by Savvas Skordellis and Ceara Sutton – Jones
The IoT is not new – tech companies and experts have been discussing the idea for decades, and the first internet-connected toaster was unveiled at a conference in 1989. In a nutshell, IoT is one of many terms now used to describe and drive the development of networked and algorithmic driven visions of the futures – smart places, ubiquitous computing, ambient intelligence or industry 4.0. With the promise of huge consumer and business markets IoT innovation is being pursued by major corporations and open-source entrepreneur networks alike.
For example, following a century of home automation technology in promising convenience, time and labour saving, safety, caring for the vulnerable and money saving, the 1980s vision of the smart home is starting to become a reality. While connected baby-monitors and doorbells, and smart speakers are proving extremely popular among consumers. These new internet-based systems often involve transferring data out of the home, opening up a whole range of risks and fears of surveillance and accompanying security and privacy concerns.
There has also been a great deal of activity in trying to build ‘smart cities.’ These promise to upgrade tired or overcrowded city infrastructure by reusing administrative and new data, embedding sensors and actuators in everything from streetlights to sewers, providing information on air quality, noise, anti-social behaviour, traffic, and much more. The aim is to give citizens, municipal authorities, the police, and infrastructure service providers more information about, and control over, their city and its population. The reality is often expensive and unreliable systems that fail to integrate, frustration with poor quality data, and arguments over surveillance and cost cutting.
How does it work? Almost any physical object can be transformed into an IoT device if it can be connected to the Internet to be controlled or communicate information. In a simple way, they are devices connected to internet, so they each have an IP address. There are different examples of IoT from autonomous vehicles that haul products around factory floors, to simple sensors that monitor the temperature in buildings. Further, personal devices like fitness trackers that monitor the number of steps, heart rate and workouts are also part of IoT. In order to make that data useful it needs to be collected, processed, filtered and analysed, each of which can be handled in a variety of ways.
Legal responses
Data protection law requires those collecting and processing data to put in place technical and organisational safeguards to protect personal data, which may go some way to helping make these systems more trustworthy. Furthermore, it is not enough just to put mechanisms in place: the law requires that those mechanisms are also effectively communicated to the users. This may involve more organisational mechanisms, such as certification schemes, privacy icons or conducting privacy impact assessments; but it also encourages exciting opportunities to introduce innovative technical solutions, using ‘privacy engineering’ approaches (which we return to below). In effect, creators of the IoT system need to think about the user experience in terms of accountability.
go
But although the law encourages innovative and transparent solutions, common practices rarely reach this ideal. Communicating with users often relies on lengthy terms and conditions and requesting consent to those. This over reliance on consent mechanisms is already heavily criticised in the web domain, as users do not read terms and conditions and cannot renegotiate them.
The problem gets worse in the IoT domain with ambient data collection where devices have partial or even lack user interfaces which would allow for withdrawing consent or even checking what one consents to. In cases where it is harder to obtain legally valid consent and where users feel they have limited control of intimate data being collected in their home, it will be harder to form trustworthy relationships with them.
Prof Helen Nissenbaum’s popular theory of privacy states that it involves protecting the contextual integrity of informational flows. This basically means that our privacy can feel breached when information from one context is shared or accessed by others in a way we do not expect. For example, this might happen when what we said to our friends in our home is then repeated to our boss in the workplace. Another example comes from the Prof Danah Boyd who found that children are often not concerned about large companies knowing what they do on social media, but they are concerned about authority figures, like their teachers or parents knowing. Context matters with technology, and as designers we need to think about where our technology will be used, by whom, and how this might impact our users.
Donate & Support