Everything you can think of and many things you have never dreamed of are being manufactured with little Linux operating systems and wireless Internet connections. Or in simpler terms, a brain, storage, and communications ability. This is the Internet of Things (IoT). Lots and lots of “smart” devices talking to each other and phoning home to some data collection or dissemination point. If only the people who are designing these devices, writing the controlling software, and marketing them to the unsuspecting public were as concerned with the security of these devices and the privacy and safety of their customers.
As a result of this lack of security in design and manufacture, many of these smart toys and utility devices are being compromised by skilled cyber-criminals and turned into surveillance or attack bots.
Homeland Security and the Federal Communications Commission are already concerned, and calling for voluntary standards. Manufacturers who fail to voluntarily undertake the task of developing secure devices will probably find themselves compelled to do so at some point by government agencies, or in a courtroom facing an expensive class action lawsuit.
Currently these little machines are totally insecure, very intrusive, and collecting lots of personal information that is completely unregulated and can be shared with third parties as the manufacturers see fit. Not to mention that much or all of this data is transmitted and stored without encryption, and can be easily read by unauthorized cyber-snoops. The Standard appears to be a well thought-out attempt at recommendations that would go a long way to improving the security and safety of these devices, as well as defining who owns the devices, the data collected, and what can be done with it.
- Security (Is it safe?)
- Build quality
- Data security
- User safety
- Privacy (Is it private?)
- Access and control
- Data retention
- Overreach – collecting too much data
- Third party tracking and data sharing
- Ownership (Is it mine?)
- Who owns the device?
- Permanence or how long will it be supported?
- The right to repair
- Governance and Compliance (Are the manufacturers good?)
- The manufacturer’s business model (how they make money)
- Human rights and corporate social responsibility
- Open systems
For consumers, the only thing you can do is perform your own due diligence about each device you are thinking of purchasing. This means understanding what your prospective device is going to do, over and above the purpose you are buying it for. If you take a minute to look at the Standard, and you will begin to understand the issues involved and what is at stake for you personally.Share