“All of Us:” THE model for IoT privacy and security!

pardon me in advance:this will be long, but I think the topic merits it!

One of my fav bits of strategic folk wisdom (in fact, a consistent theme in my Data Dynamite book on the open data paradigm shift) is, when you face a new problem, to think of another organization that might have one similar to yours, but which suffers from it to the nth degree (in some cases, even a matter of literal life-or-death!).

That’s on the likelihood that the severity of their situation would have led these organizations to already explore radical and innovative solutions that might guide your and shorten the process. In the case of the IoT, that would include jet turbine manufacturers and off-shore oil rigs, for example.

I raise that point because of the ever-present problem of IoT privacy and security. I’ve consistently criticized many companies’ lack of attention to seriousness and ingenuity, and warned that this could result not only in disaster for these companies, but also the industry in general due to guilt-by-association.

This is even more of an issue since the May roll-out of the EU’s General Data Protection Regulation (GDPR), based on the presumption of an individual right to privacy.

Now, I have exciting confirmation — from the actions of an organization with just such a high-stakes privacy and security challenge — that it is possible to design an imaginative and effective process alerting the public to the high stakes and providing a thorough process to both reassure them and enroll them in the process.

Informed consent at its best!

It’s the NIH-funded All of Us, a bold effort to recruit 1 million or more people of every age, sex, race, home state, and state of health nationwide to speed medical research, especially toward the goal of “personalized medicine.” The researchers hope that, “By taking into account individual differences in lifestyle, environment, and biology, researchers will uncover paths toward delivering precision medicine.”

All of Us should be of great interest to IoT practitioners, starting with the fact that it might just save our own lives by leading to creation of new medicines (hope you’ll join me in signing up!). In addition, it parallels the IoT in allowing unprecedented degrees of precision in individuals’ care, just as the IoT does with manufacturing, operating data, etc.:

“Precision medicine is an approach to disease treatment and prevention that seeks to maximize effectiveness by taking into account individual variability in genes, environment, and lifestyle. Precision medicine seeks to redefine our understanding of disease onset and progression, treatment response, and health outcomes through the more precise measurement of molecular, environmental, and behavioral factors that contribute to health and disease. This understanding will lead to more accurate diagnoses, more rational disease prevention strategies, better treatment selection, and the development of novel therapies. Coincident with advancing the science of medicine is a changing culture of medical practice and medical research that engages individuals as active partners – not just as patients or research subjects. We believe the combination of a highly engaged population and rich biological, health, behavioral, and environmental data will usher in a new and more effective era of American healthcare.” (my emphasis added)


But what really struck me about All of Us’s relevance to IoT is the absolutely critical need to do everything possible to assure the confidentiality of participants’ data, starting with HIPP protections and extending to the fact that it would absolutely destroy public confidence in the program if the data were to be stolen or otherwise compromised.  As Katie Rush, who heads the project’s communications team told me, “We felt it was important for people to have a solid understanding of what participation in the program entails—so that through the consent process, they were fully informed.”

What the All of Us staff designed was, in my estimation (and I’ve been in or around medical communication for forty years), the gold standard for such processes, and a great model for effective IoT informed consent:

  • you can’t ignore it and still participate in the program: you must sign the consent form.
  • you also can’t short-circuit the process: it said at the beginning the process would take 18-30 minutes (to which I said yeah, sure — I was just going to sign the form and get going), and it really did, because you had to do each step or you couldn’t join — the site was designed so no shortcuts were allowed!:
    • first, there’s an easy-to-follow, attractive short animation about that section of the program
    • then you have to answer some basic questions to demonstrate that you understand the implications.
    • then you have to give your consent to that portion of the program
    • the same process is repeated for each component of the program.
  • all of the steps, and all of the key provisions, are explained in clear, simple English, not legalese. To wit:
    • “Personal information, like your name, address, and other things that easily identify participants will be removed from all data.
    • Samples—also without any names on them—are stored in a secure biobank”
    • “We require All of Us Research Program partner organizations to show that they can meet strict data security standards before they may collect, transfer, or store information from participants.
    • We encrypt all participant data. We also remove obvious identifiers from data used for research. This means names, addresses, and other identifying information is separate from the health information.
    • We require researchers seeking access to All of Us Research Program data to first register with the program, take our ethics training, and agree to a code of conduct for responsible data use.
    • We make data available on a secure platform—the All of Us research portal—and track the activity of all researchers who use it.
    • We enlist independent reviewers to check our plans and test our systems on an ongoing basis to make sure we have effective security controls in place, responsive to emerging threats.”

The site emphasizes that everything possible will be done to protect your privacy and anonymity, but it is also frank that there is no way of removing all risk, and your final consent requires acknowledging that you understand those limits:

“We are working with top privacy experts and using highly-advanced security tools to keep your data safe. We have several  steps in place to protect your data. First, the data we collet from you will be stored on=oyters with extra security portection. A special team will have clearance to process and track your data. We will limit who is allowed to see information that could directly identy you, like your name or social security number. In the unlikely event of a data breach, we will notify you. You are our partner, and your privacy will always be our top priority.”

The process is thorough, easy to understand, and assures that those who actually sign up know exactly what’s expected from them, what will be done to protect them, and that they may still have some risk.

Why can’t we expect that all IoT product manufacturers will give us a streamlined version of the same process? 


I will be developing consulting services to advise companies that want to develop common-sense, effective, easy-to-implement IoT privacy and security measures. Write me if you’d like to know more.

http://www.stephensonstrategies.com/">Stephenson blogs on Internet of Things Internet of Things strategy, breakthroughs and management