Law in the Internet Society

Ecosystems of Privacy & the Internet of Things

-- By ChristopherPistritto - 04 Nov 2016

Introduction

The Internet of Things (“IoT”) has arrived, generating an ever expanding range of privacy invading and data gathering technology. Coupled with existing challenges from data-focused proprietary operating systems to the collection and analysis of smartphone and internet usage patterns, individuals seeking to maintain their privacy and prevent the collection and analysis of their data must overcome significant technological hurdles. However, code designed to maintain privacy has kept pace with these developments due in significant part to the free software movement, with the caveat that the use of said software has been restricted to a privacy conscious minority with a baseline level of technical proficiency. The solution is therefore not a system wherein users opt-out of an intrusive data-collecting ecosystem via the utilization of free software which respects the user, but rather to flip the paradigm to a privacy focused ecosystem supported by free software where one opts-in to data collection while simultaneously working towards the dissolution of the existing framework.

'IoT' & the Evolving Landscape of Data Collection

The Internet of Things – that is the point at which computer processors and remote data storage are cheap enough and networking ubiquitous enough that the cost of a miniscule wireless computer drops near zero – is rapidly transforming our environment. McKinsey estimates that by 2020 twenty-six to thirty billion 'IoT' devices will be connected while networking giant Cisco (PDF) arrived at an estimated value of 19 trillion dollars over the next decade for the sector. One need only look at last year’s Consumer Electronic Show (“CES”) to have witnessed full mock-ups of living rooms, kitchens, and entire cutaway houses filled with a staggering array of ‘smart’ appliances from fridges to stove tops to thermostats, power meters, cameras, lights, and so on.

More relevant for the privacy enthusiast are two chief concerns. First, as the Wall Street Journal reports 'IoT' is increasingly about the services associated with devices, which necessitates a continuing relationship with proprietary software that collects the data associated with said use. Second, as the environment we live in becomes ever more closely scrutinized in an age where data mining is a lucrative endeavor with information sold to whoever can pay, the addition of 'IoT' into an ecosystems already crowded with proprietary operating systems which spy on you and routine deep packet inspection of internet traffic creates the dangerous situation where the privacy of entire societies is invaded in return for convenience in ever more intrusive ways.

Technical Solution & the Opt-Out Issue

Technical solutions for those who are technologically savvy enough to look for them and who wish to opt-in to an ecosystem that respects privacy abound, indeed keeping pace with the profusion of privacy invading devices and services which permeate the daily existence of millions. Linux and its various distros provide software that doesn’t data mine users by default – or if they do quickly change course due to the availability of forking and the social norms in that community. An inexpensive Raspberry Pi running 'RasBMC' can play any digital media required in an attractive, easy to use package that is entirely user-controlled. FreedomBox provides a user friendly, low cost way to maintain privacy online without a knowledge of networking. The list goes on.

Yet fundamentally all of these solutions are for those who choose to “opt-in” to privacy. The issue is that when comparing a default opt-out versus default opt-in system the difference in participation rate is staggering. An exemplar of this effect is seen in the varying rates of organ donation between similar countries, with the prime example being opt-in Germany with an organ donor rate of 12% compared to Austria’s opt-out system with an organ donor rate of 99.98%. Thus to preserve the privacy and prevent data collection of all those who desire it but may not be knowledgeable enough or have the time and resources to commit the entire ecosystem must change to one wherein individuals opt-out of a system that respects their privacy, rather than opting-in. This is especially true in the heightened intrusiveness of an 'IoT' world.

The Privacy Ecosystem

Understanding that the shift to a privacy ecosystem is essential, and in time the societal norms surrounding user control that come with it, the question becomes how to bring about this paradigm shift in the 'IoT' space. This is made more difficult as major players such as Apple, Google, Samsung, Panasonic, Sony, and others are currently designing proprietary ecosystems so as to create a lock-in effect wherein consumers are nudged towards buying products of the same brand via promises of interoperabiliy and ease of use.

Yet there are opportunities to effect change through the twin avenues of understanding the incentive structure of smaller 'IoT' players in conjunction with the power of free software. Excluded from the 'IoT' ecosystems of the giants, smaller competitors must find ways to provide additional value to the consumer either through lower prices or desirable features. One such key feature for 'IoT' besides privacy is security, which multiple recent studies have shown is a primary concern of consumers.

Free software can provide that security, and indeed there are already free software projects underway such as OpenHab whose goal is to provide security and support for hundreds of devices across a range of brands. Free software can thus be used as a value-add for smaller device makers who simply do not have the resources and expertise to do so on their own, as well as allowing a certain degree of interoperability. If projects such as this are successful via both community participation and the realization by smaller players that contributing to open-source makes commercial sense, then the current paradigm of closed ecosystems and little to no user control can be changed.

Conclusion

Through the use of free software which can provide greater security than most 'IoT' device makers can write on their own, in addition to the convenience of brand-agnostic interoperability, a privacy focused ecosystem in which users must opt-out of user control rather than opt-in can be achieved.


Navigation

Webs Webs

r1 - 05 Nov 2016 - 05:22:37 - ChristopherPistritto
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM