In a brief aside during a Senate testimony on overall national security this week, U.S. director of national intelligence James Clapper justified the privacy and security advocates who have warned of the implications of the Internet of Things (IoT) since before it was a buzzword.
"In the future, intelligence services might use the [Internet of Things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials," Clapper said, according to The Guardian.
Of course, the IoT could be a great tool for almost all of these purposes. The simple fact that even seemingly benign smart home devices, like the commonly referenced Nest thermostat, send data to the cloud means they can at least reflect patterns on the user. If IoT device data can be intercepted, it can give investigators an idea of when a suspect or target is home and the kinds of activity they engage in. That same opportunity is available to criminals who would use that data to identify a potential target.
The only claim in Clapper's comment that might be questionable is that of using IoT devices to gain access to a network. That depends on the kind of network the device uses to connect to the internet, which, at this relatively early stage in the IoT's development, can be any of a whole bunch of options.
Many smart home devices currently connect to the same Wi-Fi network as the smartphone or laptop, but more and more companies are looking at alternative networks. I recently wrote about one option, called Sigfox, which uses very low-bandwidth networking technology to preserve battery life on internet-connected devices. Gaining access to a device operating on this network, which would be difficult in and of itself, wouldn't grant access to the broadband network that a surveillance target would use for anything of value, like communications, because it can't even handle any of that data. The privacy-minded IoT user (which, admittedly, seems like a paradox) likely wouldn't connect their smart home devices to their home Wi-Fi network, as long as alternatives are available.
However, many smart home devices still connect to the Wi-Fi network, making them a gateway to more valuable data for the time being.
Beyond that, surveillance and identification might become easier as internet-connected cameras become more prevalent. Savvy spying targets may not be dumb enough to install an internet-connected camera without changing the easily available default login credentials, but a whole lot of other people do. Even small businesses like coffee shops are prone to this mistake, leaving their video feeds available for accessing and sharing by everyday hackers, let alone those working in intelligence for the federal government. Simply stopping for a cup of coffee could leave you vulnerable to surveillance, theoretically.
Anyone who has followed the IoT already knew what Clapper said. He just confirmed it – as the IoT grows, it may become impossible to avoid exposure to technology that can be used for surveillance.