Crossing the creepy line

This article was authored by Stefan Hammond, and was originally posted on telecomasia.net.

Research firm Gartner typically offers annual predictions as mentioned in my blog-post “Predictions or science fiction?”  late last year. In January, a couple of switched-on Gartner VPs – Brian Prentice and Andrew Rowsell-Jones – came to Hong Kong to give journalists an in-person taste of the future.

Some of Gartner’s predictions read like recommendations. For example, their contention that – by 2018 – over 30% of digital government projects will treat all their data as “open data”: Gartner’s recommendation for government CIOs: Apply “open by default” principles and open data standards to any government program.

Transparency doesn’t trump all
But while governments are urged to keep it transparent, the research firm sees plenty of opportunities for security vendors. By 2017, says Gartner, 30% of threat intelligence services will include vertical-market security intelligence information from the IoT. They recommend that security managers develop new partnering strategies to be able to integrate threat intelligence data from industry specialists with a focus on the IoT.

Prentice gave a concrete example: Spain is experimenting with “smart meters” for their utility meters. The advantage of these devices is obvious: not only can billing be handled automatically, but feedback from such devices can help residents save resources. There’s the ever-popular concept of automatic and/or remote control of thermostats. But Prentice said that these meters are also vulnerable to hacking, meaning n’er-do-wells can fiddle with their metrics and defraud utility firms.

As we see more sensors and M2M entering our digital mix, we’ll see opportunities for this sort of theft arise. And there are consequences for personal data which Gartner also addressed. By 2018, said the research firm, 50% of business ethics violations will occur through improper use of big data analytics. That’s right: all that info you supplied for membership in the Supercute Princess Kitty Club might filter into inappropriate databases, causing ethical conundrums.

Crossing the creepy line
Gartner’s recommendation: information leaders should adopt a “big data (or more general), digital ethics code of conduct.” But real-world solutions may prove more problematic – Prentice cautioned against big data initiatives “crossing the creepy line” into digital intrusion.

For instance, said the Gartner VP, several large retailers in the USA are refusing to accept the recently announced ApplePay NFC payment gateway. The reason, said Prentice, is because Apple’s system doesn’t retain personal information – the preferred system of the retailers is a merchant-owned mobile payment system called CurrentC, which apparently takes a different approach to data-collection.

TechCrunch put it this way: “CurrentC Is The Big Retailers’ Clunky Attempt To Kill Apple Pay And Credit Card Fees.” Considering some of the retailers include huge pharmacy chains, it seems that data (including personal medical records) may be targeted for collection (to make matters worse, the Wall Street Journal reports thatCurrentC has already been hacked).

Prentice said this sort of practice leads to “ethical dissonance,” where firms state intent to protect customers’ privacy while simultaneously initiating schemes that slice into that privacy and extract large chunks for the firms’ usage. Business ethics are more important than ever in the age of social media and smartphones, and “dissonance” will not resonate with users concerned about privacy.

Security queries
After the VPs’ presentation, the question remained: what about future security concerns, given the hack-o-meter scenario Prentice posited, and Rowsell-Jones’s intriguing comments on the IoT being a network that – as opposed to PCs and smartphones – is being built in the presence of a “refined predator”: namely, organized cybergangs like those responsible for recent big-score intrusions like Sony and eBay? How to protect sensitive data when there is no perimeter?

Prentice suggested that the bigger picture be considered: the time horizon will contain pragmatic decisions taken in response to specific actions. “Don’t forget,” he said, “bad people are as limited by the obscurity of the complex world as everyone else. We’re seeking to stop them and catch them – remember that security cameras don’t actually stop crime, they document it so that we have a chance to catch the bad guys later on.”

Rowsell-Jones said that predators by nature don’t drive prey into extinction, as this would be a Pyrrhic victory. “If enough smart meters are hacked,” he said, “then there simply won’t be any more smart meters!”

If you haven't already, please take our Reader Survey! Just 3 questions to help us better understand who is reading Telecom Ramblings so we can serve you better!

Categories: IoT, M2M · Other Posts