5G & IoT: What Does Connecting Everything from Your Lights to Your Parking SpaceMean for Privacy & Security?

Defining the Internet of Things and 5G

Before we explore the depths of privacy and security concerns for these emerging topics, we must first understand the topics themselves. The internet of things (IoT) is a buzzword used by companies across the globe in 2019. On a base level, IoT is just electronic devices communicating data to each other and making adjustments or performing analytics based on that data. 5G is the next generation of cellular networking, coming on strong in 2019. Companies like Verizon and AT&T have rolled out versions of 5G, and have begun advertising, but 5G is not yet widely accessible to most of us. As 5G becomes more widely available, IoT is poised to explode, connecting our devices with our everyday lives in new and exciting ways. All of that connectivity comes with a price, however — the very potential for further erosion of our personal privacy and security of our data.

IoT devices are enabled with network connectivity in order to communicate with each other, or any network connected device. Current IoT devices range from Philips’ Hue lights (light bulbs with customizable color and brightness, which can be controlled remotely using your smart phone) to security cameras in your local bar (which are installed using Wi-Fi). The user-side goal of IoT is to improve user experience, and it has done this by allowing us to control lights with our smart phone or setup security cameras without tricky wiring. This type of IoT has been around for a long time because a simple Wi-Fi chip and connection allows these devices to work without consuming much power. This is in part thanks to wireless innovations like LPWAN (low-power wide-area networking).

More complex situations require more complex solutions, and more powerful, faster connectivity. In situations like a traffic camera, there is no Wi-Fi connection, so the engineer must use a cellular chip to connect the camera to a network from one of the Nation’s providers. These chips draw more power and are costlier. Part of the costliness is driven by the fact Network providers have a limit to the number of devices they can connect to a tower. Limited supply and high demand drives prices up. These are some problems that the next generation of cellular network aims to solve.

Cellular networks have progressed over the 21st century from 3G (1998), 4G (2008), 4G LTE (2011), all the way to 5G which is beginning to roll out in 2019. These improvements have been structured towards a few major goals: speed, number of connected devices per tower, range of towers, connectivity of rapid moving devices (think trains), and quicker response time. Our current network standard of 4G LTE does a very good job of this and was a huge step up from prior implementations. In fact, it spurred the start of rapid scaling of the IoT. However, it still suffers from major drawbacks like doing poorly in dense areas and flat out not reaching other areas.

The next generation of network — 5G — hopes to solve these downfalls by using intelligent software to provide different types of connection to devices depending on range from tower, power consumption limits, and more. Going into the depths as to how this is accomplished is beyond the scope of this article, but if you’re interested, I encourage further reading here.

It’s All About the Data

Companies like Google, Apple, and most notably Amazon have rolled out smart home devices within the last couple years (Apple HomeHub, GoogleHome and Amazon Echo). These devices serve as a voice controller for all IoT devices in your home, and themselves provide useful functionality as well. These devices are loaded with valuable intellectual property and great hardware, yet they cost a fraction of what you would expect for such a cleverly engineered device in today’s market. This is due to what drives the IoT and what will drive technology for many years to come: the value of data.

We talked about the user-side goal of IoT, but the business goal is entirely different; gather data on your users to better sell and improve your products. When a person or organization’s goal is to gain information on you (too often via shady privacy policies or unethical hacking), their ultimate goal is data. Data drives machine learning algorithms that enable corporations to improve their products, target marketing, and predict future consumer interests. If you are interested in machine learning and how it’s used in today’s society read my recent blog post: Machine Learning, Artificial Intelligence, & Deep Learning: What’s the difference?

This collection and use of data has an upside. It ultimately improves the user experience by providing insight to companies on which products to further develop, or initially create, as well as how to improve them. These insights provide you amazing products and easy to use applications. Gathering data on the consumer benefits the consumer, but at what cost?

Some companies are overzealous in their pursuit or applications of the data they acquire, leaving consumers feeling violated. An instance of this that caused consumer concern was Facebook’s Onavo app that surreptitiously installed a root-kit on users’ devices to gain information about how they use every aspect of their phone. The Onavo app was marketed as a way to protect user’s security, but in additions to such protection, the app collected data on user’s internet searches and the like. This collection of data was laid out in the privacy policy, but users were understandably upset when they learned about this collection of seemingly private things.

Let’s look at how this would play out using a hypothetical: Phillips could be collecting data on when users in New York like to go to bed versus users in Idaho (based on when they shut off all their lights). Now Phillips sells this data to their partner Google. Google interfaces this data with their AdWords API, and next thing you know they have updated the cost of advertising during each market’s peak pre-bedtime hours. In this sense, it’s not all that creepy. Who cares if Pepsi has to pay more for ad time in your adjusted market nightly routine time slot? But not all applications of IoT data collection are so benign. When you consider the revelations which came out of the Snowden scandal (that the National Security Administration was engaged in massive warrantless surveillance of people in the U.S., and abroad), we begin to paint a much more ominous picture.

Security & Privacy Concerns

Connecting our everyday devices to a network poses serious security and privacy concerns. Threats from outside and within. Anything connected to a network is vulnerable to outside attackers, no matter the amount of protection put in place. The threat from within is less nefarious, but still concerning. As we have discussed above, the owner of the software can gain analytical data on your use habits, including insights into your private life. The risks are exacerbated by the software monitoring all network connectivity in the case of 5G. Some are terrified by the prospect of the government’s potential access to such a huge amount of personal in wake of the Snowden incident. That being said; it’s coming, with all of its benefits and burdens. Those most concerned with the privacy and security aspects will need to focus energies on the policy and corporations surrounding it, not the technology itself.

Unlike the European Union’s General Data Protection Regulation, the United States does not have comprehensive rules or regulations regarding corporations or governments handling consumer’s data privacy rights. The Fourth Amendment’s applicability (the right to the people to be secured against unreasonable and warrantless searches and seizures) has not yet been determined in regard to citizen’s data privacy rights. With further expansion of IoT and 5G, facilitating millions more devices to monitor and spy on consumers and citizens, in even more obscure facets of civilization, this lack of law and policy on handling consumer and citizen data will prove to be a major issue in the years to come.

Moving forward we as a society must focus on defining laws to protect citizens and consumers regarding their data. Specifically, each of us should have the ability to see what data an organization possesses on us, and the ability to require them and anyone they have shared or sold it to, to delete that data. There are many more concerns to be addressed regarding data privacy, but we must work to establish a set of ground rules for organizations handling data as we progress into new and murky waters with IoT and 5G networks enabling connectivity and monitoring to scale exponentially.

Bringing it all Together

With 5G providing more connected devices per tower, lower battery cost for data transmission, and quicker transmission speeds amongst other benefits, the internet of things is bound to explode. With this explosion, there will be new devices gathering data ranging from parking space monitors all the way to agriculture devices for monitoring plant growth. With this data, there will be a coupled explosion in machine learning as data drives all artificial intelligence. This is all great for society.

Technological advances like IoT and 5G are bound to occur as society advances. However, with them and many other technological advances there are more opportunities for data to be gathered, analyzed, and sold. Companies rely on this infrastructure to function; it is the underlying structure of business function. Analyzing consumer interest and using consumer data to produce better products is part of innovation. However, there should be regulations with regard to how companies gather this data and trade or sell it.

The United States must follow the lead of the European Union and regulate the way corporations and the government manage and protect consumer and citizen data by providing basic rights to users similar to the EU’s General Data Protection Regulation. It is important to set a precedent for regulation regarding consumer data as technology will continue to evolve and so will the methods of data collection that stimulate its growth.

Socials

Sources

1. “5G Vision.” European Commission & PPP, 5g-ppp.eu/wp-content/uploads/2015/02/5G-Vision-Brochure-v1.pdf.
2. Sciforce. “Internet of Things (IoT). What Is IoT? — Sciforce — Medium.” Medium.com, Medium, 18 Sept. 2018, medium.com/sciforce/internet-of-things-iot-what-is-iot-248a2af925bc.
3. ShermanSep, Justin. “U.S. Federal IoT Policy: What You Need to Know.” The State of Security, 18 Sept. 2018, www.tripwire.com/state-of-security/government/u-s-federal-iot-policy/.
4. Bessin-Py, Sophie. “Security-by-Design: The Foundation to Continued Growth in the IoT.” Gemalto Blog, Gemalto, 31 Oct. 2017, blog.gemalto.com/iot/2017/10/31/90-percent-service-providers-say-secure-iot-architecture-increases-sales/.