Best Practices for the Implementation of the Privacy by Design Concept in Smart Devices

Both the terms ‘Internet of Things’ (IoT) and ‘Privacy by Design’ (PbD) were coined back in the 90s. The original idea behind PbD is to weave privacy into the very fabric of IT systems, networked infrastructure, business processes and design specifications; for that to happen successfully in the context of IoT, manufacturers of Internet-connected devices need to build privacy into their products from the ground up and at the outset of the developing process. In essence, the PbD is based on adherence to the 7 Foundational Principles of Privacy by Design:

Dr. Ann Cavoukian – the founder of the Privacy by Design concept – explained in a 2016 report that “by embedding or coding privacy preferences into the technology itself, in order to prevent the privacy harms from arising,” the PbD will achieve its goal to protect personal data and privacy at all stages of a product’s development process.

Nowadays, IoT is on the verge of becoming ubiquitous. San Jose, California has plans to create a smart city that will use transit vehicles and an infrastructure full of smart sensor appliances and technology with the ultimate goals of improving of safety, mobility and optimization of the transit system. The creators of this project claim it will deliver the “smart city” experience in a safest and most user-friendly way. Do they plan, however, to achieve that through the PbD approach?

Cyberattacks against smart infrastructure do not remain in the sphere of science fiction; on the contrary – there have already been cases of compromised cameras, printers, weighing scales, doorbells, home routers and even connected fish tanks. Two examples of IoT products that have well-documented security issues – the lack of encryption and weak authentication mechanisms – are D-Link cameras and TP-link Smart Plugs.

Due to the boom of smart technology, the (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Dimitar Kostadinov. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/8uVe5PfLOvc/