Internet of Things and surveillance

Bruce Schneier's got smart things to say about surveillance in the age of the Internet of Things:

In the longer term, the Internet of Things means ubiquitous surveillance. If an object "knows" you have purchased it, and communicates via either Wi-Fi or the mobile network, then whoever or whatever it is communicating with will know where you are. Your car will know who is in it, who is driving, and what traffic laws that driver is following or ignoring. No need to show ID; your identity will already be known. Store clerks could know your name, address, and income level as soon as you walk through the door. Billboards will tailor ads to you, and record how you respond to them. Fast food restaurants will know what you usually order, and exactly how to entice you to order more. Lots of companies will know whom you spend your days --and night -- with. Facebook will know about any new relationship status before you bother to change it on your profile. And all of this information will all be saved, correlated, and studied. Even now, it feels a lot like science fiction.

Will you know any of this? Will your friends? It depends. Lots of these devices have, and will have, privacy settings. But these settings are remarkable not in how much privacy they afford, but in how much they deny. Access will likely be similar to your browsing habits, your files stored on Dropbox, your searches on Google, and your text messages from your phone. All of your data is saved by those companies -- and many others -- correlated, and then bought and sold without your knowledge or consent. You'd think that your privacy settings would keep random strangers from learning everything about you, but it only keeps random strangers who don't pay for the privilege -- or don't work for the government and have the ability to demand the data. Power is what matters here: you'll be able to keep the powerless from invading your privacy, but you'll have no ability to prevent the powerful from doing it again and again.

Surveillance and the Internet of Things


    1.  We should be so lucky that they care enough to talk about us. I can’t wait for my kitchen doorknob to turn down my friend invitation.

  1. This assumes there will never be a legal push back against corporate data sharing.  I would vote for a political movement to protect peoples data and privacy.  I suspect that others would as well.  There is an opportunity here.

    1. I suspect that the pushback, should it materialize, will be of limited efficacy. It is, for instance, illegal to discriminate against old people in the job market, has been for years. The difficulty of proving that that is why you didn’t get a call back, well, have fun…

      1. I disagree:  Tracking data transfers is much easier than proving discrimination and there are already useful precedents.

        Proving age discrimination is hard because it rarely leaves an evidence trail.  Decisions are subjective an only an idiot would commit a discriminatory decision to writing.

        On the other hand, selling someone’s browser and position data, by its nature, creates a transaction history that can be discovered.  Corporate entities will not risk it.

        Medical privacy laws already exist and, at least in my experience, most health care providers take them seriously.  I think there is considerable scope for extending peoples control over the use of their own data.

Comments are closed.