John Doerr did not become a billionaire by betting on losing companies, so when he emphasized this was a serious winner with major disruptive potential, I listened very closely.
Of course, he was right. Marc Andreessen had created the first Web browser, and opened up the Internet to all users. Up to that time, it had been mainly used by government and higher education, but after Netscape launched its browser, it pretty much allowed anyone with a computer to have access to this “Web” of information and communications.
In fact, the Internet has become one of the most important technology inventions of our time. It powers most of our communications, e-commerce, social media and information services, and has brought the planet together in ways none of us could have predicted when this browser first hit the market.
Today we don’t talk a lot about the Internet per se, just like we don’t talk about telephone wires or traditional TV airwaves anymore. The idea that the Internet has now blended into the everyday background was sort of emphasized in a comment made recently in Davos by Google Chairman Eric Schmidt when he was asked about the future of the Internet.
“I will answer very simply that the Internet will disappear,” Schmidt replied.
“There will be so many IP addresses … so many devices, sensors, things that you are wearing, things that you are interacting with that you won’t even sense it. It will be part of your presence all the time. Imagine you walk into a room, and the room is dynamic. And with your permission and all of that, you are interacting with the things going on in the room.” — Eric Schmidt, at Davos
However, as I look at this disappearing Internet and the comfort people now have with technology, I fear that people will get too complacent about perhaps the biggest issue facing us — security and privacy. In this context specifically, security and privacy within IoT. This issue is highlighted in a recent update from the Future of Privacy Forum. The forum provided an additional set of comments to the FTC in the wake of the Commission’s workshop on the Internet of Things (IoT) last November.
According to the Future of Privacy Bulletin:
“The FPF’s white paper explores why IoT is not well-suited to a one-size-fits all approach to consumer privacy. The myriad types of connected devices and the varied contexts in which those devices will operate will require the implementation of flexible frameworks designed to address evolving privacy issues and consumer preferences. The imposition of rigid or universal standards to promote privacy within IoT may harm innovation and, moreover, be ill-suited to the privacy risks and consumer preferences that ultimately emerge.At CES 2015, I spent part of a day in the IoT section of the Sands Hotel, and while talking with many vendors creating IoT devices, I hardly heard the term security mentioned when describing their product. Even when it was mentioned, it was in passing, as they wanted mostly to share with me the benefits and value proposition of their IoT device. Yet, as the FPF white paper rightly points out, “security and privacy presents the biggest risk of actual harm within IoT.”
“Our comments note that data security may have been the most frequently raised concern at the FTC’s workshop. Inadequate security presents the biggest risk of actual consumer harm within IoT. With it, bad actors will have access to all manner of connected devices, and will be able to pry into intimate spaces or perpetrate fraud or identity theft. Company must devote adequate resources to security before and after their products reach the market. Fortunately, companies large and small are aware of this concern and are taking steps to address it.”
I believe this issue needs to be raised to the highest levels within the tech industry. I am seeing startups come out of nowhere and using 3-D printers and crowdsourcing sites to build IoT products quickly, and not actually thinking through the total impact and ecosystem around these products, when security and privacy needs to be at the heart of their designs. This is especially true at the IoT end points, where it is now easy to create the hardware and make it work with minimal software. Yet, in many cases, especially based on the type of IoT device it is, security and privacy needs to be a priority in any software being designed for these products.
As a consumer, this really concerns me. If I put a Nest thermostat in my house and it is connected to the cloud, is it safe from hacking? Or if I install a connected door lock, is it hack-proof? If I am collecting health data via trackers and sending that data to my doctor via the cloud, is that data secure and private? If my car is always connected, does someone always know where I am, and can they follow all of my driving habits?
My fear at this point is security and privacy has just not been elevated enough within the IoT development community, and I think it needs to be at the top of all IoT design strategies from the beginning.
It is true that the really big companies like Apple, Google, Microsoft, Fitbit, Jawbone and many well-financed others take this seriously. But with thousands of new companies and startups getting into the IoT space each year, they need to get the message that privacy and security needs to be a top priority with anything they create in this space. More importantly, they need to build it into the product from the outset.
Groups like the Consumer Electronics Association and other tech leaders need to take an active role in sharing this mantra. For IoT vendors, security and privacy needs to be a priority, not an afterthought.
No comments:
Post a Comment