If you own a connected device, who is keeping track of the data collected on you, and how might it be used against you? I think about these questions every time I read a story about how EZ Pass data was used to prove someone’s guilt. If your EZ Pass data helps to incriminate you for murder, that’s probably a justifiable reason for the courts to have your data. But does the government or anyone else really need to know the contents of your smart refrigerator or how few miles you’ve actually logged on your personal fitness device?
Devices that are connected to the Internet, or Internet of Things (IoT) devices, constitute a booming segment of the tech industry. By 2020, Cisco estimates that 50 billion objects will be connected to the Internet. Do you know where all the data collected about your behaviors is being stored? Do you know what it’s being used for? Chances are, you don’t. And that means that existing issues of privacy and security are only going to get more complex in the IoT era.
Consider what information even your least insidious IoT device knows about you. I, for example, have an Internet-connected thermostat in my house. It knows what temperatures I prefer to maintain in my house, my email address, my ZIP code, the fact that I live in a single family home and information associated with my smartphone and wireless connection. A hacker, fraudster or other malicious actor knowing some aspects of this information could open me to attacks. For example, if someone knows my email address and my password used for my IoT smoke detector, they may assume that I use the same email address and password for accounts I hold on other services. Furthermore, potential cyber attackers could create a digital profile of who I (likely) am, based solely on the information that they retrieved from hacking into my individual thermostat, or the data held by the company that made my thermostat. This informational profile would give these threatening actors a sense of my identity, which they could put towards malicious ends. Now consider the threat posed by a connected vehicle. The ramifications could be deadly.
The proliferation of connected devices and advent of the IoT only makes the creation of a trusted identity framework that much more critical. The Identity Ecosystem Framework (IDEF), scheduled for release on October 20, concisely articulates the necessary steps that organizations handling your identity need to take in order to make sure that their data is secure and that an individual’s privacy is respected. Version 1 of the IDEF also empowers consumers to take control of their digital identities by establishing guidelines for individuals to exercise a level of control over the data stored about them online and requiring that instructions on how to do so are explained in plain language so that they understand the security and privacy impact.
Your connectedness may be growing, but your privacy and security doesn’t have to suffer. Learn more about the IDEF today at IDESG.org.
About the Author
Marc-Anthony Signorino is the executive director of IDESG. His core mission is to bring stakeholders together to help stimulate a thriving identity ecosystem that allows strong, privacy-enhancing identity credentials to be used for personal, commercial, educational and governmental use.