[From last episode: Many IoTThe Internet of Things. A broad term covering many different applications where "things" are interconnected through the internet. device makers aren’t looking to sell personal data at this time. That could change.]
There’s one more privacyRefers to whether or not information gathered about your usage of IoT devices by authorized people can be made public, or shared with others, without your consent. Different from (although related to) security, which protects such data and devices from access by unauthorized people. Different from privacy, which is more concerned about use of data by authorized people. aspect that we need to discuss: that of privacy by design. Back when I introduced the notion of privacy, I raised the concern about data not getting anonymized properly. Let’s look into that more carefully.
Anonymizing Data
The basis for the scenario I laid out assumes that all data ends up in a single big pile. Data analystsSomeone whose job it is to go through accumulated data to learn something from the data. can then go through the pile to find nuggets of wisdom – either about how their product is working, as we discussed last time, or to learn interesting things about you. (There might be other uses too, but they’re beside the point for the moment.)
Let’s be clear: this is true in some situations, so if you’re expecting me to say that this turns out not to be realistic, it’s not going to happen. In this case, if you’re a data analyst creating a report and you’re trying to respect privacy, then you’re going to anonymizeTaking data that originated from an individual IoT device user and stripping off any parts of the data that can tie the data to that individual. The data then becomes anonymous. that data. That means getting rid of anything that could be traced back to you. If it’s your TV-watching habits, then the report will contain the times and shows , but not the names of viewers. And there will be no bits of data that could indirectly lead back to you.
But here’s the key to this scenario: the data is all there, and if it’s going to become anonymous, then someone must consciously take steps to make it anonymous. If they don’t – if they forget or do a sloppy job – then you can be tracked.
That’s where the notion of Privacy by Design comes in. We’ve looked only at what the data analyst does when taking data from an existing device and serviceWe are used to purchasing products outright. "Services" is a new concept where you may or may not buy the product, but optional or mandatory services come with the product. Those services may have an ongoing cost separate from the purchase price.. Is there anything device- and service-builders can do to bias everything towards privacy? Yes, there is.
Designing for Privacy Is a Thing
In fact, this is more than a general concept – it’s a formalized idea. There are a number of high-level principles associated with it, and I quote from Wikipedia:
- Proactive not reactive; Preventative not remedial
- Privacy as the default setting
- Privacy embedded into design
- Full functionality – positive-sum, not zero-sum
- End-to-end securityRefers to whether or not IoT devices or data are protected from unauthorized viewers. – full lifecycle protection
- Visibility and transparency – keep it open
- Respect for user privacy – keep it user-centric
I’m not going to go through those; I’m just trying to illustrate that well-meaning people have given this some thought. The practical weakness appears to be that it’s all pretty vague and hard to enforce. But better to have it than not.
Anonymous – or Pseudonymous – by Default
In my discussion with an IoT infrastructure provider, they have a real-world example to illustrate the concept. Remember that big ol’ pile o’ data I reference above? That’s not the way this company does it. they divide up the things a device does into what they call “micro-servicesSmall programs that do things that, in an earlier time, would have been done within one large program. Breaking them out into smaller programs that then act as services to other programs makes them more robust and easier to maintain..” In other words, each little thing is its own thing.
So when you register your device, yes, you’re using a micro-service that ties your name to the device. But when your device radios home with data, it uses a different micro-service, and that data ends up in its own pile.
To be sure, this doesn’t make it anonymous, since the second data pile will probably have a device ID associated with it. And if someone wants to, they can then bring that data together with the on-boardingThis is the process of connecting an IoT device for the first time. You connect to a network, and then the device connects "home" for registration and for confirming that the device is legitimate. data and figure out who you are. But here’s the key: in the scenario we started with, you will be personally identified unless someone takes action to make the data anonymous. In this second case, you will not be personally identified unless someone takes action specifically to identify you.
While this data isn’t anonymous, there’s an intermediate name for it: pseudonymousTo take data that has personally identifiable information and separate out or obscure the link between the data and the individual. The link can still be made, so it's not anonymous, but it's harder to make the link.. Your name isn’t on the data, but there a device ID that can act as a pseudonym for you. It simply means that, if no one takes special steps, then your privacy will be protected by default – thanks to the way the service was designed.
That’s what Privacy by Design is all about.
Leave a Reply