[Read more session reports and updates from the 14th Internet Governance Forum]
The session focused on consumer-based Internet of things (IoT) products, and privacy and security issues regarding them. Consumer-based IoT requires mechanisms for integrated security measures and preventing personal data abuse.
The session also included an overview of IoT good practice principles that were agreed upon during the 2018 Internet Governance Forum (IGF) and were discussed during the session. Firstly, consumer-based IoT must include four primary goals: security, consumer trust, meaningful transparency, and affordability. It will also be important to update practices as to reflect current states of the environment, which this workshop was trying to achieve. Secondly, the responsibility of the IGF ecosystem is to educate and engage with government stakeholders in these discussions. Thirdly, more effort is needed for better formulating IoT ethics and enabling long-term sustainability of IoT applications.
Governments and the industry have achieved a lot during the past year. Still, this task needs to be divided into steps in order to reach its goals, keeping in mind that the most important thing is to bring together these two sides into an informed dialogue.
Even if consumer-based IoT is part of our daily life, it was not designed with security in mind. This issue cannot be solved through local regulations, but rather through global regulatory efforts, especially since we can’t expect consumers to handle technology in a responsible way. We need to help consumers by informing them better. As Mr Maarten Botterman (Director, ICANN Board) stated, clear guidelines on how devices work and process personal data are crucial. The liability of device developers must be clearly stated throughout the legislation. Looking for the lowest price point for IoT devices often means weak security testing. only a few companies are following the ‘safe by design’ approach, as highlighted by representative of Technical Inspection Association (Technischer Überwachungsverein). Providing certification for IoT devices could help unify efforts of the private sector, while courts and insurance companies should step up in establishing liabilities for developers.
Another big issue is the impact IoT consumer-based devices have on human rights. Private data often includes private conversations and sensitive data. Consumers from countries that lack a data protection framework are most at risk. Surveillance, by both private players and governments, is also an important concern. As mentioned by Ms Estelle Massé (Senior Policy Analyst, Access Now), safeguarding human rights should be incorporated into these products and users should have the right to disconnect from them. If these elements are missing, there is danger that the IoT industry will decline and be less innovative. Ms Chris Kubecka (CEO, HypaSec) argued that one type of government intervention can be similar to what was done in Japan for the 2020 Olympics, mainly, scanning networks for vulnerable IoT devices.
Being aware of threats and educating consumers is the only way forward in tackling security and privacy issues concerning IoT devices. An additional thing that could help consumers make informed decisions is visual presentations of security and privacy features of IoT devices.
By Arvin Kamberi