A few months ago Alex Deschamps-Sonsino from the Internet of Things design and strategy consultancy designswarm reflected on our right to know if and how a device shares our data with the outside world. I seem to distinctly remember a slide that showed different degrees of compliance with data exchange standards, much in the style of the European energy efficiency label.
Recently Martin Charlier, one of the co-authors of Designing Connected Products asked:
I spent a bit of time sieving through Alex D-S' repository of SlideShares but couldn't find the "energy label" representation. However, in the meantime, Alex posted:
While certainly a great entry point into the discussion, there a various challenges with connected products. I'm coming from a more technical perspective than Alex, so I thought about what I would consider an ideal label for (potentially connected) products in the future.
This is obviously just a first draft, but probably serves well to highlight the three pain points of connected consumer products: Data Demand, Security and Privacy.
Demand. Is your device connected at all? Is it a data hog? Is it rendered totally useless without a functioning Internet connection or is it happy to occasionally talk to a local hub? In other words, does your web-connected thermostat still work when your communication line is down, or does with the Internet also your heating system fail?
Security. This covers how save your device is and how resilient to outside attacks. We don't need to have this discussion if your device is not connected, but different communication technologies come with different risks. And while I'm probably (still somewhat) comfortable that my connected kitchen sink sends an unencrypted "Clean me!" via Xbee, there are certain domains in which I would hope for a physical range limit, proper authentication and encryption. The latter two become especially relevant with new technologies such as low-power wide-range networks, where the receiver of a radio message may be many kilometres away, with plenty of opportunities for an attacker to skim your information. (Needless to say that also your more locally restricted WiFi should be appropriately protected).
Privacy. Assume your data has safely landed in the hands of your device manufacturer. Are you giving your rights away? In an ideal world, you'd be in complete control over which data is shared with whom and what for. Some data I'd share, but only if it's aggregated with other people's data so the individual data point cannot be traced back to me. On the opposite end of the spectrum, many of us don't even know (or care, or feel helpless) with what major player data companies are doing with our information. Do you want to live in a world where you rather not use a device for fear that the manufacturer sells it and your insurance premium might go up?
I'd love to keep this discussion going.