Slashdot Mirror

← Back to Stories (view on slashdot.org)

FCC CIO: Consumers Need Privacy Controls In the Internet of Everything Era

Posted by samzenpus on from the i'd-rather-remain-anonymous dept.

Lemeowski writes: Who is responsible for ensuring security and privacy in the age of the Internet of Things? As the number of Internet-connected devices explodes — Gartner estimates that 25 billion devices and objects will be connected to the Internet by 2020 — security and privacy issues are poised to affect everyone from families with connected refrigerators to grandparents with healthcare wearables. In this interview, U.S. Federal Communications Commission CIO David Bray says control should be put in the hands of individual consumers. Speaking in a personal capacity, Bray shares his learnings from a recent educational trip to Taiwan and Australia he took as part of an Eisenhower Fellowship: "A common idea Bray discussed with leaders during his Eisenhower Fellowship was that the interface for selecting privacy preferences should move away from individual Internet platforms and be put into the hands of individual consumers." Bray says it could be done through an open source agent that uses APIs to broker their privacy preferences on different platforms.

3 of 46 comments (clear)

  1. No problem! by fuzzyfuzzyfungus · · Score: 4, Insightful

    We, the fine folks at the interactive advertising bureau, are delighted by the notion of a 'consumer preference client'. Indeed, we are so strongly committed to it that we recommend that it be incorporated at the hardware level, in order to provide additional trust in the 'Trusted Platform' that forms the foundation of the secure online marketplaces of tomorrow. With a suitably immutable GUID baked into every piece of hardware, we can finally ensure that each and every consumer receives exactly the privacy settings and offers most relevant to them!

  2. Um, why do we need an IoT? by w3woody · · Score: 3, Insightful

    Okay, an internet connected thermostat does add functionality. An internet connected fire detector and an internet connected home security system also makes sense. (Though if you're working on a home security system that hooks up to the Internet and you don't think about software security, you're an idiot who needs to be put into protective custody and fed by a nurse so you don't accidentally poke your eyes out while eating with a plastic fork.)

    But why do I need an internet connected oven, refrigerator, or toaster? Do I need an internet connected coffee maker? An internet connected microwave? What value do they add, really? Notifications?

  3. It's a larger problem by nine-times · · Score: 3, Insightful

    I think that this is really part of a larger problem that eventually ties back to identity management and account management. That may sound like a strange thing to leap to, but hear me out.

    One of the problems I've noticed for years is that it's not easy to keep track of all my accounts. Every time I sign up for a new account or trial, I have to create a new account, create a username, create a password, associate it with an email account, choose security questions, bla bla bla. Dual-factor authentication is supposed to help with some of the security problems associated with all this nonsense, but it also adds another complication to the whole thing. Once all that's done, I need to keep track of all that information that I used to sign up.

    It's not so bad for individual accounts, but after a few decades of trying things out, abandoning accounts, signing up for trials that I end up not using, and all kinds of things, I really don't know what accounts I have available on which services, what the usernames are, or which email address they're associated with. When I answered security questions, I don't necessarily know what I answered with-- it asked for my favorite author, but was that my favorite author from 2 years ago or 10 years ago? Did I tell the truth when I answered it, or did I answer with a sarcastic joke answer? I honestly don't know for some accounts. I don't even know, for example, if I still have a MySpace account from roughly a decade ago, that I created, signed into a couple of times, and forgot about.

    You're thinking this is completely off-topic, but here's the thing: as you have an "Internet of things", there's a good chance that each of those items are going to have their own account on their own service. You have some program to control your lights at home? That program will need an account. Someone invents a smart-vacuum, and it's internet connected? That'll have it's own account. These days, companies don't want to collaborate and develop standard APIs, common platforms, open protocols, or whatever else. Every company developing an app or a website wants to do it's own thing it's own way, while locking out the competition from interoperability. So now, every new Internet-connected thing is going to add complexity to your online life.

    Asking to provide privacy controls to consumers is putting the cart before the horse. Even if you want to provide those controls, you're going to have different controls in different places in different UIs, all across different services with different accounts. Users won't be able to effectively manage those controls even if you provide them. What needs to happen first is that we need to develop some kind of identity management and SSO that begins to shrink the task of managing these various accounts. Once you have something like that, you could create APIs for managing those accounts, opening and shutting down accounts, viewing which private information is available in each account, and restricting/removing the private information as needed.