Expert opinion april 2016

This article is also available in French

April 14, 2016

Unless you’ve been living under a rock for the last couple of years, you’ve likely heard about Internet of Things (IoT), to a certain extent at least. In the past years, there has been a tremendous focus of research, business, proceeding and even press papers for this new Eldorado. Considering the comprehensive possibilities offered by this emerging market, industry is running at full speed to develop innovative solutions. Too often, privacy is not the first priority in that rush to get the product to market.

Internet of thing: What does it mean exactly?

The Internet of Things (sometimes stated as the Internet of Objects) refers to the ability of everyday devices to connect to the Internet, collect and exchange data in order to provide dedicated service to the end user.The flexibility and effectiveness of connected objects, low-cost and rapid deployment of sensors, have fueled interest in the possible ubiquitous integration of massive set of unattended devices. Such networks enable a whole new class of autonomous control applications and services from connected homes and connected cars to smart buildings and transportation.  Gartner, Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016 and will reach 20.8 billion by 2020[1]. The collected data is generally stored in the cloud and sometimes on the smart device itself.

Data Privacy in IoT: Utopia or reality?

This digital transformation of the world brings up new expectations of privacy. The incursion of sensors and objects around us convert our physical world in a communicable, contextual, and trackable one. The whole implications of this global connectivity is still blurry for consumers. On the other hand, Altimeter Group depicted that one point is crystal clear: Consumers are strongly concerned about how their personal data collected from connected devices are stored, used and shared by companies [1].

There is clearly a massive gulf between consumer awareness and current industry practices with regards to personal data. To be more concrete let’s give the definition of personal data: it is ”any information relating to an identified or identifiable natural person […]; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”[2]. Thus, this personal information stems from all connected devices. Typical examples include habits gathered from home security automation systems, locations saved from geo-location techniques linked to a telephone terminal or the company car and physical conditions amassed from medical devices.

Lack of measures to protect personal data will result in decreased user acceptance and therefore is one of the driven factors in the success of the IoT.
Data privacy issue can be alleviated by encrypting the data and thus protecting its integrity and confidentiality.The challenge in data encryption lies in enabling different devices to jointly store and run computations on data while keeping it completely private. This inter-device communication requires the solution to handle a multi-party key management system in order to allow the data encryption/decryption only for the authorized entity.

In other respects, blockchains guarantee transparency of transactions and generate an irrefutable record of activities, providing a reinforcement of strong authentication. Thus, it allow data base to store sensitive data without risking exposure to malicious parties, thereby enabling an autonomous control of personal data.
What if providing data privacy in IoT issue’s solution were hidden behind blockchain investigation? The response will be unveiled in the next few years…

Maalel Nourhene

[1]Consumer Perceptions of Privacy in the Internet of Things, Altimeter Group, 2015Base: n=2062 respondents
[2]EU. Directive 95/46/ec of the european parliament and of the council of 24 october 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities, (L. 281), November 1995.