Internet of Things (IoT) 12 November 2015

Why We Need an IoT Framework

We already suspected our smart TVs were ‘watching’ our viewing behavior and sharing data with advertising and television business partners.  Now, our smart TVs can open our homes to criminals. 

Propublica recently reported on the update to Vizio televisions which quietly enabled “Smart Interactivity” as a default, along with modifications to the privacy policy allowing wider sharing of data. Right on the heels of that article, ArsTechnica reported yesterday that Avast has found vulnerability in Vizio televisions which allows infiltration through weak HTTPS validation, letting hackers issue commands to the television or gain access to the home’s network.

Privacy risks and security vulnerabilities – elements which, along with sustainability issues, form the three dangers to real safety.  The call is loud and clear.  We must tackle safety in the connected world through privacy and security by design, built in from the beginning, and sustained throughout a product’s life cycle.  And we must do it now.

One perceived challenge is the ‘unknowable’ element of these connected devices; we are developing devices and combinations we’ve never seen before.  Along with this is the challenge of emerging players – new companies without security or privacy experience, established companies with expertise in areas other than technology, individual entrepreneurs out on their own – all now building (or converting) their products for connectivity.

But the challenges are not insurmountable.  What seems like the great unknown actually starts with a collection of reasonably well knowns.  Strong security protocols exist, even if some companies may be unfamiliar with them (and some smart TV makers may forget to use them).  Privacy standards exist, even though companies less experienced with personal data may not realize the demands of proper data stewardship.

Safety in our connected world hinges on the coming together of ideas we already embrace in email and communications security, all forms of authentication and validation, access protection, privacy protection and data stewardship.  The important message is less that we need to ‘figure it out’ and more that we need to start doing it.  We need to see the parts as a whole – a framework built from experience and learnings in each separate area now combined into a comprehensive set of best practices to support and enable emerging innovation.

The time for guidance is now and OTA’s IoT Trust Framework supplies that guidance.  Join us in DC at the IoT Trust Summit on November 18 as we move forward with the framework and a code of conduct which promises to enhancing consumer trust and safety while promoting innovation.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 5 December 2019

Rural Development Special Interest Group Organizes Internet Connectivity Tag 2019

In November, the Internet Society Rural Development Special Interest Group (RD SIG) organized an event called the Internet Connectivity Tag 2019 in Bangalore,...

Building Trust 14 November 2019

IoT Security Policy Platform Wants to Raise the Bar On Global IoT Security

By next year, five Internet of Things (IoT) devices are projected to be in use for every person on...

Building Trust 2 October 2019

Celebrating National Cybersecurity Awareness Month

Every October, we mark National Cybersecurity Awareness Month. From the U.S. Department of Homeland Security website, “Held every October,...