• United States



127 devices added to the Internet each second, but Congress is clueless about IoT

Jul 01, 20157 mins
Data and Information SecurityInternet of ThingsMicrosoft

Every second there are 127 items added to the Internet, but how is Congress keeping up with the Internet of Things? A new investigation revealed that it's not.

connected home illustration internet of things IoT
Credit: ThinkStock

Tick tock, every second 127 items are added to the Internet, according to calculations by Stringify CTO Dave Evans, former chief futurist at Cisco. That adds up to about “328 million things” that “are being connected every month, approximately one for each person in the U.S. By the time you finish reading this article, more than 100,000 new things will have been added to the Internet.” Those IoT things are collecting data that tells your story, perhaps much more personal tidbits than you would likely share. Yet as the “world we inhabit is becoming a digital landscape, one that tracks and responds to each of us,” is “anyone in Washington paying attention?”

Politico’s The Agenda is deep-diving into IoT subjects and surveyed more than 40 top tech leaders – not anti-tech paranoid folks, but those who have “founded tech companies, invested in startups and written laws to boost the industry.” Of those, 79% did not trust that the data collected by their connected devices was safe and secure. 84% said there should be a national policy on consumer data privacy, while 63% believe there should be a more formal national IoT policy. A whopping 95% said government does have a role to play in private-sector cybersecurity, yet they overwhelmingly did not trust their devices or Congress.

Washington really is truly clueless about the Internet of Things

Speaking of Congress, Washington really is truly clueless about the Internet of Things as a whole…nevertheless our right to eavesdrop on what our devices are saying about us. Seven years ago, “the number of web-linked gadgets surpassed the number of humans on the planet.” The Internet of Things is nowhere close to being a new thing, but “there’s 435 members of the House, 100 members of the Senate, and most of them still don’t know what the Internet of Things is,” according to Rep. Darrell Issa.

The Agenda’s Darren Samuelsohn investigated how well the government is keeping up with the IoT since “American consumers are filling their homes and businesses with networked technology – smart watches sending health data wirelessly, cars that can take over for their human drivers, and drones tracking wildfires and cattle.” So besides “one fledgling caucus” that hasn’t even met yet, “how is Washington grappling with this sweeping new force? The short answer: It’s not.”

“Given its potential to reach deep into citizens’ daily lives — tracking their heat use, their food shopping, even their tooth brushing — many experts struggle to pinpoint exactly where it should fall on the regulatory spectrum,” he added. The IoT is “something that touches American citizens much more directly and personally than the Internet itself ever has.” New IoT tech “won’t just automate everyday activities,” Samuelsohn wrote. “They are also creating vast amounts of data that users won’t necessarily know are being collected on them. Can the government do anything about it? Should it?”

There is an almost endless list of security and privacy concerns when it comes to IoT devices and the data collected by billions of sensors, but Washington has a “wait and see” attitude. Although IoT “may be in its infancy,” University of Colorado Law School professor Scott Peppet warned that “lawmakers can’t take a ‘wait and see’ approach. Consumers are already vulnerable to a host of privacy, security and discrimination problems — and those problems will only be harder to fix as companies become bigger and more ingrained in our day-to-day lives.”

Marc Rotenberg, the head of EPIC, told Samuelsohn, “If you think you’ve got a cybersecurity problem now, wait for the cold winter day when a hacker halfway around the world turns down the thermostat on 100,000 homes in Washington D.C.”

IoT report warning the President of risks

“There is a small and rapidly closing window to grasp the opportunities of IoT in a way that maximizes security and minimizes risk,” according to the 2014 NSTAC report to the President on the Internet of Things (pdf). “If the Nation fails to do so, it will be coping with the consequences for generations.” IoT brings benefits to the table, but “the rapid and massive connection of new devices brings with it risks, including new attack vectors, new vulnerabilities, and perhaps most concerning of all, the ability to use remote access to cause physical destruction.”

NSTAC’s report concluded that “if security is not included as a core consideration, there are very real consequences, both economically and to the safety of life. The next two to five years is the opportunity to get this right; after that, the Nation will be living with the consequences of inaction — and ruing another missed opportunity to insist upon security early in a technological wave.”

Eight months have passed since the report and millions of more things have been connected to the net, yet Washington is still content to “wait and see” what happens to Americans and their data. Congress needs to stop procrastinating and start learning what IoT is; answers like “I don’t know” when asked what the Internet of Things is won’t cut it.

Unpleasant examples of how your IoT data can be used

In yet another excellent IoT piece, Peppet discussed with The Agenda’s Danny Vinik examples of how your data can be used, such as employers using your collected IoT data in hiring decisions, or an activity tracking device giving health insurers data that spells out just exactly how active you are and then using that data to set your insurance price. Peppet said devices like FitBit or Nest infer a lot of pretty intimate information about you, like when you are home, when you are awake, how much you sleep, how active you are, how many people come and go from your house and at what time of day.

Peppet, who authored “Regulating the Internet of Things: First Steps Toward Managing Discrimination, Privacy, Security & Consent” last year, explained that how IoT data is used generally is regulated by the company’s privacy policy. We often hear how our data has been anonymized, but “Internet of Things data, biometric data, sensor data are particularly vulnerable to re-identification because they are so rich. The data are so tied just to you that it turns out to be relatively quite easy to re-identify people.”

Congress has all sorts of advanced tech, such as “smart lighting that senses the level of daylight; carbon monoxide sensors that know when the garages need fresh air,” according to Stephen Ayers, the architect of the Capitol. But Ayers told Politico’s Darren Samuelsohn that “none of it is connected to the Internet” as Ayers believes “the Internet of Things is currently focused on the homeowner or personal market, and has yet to display the necessary security features for widespread commercial use.”

While air gap systems are good from a security perspective, Samuelsohn translated that to mean, “no matter how much some members of Congress want to cheerlead the adoption of the IoT, the people who protect Congress don’t quite trust the technology enough to use it.”

Data from your light bulb can change how government serves you

While Congress might not use IoT, IoT “will change democracy;” it “will transform how we as voters affect government — and how government touches (and tracks) our lives,” Phil Howard wrote on The Agenda. “If you decide to buy a light bulb and your home is networked, remember that in an important way, your device will have politics. Tracking your consumption of goods, services and energy will allow increasingly high-resolution images of you, your block and your neighborhood. This influences how retailers and governments serve you and your community, long after you’ve bought a networked device — and regardless of whether you cast a vote.”

While you enjoy your Fourth of July and celebrate America’s Independence Day, our Founding Fathers would roll over in their graves if they only knew how little Constitutional rights actually protect Americans anymore . . . and that democracy – how the government serves you – might come down to data provided by a light bulb; data from your light bulb that you aren’t allowed to see.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.