Welcome to the Internet of Things. Please check your privacy at the door.

privacy please
Credit: flickr/ricky montalvo

Several things can happen to your IoT data, and most of them are bad. Here are the biggest things you need to worry about.


It knows when you are sleeping and when you are awake. It knows when you're home and when you're away. It knows how how fast you drive, how many steps you took yesterday, and how hard your heart is working right now.

It's the Internet of Things (IoT), and it is terrible at keeping secrets.

If the Web resembles the wild west when it comes to personal privacy, then the IoT is a jungle where only the fearless survive. While the privacy threats are similar, the stakes are much higher. Connected devices are collecting vast amounts of deeply personal information from our homes, our cars, and our bodies -- far more than any Web site possibly could. The kind of data that's being collected and what happens to it is governed almost entirely by privacy policies that virtually no one reads and few truly understand. Many IoT devices and apps have no privacy policy at all. And IoT security at this point in time is tissue thin, leaving your personal data at risk from external attack.

[ Related: 5 ways to prepare for Internet of Things security threats ]

The good, the bad, and the ugly of IoT

Several things can happen to your IoT data, and most of them are bad. The first is your information will be used only as intended -- allowing you to pump up your workouts, crank down the HVAC, or drive more safely. That's the good one. The second is that the people collecting this data will use it in ways you don't expect -- like, say, sharing your exercise habits with a maker of dietary supplements. The third is that this data will become an irresistible target for third parties like the police, insurance companies, or a divorce attorney who may be keenly interested in where and when you used that sex tracking device. That data trove could also leak onto the Web, putting you at risk of identity theft as well as embarrassment. The final threat is that external attackers could steal your personal information or use your IoT devices to gain access to more valuable data, like your banking logons.

Here are the three biggest things you need to worry about.

1. Unscrupulous marketers will sell your IoT data

Making money from your data is an essential part of the business model for many IoT companies. For example, in December 2013 Nest CEO Tony Fadell told Forbes Magazine he expects to make more money by sharing data with public utilities -- who can use Nest thermostats to more efficiently manage their customers' power usage -- than by selling the units directly to the public.

This kind of data sharing can also benefit consumers. Some Nest users who opted into the data sharing program will see a drop in their energy bills. Fitbit and Jawbone sell thousands fitness tracking devices directly to private corporations, who offer employees discounts on their health insurance for using the devices. Progressive Insurance offers cheaper premiums to customers who plug its Snapshot telematics device into their car's OBDII port. (If they prove to be poor drivers, their insurance will presumably go up.) ABI Research predicts that by 2017, the number of drivers whose insurance premiums are tied to an IoT gadget will hit 89 million.

The problem comes when companies decide to sell this data without either informing or benefitting the people who are generating it. Many of these companies have no written policies at all. Symantec's July 2014 survey of the 100 most popular self-tracking apps in the iTunes Store found that more than half lacked a privacy policy describing the kind of information they collect and whom they share it with.

While there have yet to be any widely publicized examples of companies selling personal IoT data to marketers, it's only a matter of time, says Philippe Kahn, CEO of FullPower, which makes the Motion X software platform that powers devices such as the Jawbone Up and the Alpina Smartwatch.

“Once IoT is widely adopted and control over the data rests in the hands of current incumbents with the current rules, we have a perfect storm brewing,” he says. “Most of the tech industry is focused on monetizing, with complete disregard of the more subtle issues of privacy. They say 'it's all free, so consumers will live with it'. Privacy is a huge price to pay for 'free'.”

2. Your IoT data could be used against you in a court of law

Last November, FitBit data was used in a personal injury lawsuit in Calgary, Canada. Lawyers for the plaintiff, a personal fitness trainer injured in a car accident, hope the data will prove she is less physically active as a result of her injuries. Neda Shakoori, an attorney with McManis Faulker law firm in San Jose, California, calls wearable fitness trackers a “perfect fit” for litigation.

[ Related: Data from wearable devices could soon land you in jail ]

Of course, such data could also be used against a plaintiff to prove that her physical activity was not impaired, writes Shakoori. It could be obtained by the police and used to determine your location or other information. Dropcam, makers of popular Web-connected home security cameras, told Fusion Net's Kashmir Hill it has already received a handful of requests from law enforcement agencies demanding footage captured inside people's homes.

The connected car that lowers your insurance rates when you drive well might some day clock when you're speeding and issue you a ticket. In a 2012 survey, more than 90 percent of divorce attorneys acknowledged a spike in the use of smartphone data as evidence in divorce cases; IoT could be the new frontier in marital discord.

Bottom line: As long as the IoT data is accessible and can be traced back to an identity, third parties will find ways to use it.

3. Hackers could use the IoT to pwn you

The insecurity of IoT devices is now firmly established. According to a June 2014 report by Hewlett Packard, 7 out of 10 IoT devices have some kind of security flaw -- with an average of 25 vulnerabilities per device. Symantec reports that all fitness wearables it looked at were vulnerable to location tracking, and one in five transmitted user credentials in the clear. In recent years, connected security cameras, baby monitors, Nest Thermostats, smart locks, and cars have all been the victims of successful hacks, though mostly by security researchers probing for weaknesses.

1 2 Page 1
Drexel and CIO.com announce Analytics 50 award winners
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies