In the years since Mark Zuckerberg infamously declared that privacy was no longer "a social norm," his controversial statement has insidiously become truth. Most of us now accept, no matter how reluctantly, that the majority of our social, financial, and other interactions take place with someone, somewhere, looking on. However, to a lot of people, the digital internet still isn't as real as the world outside their window. So it may well prove to be a different matter altogether when their things start to tattle on them behind their back. The current climate may not survive the coming of the Internet of Things.
Suddenly it's not just your email, or the photographs of your cat, that are being looked over by the deep learning networks of Google and the NSA, but your location to the centimeter, your heart rate, your respiration rate. The arrival of quantified self means that it's no longer just what you type that is being weighed and measured, but how you slept last night, and with whom.
As computing makes its way out into our environment, as our everyday things become smarter and network enabled, the amount of data we leave in our wake will multiply. From cross device tracking using inaudible sounds to large scale Bluetooth beacon deployments, our data exhuast is becoming a literal statement as we begin to leave smears of data spread over the things we touch.
Right now there is poor understanding of how the Internet of Things will be paid for, and in the short term companies are attempting to fill the gap using the business model they're most comfortable with, the business model that supports the other internet, the digital one. Increasingly the data we leave behind us is being bought and sold.
But our data is also being stolen, and as the number of Internet of Things related security breaches seemingly spirals out of control, the security of our new smart devices is now under scrutiny.
These seemingly smart devices are attractive to hackers because for a lot of manufacturers security is still viewed as an afterthought. It's not a good sign when your refrigerator can be recruited into botnets.
But even for those devices with good security the Internet of Things presents a unique problem. In the past a great deal of computer security has relied on attackers not having physical access to the computer, but with an Internet of Things device that's the point, and it opens up a whole new can of security worms. The vulnerability of an Internet of Things device means that attackers can leverage physical access to a smart device to gain further access to a user's home network, and potentially compromise much than just a single device.
It's well established that most consumers treat their home router just like any other piece of electronics, and that for many the password is still the default.
As smart devices take over the home, most consumers will treat them in the same way that they treat the dumb devices they're replacing. In 1995 you wore a digital watch that was also a calculator, and your house was filled with clocks blinking "12:00" because you couldn't be bothered to set them, or didn't know how. In 2025 everything in your home will have an IP address, and for the same reasons it's possible the password will be whatever the manufacturer set it to when the device left the factory.
It makes me think we need a debate about the privacy implications of the Internet of Things before smart devices spread out from the early adopters that, at least for now, are the main users. After all, even Mark Zuckerberg may be having second thoughts about what should be, and should not be, private.