The Internet of Things is going to change lives — at least, that’s the way it’s been billed so far. As the average consumer waits for their lives to become connected and controllable through nothing more than the smartphone in his or her pocket, they are more than likely thinking about the consumer electronics side of IoT — flashy smart thermostats, self-driving cars and more.
However, while the public is dazzled by the improvements wrought by the impending IoT revolution, U.S. security experts are starting to discuss another potential use of an interconnected, communicative and data-driven world: spying.
As part of a routine meeting between Congressional representative and member of the intelligence community, The Guardian reported that Director of National Intelligence James Clapper delivered some surprisingly transparent comments on how the never-ending stream of data collected by an IoT world could make the tasks of surveillance, tracking and identification much easier for the nation’s spies.
“In the future, intelligence services might use the [Internet of Things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials,” Clapper said.
Predictably, the man in charge of all U.S. espionage remained tight-lipped about the particulars of how the national intelligence community might leverage IoT devices. While it might be natural to get a little spooked by Clapper’s comments and think that the government is going to fool around with the temperature settings of Nest thermostats across the country, that’s probably coming from fear more than logic. Still, when a top government official directly states that his agency will tap into the soon-to-break waves of IoT data, it’s expected to feel a little taken aback.
But might tech companies resist that push of government operations into their well-oiled digital machines? A recent study from researchers at The Berkman Center for Internet & Society at Harvard University argued that, instead of tech companies embracing encryption and leading the world to a dark age of Internet surveillance, many of Silicon Valley’s biggest names have little incentive to secure data as much as possible. Google, Apple, Amazon and a thousand others use the data they collect to gain new insights on their consumers and to generate more revenue through data sharing deals with marketers and other firms. The more they encrypt data sent to and from the world’s IoT devices, the harder it will be for them to quickly and reliably cull the information they need.
This is where things get sticky, though. If companies are following the most profitable route of limited data encryption, it makes it easier for government watchdogs to slide in unnoticed. All things being equal, though, an IoT world insecure enough to let the national intelligence community in means there’s also an open door for hackers and others on the far side of the ideological divide. The White House announced a Cybersecurity National Action Plan that aims to spend $19 billion in 2017 – a 35-percent jump over last year – to combat every weak link in the growing IoT web, including weak passwords, under-allocated federal watchdog agencies and even underdeveloped cybersecurity curricula for college and graduate study.
While it’s premature to think that Obama administration’s cybersecurity action plan contains the cure for an IoT world leaking data on all sides, at the very least it indicates that those at the top level of the U.S. government are aware that the country’s need to keep IoT data where it belongs far outstrips its capabilities at the moment. But unless there’s some breakthrough, the national intelligence community might find itself in a classic catch-22: Should IoT be secured to keep hackers and spies out or left open to give them access to as much data as possible?