So far, smart things have proven to be pretty stupid. In their rush to get intelligent fitness trackers, mattresses and Christmas tree lights to market, developers just aren’t paying enough attention to privacy and security issues. That oversight now seems to be slowing consumer adoption.
According to an Accenture Consulting survey released earlier this year, growth in connected devices has been slower than expected, a finding partly explained by a perceived lack of value and confusion caused by competing and incompatible standards. But 47 percent of respondents cited privacy and security concerns as a reason they’re not buying more IoT products.
That’s bad news for everyone. The Internet of Things will transform our homes, cars, cities, office buildings and infrastructure by adding digital intelligence, creating smart devices. According to its promoters, the IoT will customize our experiences, simplify our lives and greatly improve the efficiency and sustainability of modern life.
With all that potential value to society, it’s no surprise the IoT has attracted investors and entrepreneurs around the world. Already, the IoT market is generating $200 billion in revenue, a number expected to triple in the next 10 years. Market research firm Grand View estimates the IoT could be a $2 trillion industry by 2022.
It’s not just start-ups. In 2014, Google paid more than $3 billion to acquire smart thermostat start-up Nest, and the company has since built a formidable home automation business around it. Broadband providers including Comcast, Verizon and AT&T, likewise, are all investing heavily in IoT.
But consumers have been slow to adopt connected devices, put off, perhaps, by embarrassing security breaches. As recently as 2015, for example, researchers found most of the Internet-connected baby monitors they tested to be woefully unprotected. Parents reported strangers screaming at their children and posting live video of sleeping babies on a website showing feeds from a thousand insecure cameras.
In October, hackers using hijacked connections temporarily crashed websites that included Netflix, Twitter and Spotify. While such attacks are not uncommon, this one marked the first time malicious software took over not unsuspecting computers but other connected devices, specifically older-generation industrial security cameras and DVRs, most made by a single electronics company.
In an experiment launched soon after the security camera takeover, Atlantic editor Andrew McGill created a virtual smart toaster he connected to the Internet with an obvious user name and password. Within an hour, it had been hacked.
Some recent IoT breaches may have been orchestrated by so-called white hat hackers — security experts hoping to expose the poor practices of connected device manufacturers.
And while the most recent attacks haven’t involved newer home automation hubs such as Amazon’s Echo or Samsung’s SmartThings, the ease with which attackers seem to co-opt everyday objects to do their bidding has surely added to growing uncertainty about IoT devices, especially those that control door locks, medical equipment and autonomous vehicles.
Marketing professors Donna Hoffman and Tom Novak, who direct the Center for the Connected Consumer at George Washington University, believe more general misgivings are already slowing adoption of IoT applications.
Smart devices, according to Hoffman and Novak, will benefit consumers by taking over mundane activities such as paying the cable bill or reordering cleaning supplies. But in transferring “agency, authority and even autonomy” to these gadgets, we change the nature of our relationship to them. The more intelligent things become, the more we tend to interact with them as sentient beings with their own personalities and experiences.
Hoffman and Novak even argue that it’s not too soon to start thinking of connected objects as consumers in their own right. After all, Amazon.com’s Dash replenishment service already enables washing machines, pet feeders and water pitchers to reorder detergent, food and filters on their own. “In the short run,” the professors said, “this has disruptive implications for how, or even whether, consumers will search for products, compare prices and evaluate reviews.”
(Jeffery P. Bezos, Amazon’s chief executive, owns The Washington Post.)
Given the security weaknesses in some of today’s devices, that’s cause for serious concern. So far, our smart things don’t exhibit very good judgment. What if our possessions are told by advertisers to buy certain products or avoid others? What happens when your house, under pressure from the electrical grid, decides it knows better than you do what temperature to keep the house or how high to turn the lights?
The failure of manufacturers to responsibly address security has also caught the attention of regulators, notably the Federal Trade Commission. In 2015, the agency released a report urging industry-wide adoption of security best practices.
The FTC has already extracted settlements from several IoT manufactures for failing to protect user data. But in response to the recent incidents, some lawmakers have called on the agency to issue more specific IoT regulations and for Congress to pass legislation giving the agency authority to oversee the industry.
If IoT manufacturers and programmers don’t collectively get their act together, they may find themselves forced to work with a one-size-fits-none set of rules passed and enforced at the leisurely pace of governments. That will surely slow already sluggish consumer adoption, and raise even more anxiety among potential IoT users.