, , , ,

MyWOT (Web of Trust) is a Helsinki-based Internet technology company. It is primarily known for its browser safety add-on. I have WOT enabled for Google Chrome browser on my computer at home.

I noticed a new entry on the MyWOT blog a few days ago, Hey Alexa, Send My Regards To The CIA – Connected Devices in The Age of Snowden. It is a good post. I left a comment, of course.

Small-time info merchant to big league data mogul

The Internet of Things (Internet-connected devices collectively known as the IoT) seems like a solution in search of a problem to me. I’m not worried about the CIA listening to me. I am worried about insights gleaned from unethical or illegal re-sale of user data. Revenue from data harvesting is built into the business model for much of the consumer-targeted IoT. For example, some insurance companies offer discounts to auto policy holders in exchange for attaching telemetry devices—referred to as telematics—to their vehicles. IBM describes how such data could be re-used throughout the transportation industry as the next phase of monetizing IoT data in an “age of sensorization”. IBM also acknowledges the questionable value proposition of paying a lower premium in exchange for having one’s driving activity recorded in real-time, uploaded, analyzed, and saved for future purposes that can’t be anticipated.

Let’s think of “re-purposed” data, i.e. used for something other than what it was originally intended, as secondary data. The same IBM post, about monetizing IoT data, introduces yet another level of aggregation: a commodities exchange for data. Terbine is a meta data construct that collates tertiary data from IoT sensor sources. Its scope of use is not limited to the transportation industry.

Terbine is an early-stage startup as of 2016, so I’m too not worried that it will evolve into something awful. What’s not to like about the first commercial-grade system for curating IoT data on a global scale? (That’s the link to Terbine’s About page.) It has a policy engine, which is supposed to ensure compliance with localized data privacy regulations. Terbine is a legal alternative to Data Dealer. Actually, Data Dealer is only a game, although it is also a startup seeking early-stage funding! 🙂 I really like the Data Dealer video. That’s where I found the phrase that I used as the heading for this section, about rising from a small-time info dealer to a mighty data mogul, at the 1:34 mark.

Update: After collecting $50,362 from 754 people, the Data Dealer developer team ran out of money and failed to complete the project. That’s why I am not a fan of crowd-funding and Kickstarter.

Not really Anonymous

Commercial and public sector IoT service providers offer privacy reassurances based on their data anonymization practices. This is countered by a preponderance of evidence suggesting that deanonymizing data is easy, even when it is collected with the best of intentions.

Wall Street Journal article about municipal user of resident data that has been anonymized, they hope

“Cash-strapped cities are turning to an unusual source to improve their online services on the cheap: helpful hackers, who use city data to create tools tracking everything… Recently, hackers have begun working with cities to find ways of building applications, or apps, that make use of data—which gets stripped of personally identifiable information—that municipalities are collecting anyway in the regular course of governance.”

Resource burden

The IoT uses sensors that collect enormous amounts of data. Do Amazon Alexa, Google Home or smart refrigerators yield sufficient benefit to justify the energy and electrical usage they require from sensor input?

This quote from the U.S. Federal Trade Commission is great. It highlights evidence-based IoT concerns about consumer privacy and appropriate resource allocation:

The sheer volume of data . . . is stunning. Fewer than 10,000 households . . . can generate 150 million discrete data points a day or approximately one data point every six seconds for each household. Such a massive volume of granular data allows . . . analyses that would not be possible with less rich data sets. Researchers are beginning to show that existing smartphone sensors can be used to infer a user’s mood, stress levels, personality type, bipolar disorder, demographics (e.g., gender, marital status, job status, age), smoking habits, overall well-being, progression of Parkinson’s disease, sleep patterns, happiness, levels of exercise, and types of physical activity or movement.

In some contexts, Internet-connected devices are worth the cost and even the security exposure; e.g. insulin pumps make a huge difference in quality of life to diabetics. Also, for law enforcement, sensor-enabled monitoring is more effective and efficient. However, as a law-abiding citizen, I don’t want to be under surveillance, whether it is by state authorities or corporate entities! Privacy is a right that I value too much to surrender in exchange for Alexa or an IoT mattress.

The Internet of Insecure Things

Don’t forget consumer safety! Do you really need to connect a web server to your dishwasher?