Even China's Academy of Science thinks wearables are privacy problem
Multi-boffin study says users need more information before they share data
Researchers from the Chinese Academy of Sciences, the Australian National University, h Dakota State University, Sydney University and Australia's Commonwealth Scientific and Industrial Research Organisation (CSIRO) have looked over the state of play in the Internet of Things, and find that concern for privacy is lacking.
Their paper at Arxiv notes that the current enthusiasm for wearables involves consumers handing over far more data (much of it highly personal and sensitive) than the mere boat-loads of data collected by outfits like Facebook.
“Google Glass, Apple iWatch, Google Fit, Apple Health Kit, and Apple Home Kit may collect very sensitive information about users, ranging from their health conditions to financial status by observing/recording daily activities,” the report notes.
The paper offers a summary of areas the group says research is needed to develop both technologies and behaviours to protect user privacy in the IoT era.
Problems highlighted by the report include:
- User consent – somehow, the report says, users need to be able to give informed consent to data collection. Users, however, have limited time and technical knowledge.
- Freedom of choice – both privacy protections and underlying standards should promote freedom of choice. For example, the study notes, users need a free choice of vendors in their smart homes; and they need the ability to revoke or revise their privacy choices.
- Anonymity – IoT platforms pay scant attention to user anonymity when transmitting data, the researchers note. Future platforms could, for example, use TOR or similar technologies so that users can't be too deeply profiled based on the behaviours of their “things”.
The report notes that privacy protection will be important to the success of the Internet of Things: “From the time the data is being captured by the sensors embedded in IoT solutions to the point where knowledge is extracted and raw data is be permanently and securely deleted, user privacy need to be protected and enforced”, it concludes. ®