Based on the privacy panel at this week’s Consumer Electronics Show (CES), it would seem that the data scandals of the last few years have finally elevated data protection and privacy within the tech community. Apple and Facebook each tried to ‘out-privacy’ each other in response to rising consumers’ demands for data protection, with a panel focused on big reveals of new privacy options. But this is not the whole story. From ‘rapid DNA’ kits to the full spectrum of surveillance tech, if the CES is a leading indicator, the tech community remains focused on building hype with media-grabbing gadgets and minimal concern for the security and privacy implications.
Reframed by one Chinese media outlet as the Consumer Surveillance Show, the broad range of health, location, biometric, and general surveillance data collection capabilities at CES highlights the dominant role of connected devices in driving emerging technologies. With connected devices topping 25 billion and expected to exceed 50 billion by 2030, it’s no wonder the internet of things (IoT) dominated this week’s show.
Each of these devices captures unprecedented amounts of data on the over four billion (and growing) internet users across the globe. The datasphere is expected to retain a steady growth pace, with some predictions of it reaching 175 zettabytes by 2025, and half of it stored in public clouds. But while the velocity, volume, and variety of data continues to grow, there has been significantly less growth in securing the data and building in privacy by design.
This may seem counterintuitive given the privacy-centric tech manifestos that proliferated across op-eds and corporate blogs over the last few years and was on display at CES. These marketing strategies reflect both a growing consumer demand for data protection, as well as the shifting regulatory landscape ushered in with the European Union’s General Data Protection Regulation (GDPR) and now the California Consumer Protection Act (CCPA). Unfortunately, the latest privacy-branding fad often amounts to privacy-washing, where tech companies market greater consumer control while still vacuuming up data.
A quick glance at some recent headlines highlights the ongoing drumbeat of breaches that increasingly link to IoT devices and apps. Smartphones remain a popular target, from global malware campaigns of advanced persistent threat groups (APTs) to domestic abuse stalkerware. Leaked geolocation data from wearables led to a military ban of these devices following several data leaks that revealed military personnel and base locations. Home cameras leaked data on thousands of consumers, while an exposed bug in drones revealed the ability to access user accounts, including photos and videos. Third-party access to APIs and apps also remains an ongoing source of data breaches. And of course, there is the infamous example of how a connected fish tank was hacked to access data in a casino.
But all is not lost. Markets respond to consumer demand, and the great privacy awakening is just getting started. With U.S. federal policy and governance in a quagmire, many companies are moving ahead on their own to ensure data is protected. DevSecOps—where security is integrated early into the development cycle—is gaining traction thanks to both data compromise trends as well as the growing reliance on secure software to derive business value. For instance, robotic process automation (RPA) adoption is approaching ‘near ubiquity’, which in turn necessitates the security of the processes and data flowing through them to optimize business value. Privacy engineering and privacy by design are also gaining traction thanks to additional incentives from the GDPR.
As the flashy gadgets continue to dominate this year’s CES, there is a growing need to integrate the security and privacy of the data that remains core to these innovations. We are still early in the privacy awakening and hopefully, next year’s CES will display greater awareness and integration of end-to-end data protection across the latest gadgets. Until then, be sure to wade through the security and privacy settings on all of your devices, from your smartphones to your smart televisions and everything in between.