Early mornings have become substantially easier since connected devices learned to do the thinking for us. Now, rather than having to wait until after the coffee is made to be a functional human and tackle important tasks like changing the temperature in the house, making toast, or turning on a light, we have devices that know (or learn) to do what we want at the flick of a finger in an app. Everyone seems to have adjusted to this change pretty well and, let’s be honest: despite fears of the Internet of Things (IoT) being like HAL from 2001: A Space Odyssey, so far it’s a lot more like this.
Of course, the convenience of this push-button living comes with substantial questions about privacy and data security. It may be easier to control your home with a connected system, but it’s worth noting that your devices are listening, which means the potential for mischief is always there. And while Amazon and Google have promised in the past that their devices do not always listen and do not always send data back to corporate for processing, promises can be taken back.
Regulators are certainly concerned enough about connected devices to make them a high priority in 2018. That concern arises partially from the litany of cases where a connected device were proven to be open to the control of a rogue actor; hacked devices include children’s books, a Jeep, and pacemakers. The worry also stems from the fact that these devices often lack the sort of robust privacy guarantees and security that agencies like to see. The point seems to be that when cybercriminals can hack into your network through the tea kettle, we have a big problem.
The FTC has written extensively on IoT, and even sponsored a competition last year to spur the development of privacy-focused apps to guard against insecure devices. The EU, too, has made the GDPR applicable across platforms, which means that connected devices are subject to its stringent requirements.
The question for device-makers and consumers alike, then, is how to create and choose connected products that will not unduly put security and privacy at risk. For the consumer, the steps are more straightforward: strong network security, rigorous examination of the device, and thoughtful controls on device-to-device communication. In other words, exercise good data habits.
Developers have the harder task, as they have to incorporate data security by design, even if the GDPR doesn’t apply, given that tort law makes suing over a defective device much simpler than suing for traditional negligence. Making changes to a product or to an app can be a costly process, to be sure. But producers should think of it as a security patch, protecting the consumer from a data breach and protecting the company from a lawsuit. This process is far easier and more effective with good legal counsel and sound advice on data strategy: consider well who is on your team. Connected devices are projected to be a half-trillion dollar industry by 2020: the time to become datasmart is now.