Stacey Higginbotham - Journalist - As we add the internet to more devices, we're also making more information about ourselves available online. Not necessarily to the public, but to family, marketers, and even law enforcement. What are we sharing? With whom? And what should we do about it?

1. We Know What You Did Last Summer (and Last Night)
stacey@staceyhigginbotham.com
@gigastacey

2. This is my house
It knows a lot about me

3. Trends working against privacy
• The cost of sensors is falling (Everything is collecting info)
• The cost of storage is falling (Everything is searchable)
• The cost of connectivity is falling (Everything is online)
• Cost of machine learning is falling (Computers can make
trivial decisions)
• Our legislative resources are fragmented
• Consumers are cheap and their individual data is worthless

5. Some exciting examples from life on the edge
• The maker of a sex toy called We-Vibe, failed to disclose that its Bluetooth-
enabled vibrators collected and recorded certain personal information from
consumers. It settled for $3.75 million
• Bose is being sued in Chicago by a consumer alleging that it uses an app to
collect the listening habits of its customers and provide that information to third
parties— without the knowledge and permission of the users. Bose denies this.
• VIZIO, a maker of a smart television set, settled this year with the FTC, after
the agency accused it of linking demographic information to second-by-second
information about video displayed on the smart TV. VIZIO sold this information
to third parties.
• Police seek Amazon Echo data in a murder case

6. Now let’s get personal ….
• How was your baked potato?
• Who was in your bed last night?
• Stalking my husband with the Tesla app.
• A Fitbit that knows you are pregnant?
• What about your geolocation data?
• Your ISP knows exactly what’s on your network.
• Law enforcement tapping into your IP camera

8. Defining the challenge
• Things connecting to things
• People connecting to things
• Things connected to roles
• People who swap roles
• Is anonymity a sham?

9. Things connected to
things
• Should your sleep sensor talk to your
dishwasher?
• Should your car talk to your door
locks?
• Should your Wi-Fi-enabled Brita
pitcher talk to anything?
• In its version of Weave, Google has
experimented with setting limits on
what devices can talk to others.
• To improve security Chamberlain is
experimenting with using a phone + a
car to authenticate a garage door
opening.

10. Things connecting to
people
• Only the person who has an app
can talk to a device.
• Many connected device apps don’t
support role-based access
privileges.
• Metadata is still data
• Anyone has control of a voice
controlled device today
• Context is king here
• Nymi’s heart rate band
• Google’s new captcha

11. Things connected
to roles
• Guests in my home get different
privileges
• Parents be able to access a camera
in their kid’s classroom
• Who can tell Alexa to change the
thermostat?
• Insurers getting access to battery
data on a connected smoke detector
• Utilities grabbing connected
thermostat data across a region
during a demand-response event

12. Let’s hear it for role-
swaps
• I may start out as a guest and graduate to
colleague
• How do I de-authenticate my home when I
move?
• What if I get a divorce?
• What if I sell the device?
• What happens when children turn 13 and
COPPA doesn’t apply?

13. Is anonymity a sham?
• Cookie experiment
• Only four pieces of data to de-anonymize you
• Data can dictate pricing no matter who you are
• Uber is the ultimate in case studies about the potential abuse of digital
identities
• PII is a farce, but it’s a legislative standard

14. And about that legislation …
• Wiretap laws in the U.S. and abroad
• FTC oversight
• The Privacy Act of 1974
• HIPPA
• FCC regulations about ISPs selling data
• Local privacy and data disposal laws
• EU’s Data Protection Directive
• Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)

15. Consumers don’t like their
data being sold
-chart from a 2015 Altimeter Group study.

16. So what do we do?
• Businesses should be transparent about data policies
• Businesses and governments should adopt standards that protect
data
• Businesses should make it easy to de-authenticate a device/person
• Industry should develop a way to educate consumers about their
data
• Governments should step up to regulate privacy in a connected era
• Companies like BitMark and Neura are trying to monetize user
privacy

17. Stacey Higginbotham stacey@staceyhigginbotham.com