate with a smart phone to record how long an individual brushes their teeth.
Let that sink in for a moment.
On the list of world necessities, a Web-connected toothbrush that counts down from 120 ranks pretty low. It falls somewhere above the Internet-enabled hairbrush but below the coffee maker that can be controlled from a smart phone.
Proponents of this onslaught of connected devices suggest that the Internet of Things will revolutionize daily life. The future portends a wholly connected home and office as well as interactive retail, dining and community environments. Connected families and social circles can access and make choices based on data elements – from who ate the last candy bar or how far Fido was walked … to automatic reordering of groceries or the normal Tuesday evening pizza order.
While some of these new devices and elements might seem trivial, connecting them all to the Internet of Things creates interesting problems. The devices need to be securely identified, controlled and protected. Work is already underway to create standards but it’s early days. Today we find ourselves in another technology-inspired Wild West environment. Still while the Internet of Things poses challenges for securing data and devices, there is another potential upside. Internet-enabled devices and wearables can serve as an additional factor of authentication to give enterprises and Web sites greater certainty in the identity of employees or consumers.
The Internet of Things problems
The ill-fated Fox television show “Almost Human” had an episode in which a home security system turned on its owners killing them both. The culprit was a hacker who gained access to the system and used it against the unsuspecting couple. This scenario is far fetched now but there are very real concerns surrounding proper security and authentication of individuals to these new devices.
The Internet of Things is an enormously broad concept, encompassing everything from smart water and gas meters to wearable technologies such as Google Glass and the Jawbone UP. IDC defines the Internet of Things as a network of networks of identifiable endpoints that communicate without human interaction using IP connectivity – be it local or global. The consultancy predicts enormous growth in the market as well, jumping from $1.9 trillion in 2013 to $7.1 trillion in 2020.
A June 2014 survey from Fortinet asked 1,801 tech-savvy homeowners questions relating to the Internet of Things as it pertains to the connected home and also found that consumers are not unaware of the issues. In the U.S., 61% of respondents say that the connected home — where the household appliances and home electronics are seamlessly connected to the Internet — is extremely likely to happen in the next five years.
Fear of data breach on the Internet of Things is widespread with 70% of global respondents expressing concern about the issue. To address these concerns, it must be ensured that only those authorized can access the data these devices produce. What if data harvested from Web-enabled toothbrushes pinpointed those users not brushing adequately. Could a toothbrush manufacturer, app developer or even a hacker sell the data to insurance companies looking to determine individual rate increases? On the other hand, should good brushers be empowered to voluntarily share this data in pursuit of lower rates? Privacy and control of data is a moving target with these systems but this challenge does not mean that the onslaught of devices will await fixes, regulations and policies.