Back in 1995, I attended what was then the PC industry’s premier conference known as Agenda. I was invited by venture capitalist John Doerr of Kleiner Perkins to join him and four other analysts and journalists to have dinner with the CEO of a company he had invested in by the name of Netscape. At that time, none of us had even heard of this company. Mr. Doerr and Netscape CEO Jim Barksdale told us about their browser and made the prediction it would revolutionize the PC industry. John Doerr did not become a billionaire by betting on losing companies so, when he emphasized this was a serious winner with major disruptive potential, I listened very closely.
Of course he was right. Marc Andreessen had created what was the first web browser and opened up the Internet to all users. Up to that time, it had been mainly used by government and higher education but, after Netscape launched their browser, they pretty much allowed anyone with a computer to have access to this “web” of information and communications. In fact, the Internet has become one of the most important technology inventions of our time. It powers most of our communications, eCommerce, social media and information services and has brought the planet together in ways none of us could have predicted when this browser first hit the market.
Today we don’t talk a lot about the internet per se, just like we don’t talk about telephone wires or traditional TV airwaves anymore. The idea the internet has now blended into the everyday background was sort of emphasized in a comment made recently in Davos by Google Chairman Eric Schmidt when he was asked about the future of the internet.
“I will answer very simply that the internet will disappear,” Schmidt replied.
“There will be so many IP addresses … so many devices, sensors, things that you are wearing, things that you are interacting with that you won’t even sense it. It will be part of your presence all the time. Imagine you walk into a room, and the room is dynamic. And with your permission and all of that, you are interacting with the things going on in the room.”
I bring this up because this is an important insight. Schmidt of course was talking about IoT and went on to say things will operate together in a seamless way and the internet will not even be noticed. While Schmidt puts this in the future I think it is the way it is today. In a sense, the internet itself now has a different meaning to different people. It is no longer described in just the terms of its past where it was the roadway for what some called the Information Super Highway. Instead, it is thought of as the backbone, the cloud, servers, etc. Even apps are now used to describe the internet without ever naming it.
However, as I look at this disappearing internet and the comfort people now have with technology, I fear people will get too complacent about perhaps the biggest issue facing us — security and privacy. In this context specifically, security and privacy within IoT. This issue is highlighted in a recent update from the Future of Privacy Forum. The forum provided an additional set of comments to the FTC in the wake of the Commission’s workshop on the Internet of Things (IoT) last November.
According to the Future of Privacy Bulletin:
“The FPF’s whitepaper explores why IoT is not well-suited to a one-size-fits all approach to consumer privacy. The myriad types of connected devices and the varied contexts in which those devices will operate will require the implementation of flexible frameworks designed to address evolving privacy issues and consumer preferences. The imposition of rigid or universal standards to promote privacy within IoT may harm innovation and, moreover, be ill-suited to the privacy risks and consumer preferences that ultimately emerge.
Our comments note that data security may have been the most frequently raised concern at the FTC’s workshop. Inadequate security presents the biggest risk of actual consumer harm within IoT. With it, bad actors will have access to all manner of connected devices, and will be able to pry into intimate spaces or perpetrate fraud or identity theft. Company must devote adequate resources to security before and after their products reach the market. Fortunately, companies large and small are aware of this concern and are taking steps to address it.”
At CES 2015, I spent part of a day in the IoT section of the Sands Hotel and, in talking with many vendors creating IoT devices, I hardly heard the term security mentioned when describing their product. Even when it was mentioned, it was in passing as they wanted mostly to share with me the benefits and value proposition of their IoT device. Yet, as the FPF white paper rightly points out “security and privacy presents the biggest risk of actual harm within IoT.”
I believe this issue needs to be raised to the highest levels within the tech industry. I am seeing startups come out of nowhere and using 3D printers and crowdsourcing sites to build IoT products quickly and not actually thinking through the total impact and ecosystem around these products when security and privacy needs to be at the heart of their designs. This is especially true at the IoT end points where it is now easy to create the hardware and make it work with minimal software. Yet, in many cases, especially based on the type of IoT device it is, security and privacy needs to be a priority in any software being designed for these products.
As a consumer, this really concerns me. If I put a Nest thermostat in my house and it is connected to the cloud, is it safe from hacking? Or, if I install a connected door lock, is it hack proof? If I am collecting health data via trackers and sending that data to my doctor via the cloud, is that data secure and private? If my car is always connected, does someone always know where I am and can follow all of my driving habits?
My fear at this point is security and privacy has just not been elevated enough within the IoT development community and I think it needs to be at the top of all IoT design strategies from the beginning.
It is true the really big companies like Apple, Google, Microsoft, FitBit, Jawbone, and many well financed others take this seriously. But with thousands of new companies and startups getting into the IoT space each year, they need to get the message that privacy and security needs to be a top priority with anything they create in this space. More importantly, they need to build it into the product from the beginning.
Groups Like the Consumer Electronics Association and other tech leaders need to take an active role in sharing this mantra. For IoT vendors, security and privacy needs to be a priority, not an afterthought.