Internet of Things Privacy and Security: a Touchy Subject


Taking your entertainment and information on the go has never been easier thanks to the rise of the internet of things (IoT). But that also means it has never been easier for the bad guys to invade your privacy or steal your financial and other personal data.

Mobile entertainment was a heavy lift before the age of ubiquitous internet connectivity. People had to carry around CD wallets with music disks or DVDs, a laptop computer, a Diskman, books, magazines, and perhaps even a newspaper for the crossword puzzle. Fast forward to today where consumers can watch movies or TV shows, listen to music, and read news and entertainment sources using a single internet-connected smart device.

Smart devices and companion applications also allow consumers to remotely control devices, home appliances, and even cars.

The modern thirst for mobile internet connectivity means that U.S. adults spend an average of 12 hours per day on mobile devices, according to a report by market research company eMarketer Inc. 

These smart devices, however, often collect information about the consumers, including device usage patterns, geolocation, and other personal data. And the “other personal data” can indeed be very personal.

Adult sensual lifestyle products company Standard Innovation (US) Corp. agreed in a recent class action settlement, without admitting any wrongdoing, to pay $3.95 million to end claims that it secretly collected and transmitted sensitive information about consumers. The settlement involved two classes of consumers: ones who purchased We-Vibe, and ones who purchased We-Vibe and also downloaded the companion We-Connect app.

Internet-connected devices don’t only reveal sensitive information about people, but can also pose serious cybersecurity threats when they are hijacked for use in cyberattacks. Last year, hackers launched a distributed denial-of-service (DDoS) attack, leaving millions of people without access to popular websites such as Twitter Inc., Spotify Ltd., Reddit and the New York Times Co., in part through hijacked internet-connected devices, such as smart cameras. The hackers used such devices to create botnets that flooded company networks with hits. 

To strengthen IoT security, the National Institute of Standards and Technology (NIST) has issued a new draft revision of safeguards for information systems and IoT devices. The revision emphasizes privacy-by-design, in which device and app makers consider privacy protection for the early stages of product design, and that products should minimize unnecessary data collection. NIST is seeking comments on the draft until Sept. 12.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.