Dr Gilad Rosner, the founder of the IoT Privacy Forum, will be giving a free webcast today at 10a PT / 1p ET / 6p GMT. You can register for it here. Topics include privacy in the IoT, privacy by design, and the sociotechnical nature of connected devices.
Ashkan Soltani, the FTC’s Chief Technologist, penned a good article on the particular security challenges of cheap, connected, low-power devices. He uses the venerable refrigerator example to get some important questions across:
“… a refrigerator was once just a refrigerator with one purpose: cooling food. Now that we live in an IoT world, embedded inside that refrigerator is a full-fledged network computer which could potentially be exploited to launch a DDOS attack against the consumer (or some external) network. As the technology behind the household items we buy evolves, so must the way we think about the long-term effect to consumers when they purchase them:
What will be the level of security and support while under warranty? If a critical vulnerability is discovered, will an update be provided? What happens after the warranty expires? Should modern refrigerators have a shelf-life, much like the food contained within?”
Connected devices are moving into more and more intimate spaces. This post explores the social dimensions of Things entering those spaces, and asks the question, at what layer do we build privacy into the fabric of devices? Written by Dr Gilad Rosner, founder of the Internet of Things Privacy Forum.
Will the commercial practices that evolved in the web be transferred to the Internet of Things? This article explores that question and posits that American and European privacy thinking must be combined to encourage privacy preservation within the IoT. Written by Dr Gilad Rosner, founder of the Internet of Things Privacy Forum.
The WA State House Technology & Economic Development Committee passed a reasonable drone privacy bill last week. Basically, you can’t fly a drone onto someone’s private property and record them without their consent. Obviously, such an intent is more easily implemented when you have houses with property lines rather than windowed apartment buildings, but still, it’s a good addition to the fledgling body of drone privacy law. There was clearly some thought and technical advice put into the bill, as evidenced by the definition of “active sensing device”: “including, but not limited to, cameras, thermal detectors, microphones, chemical detectors, radiation gauges, and wireless receivers in any frequency.” The bill’s definition of personal information (note, not PII) is similarly broad: “Any information that describes, locates, or indexes anything about a person including, but not limited to, his or her social security number, driver’s license number, agency-issued identification number, student identification number, real or personal property holdings derived from tax returns, and his or her education, financial transactions, medical history, ancestry, religion, political ideology, or criminal or employment record,” as well as of course image. Willful violation of the proposed law is a misdemeanor, and victims can sue for $5,000 or actual damages plus attorney’s fees.