Page 13 - index
P. 13
As Data Proliferates in the Internet of Things, So Does Risk
By Chris Rouland, Founder and CEO, Bastille
Consumers don’t read privacy policies. While this isn’t news, a recent PEW Research survey
showed that more than half of Americans don’t even know what a privacy policy really is. Many
consumers cite the length of privacy policies as a reason for not being informed, but few realize the
implications that could result from this negligence.
So how much do people really understand about what it is that they’re giving up when they buy an
Internet connected device? Take, for instance, “smart” TVs. These televisions take home
entertainment to the next level, giving owners not just amazing visuals, but also the ability to use
things like voice recognition to change the channel or turn up the volume. This seems like a
revolution for those of us that seem to always be misplacing the remote, but there is a down side to
being able to talk to your TV.
I dug into one popular manufacturers privacy policy and we were alarmed at what we saw.
According to the Samsung Smart TV Addendum in their privacy policy, Samsung may send your
voice data “to a third-party service that converts speech to text”. This seems innocuous enough;
after all, we are accustomed to applications using our historical preferences to serve up more
relevant ads and information. However, Samsung’s policy goes on to read, “please be aware that if
your spoken words include personal or other sensitive information, that information will be among
the data captured and transmitted to a third party through your use of Voice Recognition.”
Wait a minute. I’m okay with Samsung knowing that I spent the weekend catching up on Homeland,
but capturing personal conversations that I have in the comfort of my living room? This is a true
invasion of our most intimate spaces and cannot be tolerated.
While it may seem I’m picking on Samsung, I actually applaud them for being so plain spoken (I bet
they pick a sneakier law firm for their next EULA). Most of the other electronics companies make
their privacy policies so complicated you need a lawyer to make sense of it. For those that don’t
require you to have a JD to understand it, they’re so vague and ambiguous that it’s almost a waste
of time to read. And time is another factor dissuading consumers from being informed. The average
privacy policy takes 10 minutes to read. And, the average American encounters nearly 1,500 of
these policies per year!
Many of us are okay with releasing some of our private habits to our technology provider; after all
it’s much better to be served advertisements for things we actually want. But having our personal
conversations analyzed so that corporations know about our most intimate affairs is going too far.
Imagine that you’re discussing your upcoming surgery over a meal and you turn on your TV to be
greeted with an ad for life insurance.
When Privacy Becomes Security
Samsung is transmitting your data through pretty normal means, the Internet, either wired or
wireless, protected by your ISP. But “smart devices” are becoming a norm and many of these are
designed to go with you. As such, battery life is a concern. To address that, manufacturers are
relying on newer protocols such as Bluetooth LE (low energy) and ZigBee. In turn, these protocols
13 Cyber Warnings E-Magazine – February 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
