Fortinet, a network security provider, announced during the weekend the results of a global survey of consumers' opinions about the security of Internet-connect homes. The survey explored consumers' attitudes about the emerging trend to connect home appliances and electronics to the Internet, referred to as the "Internet of Things" (ioT). While the ioT also includes commercial devices outside the home (e.g., drones, accessories for search animals, supermarket shopping carts), a key aspect is that the connected appliances "talk" or communicate with each other without the user's intervention.
In the coming years, a variety of home appliances will be directly connected to the Internet, including televisions, home security systems, refrigerators, washing machines, smart thermostats, trash or recycle bins, and more. The survey included 1,800 homeowners in 11 countries. Some chief findings:
- 61 percent of respondents expect the Internet of Things to become a reality within the next five years
- 69 percent said that privacy is their biggest concern
- 66 percent want complete control over their personal data
- 48 percent would hold the manufacturer responsible for vulnerabilities found in home appliances
The coming Internet of Things highlights several security and privacy issues. To understand these issues requires an understanding of the types of personal data items. There are obvious items and not-so-obvious items that uniquely describe you and your habits. Obvious items are your name, address, date of birth, Social Security number, driver's license number, professional licenses, online usernames and passwords, bank account information, payment cards (e.g., credit, debit, prepaid) information (e.g., numbers, expiration dates, security codes), the music you listen to, the films and shows you watch, and the products (and services) you buy.
Obvious personal data also include items in your resume, plus your health and fitness data. That includes not only your medical records at your doctor, but also the personal health data (e.g., heart rate; blood pressure; calories burned; exercise dates, routine, geolocation data, and duration; etc.) collected and archived by fitness apps.
Not-so-obvious items include the search terms you enter into search engines (e.g., Yahoo, Google, Bing, online store search engines, etc.), your color and fabric preferences, left-handed or right-handedness, professional association memberships, contacts in the address book on your smartphone, your geolocation purchase information (e.g., where and when you purchase items in the real world), your geolocation habits (e.g., where and when you drive, walk, or visit), your image, and the people you are connected with at various social networking sites.
Even if you don't use loyalty and payment cards, physical retail stores can collect your search terms, color and fabric preferences, product preferences (e.g., the dresses, skirts, pants you literally pull off the rack to inspect and then put back), and left/right-handedness using discretely placed video surveillance cameras. There are at least five ways retail stores can spy on their customers.
More not-so-obvious items include the unique device identification number assigned to each ioT appliance, your utility consumption (e.g., water, electricity, gas, etc.) at home, the corresponding dates and patterns, the frequency you operate certain home appliances, and the layout plus furnishings in your home. The government agency or company that provides your utilities collects this utility consumption information via wireless transmissions from smart meters installed in homes. Companies that provide home security systems also can collect some of this information.
ioT appliances provide more ways for companies to collect your personal data -- both obvious and not-so-obvious data items. You might like an Internet-connected refrigerator because it can create and send shopping lists automatically to your smartphone. Behind that convenience benefit is the stark reality that your appliance collects the size, brand, types, number, and frequency (e.g., dates and times) of all items you eat and drink. Anything with a barcode can be tracked, including medical items you store in your refrigerator. Depending upon the terms and privacy policies from the refrigerator's manufacturer, the appliance will probably transmit your usage to business partners and other companies.
Does the convenience benefit still outweigh the loss of privacy?
Another issue is control: not just what you choose to share and with whom, but will the consumer or the device be in control? Today, banks collect your purchase decisions from your usage of debit, credit, and/or prepaid cards. Consumers have made that decision to trade convenience for privacy by using the payment cards issued by their bank. Similarly, retailers (e.g., online stores, physical stores, etc.) collect your purchase decisions from loyalty cards you use for reward points and discounts. Consumers have made that decision to trade privacy for discounts.
Depending upon how much you shared with social networking sites, they may know your purchase decisions, too. Your decision to use public WiFi hotspots with unencrypted transmissions means that you have probably shared more to a wider group of companies.
The coming ioT highlights the security issue: how consumers will protect the ioT appliances in their homes. Today, many people today use anti-virus software to protect their computers, tablets, and smartphones. Will consumers expect anti-virus software developers to provide broader packages that also protect ioT appliances? Or, will consumers expect each appliance developer to provide adequate (and updated) security?
Will consumers be able to enjoy a completely connect home with today's ioT? Not yet, according to one expert:
"“We’re still in the stage where every vendor has their own proprietary standard and few can agree on anything... As such, devices from different vendors aren’t able to talk to each other, and if you want a fully automated house, you need to perform a lot of patchwork to get things working properly.”
What are your opinions of the ioT? Which method do you prefer to secure your Internet-connected appliances? What are your opinions of the survey? You can share your opinions in the Comments section.