Andy Greenberg was cruising at 70 mph (113 kph) when the connected car he was driving suddenly began blasting frigid air, hip hop music and wiper fluid. He wasn’t even touching any of the controls — but he was being hacked.

IoT Morality 07-27-2015-A.jpg
“Often the morality question comes too long after [the hype and implementation],” Josh Oakhurst said.

“As the two hackers remotely toyed with the air-conditioning, radio and windshield wipers, I mentally congratulated myself on my courage under pressure,” Greenberg stated last week on WIRED.com. “That’s when they cut the transmission.”

Connecting cars, medical instruments and other devices to the Internet can prove very useful, alerting experts and authorities when lives and systems are in danger. But security breaches, such as the one that left Greenberg powerless behind the wheel, illustrate the need to look beyond the hype, examining far-reaching implications of the Internet of Things (IoT).

Just Because We Can Doesn’t Mean We Should

“Often the morality question comes too long after,” Skookum Digital Works CSO Josh Oakhurst said in The Denver Post last week. “We should think about what should be connected, what data should be transmitted from our daily lives.”

Not every portable object needs to communicate with other devices, The Denver Post noted, and users don’t always employ the numerous security solutions that are already available for IoT devices. There are also privacy issues associated with wearable devices that gather personal data.

Fitbit data showed up in court to help an injured personal trainer show she is less active,” The Denver Post stated. “It could also go the other way.”

Making the Rules

Even if we focus only on the positive, devices could use this personal data to predict how we might behave, determine whether or not we’re injured, or just recommend we take umbrella when we leave the house, computer science Prof. Peter McOwan stated last year. That means doing more than just setting boundaries for devices.

“Intelligent devices also need some understanding of these rules for us to be able to interact with them as naturally as possible,” McOwan said. “Once a device is able to offer opinions or take actions as well as carry out its main function, we start to consider it differently.”

Greenberg was in on the hack that shut down his ride at highway speeds. But the incident highlights the need to set the ground rules for IoT morality and ethics now — while we’re still in the driver’s seat.

Follow Derek on Twitter: @DKlobucher

More From SAP Business Trends:

7 Tips to Bring Morality to Your Big Data Program

Do Your Big Data Decisions Reflect Your Company Values?

Big Data Trends Questions

To report this post you need to login first.

16 Comments

You must be Logged on to comment or reply to a post.

  1. Deepak Kumar Khandual

    The gadgets are made to make human life comfortable and easy. But if we look from other perspective, the gadgets are making us dependent on them very badly. We as human need to decide what IoT gadgets can do bare minimum things to make our life easy and not dictate us.

    (0) 
      1. Deepak Kumar Khandual

        Derek, I feel that this IoT should be restricted to Companies or Organizations only for doing their day to day operations and there by making the operations more lean oriented.

        I am very much concerned about its usage at personal level. Well, before I say anything further I must say that I am a good person with sound state of mind and I am socially well also 🙂 . I am worried about what will happen if somebody hack my smartphone and laptop and steal my data and it would be a nightmare if they can see though my smartphone and laptop cameras 😯 and also hear the conversations. And moreover they can follow me continuously all the time if they want without me aware of it at all. Very much horific, is not it?

        So what basically I want to say is this IoT should not be focussed at individual level but should be for use in Organizations only 🙂 . What do you say Derek?

        (0) 
        1. Derek Klobucher Post author

          It’s up to individuals as well as organizations to act responsibly, Deepak. To paraphrase my blog post, just because we can share and collect all of this data doesn’t mean we should.

          Individuals must be responsible about what they share, just as organizations must be responsible about data and software security. Otherwise we could end up with our cars hacked — and our breaks disabled, which happened in the WIRED.com story.

          As one expert told The Denver Post, “Plan to put security at the front.”

          (0) 
  2. Gretchen Lindquist

    I chose to use a fitness app on my smartphone that allowed me to opt out of being connected socially. The last thing I need or want is an insurance company getting that data.

    Thanks for the food for thought.

    Gretchen

    (0) 
    1. Derek Klobucher Post author

      You’re welcome, Gretchen. Your comment brings up a good point about incentives.

      Would we feel differently about sharing our exercise data, for example, if insurance companies offered us lower premiums? And how could we incentivize organizations to take the aforementioned moral and ethical imperatives into account as they develop IoT solutions?

      (0) 
        1. Derek Klobucher Post author

          It sure is, Matt. In fact, it has been for years (my apologies for not better wording that question).

          And I love All Tech Considered. 🙂

          But what about getting organizations to make IoT morality a higher priority? Is there a better way than shaming companies with embarrassing hacks, as the WIRED.com folks did?

          (0) 
      1. Jelena Perfiljeva

        Wouldn’t it be good time for the Big Bad Government to step in? I wouldn’t really rely on the for-profit businesses to police themselves in such matters. Although with all those NSA scandals the government is not doing that well either… So I guess we’ll have to keep some foil handy just in case. 🙂

        (0) 
        1. Derek Klobucher Post author

          The question of who gets the final say after all of this introspection has been on my mind this I began writing this blog post, Jelena. It could be the individual organizations, professional groups, ANSI, government regulators or a combination of thereof.

          It’s tempting to disparage government regulation, but most data- and technology-driven corporations have more data on their customers than governments have on their citizens.

          😉

          (0) 
      2. Gretchen Lindquist

        Derek,

        I don’t know, I’m a bit leery of where this is going. The insurance company that gives me a discount today ( “Wow, 30 days in a row for >10,000 steps! Congratulations, Gretchen!”) could turn that into a penalty/ surcharge just as easily ( “Alert: we do not see any health insurance claims for this week, and yet you have not exercised at all. Get moving or face a surcharge on next month’s premium.”).

        I, too, like Jelena Perfiljeva do not trust for-profit companies to self police. Maybe it is the industry experience I have, but I would rather have regulations in place before going there.

        Gretchen

        (0) 
        1. Derek Klobucher Post author

          I suspect you’re in good company, Gretchen. Anyone looking for reasons not to trust for-profit organizations to police themselves needn’t look beyond the financial crisis of 2008.

          😉

          (0) 
  3. Matt Fraser

    Just to throw in another real-world example, though admittedly this isn’t an “Internet” hack but rather a close-proximity WiFi hack (but who’s to say some clever individual couldn’t bridge that gap?), here’s the case of a “wired thing” device in which the manufacturer does not appear to have given due consideration to access security.

    Hackers Can Disable a Sniper Rifle—Or Change Its Target | WIRED

    “Change its target?” Now that gives me pause.

    (0) 
    1. Derek Klobucher Post author

      Rightly so, Matt! This is pretty scary, especially when we consider how much money is at stake with the computer — and what else could be at stake with the sniper shot!

      But responsibility may go beyond the manufacturers. An expert told The Denver Post that he didn’t blame Chrysler for the WIRED.com hack: “It’s more a matter of technology moving faster than what we’re ready for.”

      (0) 
  4. Martin English

    In the Internet of Things, who is responsible for monitoring / securing your data ?

    If you dig a bit deeper into the Jeep hacking case, you find that the first vulnerability was in the Uconnect system, that links to the Internet via a cellular connection through Sprint, also creating a WiFi hotspot in the car. So who is responsible (either legally or morally) for any ill effects ? In the current situation, Fiat/Chrysler have notified owners of  ten models, including Ram pickups, Chrysler 200s and Grand Cherokees, of a software update to their Uconnect systems, but this isn’t the answer, even in this case.

    What if these updates aren’t installed ? Does the buck stop with Fiat-Chrysler, the makers of uConnect, the cell service provider, or (worst case scenario) the average joe owner ?

    hth

    (0) 
    1. Derek Klobucher Post author

      These are great micro questions that parallel the macro issues we’re exploring here, Martin. I doubt that any organization — private, public or government — has the drive, stamina and budget to turn this around on its own.

      Everyone has to take responsibility for their part, otherwise the machine breaks down. That means learning about these issues, taking them seriously and acting appropriately.

      The buck shouldn’t stop with the auto maker — or anyone else — because no one should be passing it.

      (0) 

Leave a Reply