In the digitalization of our physical world—what many are now calling the ‘Internet of Things’— the very meaning of privacy– of controlling, revealing, and concealing it– shift. But why?
Adding sensors to ourselves, and to the objects and places around us, renders our physical world communicable, contextual, and trackable. The full implications of ubiquitous connectivity can’t be fully understood or foreseen– by the industry driving it, nevermind the end users assumed to adopt it. What we can begin to analyze are what make privacy in the Internet of Things different from the privacy on the web as it exists in the desktop, laptop, and ‘immobile’ sense.
Technological diversity: the Internet of Things is a massive and expanding umbrella term
The very term itself, the ‘Internet of Things’ complicates our understanding of what it is, where it is, and what its implications are. Industry itself hasn’t even settled on a term. A recent survey of consumers found that 87% surveyed had no idea what the ‘Internet of Things’ was. To the extent we classify and organize it—business or consumer—it exists in verticals: connected healthcare, fitness trackers, connected cars, smart agriculture, etc. But the breadth of what this term represents is massive, and only growing.
It’s not just hardware—wearables, beacons, connected devices, connected objects, connected machinery, connected infrastructure. It’s not just the technology that brings all of those to life— software, cloud, connectivity protocols, analytics, machine learning, augmented reality, the list goes on. IoT is so much more than the technology that powers it. It is the ability to add a sensor and connectivity, and thus a data stream, to anything, system, or multiple systems at the same time. How our privacy weaves into, or out of these data streams and the contexts they build, the industries that power them, and their intended use cases remains to be seen.
Ubiquitous & ambient sensing: IoT’s endpoints can (will) permeate our lives
In the laptop era, our connection to the Internet was deliberate, optional, autonomous, and consensual; a matter of powering up a computing device, or shutting the laptop and walking away. Enter the ambient data collection of sensors all around us. As sensors pervade our physical environments—the smartphones in our pockets, the appliances in our homes, the cars we drive, the stores we shop at, even the parks and street crossings we traverse— the potential (the inevitability) of passing through others’ spheres of information gathering increases exponentially. In the Internet of Things, there is no shutting the laptop and walking away.
This ubiquitous and ambient sensing and data collection as envisioned by the ‘Internet of Things,’ not only pervades our physical lives, but societal realms too. Consider new business models, services, capabilities, and threats at the ontological level– in government, commerce, environmental, and personal domains in our lives. What if data sensed from our homes is connected to our cars, bodies, our identities as citizens? Privacy as we think about it today enjoys a certain silo-ization. The Internet of Things changes this.
Windows of hackability: data connections render the ‘things’ more vulnerable
When we add a sensor and connectivity to something, there are two inherent impacts. One, we endow it with a data stream. And two, we grant it a window of vulnerability, namely hackability. In many cases, this ability to manipulate the object is what defines the value of connecting it. For example, the ability to remotely access, allocate, and automate more efficient energy usage across a smart power grid, based on areas of high and low output is a profoundly impactful use case of IoT. But in other cases, this same connectivity is symbolic of the vulnerability of connecting such a system. Hackers who cracked into Target and stole customers’ debit and credit card numbers accessed the financial database via their connected HVAC system. Recent hacks into baby monitors have terrified families by speaking cryptic messages to toddlers and setting up cameras to follow them around the room—sometimes taking months to discover.
What businesses and consumers must understand is that their risks of breach (security, privacy, identity, or otherwise) increase in a connected ecosystem. Furthermore, these attacks are inevitable. Not unlike protecting the human body from an ailment, we can only take steps to stay healthy, we can never ensure full bulletproof immunity. This is fundamentally different than when the digital world was confined to the laptop and web.
A segment of one: Notions of identity ownership transform
Another profound—if more subtle— difference of privacy in the context of the Internet of Things is the shifting notion of identity ownership. Despite what we may think, we don’t own our data. Ownership of data is complex, the rules transcend ownership as we think of physical objects.
For example, I can own a car. But can I own my own behavioral attributes that take place within that car? ‘Behavior’ in any context, whether driving or interacting with the refrigerator can now be tracked by a variety of sensors—and used to inform how multiple brands will engage with me. Who owns my location data within that car? The media I consume in the car generates data with every purchase, listen, download, or view—who owns that? Who can access all this data? Who is making money off of it? My identity as a driver is and will likely always be tied to my driver’s license. But with sensors now tracking how I drive, how that trends over time, location, biometrics, weather, or other contextual cues, suddenly my identity as a driver becomes way more complex. While most companies will only use this data in aggregate, the behavioral attributes that can now be tied to and correlated with individuals give those with access to the data the possibility of targeting a segment of one.
In ther Internet of Things, notions of privacy, identity ownership, product ownership, consent, consumer agency, our ability to manipulate and control the very objects we ‘own,’ among numerous other behavioral templates transform.
Altimeter Group conducted a survey of 2,062 American consumers to ascertain consumer perceptions of privacy around the Internet of Things. Our research finds a massive gulf between consumer awareness and industry practices when it comes to privacy, one which businesses that wish to effectively apply sensors to their consumer-facing programs must address head on. This report summarizes findings, analysis from this data as well as ways companies can address consumer awareness, fears, and trust. If you’re interested in reading more, access the full report here.