The internet of things – the next big challenge to our privacy

If there’s a depressing slogan for the early era of the commercial internet, it’s this: “Privacy is dead – get over it.”

For most of us, the internet is complex and opaque. Some might be vaguely aware that their personal data are getting sucked, their search histories tracked, and their digital journeys scoured.

But the current nature of online services provides few mechanisms for individuals to have oversight and control of their information, particularly across tech-vendors.

An important question is whether privacy will change as we enter the era of pervasive computing. Underpinned by the Internet of Things, pervasive computing is where technology is seamlessly embedded within the real world, intrinsically tied to the physical environment.

If the web is anything to go by, the new hyperconnected world will only make things worse for privacy. Potentially much worse.

More services and more things only mean more data being generated and exchanged. The increase in data volume and complexity might plausibly result in less control. It’s a reasonable assumption, and it leaves privacy in a rather sorry state.

Many of the future predictions about privacy reflect this bleak diagnosis. If privacy isn’t dead yet, then billions-upon-billions of chips, sensors, and wearables will seal the deal.

But before jumping to such conclusions – and bearing in mind the immense power of established tech-vendors and their interest in this space – there may still be reasons to be positive. In particular, the fundamental differences between pervasive computing and Web 2.0 provide a beacon of hope.

One difference is that with pervasive computing, much of the technology becomes tangible and familiar. This makes issues of privacy more readily apparent to users. Web browsing histories stretching back over time are one thing; Google Glass is quite another.

If you can physically witness aspects of data collection, it short-circuits what has traditionally been a long feedback loop between privacy risk and cumulative effect. The hope is that the increased awareness inspires action.

This ties to a second difference: the technology itself could enable action. Unlike the web, where offerings tend to be one-size-fits-all, pervasive computing is driven by the individual, focusing on customised, person-centric services and experiences.

If the technology supporting this properly places individuals in the driving seat, it could also be used to provide individuals with the opportunity to take control of their personal data.

Moving from the abstract web

It has taken years for the sort of awareness and backlash that we’re now starting to see against Facebook, Google, and other major internet vendors that trade in personal data.

This is a product, in many respects, of the inherent obscurity of data collection by web-based services.

Moving from the web to the Internet of Things, many aspects of technology shift from being abstract and hidden, to being grounded in the real world.

In the real world, people have expectations, depending on the place and situation, about what behaviours are reasonable. What is acceptable in a pub may not be appropriate at a conference.

As technology becomes part of physical space, behaviour that violates social norms becomes more obvious, and new norms will develop around technology-based interactions. This, in turn, should make issues of privacy more prominent and pressing.

Google Glass is a case in point. The aim of Glass is to bring closer the digital and physical realm. Even before Glass was released, there were movements to limit its use, with the term “glasshole” rapidly entering the vernacular. We now see Glass being banned from bars, restaurants, strip clubs, and cinemas.

The rapid appreciation and evolving responses to the implications of Glass – be they related to privacy, economic, or legal concerns – is a phenomenon not seen in the world of Web 2.0, and provides an early indication for how the Internet of Things could develop differently.

Personalisation and customisation

Beyond tangibility, the other element at the heart of fully-realised pervasive computing is personalisation and customisation.

The Internet of Things is about more than just internet-connected fridges. Instead, it represents the move to having ever more objects networked and embedded.

This leads to the goal of pervasive computing, where all these things can all be used in various ways, to achieve personal, customised goals. The vision is that different individuals will be able to use the same things and services differently from those around them.

To take a domestic example, sensor-embedded kitchen devices might support precision-control gastronomic cooking in one home, while at the same time offering the potential to remotely monitor the food consumption of elderly relatives in another.

This is a huge shift from Web 2.0 – and even from the current generation of mobile apps – in which services and their uses are defined by vendors, leaving users with little option but to adapt. To get the most from next-generation technology, it should accommodate our different likes and preferences in relation to things, people, place, and time, tailoring its functionality to those preferences.

As the nature of pervasive computing has personalisation woven into its fabric, it offers the promise for real privacy protection. Privacy preferences and controls can be made part-and-parcel of the process of individual customisation – built-in to the technology’s operation.

How all of this develops will depend considerably on the lead proponents. If technology develops within the walled gardens of a few dominant vendors – with the superficial illusion of control within their walls – we will end up bound by their code.

This would not only be bad for privacy – as the industry’s track-record makes clear – but more generally, vendor-dominated silos would constrain and limit the potential of the emerging technological landscape.

This is part of the reason for thinking positively and proactively about privacy: its fate is intimately bound with that of the Internet of Things as a whole. And if there is the vision and commitment to realising pervasive computing in a way that is open, diverse, innovative, and high-value, then privacy may just stand a fighting chance.

Jat Singh (Computer Laboratory, University of Cambridge) and Julia Powles (Faculty of Law, University of Cambridge)
are working on collaborative projects in technology, law, and policy

Evgeny Morozov: Tech pioneers in the US are advocating ‘algorithmic regulation’ – but if technology provides the answers to society’s problems, what happens to governments?