It's the classic horror story twist from 40 (or more) years ago, back when homes had a single telephone line and the idea of calling your own home was something reserved only for phreakers and horror films. While this might not be so scary now, I can assure you that back in the day that scene was the cutting edge in horror.
Fast forward 40+ years, and today, the idea of calling someone from inside your house isn't scary. In fact, it's quite common. Never mind phone calls; I will send my daughter an instant message to come downstairs for dinner. The constant flow of communication today is not scary, it's expected. Which brings us to the topic at hand: the Internet of Things (IoT). The idea behind IoT is simple enough: anything, and anyone can have an IP address attached to them at any moment, tracking data about their movement (and other things). And IoT has given rise to the concept of “Little Data," the idea that we can gather data about ourselves (like your FitBit®) on a daily basis, data that we then analyze to make adjustments to our daily routines. Here's just a partial list of the current IoT devices in and around your house that have such capabilities:
• Cable modem
• Wireless router
• Wireless printer
• Home alarm system
• Security camera
• Light bulb
Yes, that's right, windows. Your house will know when it's raining and close the windows for you, even while you're away. I suppose it’s also plausible to think that a thief could know you are away and hack your system, open the windows, and gain access to the stuff inside your house. Or maybe it is just kids who want to play a prank and leave your windows open in the rain.
Folks, this isn't good news. And the above list doesn't mention the data that is being collected when you are using your IoT devices. For example, the data that Google®/Apple®/Microsoft®/Facebook®/Yahoo!® are tracking as you navigate the internet.
And yet I *still* don't see people concerned about where IoT security is currently headed regarding our privacy. With the number of data breaches continuing to rise it would seem to me that the makers of these devices know less about security and privacy than we'd like to believe.
So why don't people care? I can only think of two reasons. One is that they haven't been victims of a data breach in any way. The other? No one has scared them into thinking twice about IoT.
So, that's why I made this, for you, as a reminder:
The next time you are shopping for an appliance and you are told about all the great "smart" features that are available, I want you to think about the above image, your privacy, and your security. And I want you to ask some smart questions, such as:
• Have I actually read and understood the user terms?
• Do I understand where my data is going and how it will be shared?
• Is the data portable or downloadable?
• Will the appliance be fully functional if not connected to the internet?
• Can I get my data from the device without it needing to be connected to the internet?
• Can I change the passwords on the device?
• Is my home network secure?
Look, I'm a fan of IoT. I really am. I enjoy data. I love my FitBit. I'm going to get the Nest® at some point, too.
But I also recognize that the IoT solutions could be something that makes our lives worse, not better. We need to start asking questions like those above so that manufacturers understand that privacy and security should be at the top of the feature list, and not an afterthought.