‘Pretty soon, even your trousers will have their own Twitter account,’ wrote Paul Ford in Hemispheres magazine. Devices communicating Machine to Machine (M2M) without supervision by the customer, owner, wearer or other individual will collect and transfer large quantities of data superficially about trivial machine events – location, activity, communication or connection, but which often imply information about the lives of identifiable individuals. Other communications might more obviously be about an individual such as health data collected through remote monitoring devices. Bear in mind also that the status of data can change. The number on a chip used to track boxes of medicines in a warehouse is not personal, but it becomes personal data when used by a pharmacy to track medicines dispensed to patients. So all of these data pose privacy and related security risks.
Smart televisions have already been hijacked by botnets. Supposedly secure keyless car tags have been hacked. So an M2M device, for both commercial and privacy reasons, needs to be protected from security threats. Here is a selection.
- Can the device be hijacked so that a false identity and false content will be transmitted?
- Can the device be deactivated so that nil reports will be falsely made?
- Can data transmission be ‘overheard’ so that data are stolen?
- In summary can the device be securely authenticated and on the network the classic elements of security (availability, integrity and confidentiality) assured?
Privacy and Data Protection Risks
If data are personal, in the UK the usual 8 Data Protection Principles apply – especially the rules on fair and lawful processing, data quality and security. Similar rules apply throughout the EU and in many other jurisdictions.
First, there must be no invisible collection. So individuals must be told about the activities of M2M devices and in the case of sensitive data such as health information, individual consent will usually be required.
Secondly, devices can carry out invasive monitoring either by design or as an unintended consequence. Similarly, if the full commercial value of data is to be exploited, it will be analysed extensively. Will profiles of individuals be developed? Do the individuals know what is being done with data from their smart televisions, cars, ovens, refrigerators, gas meters and monitored burglar alarms? One of the lawful bases for this collection and processing must be found in the legislation.
Thirdly, some applications, e.g. Oyster card and vehicle systems – inherently track the movements of individuals. Smart phone apps have been developed for just this purpose. Do individuals know of the tracking? What is its purpose and is it legitimate?
Fourth, some data such as health information require special care. But other data such as food orders might imply religious faith or other sensitive information. Usually specific individual consent is needed to process sensitive data.
First, implement high quality security policies and technology.
Second, be conscious of the privacy risks and give them design priority.
Third, carry out Privacy and Security Impact Assessments before implementing M2M network systems and develop them using Privacy by Design.
Fourth, be aware of the penalties that can be imposed by data protection and privacy regulators.