The speed at which we are connecting to technology in our homes, cars and life creates new privacy challenges.
IN the medieval legend “Doctor Faustus,” a scholar makes a deal with Mephistopheles, trading his soul for the acquisition of magical powers, including invisibility and the power of flight. For 24 years, Faustus enjoys his supernatural edge but, in the end, ultimately has to pay the price to the devil.
Given recent developments with connected devices, one might wonder whether our society has made an analogous deal: In return for amazing technical powers and communication abilities, we have surrendered the essence of our private lives.
We don’t need to stretch this metaphor too far to assess how quickly our world is evolving and how the mash-up of new devices and conventional scenarios is reshaping the way we will navigate the world.
Just last month, two scientists at MIT demonstrated that they could hack into the driving controls of a Jeep Grand Cherokee by exploiting a known vulnerability in the vehicle’s UConnect system. In this controlled experiment, the driver wound up plowing into a ditch after experiencing loss of dashboard, acceleration and steering controls when the hackers gained command of the vehicle’s computer system. Wired magazine observed that the hacker’s code represents automobile manufacturers’ worst nightmare and can be extended to thousands of vehicles controlled by a remote criminal or prankster. In response, Fiat Chrysler Automobiles quickly offered a patch to address this vulnerability in 1.4 million vehicles on the road today.
People might not think of automobiles constituting a part of the vaunted “Internet of Things” (IOT) but as new vehicles deploy with mobile connections and older cars are upgraded with this capacity, the vulnerability will only grow over time. Several of these companies, such as Airbiquity and UIEvolution, are located in the Seattle area and are pioneering new ways for drivers to make their cars truly “smart.”
Like all advances in science, we will be forced to weigh the benefits of these new gadgets against potential risk. Insurance companies love connected cars with GPS and cellular monitoring because they will derive a much more sophisticated picture of the driving habits of individuals. They may even offer deeply discounted policies to consumers who agree to deploy such tracking capabilities in their personal vehicles. Parents may want to use these applications to keep closer tabs on young drivers and make sure their teens aren’t speeding or straying too far from home. State and local governments will see the benefits of more efficient utilization of their vehicle fleets and gain a new tool for accounting for the daily driving habits of employees entrusted with such cars.
Advanced metering technology similarly promises to allow utilities and consumers to more efficiently use power and save money. With the ability to remotely control household appliances through a smartphone or other mobile device, homeowners and renters can choose to turn machines on and off and direct them to operate at the periods of lowest peak energy costs. Both the public-policy benefit of lower energy consumption and consumer price savings will be realized. Yet at the same time, the data yielded by these advanced meters will paint a complex picture of the daily routines and choices made by individuals and families, giving rise to concerns about sharing and retention of this data, let alone the prospect of a data breach.
This connected world creates new privacy challenges. Whether we are talking about tracking an automobile or remotely controlling a home-alarm system, policymakers will need to resolve salient overarching questions:
• Who owns the data gathered from connected devices? While it seems reasonable that an insurance company or utility would have access to data in order to do analytics and paint an aggregated picture of usage patterns, the data derived from such uses are ultimately owned by consumers, who should have the ability to determine the scope and purpose of sharing.
• Who should be allowed access to such data and under which security standards?
• How long should the data gleaned from IOT be retained by the various intermediaries in the data chain, including the wireless network?
• How do we design products and services that minimize the collection of personal information, while still yielding the benefits of “big data” analytics?
Academics, engineers, lawyers and policymakers will grapple with these and other questions for the next few years as more connected devices come on the market and the IOT expands. Like the unfortunate Dr. Faustus, we have only begun to fly with our new magical powers and we can’t afford to be blind to the implications of tempting devices we seem unable to resist.