Java and the Internet of Things
Technology continues to get smaller and faster, and we increasingly find new ways to integrate it into our lives. We've reached a point where intelligent devices and sensor networks can be put in place transparently to collect data without people even knowing it. As a result, a host of new benefits can be offered to consumers in terms of improved efficiency, convenience, and value. This level of integration and ubiquity of computing devices is called the Internet of Things (IoT). The flip side is an increased risk of loss in terms of privacy and security.
White PapersMore >>
- Security Professionals, We Need Your Input: Got 10 mins to spare?
- Salary Survey: Can you spare 10 minutes?
Benefits and Risks
To illustrate the benefits and risks related to the IoT, let's examine a realistic yet hypothetical example. Imagine a potential telematics/user location tracking system that helps you when you embark on a long-distance road trip. The promise of the IoT in this space is about predictive analytics. A truly connected auto navigation system will be able to analyze your planned route combined with real-time data on your car's fuel usage, road, and traffic conditions, and your driving behavior to predict fuel requirements more accurately. With this integration, the navigation system can prompt you to real-time fuel needs, and when integrated with live gas prices from local stations, direct you to the station with the best value. Knowing that you're accompanied by your family, this value may go beyond just price-per-gallon, and may include other add-on services.
The value to you is convenience and savings: no longer needing to guess when it's the best time to fill up. The value to gas retailers is a competitive advantage as their low prices are "advertised" in better context. The auto manufacturer that offers this level of integration in their cars will gain a competitive advantage over others that offer simple navigation without the integration and analytics. The risks are your driving habits can be used in unanticipated ways; i.e., to drive insurance rates, or unsolicited in-car advertising for restaurants along the way, and so on.
Security, Privacy, and Ethics
The IoT introduces new security issues that today's enterprise security measures may not help with. I believe there are three basic forms of benefits and related security risks associated with the IoT:
- Quality of life versus individual privacy and anonymity
- Added value and convenience from common tasks versus unanticipated side effects
- New economic models versus personal security risks
Additionally, direct security risks exist such as:
- The ability to tap a sensor network to steal data
- Intercepting data in transit from remote locations (up bound and down bound)
- Standards create new risks ask they replace proprietary technology
Privacy concerns are paramount in M2M and IoT, probably more so than security. For instance, location data, device data such as address book contacts, voice-to-text services (i.e., Siri and Google Now), text and call activity logs, building and home security data, telematics data, and other identifying data can be used and combined to create a frighteningly detailed picture of a person's daily routines. In turn, costs and availability of services can be adjusted or even denied based on this data.
Potentially the largest risk to consumers in the IoT is ethics. Even after security and privacy measures as built-in, there's a level of trust that users give outside entities. How this data is used may be secure, legal, and otherwise reasonable, but potentially unethical. For instance, Target was recently in the news regarding their advertising strategies. By analyzing the shopping habits of their customers combined with their online behavior (via purchased third-party data, social media, and so on), Target sends customized coupons and print ads to customers, predicting their buying needs with uncanny accuracy. In one recent example, based on the online behavior of a teenage girl, Target's analytics systems predicted she was pregnant before her own father knew.
How Do We Resolve This?
Vendors currently focused on the IoT and its value are also focusing on privacy issues. It will be interesting to see how this area of the industry is potentially regulated, or at least watched, as technology grows more prevalent in our lives. We've already seen the fallout that can occur when applications, such as Path, gather address book or other data without a user's permission. Google and Apple have had their fair share of trouble in this area as well.
Java as a platform is a good starting point for the IoT in terms of its ubiquity (it runs on servers, desktops, laptops, and embedded devices of varying sizes), as well as its built-in security and encryption technology. Given that it makes it easier to do embedded development (you don't need to worry about porting your otherwise native code across platforms), Java allows you to focus on key application features. Two of these ought to be increased security and data privacy, especially as technology becomes more connected in our homes, cars, and ultimately, our lives.