IOT

Privacy in IoT: Things to keep in mind

19th February 2019

Privacy is one of the main unknowns and sensitive issues raised by the IoT. So much so that throughout today’s post we will analyze the control systems and regulations in force for compliance.

The Internet of Things (IoT) is becoming more widespread every day, and this means that consumers need more and better security, which translates into privacy. All this in the face of the vulnerability represented by corporate surveillance and data breaches.

Consumers gradually unwittingly expose their privacy, as they do not know what data is collected and how it is used, for example by mobile applications or apps.

-Don’t miss: What is the Internet of Things and what challenges does it pose?-

The percentage of people who do not read security policies and accept them without knowing is very high. In fact, there are those who try to read them, but their legal language is in most cases unintelligible to the average consumer, even allowing them to omit clauses that include the right to be heard in court.

IoT Privacy Control

As you know, companies are becoming increasingly crowded with intelligent things and industrial sensors; unfortunately, security will always be difficult.

Most Internet-connected devices are effectively managed by the Dynamic Host Configuration Protocol (DHCP) which automates IPs. However, the support that gives additional functions is not regular.

Programming codes are a good answer for privacy involving the IoT, and for this, certain service providers such as Chakray have solutions 100% reliable, scalable and modular, which:

  • Take full advantage of the managed IoT by merging and protecting applications for mobile devices.
  • Compile advanced analytical IoT solutions.
  • Digitally connect and manage the assets of any company, regardless of size.

Regulations for IoT Privacy Control

In the specific case of the Internet of Things, privacy in layers is a policy that companies should adopt. They consist of the legal code, what is legible by man and what the machine reads.

The first refers to the actual policy that lawyers write and that judges will interpret; the second is a simple summary for the client to read and understand; while the third is the code read by search engines or software, or understood by technology that would only access the information that the consumer allows.

The implementation of the different layers would be significant progress in safety regulations.

“Although the U.S. Federal Trade Commission has determined certain risks due to the lack of privacy rules for IoT, the lack of a specific law is notorious. Currently, everything is reduced to the manufacturer, as the standards themselves continue to develop, in the hands -for example- of the Online Trust Alliance.”

Control systems

Nowadays, to speak of a control system for the security of the IOT is to refer directly to the response that a company must offer when the client claims security.

As a real case that deserves special mention, there is the response of the Alliance of Automobile Manufacturers, which developed privacy policies after its customers expressed in a survey their concern for information privacy and the security of connected cars.

-Find out: WSO2 Identity Server, the next step in IAM solutions-

At present, a control system corresponds to the self-regulation and practices that the industry implements on data minimization and security since it is their obligation to protect them and if they do not agree to do so, then they should refrain from collecting them.

Privacy by design is another method of the control system, in which manufacturers analyze risks and considerations at the product design stage.

In addition, it is logical that they take into account that privacy goes beyond the useful life of a piece of equipment and the acquisition of a first customer because if IoT devices were resold, the data of the original purchaser should not remain forever in the device.

-This post interests you! Identity Management: trends and best practices-

Which authority is in charge of identification?

As we mentioned, there is no specific standard in this domain; therefore, it is likely that manufacturers will go for the privacy line of the design that would make them more competitive if they use it as a strong argument at their point of sale.

A security structure would help by providing tools and identification or checklists for companies to create and use IoT devices.

The general ethical and legal framework of rights and obligations involving the IOT

Yes, more corporate transparency is needed for IoT’s privacy success, and it would be achieved through the rules that the government requires of companies and industrial self-regulation.

The Industrial Internet Consortium, the GSM Association and the IoT Security Foundation, among others, have so far generated some statutes.

These are some of the entities that are dedicated to outlining what would be projected with rights and obligations, as well as security, of the Internet of Things:

  • Consumer Financial Protection Bureau: It has evaluated arbitration clauses and found that they frequently affect the public; and it proposes to prohibit them both in consumer financial products and services, making them valid for the client.
  • Department of Education: It also prohibits arbitration agreements in for-profit schools, and it approves students’ right to sue schools.
  • Federal Trade Commission: It works possible agreements -as an obligation- prior to disputes with companies that sell IoT articles. This entity is also asked to take action against deceptive practices if a company does not respect its privacy policies.
  • Federal Bureau of Investigation: In 2015, the FBI warned of IoT vulnerabilities and since then has been recommending defense and protection steps to customers.
  • U.S. Congress It introduced the law to improve the cybersecurity of the Internet of Things, so any device sold to the government of this country has no preset passwords, patch forms and other weaknesses. Even if it addresses only the Executive, it establishes the basis for measures taken by manufacturers. Congress also presented the state of Modern Application, Research and Trends of the IoT Law, which will be studied by the Department of Commerce.
  • General Data Protection Regulations: Formulated by the European Union, it is respected by the manufacturers of IoT devices and networks.

Now that we know all about security and privacy at IOT, it is crucial to remember that Chakray has the WSO2 solution, which will make it very easy to achieve and guarantee IoT security for users and companies. Contact our advisors and get to work on this matter!

Identity And Access Management Ebook Chakray