United States - Flag United States

Please confirm your currency selection:

Bench Talk for Design Engineers

Bench Talk

rss

Bench Talk for Design Engineers | The Official Blog of Mouser Electronics


How IoT Developers Can Build Users' Trust M. Tim Jones

(Source: Zapp2Photo/Shutterstock.com)

Our lives are increasingly connected and translated into data. This data reveals information about ourselves that we might not understand and could be used in ways we do not expect. The Internet of Things (IoT) could represent a technology that benefits us in enumerable ways or it could evolve into a dystopian future that we would fear. Here, we'll look at how IoT can be our worst fear and what IoT developers can do to build users' trust.

Hazards of a Dystopian Future

Dystopian books and film are interesting to read or watch, but are certainly something else to live in. The basic themes of this genre are a future society that is oppressed by a number of factors, most importantly technology without responsibility or accountability. As technology becomes more integral to our lives, it's easy to see how it can be oppressive.

One of the key themes of dystopia is a state where citizens are perceived to be under constant surveillance. Estimates show that in the U.S., you're viewed on a camera (surveillance, home security, doorbell camera, etc.) up to 75 times per day. That number goes up to 300 in the U.K., where surveillance is more profound. With AI, these cameras are more than just a method to observe spaces; they can actively identify actions or gestures or recognize individuals that appear in the camera's field of view.

But you don't even have to leave your house to be surveilled. It was discovered that voice assistants recorded audio that was later reviewed by human consultants. The audio was allegedly used to improve voice recognition capabilities of these devices, but reports that these devices were always listening (instead of waiting for the alert keyword) pointed to the need for more scrutiny of these services.

Gartner, a global research and advisory firm, estimates that by 2025 IoT devices will number 25 billion. These devices represent the spectrum of connected devices with many including audio and video capabilities and even machine-learning technologies. And as IoT becomes more ubiquitous, so do the problems. These are privacy, bias in machine-learning algorithms, and the lingering question of who owns your data and how the data is used. Regarding data ownership, Gartner also sees brokering of data as a core element of IoT systems by 2023.

To avoid IoT from accelerating our descent into dystopia, IoT developers can address on two fronts. These are device and data security and data protection rules such as the General Data Protection Regulation (GDPR).

Device Security

Device security is one of the most basic things an IoT developer can do to protect devices against exploits or misuse by hackers. This requires IoT architecture to consider security at the start and not as an afterthought. These devices need access security, for example, if the device exposes a standard internet protocol such as Hypertext Transport Protocol (HTTP, representing a web server). For data transferred over the internet, data security might also be required. A key element here is transport layer security (TLS) to ensure the integrity and privacy of transferred data.

Sometimes, hacking skills aren't even necessary to exploit IoT devices. The Shodan search engine crawls the internet to discover IoT devices that are misconfigured (such as web cameras). Through this search engine, users can peer into other people's homes or businesses. This points to the other side of device security: configuration. Shodan illustrates that even when device security exists, users might not understand how to use it. The ability to easily configure a device is required for consumer devices to ensure that they can be secured and protected.

Regulations

Security is a key part of the future, but it's just a piece of the puzzle. What if data misuse aren't faceless hackers, but the corporation that built and manages our device? This is where regulations come into play.

In 2016, the European Union created the General Data Protection Regulation (GDPR) to define rules for data management. This includes ensuring privacy of data as well as transparency around how your data is processed and used. Collection and processing are confined to the communicated purpose. When breaches of security occur that touch your data, the GDPR requires companies to report to you within 72 hours of the breach.

Conclusion

Dystopia doesn't occur suddenly, it occurs over time with gradual changes until it's too late. Incorporating security into your IoT device and cloud infrastructure are basic requirements. Adhering to regulations such as those defined by the GDPR is another crucial step to build trust with your users. The ubiquity of IoT doesn't have to mean that we lose our privacy and control over our data.



« Back


M. Tim Jones is a veteran embedded firmware architect with over 30 years of architecture and development experience.  Tim is the author of several books and many articles across the spectrum of software and firmware development.  His engineering background ranges from the development of kernels for geosynchronous spacecraft to embedded systems architecture and protocol development. 


All Authors

Show More Show More
View Blogs by Date