It was after writing a story earlier this year concerning a connected sex toy sending very private information about its users back to the manufacturer that I started to muse about the ever-expanding Internet of Things and consumer privacy. What are the implications of being more connected apropos the mass of data collected on us? Do we even believe in the retention of our own privacy anymore? Should we even care?

Let’s face it, most of us don’t read the small print, the entire print, when signing off on privacy agreements. Would the owners of data-collecting vibrators have willingly plied their erogenous zones with their new toy had privacy terms been explicit in making the consumer aware that their record of ‘fun’ would be used for market research? Would anyone want that kind of information about themselves sold to the highest bidder? Shouldn’t every connected device come with the essential warning on the box, stating, “Hey, we’re watching you. This is why, and this is what we are going to do with the information.”

The Internet of what?

According to this Altimeter report, ‘Consumer Perception in the Internet of Things’ there’s a growing consumer anxiety concerning the ‘digitization of our physical world’. At the same time the report states that 87 percent of American citizens in one study didn’t even know what IoT is. They were worried about their privacy, but weren’t exactly sure how or why it was being plundered in the digital world.

Other respondents in the study were aware their cookies were being tracked, but had little idea why, or at least asked for more transparency from those collecting the information. The gist of the study: “Roughly 60 percent of all respondents report such heightened discomfort in the sharing/selling of their data.” Apparently the older generation give more of a damn, perhaps those that remember a time when personal activity wasn’t always rigorously monitored and exploited.

I spoke with Sven Dummer about this issue. Dummer has been around the block, having previously worked for Yahoo, Microsoft and Suse. He is currently senior director of product marketing at Loggly, a cloud-based log management and analytics service provider in San Francisco. We had first made contact regarding self-driving cars, but the conversation developed to cover the wider topic of IoT and privacy (This should be some help to the 87 percent of non-savvy IoT Americans):

Q: What exactly is happening to the data collected on us?

Sven Dummer: In a nutshell, the data is sent over the internet and stored on a computer system of the manufacturer of the device or software, and maybe also transferred to other parties. It’s typically stored in some form of database system that allows to search and query the data and do statistical and other analysis. That’s as general a summary as it can be; the details may vary greatly, including questions such as if the data is encrypted before it gets transferred and stored. More often than not… so, it is difficult or impossible even for experts to find out exactly where the data is going.

Q: Why is data so aggressively being collected? (I gave the IoT sex toy as an example)

Dummer: There are several good reasons to collect data from connected devices. It can help to prevent or diagnose faults, plan maintenance, or offer users help. Manufacturers can also get a better, data-based understanding of customer needs. But, there are of course many unanswered questions, including those about privacy, and what overall ethical standards and forms of consumer protection need to be established to prevent abuse (by both the collectors of data as well as by potential hackers stealing it), including what people feel comfortable sharing. Data collection has become, and will continue to become, more aggressive for two simple reasons: data is valuable, and it’s comparably easy to collect – so many businesses will just do it.

Q: This data can be then sold on to whomever wants it, market research etc. Is this ethical? Should we be more informed about what happens to our data?

Dummer: Consumers typically don’t know that they are surrounded by an army of software systems that act as tireless minute takers. To many, this might seem like an Orwellian nightmare, but in fact ethical standards vary not only between individuals, they also differ between countries, cultures, and jurisdictions. What might be illegal in one country might be allowed and even socially accepted in another.

It is unclear and, in most countries, not yet regulated what data may be logged by connected devices, who can access this data, and how authorities, investigators, and the general public can be enabled to also make sense of it – or even how transparency can be provided on what is being logged and transferred.

Q: What is the possibility of the consumer having more control over their data?

Dummer: It is extremely difficult (if not impossible) to ensure that consumers keep full control over all their data, but it is very possible to regulate certain areas. For example, the FIA wants car makers to publish an easily understandable list for each model of all the data collected, processed, stored and transmitted externally. They also request that consumers can opt-out of the collection of certain data. However, in a globalized world it is difficult to enforce policies in one country if services are offered over the internet from another.

Q: In terms of security, how vulnerable is the consumer as they become more connected? If we are connected to more ‘things’ are all these as secure as each other?

Dummer: The Internet of Things has become a reality, and we are permanently surrounded by connected devices of all kinds: Smartphones, smartwatches and TVs, fitness trackers and other wearables, internet modems, set top boxes, w-lan routers, internet-enabled entertainment systems, game consoles, e-book readers, connected cars, and many, many more. All these “things” basically have mini-computers built in, running an operating system, and a stack of application software on top of it. So we’re basically running millions and millions of lines of programming code on our collection of devices every day. There are bugs and security holes in there, and always will be. You need to be aware of that, and make sure you keep your software and devices updated and be mindful of the risk. There is no need to panic, though. For example, driving a car can kill you, it strongly depends how you drive it and if you maintain it so that it’s safe to drive.

Q: In conclusion what should the consumer be thinking about right now in terms of his/her privacy?

Dummer: At a minimum, you need to be aware of two facts: (1) people and companies will want to collect data about you and might do so without your permission, and (2) there is no total security, and every system can be hacked. Follow some simple rules: be mindful about what data you share and ask yourself what somebody could do with it. If in doubt, reject to share and ask the vendor questions, and ask yourself if the vendor is trustworthy. For the security aspect, always keep your software and devices updated; don’t use weak passwords, be mindful of the risks, and encrypt your data wherever possible.

Photo credit: Omran Jamal via Flickr