The Internet of Things promises to create mountains upon mountains of data, but none of it will be yours.
I don't mean that you won't be generating lots of data with your Fitbit, smartphone and a myriad of other devices. No, I just mean that—as the Electronic Frontier Foundation warns—come the Internet of Things, all your data will belong to someone else.
I've written about the importance of open source to the Internet of Things to preserve developer freedom and encourage standards. But what may be even more important is the ability of open source to keep your data ... yours.The Hotel California Of IoT Data
Software may be eating the world, to quote Marc Andreessen, by powering ever-greater shares of our ever-more digital lives. But that software is nearly always closed to us. Despite the rise of open-source software, virtually none of the software that we use is actually accessible to us.
That's a problem.
As the EFF spotlights, "when it comes to digital products, owners have rights. Renters on the other hand, have only permission." Make no mistake, in today's digital age, we are most definitely "renters" with virtually no rights—including rights to our data.
While we may have superficial access to our data, we rarely have ownership of it—or of any digital things, for that matter. (When I "buy" a movie I don't really own it; I just have the right to watch it on a certain device). This is particularly problematic for the Internet of Things, as the EFF notes:
If my car breaks down, I want to be able to take it the mechanic I trust, not the one General Motors hand-picks for me. I also don’t want my trusted mechanic driven out of business because she can’t afford to pay licensing fees for the diagnostic codes she needs to do her job. Or maybe I want to tinker with the software to make the car run better, or test it for malware. As author Mr. Jalopy succinctly put it, “If you can’t open it, you don’t own it.” And if you don’t own it, it may pwn you.A General Problem
Not that Internet of Things vendors are particularly evil. As Forrester analyst Jeffrey Hammond points out, mobile (apps, operating systems, everything) reflects this same trend of locking in user data. Actually, as Twitter open source chief Chris Anisczczyk laments, basically the entire Internet these days is constructed with a one-way data street in mind.
Sadly, we've come to expect this, something Ethan Zuckerman posits was inevitable given our unwillingness to pay for value:
[A]dvertising is the original sin of the web. The fallen state of our Internet is a direct, if unintentional, consequence of choosing advertising as the default model to support online content and services. Through successive rounds of innovation and investor storytime, we’ve trained Internet users to expect that everything they say and do online will be aggregated into profiles (which they cannot review, challenge, or change) that shape both what ads and what content they see. Outrage over experimental manipulation of these profiles by social networks and dating companies has led to heated debates amongst the technologically savvy, but hasn’t shrunk the user bases of these services, as users now accept that this sort of manipulation is an integral part of the online experience.
We can do better. Do we want to, though?
Noted privacy and open source advocate Glyn Moody reminds us that "if they have your [Internet of Things] data, they know all about you," with "big privacy issues" as a result. At an individual level we may not care ... that is, until our personal health data is used to block us from buying life insurance, or millions of cars, including ours, are remotely unlocked and made available to thieves.
This is not necessarily different from tracking on the Web, which has been par for the course for years, as noted. But as Mike Pittaro suggests, "[Internet of Things] with device/service lock is just a rich source of easy to control data."
Not that I want to be a Luddite alarmist. I don't. I just worry that we're far too casual about the implications of the Internet of Things and data.
Just because a device generates my data doesn't mean its vendor should own that data. And while credit card hacks make the headlines, I'm more concerned by legitimate businesses tapping into my personal, Thing-generated data to offer or deny me services.
How about you? Think it's a big deal or overblown? Your comments are welcome.
Photo by Sonny Abesamis