As IoT technologies start to penetrate every aspect of our lives, the days of "don't like it, don't use it" have long since passed. Instead, if IoT is to succeed, we must give customers confidence that the products and devices being developed are safe and that their data is secure.
While some of this can be achieved through strong marketing messages, at the end of the day perhaps the best way to address customers' concerns is to place privacy at the forefront of your product from the very outset. Rather than expecting customers to 'protect' their own privacy, we should be providing them with devices that do everything possible to avoid putting that privacy at risk.
This is a serious challenge for engineers and developers to overcome, but it is one that is already being addressed across all levels of the development of the Internet of Things, from hobbyists to professional engineers. By including privacy protection 'as standard' designers are not only helping to put consumers' fears to rest, they are also providing a more stable infrastructure for the Internet of Things – and a strong platform for widespread adoption.
Telling engineers they need to increase their focus on privacy is one thing, but the reality of how to achieve this is a far more complex matter. While there is no one solution to 'fix' the issue of privacy, one of the best places for engineers to start is in attempting to ensure that all IoT devices conform to the Fair Information Practice Principles (FIPPs). Originally set out by the U.S. Federal Trade Commission, the FIPPs have become a go-to standard for safe guarding privacy online.
- Notice – Ensuring consumers are made aware their information is being collected.
- Choice – Providing users with the ability to opt-out of data collection.
- Access/Accuracy – Allowing users to view the information collected and to verify or contest its accuracy.
- Data Minimisation – Never collecting data unnecessarily or retaining it for longer than is required.
- Security – Protecting all collected information from internal and external privacy breaches or threats.
While these FIPPs provide strong guidelines for designers and engineers to follow, their application does prove challenging. For example, while increasingly user-friendly privacy controls are being bundled with most new technologies, it is far harder to imagine how this would work with IoT sensors or so called 'smart dust.' For many IoT devices, it would simply not be possible to ask permission at every instance of data collection.
The same is also true of the process of data minimization. While it is important to avoid storing data over long periods of time, the more retrospective information that is available to each individual device, the more intelligent the Internet of Things will become.
As these few examples make clear, the FIPPs do not necessarily provide a solution to all IoT privacy concerns. What they do provide however is a useful set of guidelines for engineers to keep at the forefront of their minds. This will ultimately help us to determine the right balance between protecting privacy and providing a high quality user experience.
While some of these decisions will still fall to governments and industry bodies, many of them are already being faced head-on by designers and hobbyists from all around the world. This is what makes the Internet of Things such an exciting topic for those within the design community – not only anticipating the benefits, but also overcoming the challenges.
Join over 2,000 technical professionals and embedded systems hardware, software, and firmware developers at ESC Boston May 6-7, 2015 and learn about the latest techniques and tips for reducing time, cost, and complexity in the embedded development process.
Passes for the ESC Boston 2015 Technical Conference are available at the conference’s official site with discounted advance pricing until May 1, 2015. The Embedded Systems Conference and EBN are owned by UBM Canon.