Having everything in your life connected could be great or could be a giant disaster
Personal assistants sound like so much fun, don’t they? At least, if you believe the commercials they do.
“Siri, find me a Japanese restaurant in Riyadh.”
“Alexa, turn down the lights and turn up the music.”
“Google, what’s theweather forecast for her heart?” (Stormy, apparently, if one is married to a popular country musician.)
Chances are pretty high by now that you’ve seen the commercial. Google and Amazon are both being especially aggressive this season in selling various styles of their different personal assistant devices. The commercials do a very good job of showing the positive side of having as much of your life plugged in as possible. Unlocking the door so you don’t have to fumble for keys in the rain. Checking how to say “hello” in an obscure language just before meeting a guest from a foreign country. Reading your grandmother’s cookie recipe to you while you’re hands are covered with flour. There’s even a refrigerator whose contents you can check while at the grocery store. All of that sounds absolutely wonderful, doesn’t it?
Welcome to the Internet of Things, a growing atmosphere where, increasingly, every part of our lives, from what’s in our closet to the temperature setting on a slow cooker, are potentially available for control either by voice command or an app on your phone. Everything is right there, waiting for you to tell it what to do, or perhaps following previous instructions. Welcome to the future. The world looks extremely comfortable from this viewpoint.
Wait, though. Before you introduce Alexa or Cortana or Google to every aspect of your home, you might want to stop and think about the consequences.
Only In The Movies
Well, television, actually. The show is CBS’s political drama, Madame Secretary, wherein actress Tea Leoni plays Secretary of State Elizabeth McCord. One of the subplots this season came with the theft of her son’s laptop. There were threats and some suspicious activity here and there, resulting in increased security for the family.
Their real vulnerability was exposed, however, when a hacker takes over all the “smart” appliances in their home, turning them all off and on at random. The scene was almost comical as the ice maker in the refrigerator kept spitting ice at family members. For the family, however, the event was terrifying. They quickly became aware of the fact that the Internet of Things isn’t quite ready for prime time yet. There are still a number of bugs to be worked out before the system can be trusted with the finer points of our lives.
How close was the episode to reality? Probably closer than most of us would consider comfortable. While the ice throwing might have been a bit of a stretch, the rest of that scene is pretty accurate. There are a number of “smart” devices available on the market now that allow those devices to be controlled remotely, usually through an app on your phone. While the ice throwing part might be a bit of a stretch, the rest is entirely possible. Even “dumb” appliances can be made “smart” by plugging them into a connected outlet. If you have something that runs on electricity, it can, in theory at least, be connected to the Internet.
While that might sound convenient, the problem is that the Internet is not a terribly safe place to store things that are valuable.  No matter how secure you might think the cloud is, there is someone out there right now trying to hack it.
Warning from the FBI
The dangers that come with the personal assistants and the Internet of Things are inherent to the beast. Everyone knows about them. The question is how to mitigate those risks down to reasonable levels. Last September, the Federal Bureau of Investigation released a rather lengthy Public Service Announcement addressing some of the more urgent and frequent security concerns. Here’s an excerpt from that statement.
The main IoT risks include:
- An exploitation of the Universal Plug and Play protocol (UPnP) to gain access to many IoT devices. The UPnP describes the process when a device remotely connects and communicates on a network automatically without authentication. UPnP is designed to self-configure when attached to an IP address, making it vulnerable to exploitation. Cyber actors can change the configuration, and run commands on the devices, potentially enabling the devices to harvest sensitive information or conduct attacks against homes and businesses, or engage in digital eavesdropping;
- An exploitation of default passwords to send malicious and spam e-mails, or steal personally identifiable or credit card information;
- Compromising the IoT device to cause physical harm;
- Overloading the devices to render the device inoperable;
- Interfering with business transactions.
A couple of things here are worth noting immediately. Anything that is “universal” is universally at risk. That means that the device is open to accepting information from any number of potential sources, making it especially easy for hackers to access the system. Anything with a “default” password is vulnerable even before it’s shipped. Passwords that provide access to multiple objects in your home places your whole family at risk. Â While security has improved since these guidelines were released, there is still a very high probability that putting one’s home online is putting one’s home at risk.
Even systems you thought were safe can be risky. Remember that huge Target hack that happened last year? The hackers were able to get into the system by using credentials stolen from an HVAC worker. That’s right, Target’s HVAC is online. Not only is it online, when the hack occurred, none of the system’s default passwords had been changed. For hackers to break into the entire system was as easy as possible.
We should also probably mention that anything app controlled can be easily blocked, either by a person or by one’s ISP or by another app. There are myriad ways in which access to your control app could be blocked.
Improvement still requires caution
A lot has improved since the FBI’s warning came out last year. With each new iteration of a product, developers are getting infinitely better at building security into their devices. However, it is going to take a while before all connected services are totally safe.
AÂ 2014 article from digital security provider TrendMicro contains some very valuable advice if you want to make your home both smart and safe.
- Ensure that smart devices are secure – (ex: Username/password)
- Regularly change smart device access credentials
- Check/replace batteries in devices and sensors
- Diagnose and Resolve device operational issues
- Monitor device manufacturer notifications (ex: web sites, feeds, e-mail, devices) for notifications of device operational issues and firmware updates
- Perform firmware updates, as required to ensure continued device security and operation
- Perform device management app updates on smart phones/tablets of family members
- Reconfigure existing devices to grant additional access by other family members
- Identify new household convenience scenarios and configure/test devices accordingly
- Assist other members of the household with smart device related issues
Those are very important consideration to remember before making anything in your home accessible through the Internet.
I was talking with a friend yesterday about this very topic and she raised the fear of losing her entire music collection. I countered that perhaps even worse than losing the collection would be having it corrupted. Imagine saying, “Hey Alexa, play Zeppelin.” and what you get is a familiar-sounding dinosaur singing, “I love you, you love me …” That is exactly the kind of horror to which we make ourselves available.
Not everything about the Internet of Things is bad, mind you. The potential for both convenience and learning are significant (Alexa, what sound does a whale make?). However, if we’re going to put more and more of our lives online, we have to understand the risks and, perhaps most importantly, be willing to accept the consequences.
Think before you connect yourself or someone else this holiday season.
Personalized Shopping Could Get A Bit Creepy
I’m a champion for personal differences. All society should be much more personalized. —George M. Church
Having your total shopping experienced personalized to you sounds like a good thing until you read the small print
Please allow me to paint a scenario for you.
Imagine that you woke up this morning with a bit of a sniffle. As the seasons change, your allergies are acting up a bit; nothing serious but you should probably pick up some over-the-counter medication on your way to work. You down a cup of coffee and toast a bagel before heading out the door. Stopping at the convenient drug store just down the street, you pick up the allergy medication and your favorite candy bar. Work is stressful, as Mondays so often are, and you welcome the chance to get out of the office at lunch time. You decide to do a little shopping to cheer yourself up.
Walking into a department store just two doors down from your office, the first thing you see are some cute sweaters that would be perfect for wearing to work. You look for the price and a small LED screen tells you the sweater is 50% off the regular price. You can’t beat a deal like that. As you pick up a sweater in your size, your favorite song comes on the store’s music system. Paying for the sweater with the store’s credit card generates another 10% off the price and you’re beginning to feel as though this was  a great bargain. The clerk hands you the receipt and on the back is a coupon for a bag full of your favorite candy bar.
You have just enough time to grab something to eat and when you enter the sidewalk cafe the waiter immediately suggests the vegetable soup, emphasizing its healthy properties. Finished with the soup, you return to work and get a call from your trainer at the gym. He suggests you stop by on your way home because, you know, Mondays are so very stressful.
A Highly Personalized Life
According to Joseph Turow, a professor of communication at the University of Pennsylvania, that highly personalized life experience is possibly less than a year away. His upcoming book, The Aisles Have Eyes comes out in January and covers the details of how and why all this personalization is happening. In an interview with Kaveh Waddell for The Atlantic magazine, Turow explains not only the upside of personalization but also the creepy dangers of living in such a connected world. Walking into a store and immediately finding what you want at a price you can afford sounds wonderful, but the details behind how that happens can be a bit disconcerting.
Of course, most of us already know that everything we do online is being tracked dozens of different ways. Every website you visit, every click you make, every product over which you briefly drool is noticed by something, somewhere, and that information is stored in a database for later influence. As a result, when another website feels the time is right, an ad pops up for that exact same product, touting a new, lower price. We get it. We know we’re being watched and our data is being collected.
What we’ve not realized, perhaps, is that it is not just our online activity that is being tracked. Everything we do is being noted by some app connected to some database. Our cell phones are most often the culprit. One app recognizes a sneeze and knows you may need coupons for a cold medicine. Another notices that you are driving more aggressively to work, indicating that you’re likely stressed even before you get there. Four different apps notice the purchase you make at the drug store and send an alert to the waiter at the cafe you just entered, suggesting that you might like the soup. It’s all possible, right now.
Nothing You Do Is Secret
Author George Orwell warned us about the constant oversight of a government he referred to as “Big Brother.” What Orwell didn’t imagine is that we would have apps and “reward” cards that collect far more information about us and our habits than his “Big Brother” could ever dream. Even more astonishing to Orwell is that we would hand over such information willingly. No one requires us to download the apps or accept the “reward” cards. We do so in the hopes of perhaps getting a bit of a discount on the things we buy.
Is a 10% discount worth giving up a lot of privacy? Apparently, we tend to think so. Rarely does anyone opt out of information gathering, especially once they’ve started using a program. For example, I just received my AARP card last week because I’m even older than Luke Perry. The card comes with a long list of “benefits” that include discounts for a lot of the things old people like me are apparently supposed to do, such as eat out and take trips. I read the small print, though. Anytime I use the card for a discount, AARP collects that information. They note not only which restaurant I dine at, but how much I spend. If I eat at a chain facility in multiple cities, that gets noticed as well. Over time, they are able to build a profile of my activities, which in turn, allows them to better “personalize” my “benefits.”
Do I mind AARP having that information? Not especially, because the presumption is that they use the information to my benefit. However, they also sell that information to “partners.” I would like to presume that those “partners” are equally safe, but how would we know? What are my options if one of those “partners” uses that information to start sending me spam? What if my health insurance rates go up because they see that what I’m eating probably isn’t helping my blood pressure a damn bit? Yeah, we might have a problem here.
The Potential For Abuse
While we all like the convenience of having everything personalized for us, the reality is that the information we give up could be used against us as well. From the article comes this question and answer:
Waddell: Is it legal for an advertiser or a retailer to decide, based on someone’s profile, like their race, that they’re higher risk and perhaps not show them certain goods?
Turow: Sure! Of course. They’ll never say that it’s because of race—and they wouldn’t do it just because of race. They’d do it because of, say, income. If you have the money, it doesn’t matter what race you are, from their standpoint—but race gets built in by virtue of where people live, their income brackets, and other things that are much less obvious.
I think age is going to be a major factor. It already is, among retailers. Income is going to be a big factor. And things that we don’t even think about, various concatenations of lifestyles that lead to certain predictions about what you will or will not read, or when you will or will not take a vacation, or if you will or will not have certain frequent-flier miles.
The ability to run through thousands of datapoints about you and compare them with thousands of datapoints about people you don’t even know, and then come up with a sense of what you will buy or not buy at what price: That’s the goal. The goal is to come up with a price for you that you accept based on the product they think you would want.
Personalization is great when it works in your favor, but we have to remember that all businesses need to make a profit. Therefore, they’re inherently going to look for ways to turn everything in their favor more than ours. If that means denying some people access to certain goods and services, then that is exactly what they’re going to do.
The Internet Of Things
Kat and I were watching last night’s episode of Madame Secretary before she left for school this morning. As part of the storyline where the family is being stalked, all of their “smart” appliances are hacked. The family becomes frightened when they realize that not even the presence of a physical security detail can protect them from someone taking control of the lights, the heat, and the appliances in their home.
When you hear people talking about “The Internet of Things,” they’re talking about how everything in our lives is becoming interconnected. Our appliances, the lights in our house, the heat, our phones, our insurance, and our shopping. Everything we do becomes a datapoint somewhere that connects to something else that connects to somewhere else. So, if your income is low and you show a history of having difficulty paying your bills, maybe an app starts shutting off the lights rather than leaving them on for hours on end, or adjusts the thermostat so you use less energy. Maybe your local grocery won’t sell you that big box of fried pies because they know you’re borderline diabetic. Perhaps the price on that pair of boots you like suddenly shoots up and is now more than you have the ability to cover.
Even worse, as events last week demonstrated, what happens when all our data gets hacked? There is no such thing as a totally safe database. That means the more information we allow people to collect, the more at risk we are of that information being stolen and used against us.
No, that’s not creepy at all, is it? Get ready, though. I don’t see any way to stop this phenomenon from happening, Â short of everyone on the planet unplugging and going back to binary means of commerce. Something tells me none of us are willing to do that. So, bend over and lube up. We’re not only getting screwed, we’re asking for it. Don’t worry, though; it’s all personalized.
Share this:
Like this: