The government is already spying on us through spying on us through our computers, phones, cars, buses, streetlights, at airports and on the street, via mobile scanners and drones, through our credit cards and smart meters (update), television, doll, and in many other ways.
Spying in the U.S. is worse than under Nazi Germany, the Stasi, J. Edgar Hoover … or Orwell’s 1984.
Yesterday, U.S. Intelligence Boss James Clapper said that the government will spy on Americans through the internet of things (“IoT”):
In the future, intelligence services might use the [IoT] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.
The Guardian notes today:
As a category, the internet of things is useful to eavesdroppers both official and unofficial for a variety of reasons, the main one being the leakiness of the data.
There are a wide variety of devices that can be used to listen in, and some compound devices (like cars) that have enough hardware to form a very effective surveillance suite all by themselves.
There’s no getting around the fundamental creepiness of the little pinhole cameras in new smart TVs (and Xbox Kinects, and laptops, and cellphones), but the less-remarked-on aspect – the audio – may actually be more pertinent to anyone with a warrant trying to listen in. Harvard’s Berkman Center for Internet and Society observed that Samsung’s voice recognition software in its smart TVs had to routinely send various commands “home” to a server where they were processed for relevant information; their microphones are also always on, in case you’re trying to talk to them. Televisions are also much easier to turn on than they used to be: a feature creeping into higher-end TVs called “wake on LAN” allows users to power on televisions over the internet (this is already standard on many desktop PCs).
A cyberattack on toymaker VTech exposed the personal data of 6.4m children last year; it was a sobering reminder of the vulnerability of kids on the web. But technology waits for no man. Mattel’s Hello Barbie doll works the same way the Nest and Samsung voice operators do, by passing kids’ interactions into the cloud and returning verbal responses through a speaker in the doll. HereO manufactures a watch for kids with a GPS chip in it; Fisher-Price makes a WiFi-enabled stuffed animal. Security researchers at Rapid7 looked at both and found that they were easy to compromise on company databases, and in the case of the watch, use to locate the wearer.
Yves Smith has the definitive comment on Clapper’s statement:
Oh, come on. The whole point of the IoT is spying. The officialdom is just trying to persuade you that it really is a big consumer benefit to be able to tell your oven to start heating up before you get home.
Personally, I’m a tech geek, and love the latest gadgets and toys. But I don’t want my dishwasher or refrigerator sending messages to me … let alone the intelligence agencies. Despite all of the hype about IoT, I don’t know anyone who does.
Watch out: the CIA may soon be spying on you—through your beloved, intelligent household appliances, according to Wired.
In early March, at a meeting for the CIA’s venture capital firm In-Q-Tel, CIA Director David Petraeus reportedly noted that “smart appliances” connected to the Internet could someday be used by the CIA to track individuals. If your grocery-list-generating refrigerator knows when you’re home, the CIA could, too, by using geo-location data from your wired appliances, according to SmartPlanet.
“The current ‘Internet of PCs’ will move, of course, toward an ‘Internet of Things’—of devices of all types—50 to 100 billion of which will be connected to the Internet by 2020,” Petraeus said in his speech. He continued:
Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters—all connected to the next-generation Internet using abundant, low cost, and high-power computing—the latter now going to cloud computing, in many areas greater and greater supercomputing, and, ultimately, heading to quantum computing.
The Guardian notes:
Just a few weeks ago, a security researcher found that Google’s Nest thermostats were leaking users’ zipcodes over the internet. There’s even an entire search engine for the internet of things called Shodan that allows users to easily search for unsecured webcams that are broadcasting from inside people’s houses without their knowledge.
While people voluntarily use all these devices, the chances are close to zero that they fully understand that a lot of their data is being sent back to various companies to be stored on servers that can either be accessed by governments or hackers.
Update: The highest-level NSA whistleblower in history (William Binney) – the NSA executive who created the agency’s mass surveillance program for digital information, 36-year NSA veteran widely regarded as a “legend” within the agency, who served as the senior technical director within the agency, and managed thousands of NSA employees – read this post, and told Washington’s Blog:
Yep, that summarizes it fairly well. It does not deal with industry or how they will use the data; but, that will probably be an extension of what they do now. This whole idea of monitoring electronic devices is objectionable.
If forced to buy that stuff, I will do my best to disconnect these monitoring devices also look for equipment on the market that is not connected in any way
Postscript: As security expert Bruce Schneier points out, the entire concept of the IoT is wildly insecure and vulnerable to hacking.