Controlling the Flow of Personal Information in a World of Superconnectivity and Data-Driven Services
The typical response to problems like identity fraud and cybercrime has been to pile on more identity. People on the Internet have too much identity now! Too much identifiable data seeps out of everything that’s done online, as a side effect of verifying users by “shared secrets” and “knowledge-based authentication”. But on the IoT, personal data may gush from all routine activities, as everything will be connected and autonomously exchanging untold data, sight unseen.
It is common now for Internet-connected products – smart TVs, automobiles, even children’s toys – to come with their own privacy policies. Should consumers be expected to understand the implicit personal data flows among all the things they use, and make informed decisions to opt in or opt out of data usage? When every thing is connected to everything, information flows will become unfathomable.
The looming “Internet of Cars” exemplifies the pros and cons of “superconnecting” devices. For example, intelligent car parts will monitor their own wear and tear, so the automaker can alert the owner of impending problems. And there should be great public benefits from having next-generation cars communicate with road infrastructure and other cars to improve traffic flows, safety and infrastructure longevity. On the other hand, there will be insatiable commercial interest in data that may be extracted via an always-on smart car about drivers, passengers, other motorists and even passersby.
As things stand, a great deal of the data coursing through the IoT will be identifiable and, therefore, personal. It’s a truism in security that the Internet was never designed with an “identity layer”. Instead, Identity and Access Management (IDAM) has been largely ad hoc. In recent years, however, standards, middleware and toolkits have matured, leading to more organized tiers of digital identity services to systematize authentication and authorization. And now attention is turning from generic identities to specific attributes, for more precise identity management and less leakage of superfluous or circumstantial personal details used to verify users.
This paper shows how the IoT needs a fresh attribute-oriented “digital identity stack” to help contain the personal data flows between devices, limiting collection and use according to the need-to-know. If IoT designers don’t ration how identity attaches to smart things, then privacy breaches, both accidental and systemic, will become routine.
This report uncovers the subtle and unexpected flows of personal data on the Internet of Things (IoT), using a “superconnected” automobile as a case study. The intent is to help IoT strategists, architects and product managers understand the privacy impacts of both purposeful and inadvertent data flows, and to help them to engineer better privacy outcomes.