What is the motivation for developing and building many Internet connected devices? What are the arguments for and against the Internet of Things (IoT)? Would they make our lives easier?
Given the recent trends in technology and the ever-growing connectivity of the devices we own, Internet of Things is an obvious next step in the smart device industry. We, as consumers, like when things are connected and easy to use, and the Harvard article, the New Age of Surveillance, sets up the scenario pretty effectively. Who wouldn’t want to live in a world where all of the tedious household chores are automated away? Beyond just the convenience, it’s rather difficult to argue in favor of IoT, mainly due to the nature of the companies trying to sell them and the resulting lack of security. Against IoT, there are obvious concerns about security and privacy for the devices in which the connectivity is implemented. Companies that manufacture these IoT devices are accustomed to being able to cut costs during production, and working with IoT is no exception. If encryption and passwords add an extra $10 per unit to the production cost and the consumer is generally unaware of the importance of cybersecurity, then these important security features will be removed entirely. Sure, being able to tweet from your fridge or start your washer and drier from your phone is convenient, but also consider that a burglar might purchase access to your unsecured webcam for $20 and know when you’re not at home or that your car might be hacked while you’re driving down the highway.
How should programmers address the security and privacy concerns regarding IoT? Who is liable for when breaches or hacks happen?
I firmly believe that companies and the government are incapable of ensuring the security of IoT devices. This isn’t because companies are evil by nature and do everything they can to cut costs; many of the devices that incorporate these IoT features are not accustomed to the expectations for security in the tech industry and may not have an understanding of the security aspect. I’m also under the impression that the government could not create and maintain regulations quickly enough for the rapidly evolving tech industry. A law the government passes today that might not go into effect for two years will be outdated by new ways to hack and new solutions to prevent them. As a result, it falls on the engineers to articulate the importance of cybersecurity to their companies and consumers and create a safe, secure product. Since there will always be hackers and malicious parties seeking access to the oceans of data that could be obtained from IoT devices, the programmers and engineers are fully responsible for the safety and security of the devices that they make. One interesting proposal from the readings is to include 3rd party device verification, which would give some extra confidence to the consumer about the safety of a given product and help pressure companies into verifying that their products meet some industry standard. Regardless, the programmers and engineers can’t assume that either the consumer or their managers understand the importance of cybersecurity, and it’s up to them to make sure that the benefits of IoT aren’t confiscated and used by malicious parties.
What do you believe will be the social, economic, and political impact of the Internet of Things? What role should the government play in regulating IoT devices?
I’m afraid that IoT will have a large and negative important on the future of this country. Many of the devices we use now are simply non-malicious even if hacked, such as a smart fridge or a household appliance that connects to your smartphone. With more and more applications of IoT coming in the near future, mostly relating to medical devices or vehicles, I fear that the groups already marginalized in society will have it even worse. The readings discussed the ability to watch people in their homes and potentially gather information on criminal suspects that we might not have been able to gather before IoT. As I briefly touched on during my surveillance blog post, laws are not enforced equally among the various demographics, and I fear that IoT will just enable another form of privacy-invading surveillance. As far as medical devices and vehicles go, IoT may actually give hackers the ability to take over a car remotely while it’s driving, leaving the “driver” helpless, and having a backdoor on your pacemaker can allow hackers to control your life. As I mentioned before, I don’t trust that the government will be able to control the problems of IoT on its own as the vulnerabilities and capabilities change; I mainly fear that the government could not adapt quickly enough to these changes, or may actually be in favor of adding backdoors to devices for the sake of surveillance. Rather, I believe that it’s up to third parties and the engineers to come up with a code of ethics and standards of security for IoT devices.
Would you fear a pervasively connected world with billions of internet capable devices? Explain why or why not.
Living in a world at the dawn of pervasive computing is simultaneously the most exciting and most horrifying time to be alive. I’ve shared my thoughts about the surveillance aspect in my last blog post, but my main concern about IoT is the potential for the worst ransomware attacks the world has ever seen, even ones that are technically legal. The readings talked about the ability to hold vital organs for ransom until the person pays up or the ability to remotely administer a lethal dose of insulin. I fear that not only hackers will be capable of controlling this functionality, but people who lease these technologies will have this capability as well, which is completely legal. I find this time of pervasive computing to be exciting because we can remotely update and control medical devices to reduce their overall cost by not having to replace a pacemaker or other device just to make sure it continues to work. With this, those who could not typically afford these treatments might finally have access to them by having them leased to them. As Cory Doctorow said in The Coming Civil War on General Purpose Computing, “If I can lo-jack your legs, I can lease them to you with the confidence of my power to repo them if you default on payments. If I can’t, I may not lease you legs unless you’ve got a lot of money to begin with. But if your legs can decide to walk to the repo-depot without your consent, you will be totally screwed the day that muggers, rapists, griefers or the secret police figure out how to hijack that facility.” I fear that the cost of pervasive computing greatly outweighs the benefits.