Brady Jacobson
Blog Post 8
The Evolution of the Internet:
Although initially limited to devices such as computers, the internet allowed users to find information, communicate with others, and even run businesses with greater ease than ever before. The internet embedded itself into society thanks to the way it revolutionized sharing information, and yet the internet may become even more ingrained into our lives. The Internet of Things (IoT) allows users to connect many devices in their possession through the internet, such as thermostats, phones, toasters, and more. This interconnection of items offers several concerns, such as what the information is used for and how easy it is to gain access to personal data. While I believe the Federal Trade Commission (FTC), the agency in charge of ensuring consumer protection in the marketplace, should set regulations on the IoT, I understand why some believe the IoT industry itself should employ self regulation.
The Danger of Connection:
The IoT allows users to live efficient lives. Connected cars give drivers useful information about their trip and Smart fridges keep track of the owner’s groceries. Even with its benefits, the IoT can be abused by others. If a business has access to your fridge information, you may be targeted with advertisements for regularly purchased products. Governments can use information from your car to track the driver. As posited by Philip N. Howard, “The IoT may improve resource allocation and decision making… but this does not necessarily mean that it will give citizens more say in how society is run.”(Howard, O’Maley, 178)
Those with access to this information may cross the line into illegal territory by stealing the data. For example, while connected pacemakers can assist medical experts, such data “...can leave a patient exposed to the theft of personal data or even threats to personal safety.”(Howard, O’Maley, 176-77) Even those without legal access to information can still find ways to break in. Hospitals benefit greatly from a tightly connected network, but a competent hacker can ruin the system. As detailed in an article by Rachel Z. Arndt, if a hacker enters the system they can “...easily disrupt an entire network. They … can demand ransom in exchange for the decrypted files...”(Arndt)The greatest concerns regarding the IoT is how a user’s information can be used for detrimental purposes, such as business invading privacy by profiling users or hacker breaking security by stealing information.
Steps towards Regulation:
While most members of the FTC and congress want some kind of regulation, there is little consensus on who should create the regulation. In March of 2017, the chairman of the FTC, Maureen Ohlhausen, announced that the FTC would employ a “wait and see” approach. Ohlhausen stated “We don't know if that risk will materialize. It may well materialize, but a solution may materialize at the same time...” (Ohlhausen). Ohlhausen decided her agency would not create any legislation regarding the IoT, instead relying on the creators of such products to decide on a series of best practices. While some companies may look out for the user’s safety, others may value making a profit over the protection of its users. This is clear in a survey completed in 2015 that found “...85% of IoT developers admitted to being pressured to get a product to market before adequate security could be implemented.”(Basenese)
In most industries businesses don’t always regulate based on the safety of its users. At the same time, if businesses relied on the government to regulate, new laws may pass that will severely limit innovation. The IoT may not even exist if it wasn’t for competition among competitors, so the government would need to be careful with regulation. In December of 2017, the FTC, led by Ohlhausen, hosted an “Information Injury Workshop” where researchers, industry representatives, and more were invited to discuss the misuse of user information. The workshop furthered the discussion of personal threats like doxing alongside financial threats. For the FTC, the workshop was an attempt to “...prioritize action to address real consumer harm, while being mindful not to stifle innovation and economic benefits by casting an overly-broad net based on potential harms that may never occur.”(Wasch) It is clear that regulation will have to hit a fine line between defending users and encouraging improvements.
Complete Safety vs Innovation:
Between the government creating laws to protect citizens or the industry creating best practices to encourage technological breakthroughs, I would prefer the government to ensure my safety regarding the Internet of Things. When the IoT can collect info through connected toys, speakers, televisions, and more, it's becoming easier for hackers to steal valuable information or businesses to profit off of my data. The industry should be able to innovate and evolve over time, but there our countless examples where big businesses have prioritized profit over protecting the user. Although the FTC is currently trying to find a middle ground between innovation and protection, I ultimately believe the government would be able to defend us better by creating regulations to limit the use of our information and taking steps to deter hackers.
Citations:
O'Maley, D. Howard, P. The Internet of Things. https://muse-jhu-edu.ezproxy.lib.utah.edu/article/623619/pdf
Arndt, R. (2018, January 22nd). The Internet of Things that can be Hacked. http://go.galegroup.com.ezproxy.lib.utah.edu/ps/i.do?&id=GALE|A524863911&v=2.1&u=marriottlibrary&it=r&p=AONE&sw=w
Thielman, S. (2017, March 14th). Acting Federal Trade Commission head: internet of things should self-regulate; Maureen Ohlhausen, the commission's sole Republican and its acting chair under Trump, defended using big data to alter pricing from consumer to consumer. http://go.galegroup.com.ezproxy.lib.utah.edu/ps/i.do?&id=GALE|A485443534&v=2.1&u=marriottlibrary&it=r&p=AONE&sw=w&authCount=1
Basenese, L. (2015, December 21st). The Best Play on the Internet of Things Trend. https://www.wallstreetdaily.com/2015/12/21/internet-of-things-future/
Flittner, K. (2015, November 6th). Suprised? Turns out, Consumers don't Trust IoT Security. https://auth0.com/blog/surprised-turns-out-consumers-dont-trust-iot-security/
Wasch, K. (2018, February 26th). FTC should focus on actual, not speculative, consumer harm. http://thehill.com/opinion/technology/375580-ftc-should-focus-on-actual-not-speculative-consumer-harm
Information Injury Workshop. https://www.ftc.gov/news-events/events-calendar/2017/12/informational-injury-workshop
The IoT both excites and frightens me. I can see a serious potential for good and an increase in ease of life through a secure IoT, but as it stands the IoT we are creating is not secure. Although hackers have the potential to use IoT devices to gain access to networks and that is rightly concerning, I feel that the ability of hackers to use IoT devices in a botnet is even more concerning. The Mirai botnet, a form of malware that targeted and took partial control of IoT devices, enabled hackers to perform the largest scale DDoS attack on a major "backbone" of the internet (Dyn, the DNS service). Because IoT devices were unsecured, their respective connections were used in the attack. Despite their use, companies remain slow to patch the software, and people even slower to update their devices. In a similar fashion, cybersecurity experts recently discovered a Bluetooth related exploit (BlueBorne) that could have had disastrous results. Fortunately, the experts warned/notified major tech companies and patches for most devices have been released. I don't think self-regulation will work because I can't imagine companies taking the time to properly secure their devices. In the time it would take, their competitors could release a "better" and newer product, and theirs would become obsolete. Because of the competition and the rapid pace of innovation, self-regulation will inevitably lead to decreased security as companies try to keep up. I don't know if government regulation is the answer, but I think it's a much better answer than self-regulation by the industry.
ReplyDeleteI am in agreement that federal regulation of the IoT should be put into place. Many of the privacy issues that arise from the IoT happen on a national scale, like data collected about travel (driving and flying), or data used by businesses that operate in many states (insurance or food suppliers for example). To me, the national scale combined with huge and at times intimate information gathered by the IoT warrants federal regulation, at least to some degree. If industry is allowed to self regulate, I not only worry that businesses will abuse the power, but also that regulations won't be consistent enough for the IoT to function well. I also worry that states would choose to regulate the IoT, which would be another cause for inconsistency, and may still harm the industry.
ReplyDeleteI think that the IoT is so amazing. The ability to connect all of my technology to my life makes everything so much more convenient. I will admit that It can be scary because privacy isn’t the main concern. However being a millennial as I am, I want the newest technology as quick as I can. So am I as concerned about a breach of my privacy? No not really, I know that the government will solve this problem and be able to protect me. Also if worse comes to worse I can fall back on suing the company for not taking adequate time on protecting my information. Regulations would be extremely hard to create and I understand that. However, I think that our government has done a great job in the past and as far as I know no major breach of privacy has come from IoT yet. Also as Brady said, If the company waits to make sure the privacy is protected they could lose out on innovation. Now we are talking about millions of dollars. As a businessman I definitely would want to make sure I can make as much as I can off of my product. Companies like this know the risk they are in as they release their product. I have full faith that they’re constantly checking on their product and making sure everything is in check. After all, that is their job.
ReplyDeleteThe Internet of things has revolutionized the manner in which society works. I do believe that there needs to be a balance between regulations and innovations. I think the government should place regulation of the internet of things, but I am concerned how this would occur as IoT is difficult to manage and regulate, with the advancements being made every day. The potential privacy violations are a big concern to me as IoT is prone to hacking and surveillance. I don’t know how effective federal regulation would be, but self-regulation seems to be an answer either. I think there needs to consistency in regulation, which federal regulation has the potential to provide.
ReplyDeleteI agree that the government should be the ones setting regulations in order to protect the public and their personal information. I think that they should follow the "wait and see" approach because if you try to predict the problems that are going to arise from the IoC you may take away from the massive convenience that this technology will create for the everyday person. I believe that the government should be the ones to set regulations too because they will better be able to set rules from a neutral perspective whereas the businesses may set restrictions that would actually hinder the buyer and benefit themselves
ReplyDelete
ReplyDeleteI can’t decide if I’m exited or horrified by the Internet of things. I must admit that my inner child is stoked on the idea of every devise being connected. The utility that a cohesive connected home could bring would revolutionize the way people live their lives. The logical part of my brain rationally knows that there are a lot of issues with IoT. The threat of hackers gaining access to this data could get rid of people’s privacy entirely. But let’s assume that in the future encryption gets redundant enough to stop the majority of hacks, do I think this technology can go unregulated? No, people are not perfect. Just like at the NSA, people who work at companies with access to this data are going to exploit it for personal gain. Company’s cant be trusted to regulate them self’s. If there was no regulation on polluting would company’s pay extra money to become cleaner? No being ethical isn’t profitable. With the IoT their needs to be a complete overhaul of the way the legal system looks at data in respect to privacy. Just as in Europe the united state needs to make personal data the property of each person.
I understand the want to be excited, but I'm just horrified. Even without the threat of hackers, the sheer amount of data that the IoT can - and will - collect on everyone's day-to-day lives is terrifying to me. More than anything we've discussed in class, I feel the IoT is the greatest threat to individual privacy we face in our society. People willingly bringing this technology into every facet of their lives will kill personal privacy without regulation. So I agree, we need some serious regulation in place on the IoT and how we deal with those issues. I think it should be federal, I think it should be comprehensive, and I think it needs to happen as soon as possible.
DeleteWhat really scares me is the longer we wait to enact a policy the more complacent we all will become. Consider what’s happening in China right now. Their soon to be mandatory citizen rating system basically will obliterate privacy in China. In America, we might get overly exited about the implementation of this new technology and what it brings to our daily life. Just as amazon has become an integral part of peoples’ life so will, new technology. Privacy will be a sacrifice that comes with the convenience of this technology.
Delete(My internet has been down, so I can’t verify if this was included in the readings or not). If you were curious). The first example of the IoT that comes to mind is the Trojan Room coffee pot—people grew tired of getting up to get coffee, only to find that the coffee pot was empty. To fix this, a camera was set up to provide a live feed of the coffee pot to everyone on the office network…in 1991.
ReplyDeleteBut back to the matter at hand—I agree that some regulation needs to be in place, although I’m not sure of where the line should be drawn. I’d expect the manufacturers of my pacemaker to better safeguard my data than the manufactures of my fridge, because I don’t really care if strangers can see into my fridge, but I do care if they can see my location.
(Again, I can’t source this, because I have to post this from my phone) Trendnet security cameras were revealed to have a security vulnerability in 2012-13 (that believe is still hasn’t been totally resolved) that allowed the streaming of live, personally security cameras. Did you put a camera in the nursery to keep an eye on your newborn? Well, thousands of people can ALSO watch your newborn, as well as watching someone undress in their bedroom or make breakfast in their kitchen. Location information, names, credit card info, etc. weren’t released, but doesn’t this still make you uncomfortable?
I think my only issue with the IoT relates to my unease with the Equifax breach—despite being made aware of the breach in May/June/July, it took until September for the breach to be publicly announced. When social security numbers and bank/credit card information are on the line, that is WAY too long. So while everyone else is concerned with how the data is being protected, I’m primarily concerned with notification. I believe that companies should be required to notify users immediately after a breach is discovered. Instead of waiting to see exactly what information is at risk (ie; if you know bank information is available, but you aren’t sure of what else, at least let your users know what YOU know).
I agree with your conclusion. I generally place my trust (and vote) in the politicians who are more on board with government regulation than a hands-off government. I'm hard pressed to think of any corporation that truly has its interests in the well-being and protection of people. At the end of the day, its all about profit for them. Corporations thrive on money, governments thrive on the wellbeing of the people. At least on theory.
ReplyDeleteOf course, there are many invasions of privacy committed by the government, but when it comes to the particular issue of privacy and the internet of things, I don't trust any company or industry to self-regulate itself. Laws regulating the internet are severely behind the current level of technology we're at and seem to be eroding by the day.
This comment has been removed by the author.
ReplyDeleteBringing everyday objects "online" does seem like its the future of innovation, and as such we need to be sure any regulations do not significantly hinder the advancement of such technology. That being said, the amount of data collection the IoT allows does raise serious privacy concerns. I feel like the best solution is clear cut federal regulation focused mainly on data storage and security. A lack of federal regulation my lead to a jumble of state-level regulations which in itself could hinder innovation.
ReplyDeleteI do think that the internet of things needs to be regulated, and I believe this regulation should come from the government rather than the industry regulation itself. The regulations should include basic consumer protections, maybe forcing connected devices with audio and/or video recording capabilities to have some encryption to protect from hackers. Also, the consumer should be notified if any device records or 'listens' without a command to do so from the consumer. For instance, Smart Home devices would need to give notice before listening or recording without a command to do so given by the consumer.
ReplyDeleteI agree that regulation on the internet of things should be done by the government. The difficulty is in the possibility that these regulations would be barriers to the development and advancement of technology. However, I believe that slower advancements due to regulation barriers is a small price to pay for preservation of personal privacy and security.
ReplyDelete