Jay Stanley, Senior Policy Analyst for the ACLU Speech, Privacy & Technology Project, is doing a series of posts on the IoT. The first piece, ‘The Coming Power Struggles Over the “Internet of Things”,’ contemplates the extension of corporate power into more and more personal and intimate spaces. He begins with this example:

When I stick a movie into my DVD player and try to fast-forward through some of the annoying preliminaries that are at the front of the disc, I get an error message: “This operation prohibited by this disc” […] First of all, it’s not “the disc” that is prohibiting my attempt to forward through trumped up FBI warnings and Hollywood anti-piracy propaganda. It’s the Hollywood studios that have programmed my technology to prohibit my “operation.” […] The message is: “There’s no power play going on here, it’s just how the objective technology works!” What’s actually happening is the movie studios have decided to program technology (or pressure hardware manufacturers to do so) to take away your control over your time and what you watch, and force you to view content that they control, in order to advance their own interests. More broadly, this annoying little example highlights the power struggles we could face as computer chips come to saturate the world around us—the trend often called “the Internet of Things.”

It’s an interesting and important point (though I do wish it was a little less shrill). Questions of power inequity rarely surface in public discussions of data collection and system control, so I’m happy to see Stanley address it. His next piece, “The Internet of Kafkaesque Things,” is a thoughtful if rarified discussion of the similarities and differences between computers and bureaucracies. Stanley worries if those similarities will transmit the inefficiencies and rabbit holes of bureaucracies into ever more personal spaces as devices become more connected:

The bottom line is that the danger is not just that … we will become increasingly subject to the micro-power of bureaucracies as computer chips saturate our lives. There is also the danger that the Kafkaesque absurdities and injustices that characterize bureaucracies will be amplified at those micro levels—and without even being leavened by any of the safety valves (formal or informal) that human bureaucracies often feature.

Both pieces are worth a read and I’m looking forward to the third piece in the series.

Intimacy Power

Latest tweets are now displayed on the right side of the page. w00t. Little victories.

Behind the scenes

Ashkan Soltani, the FTC’s Chief Technologist, penned a good article on the particular security challenges of cheap, connected, low-power devices. He uses the venerable refrigerator example to get some important questions across:

“… a refrigerator was once just a refrigerator with one purpose: cooling food. Now that we live in an IoT world, embedded inside that refrigerator is a full-fledged network computer which could potentially be exploited to launch a DDOS attack against the consumer (or some external) network. As the technology behind the household items we buy evolves, so must the way we think about the long-term effect to consumers when they purchase them:

What will be the level of security and support while under warranty? If a critical vulnerability is discovered, will an update be provided? What happens after the warranty expires? Should modern refrigerators have a shelf-life, much like the food contained within?

http://www.ftc.gov/news-events/blogs/techftc/2015/02/whats-security-shelf-life-iot

Security

Samsung drew the ire and attention of the internet recently by releasing a television with voice recognition that might scoop up some of your personal conversations. Major news outlets like the Guardian and the Independent ran stories on it, both inspired by EFF activist Parker Higgins’ tweet comparing the Samsung privacy policy to Orwell’s 1984.

The Samsung privacy policy states: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.”

Samsung told the Guardian that they care about privacy, that they encrypt, and so on, but the Privacy Policy speaks for itself: we may capture your utterances, and your only choice is to shut off that feature completely. Is this Orwellian? I think not. Is this poor planning and tone deafness? Certainly. The language in the Privacy Policy clearly doesn’t put people at ease; it also an example of how Notice and Choice, those cornerstones of ‘fair information practice principles’ are becoming more and more inadequate. The Samsung story is arbitrary in a way because there wasn’t the same outrage over Google’s always on “OK Google” or Apple’s “Hey, Siri.” Still, outrage and bad press are useful tools in the regulation of behavior – naming and shaming to effect better privacy.

Privacy by Design

The WA State House Technology & Economic Development Committee passed a reasonable drone privacy bill last week. Basically, you can’t fly a drone onto someone’s private property and record them without their consent. Obviously, such an intent is more easily implemented when you have houses with property lines rather than windowed apartment buildings, but still, it’s a good addition to the fledgling body of drone privacy law. There was clearly some thought and technical advice put into the bill, as evidenced by the definition of “active sensing device”: “including, but not limited to, cameras, thermal detectors, microphones, chemical detectors, radiation gauges, and wireless receivers in any frequency.” The bill’s definition of personal information (note, not PII) is similarly broad: “Any information that describes, locates, or indexes anything about a person including, but not limited to, his or her social security number, driver’s license number, agency-issued identification number, student identification number, real or personal property holdings derived from tax returns, and his or her education, financial transactions, medical history, ancestry, religion, political ideology, or criminal or employment record,” as well as of course image. Willful violation of the proposed law is a misdemeanor, and victims can sue for $5,000 or actual damages plus attorney’s fees.

http://lawfilesext.leg.wa.gov/biennium/2015-16/Pdf/Bills/House%20Bills/1093-S.pdf

Drones Law