♦ 13 ♦
When Your Scale Talks to Your Refrigerator: The Internet of Things
Your refrigerator will talk to your toothbrush, your gym shoes, your car, and your bathroom scale. They will all have a direct line to your smartphone and tell your digital doctor whether you have been eating right, exercising, brushing your teeth, or driving too fast. I have no idea what they will think of us or gossip about; but I know that many more of our electronic devices will soon be sharing information about us—with each other and with the companies that make or support them.
The Internet of Things (I.o.T.) is a fancy name for the increasing array of sensors embedded in our commonly used appliances and electronic devices, our vehicles, our homes, our offices, and our public places. Those sensors will be connected to each other via Wi-Fi, Bluetooth, or mobile-phone technology.
Using wireless chips that are getting smaller and cheaper, the sensors and tiny co-located computers will upload collected data via the Internet to central storage facilities managed by technology companies. Their software will warn you if your front door is open, if you haven’t eaten enough vegetables this week, or if you have been brushing your teeth too hard on the left side of your mouth.
The I.o.T. will be everywhere, from heart-rate monitors in your watches to breathing monitors stitched into your child’s pajamas. It will help us learn from our behaviors, manage our environment, and live a richer life.
But there is a really dark side to this machine vigilance. The Internet of Things will offer unprecedented spying possibilities, from the insurance company monitoring how you drive by using an accelerometer device in your car (which insurance giant Generali is already doing, under a scheme it calls Pago como Conduzco, “Pay as I Drive”)107 to the little Samsung Paddle placed under your pillow that records your sleep cycles and vital signs, to the camera in your TV that gets hacked and allows people to watch you.
The possibilities for unhealthy and potentially illegal invasions of privacy grow along with the growth of the I.o.T.
The Awesome Things about the Internet of Things
The smash-hit Nest home thermostat may surprise you. What could be more boring and mundane than a thermostat, right? Yet the Nest is a beautiful glowing dial on your wall that is extremely easy to understand and adjust.
Americans waste huge amounts of money running their heaters and air conditioners when they aren’t at home. Some people remember to turn these systems on and off when they are coming or going, but few are conscious of the seasonal adjustments they make to heating and cooling usage in their homes, or how they behave differently on weekends. That adds up to billions of dollars each year in wasted energy spending. It’s an enormous market, one that is hard to address without building a truly intelligent and connected device.
The Nest set a new standard for smart devices. With motion sensors, the Nest monitors a user’s daily movements. In the first few weeks after installation, it studies your behavior to learn your preferred home temperature. It also studies your comings and goings. You need to actively adjust the Nest during that period, but like a good soft A.I., it learns your habits and then starts to work all by itself.
By a certain point, the Nest becomes nearly 100 percent autonomous and optimizes the temperature in your home with no prompting. It reduces energy bills, perhaps by as much as 10 percent, and makes your home more comfortable.
The Nest also ties into utility programs that ask users to cut back on power usage at times when energy consumption is at a peak, to relieve pressure on the electrical grid. Nest users who live where such programs are in place can save 5 percent or more on power bills by participating. That’s an early but effective instance of the smart grid, a sub-sector of the Internet of Things focusing on energy and our giant, antiquated, and inefficient power-generation and transmission system.
You can install the Nest application on your phone and control your home environment remotely. So, say, if you want to start cooling down your house fifteen minutes before you arrive home, you can send a message to the Nest. That’s handy if you are coming home earlier than planned on a hot summer day in Phoenix, for example.
Since designing its thermostat, Nest, which operates as an autonomous unit inside Google, has released a smoke detector and a video camera to monitor for intruders or behavior of pets (and perhaps children or teenagers?). It will probably release many new products, all controllable from the Nest application.
Technology companies say they will use the Internet of Things in the same way: to reduce our energy usage, improve our health, make us more secure, and nudge us toward better lifestyles. Of course, the I.o.T., they say, will save us money too.
The ability to collect such data will have a profound effect on the economy. The McKinsey Global Institute, in a report titled The Internet of Things: Mapping the Value beyond the Hype, says that the economic impact of the Internet of Things could be $3.9 to $11.1 trillion per year by 2025: up to 11 percent of the global economy.108
Much of the value of the I.o.T. is hard for us to comprehend, because it will be machines talking to other machines to enable different A.I. systems to work together and make better decisions. By monitoring machines on the factory floor, the progress of ships at sea, and traffic patterns in cities, the I.o.T. will reach far beyond our homes and create value through productivity improvements, time savings, and improvements in asset utilization. The 200-mile-per-hour ride in a Google car will be controlled by a transportation subset of the Internet of Things, a web of sensors on the roadways and embedded in the vehicles that will allow them to speak the same language.
The McKinsey report also assigns value to the I.o.T. by including the economic impact of reductions in disease, accidents, and deaths. Those are real economic benefits even if they are hard to calculate today, with few of those systems in place. McKinsey believes that the I.o.T. will monitor and help manage a huge swath of activity on Earth: the natural world, people, and animals.
The Internet of Things should not only change our interactions with devices and improve their efficiencies but also create entirely new ways of understanding the global economic engine. Turning electronic products into software-controlled machines enables continuous improvements both to the machines and to the business models for using them. The constant improvement in features that we see in our smartphones will become common on our other devices.
Everything will be connected, including cars, street lighting, jet engines, medical scanners, and household appliances. Rather than throw appliances away when a new model comes out, we will just download new features. That is how Tesla is enhancing the self-driving features in its cars: learning and then sending software updates every few weeks. Through the software of the Internet of Things, everything will drive itself, upgrade itself, turn itself on and off at the right time, and know when it is about to break down. For example, Dell Computer and industrial giant General Electric are attaching sensors to servers and jet engines, respectively, that connect to the Internet and help customers know when a component will fail well before the breakdown occurs. The collective intelligence of the sensors feeds into machine-learning systems that begin to predict failures and to schedule maintenance with ever greater accuracy. This information saves money by helping companies plan for the full life cycle of equipment they need in their businesses, making them proactive rather than reactive enterprises.
The Frightening Thing about the Internet of Things
It was not an auspicious beginning to the 2015 holiday season. On Black Friday, we learned that a hacker had broken into the servers of Chinese toymaker VTech and lifted personal information on nearly five million parents and more than six million children.109 The data haul included home addresses, names, birth dates, e-mail addresses, and passwords.110 Worse still, it had photographs and chat logs of parents with their children.111
Earlier in the same month, Bluebox Security discovered serious vulnerabilities in Mattel’s Hello Barbie, the Internet-connected version of the iconic doll.112 These exploits raised the obvious question: as more toys become connected to the Internet, how many have lax security? And how many millions, or hundreds of millions, of children are in danger due to it? It is entirely possible that serious vulnerabilities affect the majority of Internet-connected toys.
Yes, these are the early days of hack attacks on toys, so hackers have a head start. But the bigger problem is that there is no real regulation of the Internet of Things. There are no severe fines for companies that have lax security. The companies can just get away with an apology; knowing that there is a privacy risk doesn’t oblige them to do product recalls.
If you don’t have children, then think about the huge amount of information about your life that Nest has access to if you install several of its products in your home, or the type of information that Amazon’s Alexa is gathering by listening and watching you and your family. These companies know a lot about you, including some deeply intimate things that no one else does. Their cameras watch you constantly. Think of what could happen if they were hacked.
I truly fear the increasing incursions on our privacy and confidentiality. It isn’t just the toys and thermostats in our homes: cameras are already recording our every move on city streets, in office buildings, and in shopping malls. Our cars will know everywhere we have been, and our newly talkative devices will keep track of everything we do. Privacy will be dead, even within our homes. This is a risk that our smartphones already pose; soon we will be tracked everywhere.
And then there is the incessant marketing. Many of the new I.o.T. products and features on our devices will be inexpensive and useful—telling us when we need to order more milk, take our medicine, rethink having that extra slice of cheesecake—but they will also tell us to order milk from Google Express and to get our prescriptions filled at CVS. Amazon’s fast-growing Dash program lets users of Tide laundry detergent reorder with a push of a button on a cheap, wireless Tide I.o.T. device—but it is connected to Amazon’s cloud, and orders are, of course, fulfilled via Amazon.com.
Will we be happy for the manufacturers of our refrigerators to recommend new flavors of ice cream, for our washing machines to suggest a brand of clothes to buy, for our scales to recommend new diet plans because that paleo diet just isn’t working? They will have the data necessary for doing so—just as your smart TV’s manufacturer is learning what shows you watch.
As well, we have no guarantees that the technology companies will not share our data with advertisers that want to hound us into buying their stuff. In fact, this is how the tech companies usually make their money—by selling our data (though, yes, they may claim to anonymize it). It’s a Faustian bargain, but one that we commonly make. As they say, if a service is free on the Internet, then the customers are probably the product for sale.
I am not looking forward to having my bathroom scale tell my refrigerator not to order any more cheesecake. I will not permit security cameras to capture images from the inside of my home and upload them to the Internet, even with the very best encryption. But it is going to be very hard when Smart TVs and refrigerators have cameras embedded in them—as our laptops already do.
Does the Technology Foster Autonomy Rather Than Dependence?
Without doubt, with the industrial I.o.T., we will see tremendous benefit, a dependency that is good for us. That our cars tell us when they are going to break down or our traffic lights tell the town that a bulb needs to be replaced is all good. As noted, General Electric is able to remotely troubleshoot its jet engines and locomotives in order to warn operators about required maintenance; that feeds into planning software, which is a huge leap forward that will save time and money.
I also don’t mind having a Nest thermostat regulate my home’s temperature. But do I need my refrigerator watching what I eat and talking to my phone? I don’t think so; it will just make me a lot more dependent without providing the promised benefits. And it will compromise my privacy.
The Risks Don’t Outweigh the Benefits
VTech admitted that its security had not been up to snuff and apologized after the 2015 hack.113 But the company had little real incentive to worry about security, because there is no real bite in the laws seeking to penalize companies for failing to protect their customers’ data. Even in California, where companies are legally required to quickly disclose hacks and warn customers that their data have been stolen, breaches continue. According to the World Economic Forum, cyberattacks are now the third-largest threat facing the world, following natural disasters and extreme weather.114
Too often, the business costs of voluntary recalls are not sufficient motivators. Rarely are victims compensated for seizure of their identity, an unwanted gift that keeps on giving for many years. VTech earns $2 billion in annual revenue and says that some of its fastest areas of growth are Internet-connected children’s products. A better way to deal with this might be to dramatically raise the penalties for lax security. This could be accomplished by insurance companies but should also include some mandatory payback clause to compromised customers. Or perhaps it could be a contribution system whereby all manufacturers of connected devices pay into a compensation pool. This is, of course, another flavor of insurance. Businesses would hate this idea, but it might force them to do the right thing.
Increases in government regulations are rarely productive and often harm innovation. But it may be prudent to expand the equipment-authorization program of the FCC.115 This requires the testing of radio-frequency devices used in the United States to ensure that they operate effectively without causing harmful interference and that they meet certain technical requirements. In the future, these requirements could include the encryption of data and other security safeguards. This is particularly important given that our Internet of Things devices are mostly manufactured in China. The security holes could allow snooping on an unprecedented level—in homes as well as offices.
And I have another really radical thought, which goes beyond what I recommended in the chapter on security and privacy.
What if we mandated that businesses create systems that allow customers to control their own data—to see what is being collected and to alert them when those data are stolen? This has long been a pipe dream of privacy activists and an ideal of defenders of electronic civil society such as the Electronic Frontier Foundation. But we are actually tantalizingly close to having the capability of creating such a system.
There are many ways of solving this problem. For example, Roland Vogl, who heads Codex, the Stanford Center for Legal Informatics, envisages a system that will allow people to manage and analyze all of their structured data, including those generated by Internet of Things devices. End users will connect their devices to a “personal dashboard,” through which they will be able to monitor and control their data. They will select which data can be shared and with which companies. Vogl says there are already some implementations of these technologies, such as OpenSensors and the Wolfram Connected Devices Project.
The solutions aren’t difficult. We just need the motivation, regulation, and coordination. The alternative, in today’s wild, wild west of Internet of Things development, is a runaway increase in security nightmares. It will be better to set the standards now and ensure a safer cyber world for our children and ourselves than to try locking the door once all the wrong people have our data.
This again is where you must be involved: we need the public demanding these protections. But first we must understand the key issues. You can also exercise the same choice as I am: until I am convinced that there is enough security, I am not going to be buying an I.o.T. home device.