The Internet of Things  

Once a term used mostly by MIT professors and those steeped in the privacy and security field, "The Internet of Things" is now finding its way into mainstream conversation. Loosely defined as the practice of equipping all objects and people in the world with wirelessly connected, identifying, computing devices, the term represents what could be a hugely transformational way of life.  

At one time, "The Internet of Things" probably sounded like science fiction; but today, it's becoming very real. Here are a few examples of where you can literally see, hear and almost feel this phenomenon occurring in some very ordinary places:

• TRENDnet marketed its SecurView video cameras as "secure." In fact, the cameras had faulty software that allowed anyone with the cameras' Internet addresses to hear and see what the cameras were capturing. In fact, more than 700 were hacked, creating live-streams of private locations and private moments online for the world to hear and see.        
• Google possesses possibly more data about consumers' online activities than any other organization (Facebook, Microsoft, IBM would probably be close behind.). Now it seems, the Internet giant is on track to know as much about your offline behavior. The company recently purchased Nest, which makes "smart" thermostats and smoke/fire alarms that track indoor-activity data. They have stated they plan to create many more of these types of smart gadgets. How much personal information will Nest share with Google, and how will that information be used?       
• A range of smart-home and smart-car technology allows consumers the ability to control access and features of their houses and vehicles. But who else might gain the same level of control? And what will happen when "smart" cars and appliances can function on their own without human intervention? As this Guardian article contends, they will certainly be tempting to hackers.

With a user pool larger than most countries, Facebook will always be on the radar of privacy specialists. Thanks to my own circle for providing these hot-topic updates on the social behemoth:

• My friend Lisa Brownlee, who has lived internationally and is highly educated on theft and the need for safe, secure and reliable backup systems, says Social Safe digital journal for backup is "a total lifesaver." Lisa has vetted the application's security and is confident in the developers' safekeeping of personal information.    
• Chris Duque shared this Mashable article with me. It's chock full of great tips on how to delete your personal search history from Facebook, which stores every single term you ever enter in the search box.    
• Another of my friends and publisher, Rich O'Hanley, passed along this article on how to quickly get rid of all your Facebook data    
• I was recently sourced by ThreatMatrix to talk about the lawsuits Facebook is facing over claims it mines private messages for personal data. The plaintiffs say Facebook scans messages for links and other information that can be sold to advertisers, marketers and data aggregators. There is potential for the lawsuit to become a class-action.  At the same time, Facebook was part of a group that recently sued the U.S. government and won the right to disclose to users more information about what data they are compelled to hand over to authorities. (Sadly it does not apply to companies less than 2 years old.) Please keep in mind that nothing on Facebook, including messaging and Facebook emails, should be considered protected or private; anything posted to a social media site is susceptible to world view.
• As a fun experiment, several years ago I changed my address in Facebook to "Elephant Island, Antarctica." Sure enough, for seven months after I "moved" there I did not get any ads! Of course, as Facebook refined its Big Data analytics, and as I posted more "Likes," I started to see ads once more.

Who's Watching (and Listening)?

In the January Tips Message, I promised to deliver more on surveillance cameras this month. Below is a collection of some disturbing developments in the area of physical privacy.    

Drones are increasingly being used to look onto others' property, with no restrictions or search warrants necessary.  Here's just one example: 

Drone Surveillance Footage Sends Man to Jail: A North Dakota farmer was sentenced to three years in prison reportedly after not promptly returning three cows that had wandered onto his property; he was located by a border surveillance Predator drone. (Pure conjecture, but considering the size of cattle farms in the upper Midwest, it's possible he didn't even realize rogue cows were on his property.)   

Big Brother Means Big Business for Video Surveillance Firms: For the Winter Olympics in Sochi, Russia, Panasonic has supplied the largest quantity of security cameras (6,903!) in the history of the Olympic Games.

Spy Agencies Need More Oversight, Canadian Privacy Watchdog Says: New surveillance tools, from monitoring of online activity to closed-circuit cameras, cast a wider net and give intelligence agencies more personal information than ever before. It is a simple mathematical fact: The more personal information an organization has, the more likely that a privacy breach will occur.

Police Want to Use Your Home Security Cameras for Surveillance: An imaginative proposal emerging from San Jose, Calif., asks citizens to donate their own home security systems for "the greater good."    

On the whole, I think security cameras - in particular those sending live feeds of public areas, especially in high-crime areas, to a remote location - are a smart idea for public safety. Installing security cameras around your home is also generally a good move for personal security. 

As with every technological innovation, however, surveillance cameras of all types pose privacy risks, especially when it comes to illegal or unethical surveillance. Whenever drones, security cameras or any other types of surveillance devices are deployed, the associated privacy impacts need to be considered. 

When law enforcement, government agencies, businesses or any other type of organization wants to deploy and use surveillance, privacy impact assessments (commonly called PIAs) should be performed, and the activities should have oversight from an objective third party to mitigate the possibility of privacy abuses.

Privacy Professor on the Road

I love traveling the country to raise awareness of data security and privacy. If you ever have need for a speaker, presenter or workshop host, please get in touch. In the meantime, take a look at the schedule below, and if you'll be in the neighborhood during these events, I hope you'll attend. 

Feb. 23: Visiting with Des Moines' North of Grand neighborhood to give a talk on how neighbors can protect their privacy and secure their information.

Feb. 25 & 26: Teaching IAPP CIPP Foundations and CIPM classes in Dallas

March 4: Giving a presentation on Smart Grid Privacy in Minneapolis

April 9 & 10: Teaching IAPP CIPP Foundations and CIPM classes in Minneapolis

April 30: Conducting a workshop for the ISACA North America CACS conference in Las Vegas

May 1: Presenting a session about privacy at the ISACA North America CACS conference in in Las Vegas

May 12: Conducting a workshop for Medical Device Security and Privacy at the 10X Medical Device Conference in Minneapolis

May 19: Presenting a HIPAA session at the LTCI Conference in Kansas City

You Have My Permission to Share

I receive a lot of requests to repurpose the information contained in these Tips messages, so I wanted to drop a quick note in here to say, "Yes, I approve!" Please use the following attribution so that others will know where to find me if they have additional questions about the material you pass along.