Scratching Below the Surface: IoT Privacy Risk

Further to the topic of Privacy & Security for Smart Cities (E. Kenneally, “Scratching Below the Surface: IoT Privacy Risk,” in IEEE Internet of Things Magazine, vol. 1, no. 1, pp. 8-10, SEPTEMBER 2018. doi: 10.1109/MIOT.2018.8552484, available at https://ieeexplore.ieee.org/document/8717595):

This column delves into privacy risks of the IoT using risk concepts that are more native to the security domain in order to conceptually bridge our collective understanding, articulation, and management of privacy concerns in the IoT which otherwise might not be sufficiently considered or foreseen by existing legal and technical controls. It has become almost cliché that the so called Internet of Things (IoT) means different things to different people. When it comes to privacy and security risks, what is implicit across the myriad conceptualizations of IoT lies the key to unearthing why IoT risk heralds a difference with a distinction compared to traditional offline and online contexts. Critics of an exceptionalist view of IoT risk might contend that the IoT is really just distributed computing on steroids, i.e., the IoT is merely a relabeling and repackaging of technologies past like client-server, web services, SoA, mobile, virtualization, and distributed computing, which means that risk management is merely an exercise in grafting the decades-long understanding of privacy and security from those familiar contexts onto the IoT. Without getting into a religious debate, it is incontrovertible that there are advances in the quality and quantity of data collection from IoT technologies as opposed to previous generations of technology, and these are driven by real and prospective socioeconomic value propositions.