Finding the balance between privacy and security has never been more of an issue than it is today — especially in the wake of the Internet of Things (IoT) technology, which allows machines to interact with each other through signaling systems. These machine interactions allow IoT to embrace a technological revolution unlike anything we’ve seen before, but could similarly create a major security issue if a system were to be penetrated. As government officials and experts alike grapple with subjects surrounding potential regulations, we must also ask ourselves: how much is our privacy worth to us? How much are we willing to give up for the sake of security or privacy? And how much is too much security?
Whether we like it or not, IoT is here to stay. “You can’t work the genie back into the bottle,” Ambassador David O’Sullivan, EU Ambassador to the United States stated. Now that IoT is fast evolving, we have to face the fact that answers to security and privacy must be found.
Just as security is associated to cyber, so should security be associated with IoT. Back in 2013, an article by the Harvard Business Review, Cyber Security in the Internet of Things, written by two IoT experts, Christopher J. Rezendes, President of INEX Advisors, and David Stephenson, author of SmartStuff: An Introduction to the Internet of Things and the Principal of Stephenson Strategies, discussed this very issue; “The very principle that makes the IoT so powerful — the potential to share data instantly with everyone and everything (every authorized entity, that is) — creates a huge cybersecurity threat.”
Clearly concerns about security as related to IoT are an issue. But how can you go about securing the Internet of Things without limiting its full potential, which is still in the early stages?
In the end, most experts from the conference seemed to believe that some form of regulation is necessary to solve some of the security problems during the production phases of new technological innovations. “Security should be seen as a design feature and not a reactionary one,” said Dean Garfield, President and CEO of Information Technology Industry Council. In other words, security should be considered up front rather than dealing with it when it is too late.
Yet, there are still other matters of security to consider. The bleak truth is that “Threats can change so quickly and are constantly morphing,” Chris Boyer, Assistant Vice President of Global Public Policy at AT&T said. As such, “We need trusted digital identities,” Rory Gray, Global Head of Sales at Intercede stated. For Gray, “It is a cryptographic issue, not a password issue.”
And Gray isn’t alone in this line of thinking. The Department of Commerce and Department of Defense are some of the key players leading the movement to eliminate passwords, because both agencies have found that passwords still offer too many vulnerabilities that can be penetrated during a potential cyberattack. IoT relies on cyber activities and if one system is compromised the others can be affected as well.
In the end, there seems to be no way to avoid incorporating both privacy and security in the IoT sphere. So where does the necessary balance between security and privacy lie?
The balance is truly hard to find when there is a “culture where the capital wants privacy and the world is willing to take some trade-offs,” Gary Shapiro, President and CEO of the Consumer Electronics Association explained. “Not all privacy is equal and not all innovations are equal.” Nonetheless, a “strict and comprehensive regulation can hinder innovation,” Atkinson said. But, the creation of a “privacy regime could enable some privacy goals to be met.”
IoT offers incredible opportunities, but they must be handled in the best way possible. Whether you sway more in favor of self-privacy or group-security, the matter is thus: you cannot have it all. Therefore, a balance between the two needs to be found.