FCC CIO: Consumers Need Privacy Controls In the Internet of Everything Era 46
Lemeowski writes: Who is responsible for ensuring security and privacy in the age of the Internet of Things? As the number of Internet-connected devices explodes — Gartner estimates that 25 billion devices and objects will be connected to the Internet by 2020 — security and privacy issues are poised to affect everyone from families with connected refrigerators to grandparents with healthcare wearables. In this interview, U.S. Federal Communications Commission CIO David Bray says control should be put in the hands of individual consumers. Speaking in a personal capacity, Bray shares his learnings from a recent educational trip to Taiwan and Australia he took as part of an Eisenhower Fellowship: "A common idea Bray discussed with leaders during his Eisenhower Fellowship was that the interface for selecting privacy preferences should move away from individual Internet platforms and be put into the hands of individual consumers." Bray says it could be done through an open source agent that uses APIs to broker their privacy preferences on different platforms.
No government interest (Score:3)
If the FCC tried to do this of their own initiative, Congress would shut them down for "overstepping their bounds".
Knowledge is power, especially knowledge of a person's secrets.
Profit! (Score:2)
Re: (Score:1)
Strange how some information generated about you by devices you own isn't available to *you*.
Yeah, if I loan someone a pencil, it's strange that I can't magically detect everything that it writes.
Re: (Score:2)
Meh, with the same paperwork, they could pull it straight from your inhouse server. This seems like a Good Thing(tm), and one that makes me want this guy to have more political power knowing only this about him.
All your IoT is belong to us (Score:1)
Baaaaa!
Meanwhile, there are holes you can drive a truck at speeds up to 125 mph thru. Remotely. Against your will.
Mind if I slam on the brakes?
cat out of bag (Score:2)
No problem! (Score:5, Insightful)
Re: (Score:3)
With a suitably immutable GUID baked into every piece of hardware,
the chinese are already way out in front of you here
The answer is simple (Score:5, Interesting)
Today "privacy" can't work with things like "take me off your list". Because the company that makes the call doesn't "own" the list. They rent it from a company that keeps a master list. The master list company will *never* try to contact a customer directly, because then they'd be responsible for taking someone off the list, when required.
But if the list renter was required by law to pass the removal request to the source of the data, then "take me off your list" would have real teeth. In addition to helping the people who complain and ask to be removed, it would help everyone because it would drive the master list companies out of business. Rent-seeking middle men who profit from arbitrage caused by legal loopholes should never exist.
Re: (Score:2)
All personal data should be presumed copyrighted by the person it describes
who gets the copyright after they die? it won't expire for many years
Re: (Score:2)
Your heirs. What's the point of the question?
Re: (Score:2)
not everyone has heirs
Re: (Score:2)
According to my country's laws, everyone has heirs. Aside of you making a will and determining it yourself, there is a long, long list of default heirs (from kids to their descendants, then your siblings, your parents, your uncles and cousins...), with the state being the eventual heir if there is actually nobody in your list of relatives that is eligible, willing and able to be your heir.
Someone will inherit it. Just like it is with the rest of your "worldly possessions". Trust me, if there is one law that
Re: (Score:2)
You need to know that your info goes no farther that those with whom you wish to share.
What a great way to keep people from snitching on your crimes: threaten them with copyright infringement if they go to the police.
Consumers Need Privacy Controls (Score:3)
Um, why do we need an IoT? (Score:4, Insightful)
Okay, an internet connected thermostat does add functionality. An internet connected fire detector and an internet connected home security system also makes sense. (Though if you're working on a home security system that hooks up to the Internet and you don't think about software security, you're an idiot who needs to be put into protective custody and fed by a nurse so you don't accidentally poke your eyes out while eating with a plastic fork.)
But why do I need an internet connected oven, refrigerator, or toaster? Do I need an internet connected coffee maker? An internet connected microwave? What value do they add, really? Notifications?
Re: (Score:1)
How else will the devices report back to google and amazon what your living habits are for advertising purposes, so you can buy more hot pockets when the freezer detects you are low?
Re: (Score:3)
How else will the devices report back to google and amazon what your living habits are for advertising purposes, so you can buy more hot pockets when the freezer detects you are low?
your watch will detect your blood sugar level and suggest various munchies
Re: (Score:2)
Only us old foggies wear watches anymore.
Re: (Score:2)
It's a larger problem (Score:4, Insightful)
I think that this is really part of a larger problem that eventually ties back to identity management and account management. That may sound like a strange thing to leap to, but hear me out.
One of the problems I've noticed for years is that it's not easy to keep track of all my accounts. Every time I sign up for a new account or trial, I have to create a new account, create a username, create a password, associate it with an email account, choose security questions, bla bla bla. Dual-factor authentication is supposed to help with some of the security problems associated with all this nonsense, but it also adds another complication to the whole thing. Once all that's done, I need to keep track of all that information that I used to sign up.
It's not so bad for individual accounts, but after a few decades of trying things out, abandoning accounts, signing up for trials that I end up not using, and all kinds of things, I really don't know what accounts I have available on which services, what the usernames are, or which email address they're associated with. When I answered security questions, I don't necessarily know what I answered with-- it asked for my favorite author, but was that my favorite author from 2 years ago or 10 years ago? Did I tell the truth when I answered it, or did I answer with a sarcastic joke answer? I honestly don't know for some accounts. I don't even know, for example, if I still have a MySpace account from roughly a decade ago, that I created, signed into a couple of times, and forgot about.
You're thinking this is completely off-topic, but here's the thing: as you have an "Internet of things", there's a good chance that each of those items are going to have their own account on their own service. You have some program to control your lights at home? That program will need an account. Someone invents a smart-vacuum, and it's internet connected? That'll have it's own account. These days, companies don't want to collaborate and develop standard APIs, common platforms, open protocols, or whatever else. Every company developing an app or a website wants to do it's own thing it's own way, while locking out the competition from interoperability. So now, every new Internet-connected thing is going to add complexity to your online life.
Asking to provide privacy controls to consumers is putting the cart before the horse. Even if you want to provide those controls, you're going to have different controls in different places in different UIs, all across different services with different accounts. Users won't be able to effectively manage those controls even if you provide them. What needs to happen first is that we need to develop some kind of identity management and SSO that begins to shrink the task of managing these various accounts. Once you have something like that, you could create APIs for managing those accounts, opening and shutting down accounts, viewing which private information is available in each account, and restricting/removing the private information as needed.
Re: (Score:2)
you could create APIs for managing those accounts, opening and shutting down accounts, viewing which private information is available in each account, and restricting/removing the private information as needed.
you're dreaming if you think the average person who can't be bothered to run windows update is gonna put up with this
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Maybe I'm cynical but (Score:3)
Re: (Score:2)
So now we have hackers taking control of a Jeep going down the highway, yet we should embrace driverless vehicles?
Human beings controlling automobiles cause 30,000 deaths every year. By all accounts driverless vehicles will cut that figure dramatically. Are you saying it's not worth it?
We go to war when 5000 people die in one incident, what is the appropriate response when 30,000 people die every year?
Re: (Score:1)
What sort of handwaving is this 'by all accounts' you're engaging in?
There's no proven record. We'll have to wait a bit. Take it easy.
Consumers will only care (Score:2)
The individual consumer?! (Score:2)
Well, security controls sure as fuck should be placed in the hands of the individual consumer- because our esteemed Government has shown themselves to be woefully incompetent at protecting our data. My SF-86 is now floating around out there somewhere.
The idiocy of the average individual is at least roughly the same as our government. I've had it with these clowns.