Modern field guide to security and privacy

Experts: Consumer protections vital as Internet of Things expands

At Thursday's Security of Things Forum in Cambridge, Mass., experts such as FTC Commissioner Julie Brill stressed the need for makers of connected devices to do more when it comes to safeguarding consumer data.

Ann Hermes/The Christian Science Monitor
Federal Trade Commission Commissioner Julie Brill, left, at Thursday's Security of Things Forum in Cambridge, Mass., along with Andrea Matwyshyn, professor of law at Northeastern University, and Peter Lefkowitz, chief privacy officer at GE.

As the number of Internet-connected devices people use in their homes and on their bodies expands dramatically, so, too, does the conversation about how to keep those machines secure.

So far, the debate has largely focused on technology companies' ability to secure them and regulators' push to ensure they have proper privacy protections in place.

But panelists at Thursday’s Security of Things Forum from both the US government and private sector stress that the industry must do even more to meet the needs of consumers. It can be difficult for consumers to fully understand the privacy implications of the devices they use, and consumers aren’t able to keep up with security updates as the Internet of Things becomes more complex, panelists said.

“Security, privacy – it’s something consumers can’t figure out,” Julie Brill, commissioner of the Federal Trade Commission, told the Cambridge, Mass., event hosted by The Security Ledger and Passcode.

Despite that new models of personal devices are out on the market with strengthened or advanced security measures, Ms. Brill said, consumers continue to use old versions that are no longer being supported by the company with software updates – and they may not realize how that leaves them far less secure.

To take some of the onus of responsibility off of consumers for the security of their devices, the FTC released “Start with Security” in June, a security best-practice guide for businesses. The guide suggests 10 ways businesses can improve their overall security and the security of apps and devices they create. The government can also help enforce best security practices in the space, Brill said.

For instance, in 2014, the FTC took action against TRENDnet, a home security camera company, because it did not secure customers’ video feeds. The videos could be viewed by people who had the camera’s Web address. The FTC found that TRENDnet did not engage in reasonable security practices and ordered the company to establish a security program to examine security risks and conduct third-party audits for 20 years.

As connected devices become more mainstream, however, the privacy implications of the data they collect also get more complicated, said Peter Lefkowitz, chief privacy officer at GE. Consumers are familiar with the personal devices such an iPhone that collect personal data, he said. But they might not think of the security or privacy repercussions that stem from using connected medical devices – such as CT scans – or realize the machines can share the information they collect.

While these devices and the data they collect can be beneficial for medical advances, they can collect sensitive medical details that can create a detailed picture of a person, Mr. Lefkowitz said. Understanding the kinds of data collected and used by widespread devices, he said, are “important areas of development for society.”

Washington policymakers also face a learning curve. Those seeking to protect consumers’ security and privacy when it comes to the Internet of Things must also be careful not to damage innovation by instating overly broad regulations, said Andrea Matwyshyn, a law professor at Northeastern University.

“In this case, we need a regulatory scalpel, not a regulatory axe,” Ms. Matwyshyn said.

Ultimately, it could come down to the consumers’ own needs and preferences. Some might prefer that certain devices are not connected to the Internet. Just because connective capabilities can be added, doesn’t mean they should, Matwyshyn said. “It’s the ‘better with bacon’ problem.”

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.