A Bridge Too Far: How Smart Should our Devices Be?
The Internet of Things and the merging of data, devices, and the networks that power them has the potential to change business and our lives in a dramatic way. However, as we see the development of even more devices the question arises: how smart should our devices be? As we build an internet of things, we need to be aware of the emerging issues and risks associated with it.
Whose Data is It?
First, as our devices gather more data about us, we need to consider who the data they are generating belongs to.
For example, if you authorize your workout app to gather data about your fitness, does that data belong to you, or is it shared with the app provider? At the same time, we often share that data on social media to interact with our peers, get encouragement, and make ourselves accountable to a fitness regimen.
What about more passive data though? We have seen this tested with both Apple and Amazon: first with the FBI request that Apple “hack” an iPhone to retrieve information for them, and then the law enforcement request for Alexa transcripts as evidence in a murder trial.
In the first case, Apple simply denied the request, and the FBI found another way in, but one that was pretty complicated. Still, Tim Cook stood by Apple’s commitment to individual privacy: your data is your data. It doesn’t belong to Apple or anyone else.
Amazon took much the same tactic in the murder trial, but in that case the suspect gave permission for Amazon to release the transcripts, and so they did so. There was no opportunity to test the theory legally, as the battle was over before it started.
In both cases, the tech companies made the argument that the data belonged to the user, and it was theirs to keep or give up. This seems like the most logical approach in these cases, and it will probably hold up in future litigation.
Who Can Access the Data Gathered?
The answer to this question, following from the above discussion seems to be whoever you give permission to access your data. If you share it on social media, pretty much anyone who can view your social media posts can also view the data you share.
This can include sharing your activity from your Apple applications with your friends, checking in on Facebook and Twitter, sharing the location of photos you have taken, and more. This is why the privacy settings on your social media accounts are so vital to be aware of. You can be sharing a tremendous amount of personal information there.
Of course, there is other data, like browser cookies and shopping data. The new update to Safari has disabled cross-site tracking, a feature that Google AdWords is now dealing with, as it interferes with some tracking features relied on by advertisers. However, it does keep your browsing history from cross-populating to other sites.
Still, when you enable cookies, turn on location services, and more, Google and other search engines have access to your shopping history, and use it to serve you relevant ads.
The business model for Google depends on it. For them, search leads to ad and ecommerce revenue. What if you don’t want to be served those ads? There are ad blockers and other options, but they don’t work 100% of the time. Even if they do, Google, other search engines you use, and websites you visit still have the data itself.
What Can that Data be Used For?
This brings us to the next issue: what can the data gathered by the Internet of Things be used for?
Progressive is using a product called Snapshot, which in the form of a device or an app tracks your driving, using the data to determine how safe of a driver you are. Do well for six months, and you get a discount. The concept is a good one, but it does raise questions.
What if you are extremely unsafe? What if you drive while intoxicated, text while driving, speed regularly, or engage in other risky behavior? Can that data be used to inform law enforcement?
When we go back to the fact that your data is yours until you authorize someone else to use it, it seems like the answer is no. However, you have authorized the insurance company to use that data, and although there are limits defined, when is it okay for them to breach those limits?
It’s like doctor/patient confidentiality or what you tell your therapist: if you intend to harm someone else or yourself, they have to tell someone. In this case, even if you don’t intend to hurt someone, you very well could.
This could be the same with other devices. Does your medical insurance company have a right to your health and fitness data? Not unless you allow them too, but if you share it with your doctor, can the insurance company access it with the intent of setting your rates? After all, they are covering your treatment, and have a right to know what you are being treated for.
The smarter our device are, the more information they gather about us, our activity, and who we are. How smart should those devices be? Is there data we should not be sharing? The answer, of course, is yes. The questions becomes where we will draw the line.