Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy

FCC CIO: Consumers Need Privacy Controls In the Internet of Everything Era 46

Lemeowski writes: Who is responsible for ensuring security and privacy in the age of the Internet of Things? As the number of Internet-connected devices explodes — Gartner estimates that 25 billion devices and objects will be connected to the Internet by 2020 — security and privacy issues are poised to affect everyone from families with connected refrigerators to grandparents with healthcare wearables. In this interview, U.S. Federal Communications Commission CIO David Bray says control should be put in the hands of individual consumers. Speaking in a personal capacity, Bray shares his learnings from a recent educational trip to Taiwan and Australia he took as part of an Eisenhower Fellowship: "A common idea Bray discussed with leaders during his Eisenhower Fellowship was that the interface for selecting privacy preferences should move away from individual Internet platforms and be put into the hands of individual consumers." Bray says it could be done through an open source agent that uses APIs to broker their privacy preferences on different platforms.
This discussion has been archived. No new comments can be posted.

FCC CIO: Consumers Need Privacy Controls In the Internet of Everything Era

Comments Filter:
  • by alvinrod ( 889928 ) on Wednesday July 22, 2015 @03:52PM (#50163621)
    The government has no real interest in legislating for privacy because even if they stopped snooping on everyone (which they shouldn't be doing to start with, even though that hasn't stopped them) it would simply be a matter of filing legal paperwork to get any information that they wanted from the corporations who are collecting and storing that data for their own reasons.

    If the FCC tried to do this of their own initiative, Congress would shut them down for "overstepping their bounds".

    Knowledge is power, especially knowledge of a person's secrets.
    • It's probably a lot like the digital TV thing the FCC pushed, where they had a financial stake as individuals in companies poised to benefit from the new regulations. Surely Michael Powell or someone like him is invested in a company which is getting ready to offer part of the "solution".
    • Meh, with the same paperwork, they could pull it straight from your inhouse server. This seems like a Good Thing(tm), and one that makes me want this guy to have more political power knowing only this about him.

  • Baaaaa!

    Meanwhile, there are holes you can drive a truck at speeds up to 125 mph thru. Remotely. Against your will.

    Mind if I slam on the brakes?

  • horse out of barn. don't have one about a car.
  • No problem! (Score:5, Insightful)

    by fuzzyfuzzyfungus ( 1223518 ) on Wednesday July 22, 2015 @03:59PM (#50163697) Journal
    We, the fine folks at the interactive advertising bureau, are delighted by the notion of a 'consumer preference client'. Indeed, we are so strongly committed to it that we recommend that it be incorporated at the hardware level, in order to provide additional trust in the 'Trusted Platform' that forms the foundation of the secure online marketplaces of tomorrow. With a suitably immutable GUID baked into every piece of hardware, we can finally ensure that each and every consumer receives exactly the privacy settings and offers most relevant to them!
    • With a suitably immutable GUID baked into every piece of hardware,

      the chinese are already way out in front of you here

  • The answer is simple (Score:5, Interesting)

    by AK Marc ( 707885 ) on Wednesday July 22, 2015 @04:00PM (#50163703)
    All personal data should be presumed copyrighted by the person it describes (including email and such). And a new law is passed that requires any company that sells personal data is required to keep a record of where that data came from, and any requests to delete that data would be fed upstream to the sources of that data.

    Today "privacy" can't work with things like "take me off your list". Because the company that makes the call doesn't "own" the list. They rent it from a company that keeps a master list. The master list company will *never* try to contact a customer directly, because then they'd be responsible for taking someone off the list, when required.

    But if the list renter was required by law to pass the removal request to the source of the data, then "take me off your list" would have real teeth. In addition to helping the people who complain and ask to be removed, it would help everyone because it would drive the master list companies out of business. Rent-seeking middle men who profit from arbitrage caused by legal loopholes should never exist.
    • All personal data should be presumed copyrighted by the person it describes

      who gets the copyright after they die? it won't expire for many years

      • Your heirs. What's the point of the question?

        • not everyone has heirs

          • According to my country's laws, everyone has heirs. Aside of you making a will and determining it yourself, there is a long, long list of default heirs (from kids to their descendants, then your siblings, your parents, your uncles and cousins...), with the state being the eventual heir if there is actually nobody in your list of relatives that is eligible, willing and able to be your heir.

            Someone will inherit it. Just like it is with the rest of your "worldly possessions". Trust me, if there is one law that

  • by Earthquake Retrofit ( 1372207 ) on Wednesday July 22, 2015 @04:08PM (#50163771) Journal
    In the age of the internet of things. And not a moment before.
  • by w3woody ( 44457 ) on Wednesday July 22, 2015 @04:11PM (#50163785) Homepage

    Okay, an internet connected thermostat does add functionality. An internet connected fire detector and an internet connected home security system also makes sense. (Though if you're working on a home security system that hooks up to the Internet and you don't think about software security, you're an idiot who needs to be put into protective custody and fed by a nurse so you don't accidentally poke your eyes out while eating with a plastic fork.)

    But why do I need an internet connected oven, refrigerator, or toaster? Do I need an internet connected coffee maker? An internet connected microwave? What value do they add, really? Notifications?

    • by Anonymous Coward

      How else will the devices report back to google and amazon what your living habits are for advertising purposes, so you can buy more hot pockets when the freezer detects you are low?

      • How else will the devices report back to google and amazon what your living habits are for advertising purposes, so you can buy more hot pockets when the freezer detects you are low?

        your watch will detect your blood sugar level and suggest various munchies

    • I'm still trying to figure out what benefit this provides me [menards.com].
  • by nine-times ( 778537 ) <nine.times@gmail.com> on Wednesday July 22, 2015 @04:53PM (#50164125) Homepage

    I think that this is really part of a larger problem that eventually ties back to identity management and account management. That may sound like a strange thing to leap to, but hear me out.

    One of the problems I've noticed for years is that it's not easy to keep track of all my accounts. Every time I sign up for a new account or trial, I have to create a new account, create a username, create a password, associate it with an email account, choose security questions, bla bla bla. Dual-factor authentication is supposed to help with some of the security problems associated with all this nonsense, but it also adds another complication to the whole thing. Once all that's done, I need to keep track of all that information that I used to sign up.

    It's not so bad for individual accounts, but after a few decades of trying things out, abandoning accounts, signing up for trials that I end up not using, and all kinds of things, I really don't know what accounts I have available on which services, what the usernames are, or which email address they're associated with. When I answered security questions, I don't necessarily know what I answered with-- it asked for my favorite author, but was that my favorite author from 2 years ago or 10 years ago? Did I tell the truth when I answered it, or did I answer with a sarcastic joke answer? I honestly don't know for some accounts. I don't even know, for example, if I still have a MySpace account from roughly a decade ago, that I created, signed into a couple of times, and forgot about.

    You're thinking this is completely off-topic, but here's the thing: as you have an "Internet of things", there's a good chance that each of those items are going to have their own account on their own service. You have some program to control your lights at home? That program will need an account. Someone invents a smart-vacuum, and it's internet connected? That'll have it's own account. These days, companies don't want to collaborate and develop standard APIs, common platforms, open protocols, or whatever else. Every company developing an app or a website wants to do it's own thing it's own way, while locking out the competition from interoperability. So now, every new Internet-connected thing is going to add complexity to your online life.

    Asking to provide privacy controls to consumers is putting the cart before the horse. Even if you want to provide those controls, you're going to have different controls in different places in different UIs, all across different services with different accounts. Users won't be able to effectively manage those controls even if you provide them. What needs to happen first is that we need to develop some kind of identity management and SSO that begins to shrink the task of managing these various accounts. Once you have something like that, you could create APIs for managing those accounts, opening and shutting down accounts, viewing which private information is available in each account, and restricting/removing the private information as needed.

    • you could create APIs for managing those accounts, opening and shutting down accounts, viewing which private information is available in each account, and restricting/removing the private information as needed.

      you're dreaming if you think the average person who can't be bothered to run windows update is gonna put up with this

      • It's even crazier to think that they'll manage privacy settings effectively across all the different online accounts that they have. Something like this would at least give a savvy person the possibility of managing privacy settings.
  • by burtosis ( 1124179 ) on Wednesday July 22, 2015 @05:16PM (#50164283)
    All data, no matter how seemingly innocuous, when ammassed, allows agencies to substantially abuse everything from subtle advertising, to obtaining private medical information, to downright spying. At this point, given all the breaches at every single level from government, medical, and business on down, and given that even major agencies/groups have sold information - isn't it a bit like trying to put the cat back into the bag? I mean it's a nice idea but I see it as trying to fix healthcare in America - there is no right answer we have built upon a foundation already and are entrenched. Not to mention that the NSA/CIA/FBI will just snoop any left over anyhow and likely still bungle security at some level as insane as that sounds. Or are we thinking of the children who have yet to have generated information to be stolen yet?
  • Consumers will only care until Google offers a free service in exchange for their privacy. Then they'll happily not care.
  • Well, security controls sure as fuck should be placed in the hands of the individual consumer- because our esteemed Government has shown themselves to be woefully incompetent at protecting our data. My SF-86 is now floating around out there somewhere.

    The idiocy of the average individual is at least roughly the same as our government. I've had it with these clowns.

To stay youthful, stay useful.

Working...