Trust in the IoT SensAE
I often speak about the need to flexibly provide privacy, transparency, security and convenience with two-way accountability to build trust throughout the Internet of Things and sensor analytics ecosystems (SensAE). These four elements are sometimes treated as optimization problems, with solution providers thinking that they can provide only this much privacy with that much transparency and so much security can only be had with so little convenience. This is incorrect. All must be provided, simultaneously and with the flexibility to allow each entity, human or thing, the capability to select the level of privacy and transparency that each feels is appropriate to each transaction, and to do so securely and conveniently. Only through such a framework can trust be built among all the actors within and among SensAE. Such frameworks do exist, such as the W3C Decentralized ID specification and Privacy by Design. Implementations are available now, as we have written about in The TeleInterActive Press.
One challenge in adhering to such an ideal is that there is confusion about what privacy, transparency, security and convenience really are, within a culture, a demographic and even to an individual. This is why it is so important to provide the ability to each entity within the ecosystem to select the level desired for each transaction.
Privacy is the most slippery concept. Privacy examples may change from person to person, from town to town, from culture to culture. One thing does remain the same though. Privacy is about control, not secrecy.
- Controlling what any one else might know about
- Controlling who can access information about you
- Controlling what others may do without th that information
Transparency covers two main concepts. The first, related to privacy, is determine what information about yourself that you wish to be transparent about. The other concept is that any individual, agency or organization has collected data about you, is completely transparent in how they use, protect and share that data.
Security does have standard definitions involving identification, authorization and access to data, whether those data are stored or in transit.
Convenience is really what pulls all of this together. The ability to control one’s data, to understand the transparency of those who collect such data, and to surround oneself in a secure environment is the key that allows any of this to have an impact.