Even More Reason to Boost Internet of Things Security: Feds Spying

As if there wasn’t already enough reason to make privacy and security your top IoT priority (see what I wrote earlier this week), now there’s more evidence Uncle Sam may be accessing your IoT data as part of its overall surveillance efforts (MEMO to NSA Director: we notice the lights at the Stephenson household went on precisely at sunset. Was that a signal to launch Operation Dreadful Winter?).

The Guardian reports that US. Director of National Intelligence James Clapper told the Senate:

“In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”

Shades of former CIA Director David Petraeus, who I noted several years ago was also enamored of smart homes as the motherlode for snooping:

“‘Transformational’ is an overused word, but I do believe it properly applies to these technologies,’ Petraeus enthused, ‘particularly to their effect on clandestine tradecraft.’ All those new online devices are a treasure trove of data if you’re a ‘person of interest’ to the spy community. Once upon a time, spies had to place a bug in your chandelier to hear your conversation. With the rise of the ‘smart home,’ you’d be sending tagged, geolocated data that a spy agency can intercept in real time when you use the lighting app on your phone to adjust your living room’s ambiance. ‘Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters — all connected to the next-generation internet using abundant, low-cost, and high-power computing,’ Petraeus said, ‘the latter now going to cloud computing, in many areas greater and greater supercomputing, and, ultimately, heading to quantum computing.’ Petraeus allowed that these household spy devices ‘change our notions of secrecy’ and prompt a rethink of’ ‘our notions of identity and secrecy.’”

Yikes!

Gathering data on spies, terrorists and other malefactors is always such a double-edged sword: I’m generally in favor of it if there’s demonstrable, objective proof they should be under surveillance (hey, I went to school with uber-spy Aldrich Ames!) but if and when the NSA and CSA start hoovering up gigantic amounts of data on our homes — and, even more questionably, our bodies [though Quantified Self devices] then we’ve got to make certain that privacy and security protections are designed in and tough, and that there is some sort of effective civilian oversight to avoid gratuitous dragnets and trump(ooh, gotta retire that word from my vocabulary)ed up surveillance.

Big Brother is watching … your thermostat!

CRUCIAL: more media coverage underscores need for IoT emphasis on privacy & security

Posted on 12th August 2013 in privacy, security

Sorry to keep harping on it, but two recent articles in high-visibility publications — The NY Times and Forbesunderscore my contention that security and privacy issues threaten to derail the IoT revolution before it really gets going.

I say that because I spent a decade as an award-winning corporate crisis communicator — on more than one occasion saving the corporate bacon of Fortune 100 firms that didn’t understand that the public isn’t always scrupulously logical when it comes to their fears. Illogical linkages are nonetheless real ones.

The current example of that is the flap over NSA surveillance. The most recent comprehensive public opinion survey, by Pew, shows that a majority of Americans are now concerned that the surveillance has gone too far:

“Among other things, Pew finds that ‘a majority of Americans – 56% – say that federal courts fail to provide adequate limits on the telephone and internet data the government is collecting as part of its anti-terrorism efforts.’ And ‘an even larger percentage (70%) believes that the government uses this data for purposes other than investigating terrorism.’ Moreover, ‘63% think the government is also gathering information about the content of communications.” That demonstrates a decisive rejection of the US government’s three primary defenses of its secret programs: there is adequate oversight; we’re not listening to the content of communication; and the spying is only used to Keep You Safe™.”

So what’s that have to do with the IoT?

Plenty!

Consider the beginning of Forbes reporter Kashmir Hill’s article on the security vulnerabilities of home automation systems, with the eye-catching title “When ‘Smart Homes’ Get Hacked: How I Haunted a Complete Stranger’s Home Via the Internet“:

“‘I can see all of the devices in your home and I think I can control them,’ I said to Thomas Hatley, a complete stranger in Oregon who I had rudely awoken with an early phone call on a Thursday morning.

“He and his wife were still in bed. Expressing surprise, he asked me to try to turn the master bedroom lights on and off. Sitting in my living room in San Francisco, I flipped the light switch with a click, and resisted the Poltergeist-like temptation to turn the television on as well.

“’They just came on and now they’re off,’he said. ‘I’ll be darned.'”

I’m convinced that people who are already alarmed about the NSA surveillance will not be enthusiastic about home automation, or the IoT in general, when they read that! If not overt, their minds will at least make a subliminal connection between the two stories, and they’re going to be afraid!

Add in former CIA Director David Petraeus’ enthusiasm for the IoT as a new arrow in the quiver of spycraft, and you’ve got the potential for a really-spooked public.

Here’s a major part of the problem, based on my crisis management background: engineers, more likely than not, are left-brained and analytical. As a result, their immediate reaction will be to demonstrate — very logically — why the two issues are completely different, and the IoT shouldn’t be tarred with the NSA’s abuses.

Hogwash.

The majority of Americans aren’t engineers, and they’re scared, so deal with it, or the IoT will be crippled.

I’ve just drafted an op-ed that I hope to place this week that argues privacy and security must be just as much an #IoT industry priority as is innovative technology. It says that the emphasis of IoT consortia such as the IPSO Alliance and the IoT Consortium on collaborative approaches to security are critical, because the essence of the IoT is on sharing of data, and that the Obama Administration must become active as well.

It concludes:

“The Internet of Things has truly remarkable potential to improve the economy’s efficiency, improve health care, and make our lives more comfortable and enjoyable. But if it’s security and privacy standards aren’t a top priority for government and industry, all of those benefits may be squandered. “

Don’t say I didn’t warn you!

PS: the second article I mentioned at the top was a considerably less provocative one in today’s New York Times. The fact that The Gray Lady of American Journalism is now following this issue should be a significant concern.