It knows when you are sleeping and when you are awake. It knows when you're home and when you're away. It knows how how fast you drive, how many steps you took yesterday, and how hard your heart is working right now.
It's the Internet of Things (IoT), and it is terrible at keeping secrets.
The good, the bad, and the ugly of IoT
Several things can happen to your IoT data, and most of them are bad. The first is your information will be used only as intended -- allowing you to pump up your workouts, crank down the HVAC, or drive more safely. That's the good one. The second is that the people collecting this data will use it in ways you don't expect -- like, say, sharing your exercise habits with a maker of dietary supplements. The third is that this data will become an irresistible target for third parties like the police, insurance companies, or a divorce attorney who may be keenly interested in where and when you used that sex tracking device. That data trove could also leak onto the Web, putting you at risk of identity theft as well as embarrassment. The final threat is that external attackers could steal your personal information or use your IoT devices to gain access to more valuable data, like your banking logons.
Here are the three biggest things you need to worry about.
1. Unscrupulous marketers will sell your IoT data
Making money from your data is an essential part of the business model for many IoT companies. For example, in December 2013 Nest CEO Tony Fadell told Forbes Magazine he expects to make more money by sharing data with public utilities -- who can use Nest thermostats to more efficiently manage their customers' power usage -- than by selling the units directly to the public.
This kind of data sharing can also benefit consumers. Some Nest users who opted into the data sharing program will see a drop in their energy bills. Fitbit and Jawbone sell thousands fitness tracking devices directly to private corporations, who offer employees discounts on their health insurance for using the devices. Progressive Insurance offers cheaper premiums to customers who plug its Snapshot telematics device into their car's OBDII port. (If they prove to be poor drivers, their insurance will presumably go up.) ABI Research predicts that by 2017, the number of drivers whose insurance premiums are tied to an IoT gadget will hit 89 million.
While there have yet to be any widely publicized examples of companies selling personal IoT data to marketers, it's only a matter of time, says Philippe Kahn, CEO of FullPower, which makes the Motion X software platform that powers devices such as the Jawbone Up and the Alpina Smartwatch.
“Once IoT is widely adopted and control over the data rests in the hands of current incumbents with the current rules, we have a perfect storm brewing,” he says. “Most of the tech industry is focused on monetizing, with complete disregard of the more subtle issues of privacy. They say 'it's all free, so consumers will live with it'. Privacy is a huge price to pay for 'free'.”
2. Your IoT data could be used against you in a court of law
Last November, FitBit data was used in a personal injury lawsuit in Calgary, Canada. Lawyers for the plaintiff, a personal fitness trainer injured in a car accident, hope the data will prove she is less physically active as a result of her injuries. Neda Shakoori, an attorney with McManis Faulker law firm in San Jose, California, calls wearable fitness trackers a “perfect fit” for litigation.
Of course, such data could also be used against a plaintiff to prove that her physical activity was not impaired, writes Shakoori. It could be obtained by the police and used to determine your location or other information. Dropcam, makers of popular Web-connected home security cameras, told Fusion Net's Kashmir Hill it has already received a handful of requests from law enforcement agencies demanding footage captured inside people's homes.
The connected car that lowers your insurance rates when you drive well might some day clock when you're speeding and issue you a ticket. In a 2012 survey, more than 90 percent of divorce attorneys acknowledged a spike in the use of smartphone data as evidence in divorce cases; IoT could be the new frontier in marital discord.
Bottom line: As long as the IoT data is accessible and can be traced back to an identity, third parties will find ways to use it.
3. Hackers could use the IoT to pwn you
The insecurity of IoT devices is now firmly established. According to a June 2014 report by Hewlett Packard, 7 out of 10 IoT devices have some kind of security flaw -- with an average of 25 vulnerabilities per device. Symantec reports that all fitness wearables it looked at were vulnerable to location tracking, and one in five transmitted user credentials in the clear. In recent years, connected security cameras, baby monitors, Nest Thermostats, smart locks, and cars have all been the victims of successful hacks, though mostly by security researchers probing for weaknesses.