Designing security into the Internet of things

[Commentary] What I and many others are suggesting would probably extend existing Consumer Protection and Data Protection Acts around the world, because they often assume a process of publishing that is straightforward: Data gets published or gets posted. Yet, in the internet of things, we might have lots of different directions, platforms and owners involved in any given interaction.

The firmware provided, the sensor manufacturer in charge of calibration, the app developers, the data centers, the API developers, social media sites, etc. all will play a role. Here are some ideas for a conversation about what can be done about data rights:

• Consumers should have the right to know what data is being collected about them and why.
• Reasonable efforts should be made to protect confidentiality and privacy of the consumer.
• Explicit permission should be granted from the consumer if a third party or service provider receives requests to de-anonymize the data set

[Alexandra Deschamps-Sonsino is a product designer]