Iot privacy vs convenience
Download as PPTX, PDF0 likes96 views
The document discusses the debate around privacy vs convenience with Internet of Things (IoT) technology. It notes that while IoT provides increased connectivity and efficiency, it also raises privacy concerns as more personal data is collected. The document explores issues like identity management, data usage and ownership, and calls for balancing privacy and convenience. It provides examples of approaches like self-sovereign identity that could allow more individual control over personal data and addresses both sides of the important debate around privacy and convenience with emerging technologies.
Iot privacy vs convenience
- 1. IoT Privacy vs Convenience Don Lovett don@projectbits.com Internet of Things – Smart Communities VA-DC-MD Meetup Group Wednesday, December 1, 2021
- 3. Today’s Agenda 1. Background 2. Convenience 3. Privacy 4. Impact 5. Devices and Networks 6. Call to Action Let’s dive in 3
- 4. Background of IoT Privacy vs Convenience Debate Society Individual NGO Academic Religious Commercial Government 4
- 5. John Locke's take on Role and Authority of Government? Foundation Principals from mid 17th century Philosopher John Locke: Life, Liberty and the Pursuit of …? Happiness? or Property? Privacy is a universal human right. There are international accords related to privacy that serve as the foundation for national laws, policy frameworks, and international agreements throughout the world. https://www.eff.org/issues/international-privacy-standards Source: https://www.earlymoderntexts.com/assets/pdfs/locke1689a.pdf https://www.eff.org/issues/international-privacy-standards 8
- 7. The Why McKinsey - Digital identification: A key to inclusive growth • https://www.mckinsey.com/business- functions/mckinsey-digital/our- insights/digital-identification-a-key-to- inclusive-growth 6
- 8. McKinsey – Economic Value Follow the money “In 2030, digital ID has the potential to create economic value equivalent to 6 percent of GDP in emerging economies on a per-country basis and 3 percent in mature economies, assuming high levels of adoption” Source: https://www.mckinsey.com/business-functions/mckinsey- digital/our-insights/digital-identification-a-key-to-inclusive-growth 7
- 9. Popularity of IoT technology Purpose An increasing number of electronic devices are becoming internet-enabled each year, allowing for more sophisticated communication and coordination between them and their users. Electronics devices, ranging from laptops to thermostats, to automobiles are being connected, forming a network called the Internet of Things (IoT). In 2020, the number of IoT devices is forecast to reach 8.74 billion, surpassing the number of people on earth, showing how integrated technology is becoming. The popularity of IoT devices isn’t limited to just households; businesses across the United States are also taking advantage of IoT-based technologies to streamline processes and increase efficiency. Around 29 percent of North American and European organizations currently use IoT technology within their business operations, and another 10 percent plan to integrate IoT technology within the next year. 5
- 10. Convenience
- 11. What can Individuals Do to Balance Privacy and Convenience? 10
- 12. Frictionless Commerce “When you remove friction from a process or a system, you give the people in that system back one of the only things that is utterly nonrenewable, time. And as more and more time has been ironed out of almost everything we do— people have realized that for far too long they’ve let someone else choose how they are going to spend their time. Those days are gone. Everyone values their own time more than they used to, and if you think you’ll be able to get away with taking more of it than you have been allocated—by leaving too much friction in place—you are gravely mistaken.” https://www.wired.com/story/opinion- the-future-of-commerce-belongs-to-the- frictionless/
- 13. CONVENIENCE VS PRIVACY Manage your identity • Younger respondents are more likely to say they always or mostly re-use the same credentials that they have used for other accounts • CONVENIENCE VS PRIVACY • When making new online accounts, do you re-use the same credentials (usernames, passwords) that you have used for other accounts or do you create new credentials for each specific account?
- 14. Self-sovereign identity (SSI): The true password killer How can we make security more convenient? • While SSO and 2FA are great improvements over traditional, centralized usernames and passwords, they still don’t let us have our cake and eat it too — that is, they don’t give us both security and convenience. • But there’s an emerging technology that does. It’s called self- sovereign identity (SSI). Source: https://www.securitymagazine.com/articles/93356-self-sovereign-identity-the-true-password-killer 18
- 15. Self Sovereign Identity (SSI) Credential Flow Self-sovereign identity in the context of data protection and privacy (yourstory.com) The How Government issues holds and verifies credentials, and you can make claims with cryptographic integrity using identity and currency wallets 19
- 16. Privacy Digital Identity The Missing Foundational Piece of the standards and protocols on which the internet was built 17
- 17. Primary Government Roles in Identity Issue Proof Documents Permissions and Authorizations and Promote Standards 01 Secure and Validate Credentials and Claims 02 Record Certain Life Events 03 Confirm Access to Benefits and Entitlements 04 Establish Trust in Proofs and Claims while Protecting Privacy 05 12
- 18. Global video surveillance market Source https://www.statista.com/statistics/864838/video- surveillance-market-size-worldwide/ 26.6 30.2 45.5 62.6 74.6 0 10 20 30 40 50 60 70 80 2016 2017 2020 2023 2025 Significant Growth billion U.S. dollars
- 19. NIST - Identity and Access Management Roadmap 19 Public Law No: 116-207 (12/04/2020) Internet of Things Cybersecurity Improvement Act of 2020 or the IoT Cybersecurity Improvement Act of 2020 https://www.congress.gov/bill/116th-congress/house- bill/1668 This bill requires the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) to take specified steps to increase cybersecurity for Internet of Things (IoT) devices. IoT is the extension of internet connectivity into physical devices and everyday objects. https://www.nist.gov/blogs/cybersecurity-insights/rounding- your-iot-security-requirements-draft-nist-guidance-federal
- 20. “The United States doesn’t have a singular law that covers the privacy of all types of data. Instead, it has a mix of laws that go by acronyms like HIPAA, FCRA, FERPA, GLBA, ECPA, COPPA, and VPPA.” Source: https://www.nytimes.com/wirecutter/blog/state-of-privacy-laws-in-us/
- 22. Digital Dependence Convenience Trumps Security & Privacy • Consumers’ increased reliance on digital channels during the pandemic may have caused more lax attitudes towards security – with the convenience of digital ordering often outweighing security and privacy concerns. • Many consumers (particularly younger generations) say they would rather place an order digitally, even if there were security or privacy concerns with the application. Additionally, consumers rarely decline to use a new digital platform due to security or privacy concerns. • This surge in new accounts may also be creating password fatigue, with consumers reporting high levels of password reuse across their accounts. This means many of the new accounts created during the pandemic likely relied on reused credentials, which may have been compromised in previous data breaches. Source : https://techcoffeehouse.com/2021/06/25/ibm-survey-pandemic-induced- digital-reliance-creates-lingering-security-side-effects-in-singapore/
- 24. Impact • Unsavory services can expose digital identities and personal information via the Internet of Things • The current generation of heavy internet users are digital denizens, creating curated online personas out of heaps of information uploaded to social media sites. These people are also generating detailed “digital exhaust” via the Internet of Things-connected devices with which they either knowingly or unknowingly engage. Third parties with either good or bad intentions can create rich identities out of these data deposits, to use and abuse as they see fit. This issue actually stems from one of the biggest opportunities presented by the IoT: the sheer number of seamless connections proliferating among digital systems. Internet services promise wonderful things, yet users rarely take the time to think about the nature of the information required to accomplish their online goals. • Source: https://intelligence.weforum.org/topics/a1G0X000005JJGcU AO?tab=publications 34
- 26. Call to Action Think about control and ownership of identity privacy and how it can enhance your cybersecurity footprint Think about Demand to know where your personal information is going and how it is stored Demand Find Out what your identity information is being used for and who has access Find out Learn more about identity tools and processes including Self Sovereign Identity Learn Be aware of the tradeoffs of convivence when it comes at the expense of privacy Tradeoffs 22
- 28. Questions? 24
- 30. Government Blockchain Association Source: https://www.gbaglobal.org/ 27
- 31. ACT-IAC Source: https://www.actiac.org/hot-topics/blockchain American Council for Technology and Industry Advisory Council 28
- 32. More Information https://sovrin.org/developers/ Video The Sovrin Network- Making Self-Sovereign Identity a Reality • https://vimeo.com/305420834 Trust over IP • https://wiki.trustoverip.org/display/HOME/Trust+Over+IP+Fou ndation Books • https://www.manning.com/books/self-sovereign-identity • https://www.anthempress.com/the-domains-of-identity-pb Courses • https://digitaldefynd.com/best-hyperledger-fabric-courses/ 29
- 33. Digital Identification and Authentication Council of Canada - DIACC • Interoperability: Digital Identity You Can Use • The DIACC is committed to unlocking economic opportunities for Canadian consumers, and businesses by providing the framework to develop a robust, secure, scalable and privacy-enhancing digital identification and authentication ecosystem that will decrease costs for everyone while improving service delivery and driving GDP growth. • The DIACC Trust Framework Expert Committee (TFEC) represents a diversity of public and private sector stakeholders who collaborate to deliver resources that help to solve and secure identity including: validated use cases, standards, model agreements, international alignments, and informative policy development recommendations. https://diacc.ca/the-diacc/
- 35. Self Sovereign Identity implementations • Just a few of the SSI implementations that were launched in 2020 or are pending launch in early 2021 include: • IATA Travel Pass will be the first verifiable credential capable of providing proof of COVID-19 test and vaccination status at airports around the world, • NHS Staff Passport is the first portable digital identity credential for doctors and nurses in one of the largest public healthcare networks in the world, • GLEIF (the Global Legal Entity Identifier Foundation), based in Switzerland and the only global online source that provides open, standardized and high quality legal entity reference data, is committed to following the SSI model for digital identity credentials for companies. • SSI4DE, co-funded by the German Federal Ministry of Economic Affairs, supports showcases for secure digital identities in Germany, and Chancellor Angela Merkel declared digital identity as a priority matter during December 2020. • CULedger MemberPass brings SSI to financial services with Credit Union customer identity verification, • Farmer Connect is realizing is vision to “Humanize consumption through technology” by enabling and empowering individual coffee farmers to more easily work with global enterprises, and reducing costs and inefficiencies for large companies to work directly with small and often remote farmers. • Lumedic Exchange is the first network designed exclusively for patient-centric exchange of healthcare data using SSI-based verifiable credentials. Source: https://sovrin.org/2020-how-ssi-went-mainstream/ 26
- 36. Estonia Already Lives Online Once they’re in the system, Estonians don’t need to fill out forms, thanks to the country’s “once-only” rule, which mandates that the government is allowed to ask for any given piece of information only one time. Authenticated digital signatures are also more secure than their handwritten counterparts, a source of bemusement to Estonians, who “think it’s crazy that much of the world still signs with a pen,” Source: https://www.theatlantic.com/international/archive /2020/05/estonia-america-congress-online- pandemic/612034/ 33
- 37. Tell Us Once - UK Government Availability: • Not released Published by: • Department for Work and Pensions Last updated: • 12 December 2013 Topic: • Society License: • None Summary • Tell Us Once is a service which allows people to report a birth or death to most government organizations in one go. • The Tell Us Once Database records details of the life event and the information recorded can include the data of • birth or death, Names, National Insurance Number, Driving License and Passport details. • Information is held for a maximum of 35 days then deleted. Source: https://data.gov.uk/dataset/fb4b924c-7a42-433a-8280- 78a924a00a94/tell-us-once 36
- 39. Don Lovett Bio Mr. Lovett is a Business and Technology Leader who is passionate about the promise of Controlled IoT and emerging technology. He recently served as the Chief Information Officer (CIO) in the Office of Contracting and Procurement Agency, which annually procures $6.7 billion of goods and services for the District of Columbia Government. In this leadership role, he activated a digital transformation strategy with a focus on linking improvements in data accuracy, security, accessibility, and transparency to improvements in customer experience. Mr. Lovett is the Founder and Principal Consultant at ProjectBits Consulting, where he provided Public Sector, Hi-Tech, Telecom, Financial Services, Manufacturing, and Distribution clients with business and technology solutions and advice. Before that, he had a decade-long career at KPMG where he was admitted to the Partnership. He serves as a co-lead for the ACT-IAC Emerging Technology IoT and Smart Community Working Group. He currently also leads the America’s at the Government Blockchain Association. Mr. Lovett has a Master’s Degree in Business Administration (MBA) from the University of Houston and a Bachelor’s in Accounting from the University of Houston. He served as an affiliate faculty member at Regis University teaching graduate-level students in organizational and operational aspects of project management. He has earned graduate-level certificates in Software Engineering from the University of Texas and Telecommunications Management from the University of Dallas. He holds SSCP, CSM, and ITIL, Azure and PMP credentials. Don Lovett don@projectbits.com 703-434-1660 Mobile https://www.linkedin.com/in/donlovett/ https://www.projectbits.com/ 38