Unfortunately, the risks remain just as high, especially given the reality that billions of IoT devices in everything from household appliances to cars, remain rampantly insecure, as encryption and security guru Bruce Schneier, CTO at IBM Resilient, frequently observes in his personal blog.
3. Goodbye anonymity
It is increasingly difficult to do much of anything in modern life, “without having your identity associated with it,” Herold says. She says even de-identified data does not necessarily remove privacy risks. “The standards used even just a year or two ago are no longer sufficient. Organizations that want to anonymize data to then use it for other purposes are going to find it increasingly difficult. “It will soon become almost impossible to effectively anonymize data in a way that the associated individuals cannot be re-identified,” she says.
Besides being vulnerable to breaches, IoT device are a massive data collection engine of users’ most personal information. “Individuals are paying for smart devices, and the manufacturers can change their privacy terms at a moment's notice,” Jerome says. “It's one thing to tell a user to stop using a web service; it's another to tell them to unplug their smart TV or disconnect their connected car.”
4. Government exemptions
According to EPIC, “Americans are in more government databases than ever,” including that of the FBI, which collects personally identifiable information (PII) including name, any aliases, race, sex, date and place of birth, Social Security number, passport and driver’s license numbers, address, telephone numbers, photographs, fingerprints, financial information like bank accounts, and employment and business information.
Yet, “incredibly, the agency has exempted itself from Privacy Act (of 1974) requirements that the FBI maintain only, ‘accurate, relevant, timely and complete’ personal records,” along with other safeguards of that information required by the Privacy Act, EPIC says. The NSA also opened a storage facility in Bluffdale, Utah, in 2014 that is reportedly capable of storing 12 zettabytes of data — a single zettabyte is the amount of information it would take 750 billion DVDs to store.
While there have been assurances, including from former President Obama, that government is “not listening to your phone calls or reading your emails,” that obviously ducks the question of whether government is storing them.
5. Your data gets brokered
Numerous companies collect and sell consumer data that are used to profile individuals, without much control or limits. There was the famous case of companies beginning to market products to a pregnant woman before she had told others in her family, thanks to automated decision-making. The same can be true of things like sexual orientation or an illness like cancer.
“Since 2014, data brokers have been having a field day in selling all the data they can scoop up from anywhere they can find it on the internet. And there are few — none explicit that I know of — legal protections for involved individuals,” Herold says. “This practice is going to increase, unfettered, until privacy laws restricting such use are enacted. There is also little or no accountability or even guarantees that the information is accurate.
Sign up for CIO Asia eNewsletters.