Data Security Concerns Multiply Amid Calls for Industry to Band Together for Solutions
LAS VEGAS -- Though few consumers suffer a direct impact from widely publicized data breaches, their high level of concern over security is legitimate, panelists said at Integrated Life Day (see 1806050067) at Infocomm Tuesday. Worse, panelists said, they can't do anything about their concerns. Parks research says 75 percent of U.S. broadband households say keeping data and communications safe -- and keeping them private -- are important, and for 23 percent polled in Q4, those concerns are a barrier to buying smart home products. “Consumers’ data is regularly being exposed,” said Parks analyst Patrice Samuels. “If consumers cannot trust us to keep their data secure, or to handle it responsibly, then we’re not going to be able to harvest all the valuable potential that data can bring.”
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
A recent convert from the camp that data breaches are “overhyped,” LevelUp Your Home CEO Jennifer Mallett said it’s hard to miss headlines, “and when the FBI recommends that people reset their routers, which happened last week, it sounds like we’re a little unprepared for all this change in technology.” Agreeing, Cirrent CEO Rob Conant said there’s “nothing actionable” for mainstream consumers to do when they hear about data breaches, “so it creates a fear with no action attached to it. It’s like terrorism; what are you going to do?” It’s an industry problem, said Conant. Though the companies Conant works with care about security, that doesn’t necessarily translate to wanting to spend money on it, he said.
Conant gave the example of a consumer buying a “cheap” smart plug on Amazon from an unknown brand. “I put that on my home Wi-Fi network,” he said, and in a worst-case scenario, “that smart plug might log into my router using a user name and admin password that’s the default on my router,” he said. That could let someone get into the network “and do whatever they want.”
Harman’s Paul Zielie, manager-enterprise solutions, sees an “incredible amount of vulnerability in the way products are developed now” that traces down to a Linux or Android computer deep in the stack. That’s different from products from a decade ago with embedded operating systems, he said: There wasn’t a “prize pool” for someone to target those.
Panelists generally agreed industry ratings or standards are needed for security in smart home products, but differed on how to get there. Mallett suggested a system like a Whole Foods rating system for organic foods applied to product security levels. Zielie said regular vulnerability scans and product reports are discouraged by marketers fearing it will read like the company’s products aren’t secure. Infocomm is putting together a soon-to-be-published industry best practices and security standards, said Zielie. He also expressed support for a UL-type safety testing effort, similar to efficiency ratings for computer power supplies.
Mallett cited recent privacy notices that flooded email boxes as a result of the EU’s general data protection regulation and noted the different responses customers have to privacy. Sharing data in exchange for better features or service might be worth it for one customer to have the convenience of a thermostat and blinds working together, she said. Another client might feel data collection is “creepy,” she said.
It's time for the connected device industry to get a standard for privacy and security, Zielie said, yet efforts have been few. "I don’t see the banding together of TV watchers to build a security standard.” A standard would have to be voluntary and marketed and backed by an association, he said. Conant doesn’t see the industry coming together to create standards, and he cited the questions Facebook CEO Mark Zuckerberg received in Congress (see 1806060026) as evidence government officials “can’t get their arms around how this technology works and how to effectively regulate it.”
ISPs are recognizing “their customers are uncomfortable,” said Conant, and they will also begin providing security solutions. Product companies with big brands will try to protect themselves on the security side, but lower tier companies will do the minimum they need to do to get products on the market, he said. “I don’t see them stepping up to make substantial changes. It’s going to be consumer-driven, profit-driven and market-driven.”