Intel Looking to Move Smart Home Market Forward by Addressing Consumers’ Security and Privacy Concerns

The Key findings from this release were shown to be: 

 

 

“Smart homes and their associated data have the potential to improve consumers’ everyday lives,” said Steve Grobman, chief technology officer for Intel Security. “The survey shows that many individuals would be comfortable sharing that data for a price, but they are still understandably concerned about cyberthreats. Security has to be foundational to the Internet of Things and when done right, it can be an enabler of IoT.” 

 

Having read the press release and looked into the survey in more depth, two things were clear highlights: 

 

 

Another key point was that the survey was a global one, not simply limited to the leading consumer economies it gathered responses from 9,000 consumers in Australia, Brazil, Canada, France, Germany, India, Mexico, the United Kingdom and the United States, thereby encompassing a breadth of consumer attitudes, expenditure and cultural preferences. 

I think that it is important to be clear that in general this appears to be more focussed on an assortment of connected devices rather than an integrated smart home platform; this is worth bearing in mind as it affects how devices are set up, how consumers perceive a smart home, how they are managed and accessed, etc. Integrated solutions will become available but at this moment in time smart homes typically consist of a fragmented bundle of devices and apps to connect them. 

 

So what is P.A.ID Strategies’ take on this?  I believe that as smart home technology, in the form of connected devices, become more common and increasingly available at affordable price points, consumers are becoming more aware of the point that these are not simply devices that perform a set of functions or give access to a service. Much as they are aware that Facebook, Google and other platforms are available for free because they look to use and monetise the consumer data, consumers are aware that many smart home solutions may do the same. However, they don’t appear to mind because consumers are now aware of the value of their data. Do they want to pay a monthly fee or service cost or do they want smart connectivity around their house, to improve the quality of their lives for free? It is the same as for online search and social networking. Consumers see the value in the service, it makes them feel better, it connects them to friends, family and peers, it saves them time and therefore they agree to give access to at least some of their data in return so that companies can look to personalise their services or sell further products to them. 

 

We see that the same applies to smart meters and thermostats which can make homes more efficient and save money, or smart appliances that can save time or provide a short cut to order your groceries, or smart TVs and speakers that have virtual personal assistants providing infotainment updates, cars that navigate around traffic jams, lighting and access control that make people feel more secure. Consumers are increasingly aware that this generates a mountain of data on them but the trade-off, in terms of cost savings, efficiency and choice are generally deemed to be worth it. 

 

That is, it is worth it until it goes wrong.  With so many hacks and breaches being reported in the news it is no wonder that consumers are not just aware about how their data is used, but more importantly they are concerned as to who has access to it and what it is used for. I would say that (for most people) the sharing and use of personal data is fine for consumers; until it goes wrong! As soon as a company fails to protect the information submitted, collected and held then the trust that a consumer places in it, its products and its services is broken – and once that happens it is very difficult to rebuild. Such a breach doesn’t just affect that one company or product, it affects all of them, hindering further adoption as consumer confidence fails. 

 

It is not just external threats and hacks that are the issue. The addition of artificial intelligence (AI) and virtual assistants adds the risk of intrusion to privacy by companies possibly being over-eager, or designing poor implementation, with data being recorded and stored as part of the service delivery process. AI, machine learning and sensor networks in a smart home (and car, office, mall, etc.) environment will mean that it may not even be specific devices in 2025 that we are protecting and or interacting with. Voice and gesture interaction, combined with Cortana, Siri and their peers from Amazon, Sony and others will have a big impact on user behaviour, data and analytics. Can these solutions be selective? Can they recognise between different users? Can children be protected and also be prevented from ordering two years’ worth of ice cream all in one go? Consumers realise that these services have benefits but there is a line between convenience and “always on” and feel being spied upon and having their privacy intruded upon. 

 

P.A.ID Strategies’ opinion is that there are some features that can be added to reduce these risks and fears but there needs to be coordination and standardisation in terms of approach, implementation and management. Not everything can be accessed and managed via a single device. Smartphones or a tablet are obvious ways of doing this but devices need to be activated and registered to a user and to services. Home networks are not standardised and adding remote access and the cloud also requires further security. How will these devices be added and registered? As they grow in volume and variety it is unlikely that everything will have its own built-in security – as much as we would want it to the extra cost means it is not always practical to do so. Keys, usernames and passwords are okay for now but already it is clear that this is not suitable, if for no other reason than consumers cannot remember all the ones that they already have. 

 

I think nearly everyone on the industry side is in full agreement that passwords are dead; I simply do not see how they can continue to be relevant in the type of environment being discussed here. Biometrics certainly have some benefit and if no extra hardware is required then they are cost effective too. Voice works well for some applications, especially if dealing with virtual assistants and a key phrase can be used for activation, to wake up the device from a dormant state, thereby reducing some of the privacy fears. The addition of behavioural analysis is likely to be a big thing in 5-10 years’ time. Integration with smartphones in the meantime, and more so with wearables in the longer term, gives a personal, hardware based means of authentication and verification for users, as well as control and interaction with devices, home networks. 

 

Survey respondents were universally worried about potential security threats from smart homes, with 92 percent expressing concern that their personal data could be hacked by cybercriminals. Yet in a testament to innovative security, almost as many respondents (89 percent) said that if they lived in a smart-home, they would likely prefer to secure all their smart devices through a single integrated security package. A secure gateway and hub will appeal and likely there will be a form of permission based access granted should someone need outside access to run diagnostics, a digital service, upgrade or similar. I was recently speaking with a company which has a system for banks and digital financial services and made the comment that I could see it being applied in a future smart home environment. This was not something that they had considered developing yet but they agreed that this could be a new area of business for them in the future. 

 

This is an area that Intel is putting effort into, to form an industry consensus and agree more standardised approaches to reduce fragmentation (and potential confusion). In conversations following up on the release of the survey findings Intel highlighted that security concerns are increasing as awareness (and adoption) does. It wants to form agreement for standards and/or specifications on the minimum security requirements for smart home devices. It is playing a leading role in the Industrial Internet Consortia and the Trusted Computing Group so that “privacy by design” will be as important as “security by design”. 

 

It is working to ensure that questions relating to what data users are sharing, how is it being protected and who else has access to it are understood and the answers are transparent. Of course, IC and device hardware feature prominently. To simplify things these will likely be closed down so that application or service managers are not required to access and manage devices remotely; this would be expensive and complicated to implement. 

 

During a call to discuss Intel Security’s strategy, four key areas were highlighted that it believes should be implemented in hardware in order to provide a foundation for ensuring consumer privacy and security: 

 

 

The minimum priority would consist of secure boot and EPID, allowing only approved and trusted applications to run at start up (reducing the threat of malware or interference from other applications) and also for devices identity to be allocated and checked as part of a group rather than being individually assigned (allowing easier provisioning, management and updates while preserving anonymity).  Whitelisting technology to block unapproved applications and programs (such as Intel’s McAfee Embedded Control) can be used to complement these hardware capabilities. 

 

These factors, if successfully agreed and implemented will help to ensure that smart homes meet consumer expectation without the drawbacks and risks currently being discussed. Not all devices are likely to have adequate security within them and further moves to introduce smart and secure hubs, for example a WiFi router or a set-top box, could compliment by detecting and preventing spam (in-going and out-going), unapproved access, connections and transmission of data by acting as a gatekeeper. It is encouraging that a company like Intel is positioning itself in such a manner as to help overcome these concerns as part of a wider consensus. 

 

Smart home is fragmented and it is unlikely that this will be resolved any time soon; it will take time for leading companies to establish themselves and introduce de facto standards. A smart hub type solution could help integrate all of the pieces and I believe it is quite possible that as a consumer we will use cloud-based platforms to connect all the devices, standards and protocols together. I also believe that it is quite likely that basic integration will be free (after all, as discussed above our data is valuable) and that there will be a freemium, paid-for option on top of this to provide additional security and management capabilities to give consumers greater peace of mind. Similar to how Cyanogen allows smartphone users to control the permissions and access granted by the user to certain apps and users, there is possibly even greater need to be met in the smart home sector to deliver the greatest level of comfort and control. 

 

P.A.ID Strategies addresses smart home as part of its Security and Connectivity market coverage. For more information please contact us.