There is a lot to consider with IoT. A lot of cool security stuff doesn’t focus on privacy or ethics or any of that. A lot of sexy security is all hackery smackery. But in organisations and governments, most of the security team is doing back-end, boring security. That backend slog defines this blog. It’s all about pounding the rock. It’s all about working and working and working and working and working. I like to remind myself what IoT really means and then think about the opportunities and consequences of that definition.

Internet In Brief

  • We figured out how to solve math problems super fast
  • We figured out how to use that speed to solve even more problems
  • We figured out how to take user input (keyboards and mice) and solve even more complex problems
  • We figured out how to connect these machines together and have them talk together (IP Networking)
  • We did all that with a boxy machine. We attached a screen, a keyboard, a mouse, and a cord connected to the internet.
  • Then magic started to happen. Then we figured out two important things: 1 how to send that IP Networking over the air instead of over the wires and 2 how to give that machine a new body
  • We put that machine into little box bodies and then we started putting that machine into little phone bodies.
  • Then we figured out how to make those little machines solve problems and use IP Networking without having to be plugged into a power machine for a long time (batteries of substance)
  • And man that was a good day. Because then we realised we could put these little problem solving machines into any body we wanted! We put them into cameras and cars and thermostats and find-my-key stickers and eye glasses and watches and soon we’ll put them into credit cards and bookmarks [IoT bookmark that keeps track of how many pages you read per day. :-O] and shoes and plants and fingernail polish and whatever else we can create a body for and a reason to collect and control that thing.

Internet of Things is just putting a computer with a good battery and connection to wireless internet into a new body. Usually they are controlled remotely so they don’t need screens or keyboards or mice.

Cloud In Brief

  • Internet makes sense. I’ll skip to the end.
  • We figured that our puny computers sucked at solving very hard problems. It would be better to use 1,000,000 computers at the same time to solve my problem.
  • Buying 1,000,000 computers is expensive. So only rich companies could buy them. That meant that only rich companies could solve hard problems. That’s an unfair economic reality.
  • Some clever companies realised that having all those computers not always solving problems is a waste, so they started renting space in those spare computers to other people to use over the internet.
  • Now anyone can cheaply rent space in a super computer, write sweet programs, and then do things on the wireless internet without having to buy like 1,000 computers to solve their problems.

Those Smart Devices uses both the idea of IoT and the idea of Cloud. And that combination is what creates privacy issues. Because:

  • We have put internet into bodies that are essential to us.
  • Companies have trusted other companies to act as the brain that connects all those internet bodies that are essential.
  • Our phone and watch and glasses and toothbrush and thermostat need to talk to its home base to get problems to solve and it needs to send its data to those home bases so the fast and smart computers at home can solve problems.

So there are some privacy issues here, notably essential house functions and private personal data are stored and sent to someone else’s computer so that someone else’s computer can do some math and give you whatever you need … graphs of your movements, changes to your temperature, phone calls about waking up on time.

Because someone else owns the other computer, they can update the code on your IoT machines and change their functionality. They could even remove the users right to use certain functionality.

Because the data travels elsewhere, some bad guy could fly over the web and sit in your devices, collecting whatever data your device needs. If your thermostat has a microphone because it tests its own functionality through a microphone verification, a bad guy who is inside that thermostat can download the microphone files and turn on the microphone whenever he or she wants.

Those are all scary prospects. Similar risk but not risk actor as flying in rockets to the moon or putting ourselves in machines that travel 100 miles per hour or putting ourselves on boxes on the water.

Consumers needs to be educated that convenience is not without cost. Combustible engines are great, but they destroy our environment. Contactless payment is awesome, but if you lose your card your money disappears. Cell phones are awesome, but the NSA can totally listen to your conversations. We have become okay with a lot of those risks. Not to say we aren’t working to reduce them (electric cars, insurance on our card, or encrypted VoIP). I think people who need the benefit of connected devices (it should reduce energy expense and other household things… could also be used as diagnosis for pipes, water, appliances, and all that sort of thing) will accept some risk.

But not all risk. And reducing that risk is a huge opportunity. There are some computer science problems here that are going to be solved slowly, like limiting Iot from talking to the outside world and giving us all the goods while avoiding all the bads. Or not, the valley doesn’t mind snooping on your goodies. If you didn’t want us to know, you wouldn’t do it. With IoT, that moves to your house.

If you didn’t want the internet to know you fart after sex, then you should not fart after sex. Or keep your Nest in the other room.

Who knows?