Data and the Internet of Things
In the Internet Communications Technology world, we – those who use digital products – are known as “digital workers.” We provide data that is used by governments, businesses, law enforcement, researchers, and hackers. There is already a massive amount of data available on each of us – in fact, a near life log. With a move to the Internet of Things, we will become providers of mega amounts of data as we go through our day.
Data will stream from a multitude of IoT sources:
- IoT “things,” machines, and appliances
- Sensors embedded throughout our cities
- Artificial Intelligence
- Online platforms such as Google, Facebook, Instagram etc.
- Cell phones
- Smart meters
- Cars – both driver and driverless
- Credit cards
- Surveillance cameras
- Text messages
- Augmented Reality (AR)
- Enhanced Humans
- And now, yes, even our minds
Our data will be collected, mined, analyzed and stored indefinitely in data centers. Our data will also be used for targeted marketing, surveillance, law enforcement, research, robots, and potentially more as the IoT evolves. It will also be used by hackers for their purposes.
In the IoT, data is the intentional or unintentional “exhaust” that comes from IoT connected products. Examples include data that increasingly comes from smart cities, traffic, cars, energy, animals, wildlife, food, pills, toys, clothing, diapers, toothbrushes, lighting, mattresses, refrigerators, romance, “smart” sex, and even rectal thermometers. Augmented reality (AR) and Artificial Intelligence/robots (AI) will provide additional sources of data. You name it – industry has thought of it; it’s in the works – and data will stream from it.
In a lame attempt to offset the huge downsides of the Internet of Things, some IoT manufacturers are coming up with applications that may provide a modicum of actual benefits. But many IoT products are at best frivolous, and some shamefully harmful. Two such examples of this are blue tooth pacifiers for infants and musical tampons for babies in utero.
Data collected from thousands of sources can be combined thereby producing more data and more value. For example, although much data is anonymous, once collected, fusion databases aggregate the data and then link it back to the original source. As Peter Van Buren explains in a fascinating 2014 Mother Jones Article,
“In these [fusion databases], information from such disparate sources as license plate readers, wiretaps, and records of library book choices can be aggregated and easily shared. Basically everything about a person, gathered worldwide by various agencies and means, can now be put into a single ‘file.’”
Increasingly, governmental agencies, such as the FBI and NSA are using biometric identifiers such as facial and iris recognition technology to amass yet more comprehensive and detailed data on each of us. A CNET article reports,
“The agency is using sophisticated software to harvest ‘millions of images per day’ from emails, text messages, social media, videoconferences, and other communications, according to the documents [referring to specific classified documents referenced by the NY Times].”
“It [facial recognition technology] means that I can identify you and know where you are going in public, I can record and keep that information and you don’t know it’s happening. I know where you are, I know whether you’ve just visited a protest rally, I can identify everybody at that protest rally and I can keep records of that. It has a chilling effect.”
Joel Rosenblatt shares an observation made by Marc Rotenberg, President and Executive Director of the Electronic Privacy Information Center (EPIC):
“Biometric identifiers are a key way to link together information about people, such as discrete financial, medical and educational records.…”
Metadata vs. Data
Data comes in two forms — data and metadata. Take for example email — the content of an email would be the data. But each email also carries data about the date, time, message size, sender, and recipient of the email, and perhaps the specific computer or device being used to send the email. These constitute the metadata. Although it would appear that metadata has little value, as it turns out, it’s incredibly useful to law enforcement, governments, businesses, researchers, and cyber criminals.
The more data or metadata collected, the more valuable the data becomes. In fact, profit is one of the main driving forces behind the collection, sale, and use of big data as it allows companies to offer more “affordable” IoT products. In the words of Chris Rouland, CEO of Bastille, “Your sensor-packed wearable device isn’t really the product – you are.”
“Since data – the fuel of advertising markets – is the source of their profits, tech firms are happy to offer, at highly subsidized rates, services and goods that yield even more data. Ultimately there is no limit as to what kind of goods and services those could be: they might have started with browsing and social networking, but they are as happy to track us exercise, eat, drive or even make love: for them, it’s all just data – and data means cash.”
Will Big Data Impact the 4th Amendment?
The 4th Amendment of our Constitution protects our right to privacy. It states that a search cannot be conducted “without a warrant, and probable cause supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” But through something known as the “third party doctrine,” data collected from a third party does not warrant 4th Amendment protection. So for example, government or law enforcement can access data without a warrant from cell phone companies about where, when, and to whom a particular call was made. Similarly, government and law enforcement can access IoT or smart meter data and use these as evidence in court. Note two recent homicide cases, here and here. The reasoning is that in using such services, customers presumably have agreed to relinquish this kind of information.
The streams of data literally oozing from everything we do, and the images increasingly being matched to our data, create a near picture-perfect life log of each of us, and the end of 4th Amendment protections.
In Shredding the Fourth Amendment in Post-Constitutional America, author Peter Van Buren states:
In Post-Constitutional America, the government might as well have taken scissors to the original copy of the Constitution stored in the National Archives, then crumpled up the Fourth Amendment and tossed it in the garbage can. The NSA revelations of Edward Snowden are, in that sense, not just a shock to the conscience but to the Fourth Amendment itself: Our government spies on us. All of us. Without suspicion. Without warrants. Without probable cause. Without restraint. This would qualify as “unreasonable” in our old constitutional world, but no more.
Van Buren continues:
The technological and human factors that constrained the gathering and processing of data in the past are fast disappearing. Prior to these ‘advances,’ even the most ill-intentioned government urges to intrude on and do away with the privacy of citizens were held in check by the possible. The techno-gloves are now off and the possible is increasingly whatever an official or bureaucrat wants to do. That means violations of the Fourth Amendment are held in check only by the goodwill of the government, which might have qualified as the ultimate nightmare of those who wrote the Constitution.
Who Will Regulate the IoT?
Industry has no interest in regulating privacy in the IoT.
Consumers remain largely unaware of the problems.
Government is reticent to get involved
So essentially, as of now, no one is regulating privacy in the IoT.
Why industry is not concerned with privacy:
One of the fundamental principles of the IoT is that products must be affordable. So profits from data must be maximized, and corners cut wherever possible. Data equals money. Privacy, along with cyber security, health, environmental effects, and social injustices must remain non-issues for companies in order to produce affordable IoT products.
Why consumers are not concerned with privacy:
Consumers would probably be more disturbed about the loss of privacy if they were aware of the extent of it. But most are not. And even if they were, there is little they could do about it. Privacy agreements fail miserably due to their complexity, and would be virtually impossible to orchestrate in the case of surveillance cameras or sensors in public spaces, and for driverless cars. And all told, most people prefer to buy less costly products. There is no fail-safe, practical, and affordable way ensure our privacy is protected except by disconnecting – and that’s only a partial fix.
Surely government will step in to regulate privacy:
There is an unspoken complicity between government and industry. Congress just voted to remove FCC privacy protections on our Internet use, and President Trump just formed the American Technology Council (ATC) to promote “secure, efficient, and economical use of information technology to achieve its missions.” What this council intends to do is as yet unclear, but chances are that it hasn’t been created to safeguard our privacy.
Schneier elaborates on how this works:
“Data that’s illegal for the government to collect, they purchase from corporations. Corporations purchase data from the government. It goes into databases in the United States. It’s bought and sold. And profiles are generated. And those profiles are used, in both cases, to pigeonhole us, to make decisions about us, maybe whether we can get a mortgage, maybe whether we can board an airplane, maybe what sort of credit card offer we see.”
Georgetown University professor of law, Julia Cohen, notes this as well. Author Julia Powles quotes her in an article entitled; We are citizens, not mere physical masses of data for harvesting:
“In her lecture Cohen outlines the deal we have struck with the ‘surveillance-innovation complex,’ involving a deeply worrying complicity between state and private actors – ‘a mutually satisfactory game of regulatory arbitrage.’”
As things stand now, government is electing to largely steer clear of regulating the IoT so as not to stifle innovation.
FCC Chair Wheeler was unequivocal in his approach toward regulating the IoT:
“Turning innovators loose is far preferable to expecting committees and regulators to define the future. We won’t wait for the standards to be first developed in the sometimes, arduous standards-setting process or in a government-led activity. Instead, we will make ample spectrum available and then rely on a private sector-led process for producing technical standards best suited for those frequencies and use cases.”
In a 2015 Senate Commerce, Science and Transportation Committee Hearing, Senator Thune (who incidentally is now sponsoring a bill intended to fast track the deployment of 5G infrastructure) echoes this sentiment:
“Let’s not stifle the Internet of Things before we and consumers have a chance to understand its real promise and implications.”
Even if government were to adopt a strong stance on privacy and Big Data, these efforts would likely not succeed. In the digital world, innovation happens so fast that by the time legislation were crafted and passed, it would already be outdated.
“Policymakers are somewhere between three and 20 years behind what we’re doing. By the time policy is discussed, we’re on the third generation, and the reality on the ground overrides policy.” Jim Waldo, Now arriving: Internet of Things
Another reason government is not well equipped to regulate our digital world, is because government tends to operate in a compartmentalized manner, whereby each agency has jurisdiction over specific areas. Digital technology touches so many systems and in so many different ways simultaneously that it defies being effectively regulated by a single agency or branch of government. Schneier explains:
“Government operates in silos. In the U.S., the FAA regulates aircraft. The NHTSA regulates cars. The FDA regulates medical devices. The FCC regulates communications devices. The FTC protects consumers in the face of “unfair” or “deceptive” trade practices. Even worse, who regulates data can depend on how it is used. If data is used to influence a voter, it’s the Federal Election Commission’s jurisdiction. If that same data is used to influence a consumer, it’s the FTC’s. Use those same technologies in a school, and the Department of Education is now in charge. Robotics will have its own set of problems, and no one is sure how that is going to be regulated. Each agency has a different approach and different rules.”
And finally, regulation is nearly impossible because the Internet of Things is a global platform, so regulations set in one country will not affect products manufactured in other countries. Schneier calls it “a domestic solution to an international problem.”
Even If governments and industry are not asking the following question – we should be: Will the benefits of a particular IoT “thing” being considered, outweigh the downsides of the loss of privacy, cyber security risks, health effects from the increased radiation, impacts on the environment, social injustices, and e-waste. If not, this IoT product or platform might well be dispensed with.
In light of all the harms from the IoT, it might be time to disengage from the gargantuan IoT albatross that is suffocating the public in order to benefit industry and government…and, at the expense of every living being on our planet.
For more up to date information about the current state of affairs on regulating privacy and big data in the IoT, see Electronic Privacy and Information Center’s overview, Big Data and the Future of Privacy.
Additional resources on privacy