Read my lips: new requirements on privacy approaching

December 17, 2016

dataprivacy_218266510-1200x545I never miss an opportunity to make the point that Security and Privacy are the two big challenges for IoT, and that privacy is the bigger one. Security problems can be fixed since we accept apologies and forget rapidly. Was it billions of accounts Yahoo? Privacy issues are different since it is about trust and without a proper architecture no service can cope with new requirements on privacy.

Most people respond along the lines of “I have nothing to hide” or “that’s the way people are these days”. But people living in countries where they don’t trust the government have a completely different point of view. In most western countries we have quite tough policies about what you can ask people in interviews for employment. But given the data available to employers today (provided from users by signature!) combined with data analytics, they already know much more than you can imagine, so they don’t need to ask.

This is the naive era and it will come to an end, soon! Your personal data is yours and you should only give it away if you think it is a good idea! And many organisations are equally naive today! Critical data has to be kept safe! Web services for IPR management might not be a good idea for example. At least not unless you know where the servers (and their backups) are.

The only architecture I know of today which can support future requirements on privacy, is that users own their data and opt in to share it. I’m working with Springworks in the automotive industry today. In our company, enabling mobile operators to connect cars, the owners of the cars own the data generated in the car and they opt in to insurance companies, road side assistance companies etc to get some of their data. Car manufacturers typically argue that they own the data.

Here is a good example of what will drive new requirements on privacy – a report from Democratic Media on how wearables are used to collect and sell health data. Is this something we want? I don’t think so. Consumers and enterprises will raise new requirements, and governments will follow with legislation. Proper architectures for privacy and trusted partners will be kings.

 


Trusted partners are key to IoT

February 7, 2016

trusted partnerIoT will make major impact on how we do things and what can be done, across industries and borders. Adding things to the Internet creates a massive opportunity in pair with what Internet have done to us to date. The major challenges are as always to be found in organisations and processes, rarely in the technology as such. However, if we cut the cake differently, and look at it from people making bets on creating and implementing IoT products and services, I would argue that the two biggest challenges are security and privacy. And security is the smaller of these two big ones! We have always had security challenges, but they can be mitigated and fixed on the go. Fixing bugs and problems are part of the development so to speak. If someone finds a back-door and steal our jewels, we will install a lock on the door and hope people will forget it, if you see what I mean. The vendor of the door takes a hit but people have a tendency to forget quite rapidly.

But with privacy it’s a matter of architecture and trusted partners. If data that at some point in the future is considered sensitive is “out there”, it’s too late to take it back. In the digital world nobody knows how many copies there are, who has them, what they use it for, and so on. Most countries have laws and policies for this already, sure, but the first issue is that policymakers probably will shape up rules and policies down the road. Nobody will be badly punished for data that is made available before the changes, obviously, but it might take fundamental changes of systems and services to meet the new policies if the architecture isn’t there already. The second, and much more difficult challenge is that people themselves might change their views over time on what is acceptable and not. Such changed requirements are neither planned nor managed within countries or companies. They might come and go, spread across by social media and gather less or many people behind. And policy makers are always influenced by public trends, media etc. so these “unmanaged public policies” can force rapid legal changes as well.

If your clients suddenly believe that the data they “produce” in their homes or when they shop belongs to them, it will be hard to keep them happy if you don’t let them control it. And even more so if you sell the data to third parties. And to let users be in control of their data requires an architecture supporting that – it’s not something hard to add on the go.

I believe connected cars, homes, cities, cloths, pets, shops, bikes, gardens, etc. sooner or later will meet privacy requirements from policymakers and people that will be necessary to meet and very challenging for those without an architecture to supporting. The role of a trusted partner will be absolutely key and for those being trusted it will be a fantastic foundation for creating brand value and profitable business. The jury is out who can take this important and valuable role. I believe it is a national player and I put my bet on a responsible mobile operator with a solid brand.

%d bloggers like this: