Getty Images/iStockphoto

IoT ethics must factor into privacy and security discussions

With the adoption of IoT devices, consumers voluntarily trade privacy for the convenience of instant connectivity. Organizations must consider the ethics of their data collection.

IoT's lack of privacy will remain a topic of conversation, concern and complexity while organizations and governments navigate the ethics of data collection and use.

When data collection and use come up in conversation, the ethical angle is not likely the first topic tech experts discuss. However, it has an important place in IoT and consumer device discussions.

Organizations capable of continuous surveillance via IoT devices must consider ethics -- the moral principles of their actions -- and its effects. When devices connect to the internet, users have no true privacy. Organizations can monitor consumers through smart devices, including homes, appliances, cars, wearables, and water and gas meters. The vendors can monitor and track conversations, locations, timing, actions and behaviors through interconnected wireless devices.

Monitoring and tracking may appear to be unethical, but consumers freely -- albeit often unknowingly -- give vendors the ability to monitor, collect and share their personal data through the purchase of new devices. Consumers often do not read the pages of agreements when they purchase new devices. Buried deep within the agreement fine print is the acknowledgment that consumer personal data will be collected and stored, and data will be shared with third parties.

Ethics becomes a concern when vendors collect private consumer information and are not transparent about how they use the data. Vendors must also protect that data.

When organizations or bad actors can determine personal information from collected data and misuse it, IoT, ethics and privacy become intertwined.

How has data privacy become a prominent ethical issue for IoT?

Privacy in U.S. regulations has roots reaching far back, including its reference in the U.S. Constitution's Fourth Amendment, dated 1789, stating that people have the right against unreasonable searches in their homes. Unreasonable searches include data transmitted out of the home. This now refers to data transmitted electronically through RFID tags and connected devices, such as those that heat or cool homes, regulate water, and control home utilities and appliances.

Smart devices routinely collect data on a building's occupants, such as behaviors. This data can be used to determine home occupancy or home vacancy. Smart meter data reveals time schedules of electrical usage in minute increments, which indicate other factors, including habits. When organizations or bad actors can determine personal information from collected data and misuse it, IoT, ethics and privacy become intertwined.

The lack of privacy in homes and vehicles, or even through wearables, has forced organizations and legislative bodies to address IoT ethics. Smart device consumers must decide if the surveillance of personal habits, behaviors and home occupancy is ethically right or a violation. Previously, the U.S. perspective considered personal surveillance to be wrong. However, people want wireless connected devices to make their lives easier, and surveillance for that purpose is widely accepted. With more consumer privacy regulations in place, the onus has shifted to put more responsibility on IoT vendors to inform consumers of the tradeoffs of connected devices -- but consumers still must navigate lengthy privacy agreements.

The importance of IoT privacy and security together

Not only must organizations address the ethics of their data use; they must also consider privacy and security together. They must define what to secure and how to secure that component or device. Privacy is critical for every person and organization that connects to the internet, including home utility, financial, healthcare, educational, religious or media organizations.

The interconnectivity of wireless sensors poses a high privacy risk because sensors continually collect and store personal data. Consumers voluntarily share personal data and sacrifice their privacy to gain connectivity, often because there is no alternative to using the internet for business and personal tasks.

With the lack of privacy, it is inevitable that organizations must prioritize device and data security. Organizations invest money into developing tools to secure devices and data and ensure privacy, yet hackers attack faster than organizations can keep pace, as evidenced by daily data breaches. Some of the most prominent examples of IoT device security breaches include the hack of Ring smart security cameras, which led to a lawsuit, and the Mirai botnet attack.

Where does IoT ethics and privacy go from here?

Despite the lack of privacy in IoT devices, consumers continue to adopt them. Consumers acquiesce with the privacy agreements attached to devices. Often unknowingly, people freely relinquish personal information to connect with IoT devices, including their home residency occupancy, home appliance usage, home safety, medical equipment usage in the home, personal routines, vehicle privacy, voice privacy and geolocation privacy.

The number of IoT devices will grow from 8.74 billion in 2020 to more than 25.4 billion in 2030, according to a Statista report. Despite the growing number of IoT devices, ethics should be the central focus of these devices. Yet ethics is rarely discussed when someone purchases a new device or engages in the convenience of the device. Ethics focuses on the honesty or deceit of a matter. The device manufacturers must accept accountability to protect the privacy of consumers who purchase and use their devices. More so, the data needs to be protected because the data is IoT's true value.

Personal privacy may appear insignificant in a society that churns through the latest devices as consumers clamor for increased and faster internet connectivity. When organizations, consumers and governments consider IoT ethics, the discussion must focus on the erosion of personal privacy from IoT device use. Once data connects to the internet, personal privacy cannot be reclaimed.

Next Steps

Explore the relationship between IoT governance and privacy

Dig Deeper on Internet of things security

Data Center
Data Management