IoT: data security issues under debate

By March 09, 2016
La sécurité des données en question

In our increasingly connected world, approaches to data ownership, security and sharing are now all subject to intense debate.

The popularity of the Internet, the advent of smartphones and the growing number of connected objects in use have resulted in exponential growth in the volumes of data being created. During the RE.WORK Connect Summit held in San Francisco last November, Newsha Ghaeli, a Research Fellow at the MIT Senseable City Lab, told the audience that the total quantity of data generated from the ‘dawn of humanity’ up until 2003 was approximately five billion gigabytes. Nowadays, an equivalent amount of data is actually being produced every 24 hours, she pointed out. Moreover, with the growing popularity of wearable electronic devices – smart watches, connected bracelets and other devices designed to measure sports performance, health status and well-being – which gather detailed information on each user’s physical condition and biometrics, a great deal of highly personal data is now being transmitted online.

This rapid increase in data generation raises issues around data security. The risk that a hacker, a multinational corporation or a government agency might get hold of people’s private data – whether personal or professional – publish it or make malicious use of it is today a very real one. This prospect is even more worrying when you realise that the complexity, flows and opacity of the web world means that our data may be misused without our even realising it. However not all data is highly sensitive and data sharing also has its good points. Absolutely fencing off all online data is clearly not desirable.  So how can we balance useful data sharing with the necessary data protection? How can you safeguard the data that really needs protecting?

Shared data ownership

These questions were aired on several occasions during the 2016 RSA Conference in San Francisco last week. ‟Would data exist today if we didn’t have the ability to measure it?” asked Josh Alexander, Director, Identity, at US-based cloud computing company Salesforce. ‟When there was no way of measuring the quality of your sleep, apart from how tired you felt on waking up, the question of who owned the data relating to your sleep patterns didn’t arise,” he reminded the audience, pointing out: “Today when we use connected objects to measure our sleep, this involves sharing this data with the company that enables us to measure it.  So what’s new here is that our own data is no longer entirely our own property, it’s shared with those who allow us to measure it.”

Eve Maler, VP for Emerging Technology at multinational identity and access management software corporation ForgeRock agreed, adding: “This is why, in my opinion, the right question to ask is not ‘Do I own my data?’ but rather: ‘Do I have total control over access to my data? Can I decide who has access?’” However, this crucial question is often left aside. Eve Maler cited the example of a connected bed which allows you to gather a large amount of data on your sleep patterns. When you accept the conditions of sale – which hardly anyone ever reads – you are agreeing that all the data may be stored in the Cloud, and that includes not just such basics as the duration and quality of your sleep but also the same information on other people you sleep with…

The positive effects of sharing data

However, we should not run away with the idea that sharing data on an ongoing basis inevitably goes hand in hand with industrial espionage, the Big Brother state, or bullying and harassment.  Data sharing has many positive aspects, as Josh Alexander pointed out: ‟In the domain of connected health, for example, sharing and correlation of data can help to advance research, enabling us to gain a better understanding of certain illnesses and so combat them more effectively.” Consequently, reluctance about data sharing could put a brake on this type of research and the right balance needs to be found between protecting people’s privacy and using available data for noble ends.

Michele Guel, a Distinguished Engineer in Infosec at US-based multinational IT company Cisco, reminded the audience of some basic precautions people ought to take, both in their private lives and at work, in order to retain the desired degree of control over how their date circulates. We should take care when choosing connected objects and smartphone apps and steer clear of those which do not offer adequate security. We should also read up on the legal framework governing data protection and observe basic security rules when using the Internet, including inter alia choosing secure passwords, varying them, and making use of the confidentiality options on social networks.

Legal mentions © L’Atelier BNP Paribas