Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
1/30/2015
08:45 AM
Lorie Wigle
Lorie Wigle
Partner Perspectives
50%
50%

Takeaways from International Data Privacy Day: The Internet of Things

Event looks at the future of data use and how we can - and should - protect personal privacy.

Coincident with International Data Privacy Day, Lares Institute hosted an event on the future of the Internet of Things and privacy. With an audience full of privacy lawyers and Chief Privacy Officers, the event kicked off with a panel on the IoT in 2025. The discussion was fascinating – everything from an inventory of things our smart phones know about us to what potential buyers of that data want to do with it. One panelist showed us a B2B driver-safety system that, based on telemetry in the vehicle, records 12-second video snippets of both the driver and the view in front of the vehicle. It’s designed for employers to provide feedback to the drivers to improve safety. One video snippet showed a driver texting as he almost rear-ended the car in front of him. Obviously, this creates teachable moments for the drivers, but it’s also quite provocative with regard to privacy – and raises questions about how the video can be used in legal disputes after an accident.

Another fascinating example of IoT and data privacy was described by the privacy attorney for a company that delivers perishable food and flowers. He talked about how their service – and customer satisfaction – could be improved if they had information on when people were home (using their electricity-use data, for example) or the temperature and humidity characteristics of their homes so they could make product recommendations. (Smart sensors could communicate this.) If consumers wanted to share this information, it would be for a specific point in time, not indefinitely.

The broader issue here centers on the strong need for identity in IoT solutions so that trust can be established in a machine-to-machine context, and how Enhanced Privacy ID (EPID) technology can provide that while also protecting privacy. EPID allows for strong, hardware-based identity but can be used to identify the device or user associated with it as a member of a group instead of as an individual. For example, the smart driver’s license of the future could identify you as being of legal drinking age without sharing your name, birthdate, or address.

Another interesting topic at the event was data-use controls, or DUCS (has to be a favorite for a University of Oregon alumnus!). This work is really interesting in the context of the data-driven economy. This assumes that there is an understanding of data’s value by society as a whole, and that this understanding places value on individuals, businesses, and society. The idea is that people will increasingly make new types of personal data available in exchange for value. And personal data will be well protected, similar to financial data. Data-use controls could improve how our data is revealed and distributed, allowing it to be transacted. We could choose how services, businesses, and other individuals work with our data.

This event was a fascinating way to spend International Data Privacy Day – probably with the people who care the most.

Lorie Wigle is building a new business focused on securing critical infrastructure and IOT more broadly at Intel subsidiary McAfee. Lorie has been with Intel for nearly 30 years in a wide variety of marketing and technical roles. She has an MBA from Portland State University ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21392
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addre...
CVE-2021-21393
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identif...
CVE-2021-29429
PUBLISHED: 2021-04-12
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded in...
CVE-2021-21394
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identif...
CVE-2021-22497
PUBLISHED: 2021-04-12
Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.