Connected, But At What Cost?
Various products ranging from waste bins to toasters to cameras will become the eyes and ears of the government
Like many a buzzword, Internet of Things (IoT) rolls easily off the tongue without allowing for a moment to stop and ponder its meaning. It allows for the cacophony of commercial marketing gimmicks that wants us all to soak in the magical convenience of all connected devices. And if you are not with the programme, risk losing points on the “hip”, “cool” scale.
Whether its on the consumer side of wearable tech, such as gadgets that measure your heart rate or monitor your sleep, or cities with everything smart, the march towards IoT is going full steam ahead. But as with most buzzwords, there’s a buzzkill. Unimaginable and unprecedented consequence. Just like Jennifer Lawrence could not have predicted in which corner of the cloud her private photographs would end up, we just can’t tell what will happen in the changing world of devices that surround us.
Let’s begin by understanding what IoT means. “Things” here refers to multiple objects with sensors built in, interconnected to collect and exchange data over a network that ensures machine to machine conversation over a cloud. These “things” are envisioned to be autonomous and operational without human intervention as they transfer data over a network. Self driving cars that don’t make the mistakes humans do, thermostats or smoke alarms that don’t require tinkering, “smart” fridges that can order a milk refill, smart television connected to the smart streetlight — all contributing towards a more efficient way of life, working autonomously. The data collected by various sensors will then be analysed and leveraged to help manoeuvre real-time decisions.
The benefits flowing from an environment of smart energy grids, transportation, healthcare facilities or our financial system has led to the gold rush amongst governments, companies and researchers, who have all joined the bandwagon. The ‘Smart Cities’ mission of the Government of India, investment by companies like Cisco and Huawei that manufacture the fundamental building blocks and support infrastructure of IoT, or manufacturing companies such as GE and Boeing are a few of the many examples. The mind boggling number of devices, the investment dollars euphoria surrounding IoT will have you believing that the only issue you need to worry about is the identification of the best IoT startup to invest in. The tiny issue of the new range of risks that this network will create is conveniently kicked down the road so as not to spoil the party.
No amount of cognitive dissonance can prevent us from seeing that, at the same time this network will allow machines to share and communicate in extraordinary ways, it will allow for surveilling and controlling human behaviour like nothing has ever before. Various products ranging from waste bins to toasters to cameras will give governments increasing opportunities to watch and collect information. Telecoms oligopolies and the new data miners are already beginning to control, predict and sell our behaviour. When everything is connected around us and talking autonomously, literally the whole world will watch us live our lives. It won’t matter whether its something benign like how many steps you walked or as sensitive as your health data. People’s behaviour will increasingly be controlled by their devices, as they learn, buy, travel, socialise and live their sexual lives in the mediation of these machines. There will be dozens of baby monitors, security cameras, broadband routers, medical devices, cars that will be connected and vulnerable to various attacks.
It may be difficult to wrap one’s brain around what this would mean for the human race, there are at least two areas, if addressed in time can help us be prepared for the avalanche: first, transparency, and second, privacy.
The physiology of the network of machines and the way that they behave is controlled by software. The network must behave in a way that is beneficial and protective of the people. Transparency which is the common feature of all political integrity is at the centre of real security. We all know that weaknesses and vulnerabilities hide in the dark. We know what Snowden told us and most recently one word summarises the importance of Transparency.. Volkswagen. When every apparatus and system becomes “sealed-hood entities with complicated computers and modules which is deeply nontransparent”, it is a ground for cheating of all sorts. Therefore, we must insist on use of Free and Open Source Software that will ensure transparency and make it possible for the vulnerabilities to be fixed.
In July 2015, Mozilla put out a “Cyber Security Delphi 1.0” research process outcome document, tapping into a panel of 32 cyber security experts from diverse backgrounds. While they disagreed on multiple issues, they all agreed that increased funding to maintain the security of free and open source software. Make the software transparent, introduce transparency in inspection of all parts, and build everything out of glass. Using transparency as a regulatory strategy will be beneficial for all involved parties.
Second point is privacy, which is the lynchpin of security and a requirement of democratic self-government. Multiple Indian legislation, including the Indian Telegraph Act and Rules, Information Technology Act and Rules and the Code of Criminal Procedure, contain explicit provisions that allow Central and state governments to intercept and monitor the nation’s communication networks on several grounds. The push for “backdoors” into encrypted communications has surfaced in various avatars over the past few years.
In the hyper-connected world that IoT envisions, it is pertinent that citizens have a legislatively recognised right to privacy, the violation of which will entitle them to constitutional remedies. A right to privacy that combines secrecy, anonymity and autonomy is a minimum requirement. In the wake of the global uproar caused by revelations on US surveillance, and the corporate surveillance infrastructure built by the North American data miners, time has been ripe for sometime to carry out a comprehensive review of Indian legislative provisions that sanction and regulate the surveillance process.
The Supreme Court of India is seized of the question whether Indian citizens have a constitutional right of privacy or not. This will determine not only the limits of government surveillance but also reign in the rampant corporate data collection that has continued unhinged for sometime. Any further delay in this area is only to our detriment.
The author is director, Software Freedom Law Center, India
Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house. Unless otherwise noted, the author is writing in his/her personal capacity. They are not intended and should not be thought to represent official ideas, attitudes, or policies of any agency or institution.