Locking down the Internet of Things

Imagine a world where the electrical items in your home were constantly collecting data about your living habits and feeding it back to some faceless third party.

While this might sound like something lifted straight from the pages of a dodgy paperback sci-fi novel, it is a scenario that is expected to be played out in millions of homes across the world over the coming years.

The Internet of Things (IoT), as the concept has been dubbed, has been a major source of industry discussion for some time now, with many talking up the economic benefits it could bring.

There is a real possibility that an individual's habits, location, interests and other personal information may be easily tracked.

For example, networking giant Cisco recently claimed IoT will open up trillions of dollars of new market opportunities over the next decade.

But, while analysts and vendors talk up the massive sums of money to be made from IoT, the European Commission has flagged some serious concerns about life in the connected world.

In a recent IoT factsheet, published on the back of a public consultation carried out by the commission last year, the organisation said everyone should be concerned by the prospect of an "omnipresent" network of connected devices.

"[The] cross-linking of objects offers new possibilities to influence and to exchange [and] this leads to a variety of new potential risks concerning information security and both privacy and data protection," the document states.

From a privacy point of view, the collection of information by a multitude of connected devices could make it easier for people to be identified unless steps are taken to ensure the data is completely anonymised.

It is a point Kevin Curran, a cyber security academic and senior member of trade association IEEE, thinks needs to be urgently addressed.

"There is a real possibility that an individual's habits, location, interests and other personal information may be easily tracked," he says.

"[Because] there is sophisticated data mining software in use which can reveal uncannily accurate information [based] on previously anonymous' data."

This information could be repurposed by identity thieves, seized by others for blackmail purposes, or simply sold on as marketing data, he adds.

Either way, Curran says there needs to be a public debate on the social and privacy implications of IoT in order to establish clear rules on how data can be used.

"There is still no agreed protocol for access to public data when it comes to law enforcement agencies or other intelligence agencies, and there is a debate waiting to happen here," he explains.

Miles Hodkinson, chief technology officer at wireless components firm Ciseco, backs this point, describing the privacy and security implications of IoT as a taboo subject within the IT industry.

"It's the elephant in the room no-one wants to mention because when you look at the $14.4 trillion figure Cisco has flagged, for example, these figures are eye-watering and it's a great story for shareholders," he says.

"But people seem to be forgetting about the user's role in all this...[and treating them like] this thing that generates data and revenue for them, while everyone else consumes it."

Most IoT discussions seem to focus on how the data generated by connected devices will improve user experiences or make it easier for marketing firms to target products at consumers, but Hodkinson fears the information could fall into the wrong hands.

"If the power consumption of your fridge can be monitored, which is something we have the power to do today, it's not difficult to establish what time you go out to work. All I need to do [then] is have a word with someone and say 'this is about the time I think you should go and burgle that house,'" he says.

Furthermore, the 'trivial' information a fridge can feedback could be tracked over time and lead to assumptions being made about people's living habits, which in turn could affect other areas of their lives.

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.