Why we won’t have ultra-private IoT without ultra-private ICT

(Originally published for Meet-IoT 2015)

A large segment of the booming Internet-of-Things market is made of solutions comprising devices with external sensors that are within the sensing reach of their users and/or other passerby citizens. These include wearables, home automation solutions, smart city solutions, airborne connected objects, etc.
Such IoT devices are in almost all cases currently designed, fabricated and assembled according to socio-technical standards that are very similar to those of other end-user computing devices like phones and PCs, which place performance, features and cost considerations way ahead of security, privacy or resiliency.
In almost all of these use case scenarios, a malfunction or breakdown will cause no or insignificant physical or economic harm to users or passerbies. Therefore, they are and can be discounted as a minor requirements. Privacy breach, on the other hand, appears at first to be a strong concern for users.
After Snowden, with a deluge of revelations, attacks and discovered vulnerabilities, it has become clear that businesses and citizens are hugely exposed to attacks, by massive as well as targeted, yet highly-scalable remote attacks beyond-point-of-encryption, by criminal actors and state security agencies, which seek access to industrial secrets and personal data.
While, in the case of smartphones and PCs, it can be expected that scalable targeted access may mostly be available to high-level attackers, and entities close to them. Whereas In fact, IoT solutions have currently less regulatory requirements, liabilities, secure technology standards involved, and are often offered by smaller newer companies that have less to loose, overall, from public discovery of critical security flaws in their products. It follows that IoT presents substantial additional assurance problems, that make it substantially more likely that such access is available to even mid- and low-level attacker.
However, any privacy concerns will soon have to face the fact that IoT users are surrounded at any given time by a smartphone, PC or connected TV which can very easily be listening and sensing everything. Privacy is already so compromised that users don’t, won’t and probably shouldn’t care if one additional devices listens in.
From these considerations, we can attempt a prediction for such IoT sub-market. It may be characterised in the near and mid future by 3 kind of solutions: (1) A “no privacy” kind of solutions which will completely ignore or just pay “lip service” to privacy, vulnerable to even scalable low- and mid-level attacks; (2) A smaller “privacy but not from government” kind – similar to the approach of Blackphone in smartphone market – where you have reasonable expectations of privacy from all, except from highly-scalable massive targeted high-level threats; (3) An even smaller “meaningful privacy” kind, for very privacy sensitive use cases or individuals, where assurance can be reasonably expected against such highly-scalable massive targeted high-level threats, but not against non scalable proximity-based surveillance techniques.
The creation of this last “meaningful privacy ” kind of IoT solutions, will need radical changes on the socio-technical paradigms for the design, fabrication, assembly and provisioning of all the software, hardware and processes critically involved in their life-cycle and provisioning. Such changes will need be adopted by a critical mass of actors, which may initially be small, but comprised the entire computing life-cycle.
But such solutions may never provide meaningful utility to a user if, as we said, at any given time by ICT devices, such as a smartphone, PC or connected TV are easily be listening and sensing everything the user’s doing. Almost all IoT solutions interface – for operation, configuration or update – with ICT components that can be turned into a critical point of failure of the IoT solution, if they do not also provide “meaningful privacy”. Such dependency also works the other way around. The market for “meaningful privacy” ICT devices may well be dependent on the availability of “meaningful privacy” IoT devices, or at the very least IoT devices that can reliably be turned off by the user. In fact, it would be inconvenient enough to have to place your ordinary phone in a purse, or under a thick pillow, before making a call with your (ultra-) private device, but it would be unbearable to most to have go in the garden because their TV or my fridge may be listening.
For “meaningful privacy” ICT devices to gain any wide consumer adoption, it is crucial, therefore, to press for national laws providing for a wide-market availability of any Internet-connectible home and office devices with a certified physical switch-off for mic, camera and power.
Given these interdependencies, and the huge costs of creating and sustaining a “meaningful privacy” computing platform supply-chain and ecosystems, it is worth considering if the socio-technical standards and technology platforms for “meaningful privacy” IoT, and those for ICT, may well be shared to a large extent. These may be possible if such initial shares platform define a relatively small form factor, low energy consumption, and most of all a low cost of production at scale.

Leave a Reply