Privacy

Why data privacy is up to developers

Shutterstock image: internet of things, connectivity.

With mobile devices generating and sharing ever more data, developers need to build in the privacy safeguards that standards organizations and consumers can't necessarily mandate.

"I don't think it's realistic to expect people to understand the complexities of [the Internet of Things] and to even be able to really assess the risks of their interactions with systems unassisted," said Naomi Lefkovitz, senior privacy policy adviser at the National Institute of Standards and Technology. "I really think system designers need to do a better job of building systems that first and foremost minimize privacy risks."

Lefkovitz, who was one of several federal speakers at the American Bar Association's Internet of Things (IoT) conference on March 30 and 31, added that once systems are finalized, the risks are locked in, and people have no real choice other than avoiding the system altogether.

"You can either turn them on or off," she said, using web cookies as an example. "That's not much of a choice."

She urged developers to think of privacy from the beginning, design meaningful choices for users and build in safeguards. For example, it would be helpful to have sensors that signal when they're recording to help Americans avoid "that panopticon effect of never knowing if we're being watched or not," Lefkovitz said.

Such design choices are particularly important as the IoT spreads vulnerabilities deep inside organizations and homes.

"You can't look at any device and assume it is fundamentally safe based on how it is or isn't connected," said Jeff Greene, former senior counsel for the Senate Homeland Security and Governmental Affairs Committee and now senior policy counsel at Symantec.

Citing the fact that even devices not connected to the Internet are vulnerable to hacking, Greene advised device makers to incorporate basic -- but often neglected -- security measures, such as avoiding hard-coded passwords and prompting users to change default device passwords during setup.

Various organizations have issued standards for IoT privacy and security, but industry needs to rally around credible norms, said Michael Aisenberg, principal cyber policy counsel at Mitre.

If that doesn't happen voluntarily, he told the room full of lawyers, IoT standards might be "built on the back of a cacophony of litigation" -- which might be lucrative for lawyers but bad news for public policy.

About the Author

Zach Noble is a former FCW staff writer.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.