Spy Reform Legislation Slowly Works Its Way Through The U.S. Congress
New York State Senate Passes Bill To Amend The State's Wage Theft Law

Survey: Consumers' Attitudes About The Security of Internet-Connected Homes

Fortinet, a network security provider, announced during the weekend the results of a global survey of consumers' opinions about the security of Internet-connect homes. The survey explored consumers' attitudes about the emerging trend to connect home appliances and electronics to the Internet, referred to as the "Internet of Things" (ioT). While the ioT also includes commercial devices outside the home (e.g., drones, accessories for search animals, supermarket shopping carts), a key aspect is that the connected appliances "talk" or communicate with each other without the user's intervention.

In the coming years, a variety of home appliances will be directly connected to the Internet, including televisions, home security systems, refrigerators, washing machines, smart thermostats, trash or recycle bins, and more. The survey included 1,800 homeowners in 11 countries. Some chief findings:

  • 61 percent of respondents expect the Internet of Things to become a reality within the next five years
  • 69 percent said that privacy is their biggest concern
  • 66 percent want complete control over their personal data
  • 48 percent would hold the manufacturer responsible for vulnerabilities found in home appliances

You can already search the Internet of Things today. That means that cyber-criminals and identity thieves can, too. To learn more about the survey, read the Fortinet blog and infographic.

The coming Internet of Things highlights several security and privacy issues. To understand these issues requires an understanding of the types of  personal data items. There are obvious items and not-so-obvious items that uniquely describe you and your habits. Obvious items are your name, address, date of birth, Social Security number, driver's license number, professional licenses, online usernames and passwords, bank account information, payment cards (e.g., credit, debit, prepaid) information (e.g., numbers, expiration dates, security codes), the music you listen to, the films and shows you watch, and the products (and services) you buy.

Obvious personal data also include items in your resume, plus your health and fitness data. That includes not only your medical records at your doctor, but also the personal health data (e.g., heart rate; blood pressure; calories burned; exercise dates, routine, geolocation data, and duration; etc.) collected and archived by fitness apps.

Not-so-obvious items include the search terms you enter into search engines (e.g., Yahoo, Google, Bing, online store search engines, etc.), your color and fabric preferences, left-handed or right-handedness, professional association memberships, contacts in the address book on your smartphone, your geolocation purchase information (e.g., where and when you purchase items in the real world), your geolocation habits (e.g., where and when you drive, walk, or visit), your image, and the people you are connected with at various social networking sites.

Even if you don't use loyalty and payment cards, physical retail stores can collect your search terms, color and fabric preferences, product preferences (e.g., the dresses, skirts, pants you literally pull off the rack to inspect and then put back), and left/right-handedness using discretely placed video surveillance cameras. There are at least five ways retail stores can spy on their customers.

More not-so-obvious items include the unique device identification number assigned to each ioT appliance, your utility consumption (e.g., water, electricity, gas, etc.) at home, the corresponding dates and patterns, the frequency you operate certain home appliances, and the layout plus furnishings in your  home. The government agency or company that provides your utilities collects this utility consumption information via wireless transmissions from smart meters installed in homes. Companies that provide home security systems also can collect some of this information.

ioT appliances provide more ways for companies to collect your personal data -- both obvious and not-so-obvious data items. You might like an Internet-connected refrigerator because it can create and send shopping lists automatically to your smartphone. Behind that convenience benefit is the stark reality that your appliance collects the size, brand, types, number, and frequency (e.g., dates and times) of all items you eat and drink. Anything with a barcode can be tracked, including medical items you store in your refrigerator. Depending upon the terms and privacy policies from the refrigerator's manufacturer, the appliance will probably transmit your usage to business partners and other companies.

Does the convenience benefit still outweigh the loss of privacy?

Another issue is control: not just what you choose to share and with whom, but will the consumer or the device be in control? Today, banks collect your purchase decisions from your usage of debit, credit, and/or prepaid cards. Consumers have made that decision to trade convenience for privacy by using the payment cards issued by their bank. Similarly, retailers (e.g., online stores, physical stores, etc.) collect your purchase decisions from loyalty cards you use for reward points and discounts. Consumers have made that decision to trade privacy for discounts.

Depending upon how much you shared with social networking sites, they may know your purchase decisions, too. Your decision to use public WiFi hotspots with unencrypted transmissions means that you have probably shared more to a wider group of companies.

The coming ioT highlights the security issue: how consumers will protect the ioT appliances in their homes. Today, many people today use anti-virus software to protect their computers, tablets, and smartphones. Will consumers expect anti-virus software developers to provide broader packages that also protect ioT appliances? Or, will consumers expect each appliance developer to provide adequate (and updated) security?

Will consumers be able to enjoy a completely connect home with today's ioT? Not yet, according to one expert:

"“We’re still in the stage where every vendor has their own proprietary standard and few can agree on anything... As such, devices from different vendors aren’t able to talk to each other, and if you want a fully automated house, you need to perform a lot of patchwork to get things working properly.”

What are your opinions of the ioT? Which method do you prefer to secure your Internet-connected appliances? What are your opinions of the survey? You can share your opinions in the Comments section.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Chanson de Roland

I am still trying to discover why I need the ioT. My house works just fine now without my refrigerator or any of my other appliances collecting and transmitting data about me. I needn't worry that my present appliances will be infected with malware because, inter alia: they either don't have the hardware and/or software that is capable of being infected with malware and/or they have no way of connecting to any network. Nor do I need my appliance communicating with each other.

You see the reason that I can do without the ioT is that I already have a device that can and does do everything the ioT promises to do and more, a device that has worked well for years to coordinate and communicate among my appliances, compile grocery lists, alert me when I need to shop for something, that is a fairly intelligent shopper for finding value in the market, that knows me intimately; a device that is efficient, convenient, and low cost, yet which does an excellent job of preserving my privacy, and, in over fifty years of operation, has never been hacked, not once. That device is me. So I don't don't need the ioT, and I don't want the ioT, being well provided, as I presently am, with a far superior device.

So, while I am functioning to at least acceptable specs, I shall dispense with the ioT and instead rely on myself, as I have done all these many years. And, when I no longer function to acceptable specs or cease to function altogether, I won't own anything, except perhaps in a beneficial capacity, or engage in any significant commercial activity, so my personal information will, at that point, be pretty worthless.

If manufacturers, government, society, et al. attempt to foist the ioT on me, I shall fight it with every legal means at my disposal, including negotiating contract terms that make the ioT unprofitable or otherwise unacceptable for those providing it and/or the revenues that fund it, and, if that doesn't stop the imposition of the ioT on me, then I shall resist the ioT and those who attempt to foist it upon me by any means necessary to prevent the imposition of the ioT on me.

George

Roland:

How does one eat an entire pig? One bite at a time. The same applies to manufacturers' approach to Internet-connected appliances for the home and the ioT. It will happen bit by bit; one product at a time. Forrester said as much last year in this report:
http://www.forrester.com/The+Internet+Of+Things+Comes+Home+Bit+By+Bit/fulltext/-/E-RES102361?docid=102361&intcmp=blog:forrlink&cm_mmc=Forrester-_-Blogs-_-Related%20Research-_-10202

According to a FastCompany article, Home Depot already sells about 600 smart products (e.g., Internet capable) for the home:
http://www.fastcodesign.com/3032325/the-nest-thermostat-is-now-much-more-than-just-a-thermostat?partner=rss

So, the ioT is coming. It's already crept into home video-game consoles and automobiles. Manufacturers will just do it -- continue to add Internet connectivity to their products. Like you, I don't need a smart thermostat to learn how I like the temperature in my home. I simply programmed my current thermostat and left it alone. It works just fine.

Other people may want to avoid the expense of wiring with their thermostat. It is at that point when consumers are hooked into the ioT: the wireless transmissions between their thermostat and their home boiler can also be Internet connected. Some consumers won't stop to consider the consequences.

You are wise to have already considered the consequences. I agree with you. The device (e.g., me) that integrates all of my home appliances has never been hacked, has 100 percent up-time, and is reliable re privacy.

I agree with you that the benefits of ioT seem dubious at best. The manufacturers' drive for profits will mean that Internet connectivity will slowly creep into more and more home products. The lure of money from "Big Data" is strong. Rather than do a deal directly with utilities that operate smart meters, Google will probably use Nest to collect that consumption data anyway via several other home appliances.

Hopefully, consumers will act as informed shoppers: weigh the benefits versus the lost privacy, and not buy the products that abuse their privacy. That's what this blog is all about... informing consumers.

Will consumers act as informed shoppers? That remains to be seen. A certain percentage of consumers are "Early Adopters" who will buy ioT appliances anyway for convenience and newness, regardless of the real "costs." A certain percentage of consumers buy products without reading the associated terms and privacy policies. It remains to be seen what the larger percentage of consumers will do. In August 2013, I asked this of consumers:

Are You Walking Blindly In The "Big Data" Revolution?
http://ivebeenmugged.typepad.com/my_weblog/2013/08/walking-blindly.html

George
Editor
http://ivebeenmugged.typepad.com

George Jenkins

To learn more about the ioT, readers may find this article informative:

A Clever Plan To Build a Nationwide Network For The Internet of Things
http://www.wired.com/2014/07/iotera/?mbid=social_twitter

George
Editor
http://ivebeenmugged.typepad.com

The comments to this entry are closed.