[Read more session reports and updates from the 14th Internet Governance Forum]
The proliferation of the Internet of Things (IoT) has remarkably changed the way we interact with the physical world. At the same time, it inevitably deepens our concern over data privacy and security. The panel discussion highlighted the perspectives of consumers, regulators, manufacturers, and activists. The general consensus among the panellists was that privacy and security are a collective responsibility of all stakeholders and consumers of the IoT.
Data security and privacy are the central concerns of users of IoT devices, as we hear the news of hacking on IoT devices almost every day. Wearable devices are increasingly prevalent in our daily lives, yet it is unclear to what extent data resulting from their use is collected, and with who the data is shared. Ms Lily Botsyoe (GCNet, Ghana Youth IGF) commented that humans are the most vulnerable in the event of a data breach, although conversations usually focus on the vulnerability of non-human aspects, such as infrastructure and operating systems. Moreover, the weaponisation of IoT is also becoming a reality. It means that cyber-attacks can harm people both in online space and physically cause damage to people. For instance, a vulnerability in pacemakers can lead to the death of the wearer if a hacker attacks the system.
Reflecting on the risks to which consumers are exposed through the IoT, the role of government was emphasised throughout the session.Several legal mechanisms were mentioned, such as the General Data Protection Regulation (GDPR), Privacy Laws in the state of California, and the European Union Cybersecurity Act. Ms Marit Hansen (Chief, the Independent Centre for Data Protection, Germany) emphasised the importance of implementing these regulations in practice. The implementation, the unlinkability, the transparency, and the intervenability of the IoT and other technologies are essential elements ensuring citizen privacy and security of data while promoting the human centrality of the IoT devices.
Efforts from the manufacturers are also necessary to increase security in the IoT. Mr Benedikt Abendroth (Senior Security Program Manager, Microsoft) said that ensuring the security of the products is part of due diligence and can be accomplished by assessing risks and vulnerability of the products. In addition, providing adequate information regarding risks to consumers will allow consumers to make informed decisions. Moreover, Mr Michael Ilishebo (Data Forensic Analyst, Zambia Police Service) suggested that the technology industry might want to consider potential consequences and implications for the local economy before releasing products to the market.
The responsibility of consumers and human rights activists cannot be neglected in calling for better security and privacy in the IoT. By understanding the benefits and drawbacks of the IoT and equipping themselves with digital literacy, consumers can rethink how they use the IoT devices in their lives and be mindful of data collection and sharing. Without awareness, civil society actors cannot communicate with their governments regarding the type of regulation that should be placed or pressure the technology industry to assume their social responsibility.
As the penetration of IoT development outpaces policy-making across the globe, the multistakeholder approach is more important than ever. It requires each actor to take ownership of the issue and to accomplish their respective tasks in order to design and use IoT technologies for the betterment of society and to make them more secure.
By Nagisa Miyachi