Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
1/30/2015
08:45 AM
Lorie Wigle
Lorie Wigle
Partner Perspectives
50%
50%

Takeaways from International Data Privacy Day: The Internet of Things

Event looks at the future of data use and how we can - and should - protect personal privacy.

Coincident with International Data Privacy Day, Lares Institute hosted an event on the future of the Internet of Things and privacy. With an audience full of privacy lawyers and Chief Privacy Officers, the event kicked off with a panel on the IoT in 2025. The discussion was fascinating – everything from an inventory of things our smart phones know about us to what potential buyers of that data want to do with it. One panelist showed us a B2B driver-safety system that, based on telemetry in the vehicle, records 12-second video snippets of both the driver and the view in front of the vehicle. It’s designed for employers to provide feedback to the drivers to improve safety. One video snippet showed a driver texting as he almost rear-ended the car in front of him. Obviously, this creates teachable moments for the drivers, but it’s also quite provocative with regard to privacy – and raises questions about how the video can be used in legal disputes after an accident.

Another fascinating example of IoT and data privacy was described by the privacy attorney for a company that delivers perishable food and flowers. He talked about how their service – and customer satisfaction – could be improved if they had information on when people were home (using their electricity-use data, for example) or the temperature and humidity characteristics of their homes so they could make product recommendations. (Smart sensors could communicate this.) If consumers wanted to share this information, it would be for a specific point in time, not indefinitely.

The broader issue here centers on the strong need for identity in IoT solutions so that trust can be established in a machine-to-machine context, and how Enhanced Privacy ID (EPID) technology can provide that while also protecting privacy. EPID allows for strong, hardware-based identity but can be used to identify the device or user associated with it as a member of a group instead of as an individual. For example, the smart driver’s license of the future could identify you as being of legal drinking age without sharing your name, birthdate, or address.

Another interesting topic at the event was data-use controls, or DUCS (has to be a favorite for a University of Oregon alumnus!). This work is really interesting in the context of the data-driven economy. This assumes that there is an understanding of data’s value by society as a whole, and that this understanding places value on individuals, businesses, and society. The idea is that people will increasingly make new types of personal data available in exchange for value. And personal data will be well protected, similar to financial data. Data-use controls could improve how our data is revealed and distributed, allowing it to be transacted. We could choose how services, businesses, and other individuals work with our data.

This event was a fascinating way to spend International Data Privacy Day – probably with the people who care the most.

Lorie Wigle is building a new business focused on securing critical infrastructure and IOT more broadly at Intel subsidiary McAfee. Lorie has been with Intel for nearly 30 years in a wide variety of marketing and technical roles. She has an MBA from Portland State University ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15037
PUBLISHED: 2020-07-07
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter.
CVE-2019-4323
PUBLISHED: 2020-07-07
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."
CVE-2019-4324
PUBLISHED: 2020-07-07
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
CVE-2020-15036
PUBLISHED: 2020-07-07
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter.
CVE-2020-15577
PUBLISHED: 2020-07-07
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Cameralyzer allows attackers to write files to the SD card. The Samsung ID is SVE-2020-16830 (July 2020).