Is IoT undermining our reasonable expectation of privacy?

In the US, the concept of the ‘reasonable expectation of privacy’ came about when the police were considered to have breached the fourth amendment by…

OpenText profile picture

December 18, 20194 minute read

Descriptive text explaining the contents of the image.

In the US, the concept of the ‘reasonable expectation of privacy’ came about when the police were considered to have breached the fourth amendment by wiretapping a public phone to capture a gambling ring. Today, we have a reasonable expectation of privacy in our own person, home, car, office and, to some extent, public places. New data privacy regulations, such as GDPR, have extended this to strengthen the rights of individuals on how their personal data is captured and used.

So what’s the difference between a wiretap on a public phone and gathering evidence from an IoT-enabled device such as a personal assistant like Alexa or a wearable like Fitbit? For all its potential, IoT could easily become an ethical and data privacy minefield for law enforcement.

Are garbage bins spying on you?

In 2012, the City of London had a great idea: it put video screens on its public garbage bins. But unknown to the public, the bins were harvesting information on WiFi-enabled devices to track the movements of their owners. In the first month, over a million unique devices were recorded before the scheme was closed down due to a public outcry.

IoT devices gather a vast amount of data and it is increasingly difficult to ensure that the individual has properly given consent for their data to be captured in this way. The question becomes what rights does the law enforcement agency have to use that data?

GDPR offers both a ‘vital interest’ and a ‘public interest’ basis for processing personal data. It suggests that this means it is ‘necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’. The huge word here is ‘necessary’. The regulation deems necessary as meaning targeted and proportionate to the intended purpose. Say a camera captures a known drug dealer in an area where they haven’t been seen before. Would the law enforcement agency be entitled to retain that information to track the drug dealer?

The answer is likely to be negative. Personal information that’s captured for one purpose can only be used for the initial purpose. Anything else, except in some limited circumstances, has to be considered an unauthorized secondary purpose. Data privacy regulations place an emphasis on data minimization, meaning you shouldn’t keep data you don’t need.

As personal data from IoT devices increases, law enforcement requires extremely tight policies and governance on how that data is captured and stored. In addition, data management solutions are required to ensure the legitimate use of the data as it passes through the system from the initial contact to the final delivery of digital evidence to court.

IoT and the threat of cyber attack

Today, almost any IoT device is vulnerable to cyberattack – even Alexa, Siri and Google Home were hacked simply by shining lasers at them! Many experts believe that IoT now represents the largest cybersecurity risk.

The increasing adoption of IoT-enabled devices, such as body-worn cameras, connected weapons and smart vehicles, is creating a huge attack area for hackers. There are simply too many examples of where an IoT device with limited security has been the entry point for criminals into corporate systems. In some ways – although still incredibly important – data breaches become a lesser problem for law enforcement. Just consider what a malicious hacker could do if they got control of an IoT-enabled firearm!

This year, we’ve seen the first moves to address this situation. In the US, the Internet of Things (IoT) Cybersecurity Improvement Act requires agencies within the federal government, contractors and vendors providing IoT devices to the government to be more transparent in communicating any cybersecurity vulnerabilities associated with connected devices. In addition, the SB-327 law comes into force in California next year to ensure device manufacturers be equipped with ‘reasonable’ security features to prevent unauthorized access, modification or information disclosure.

These are steps in the right direction but it’s important that all law enforcement agencies protect the edge of their network. In effect, IoT introduces a growing number of edge devices that have to be securely provisioned, managed and decommissioned.

The role of an identity-driven IoT platform

An identity-driven IoT platform provides a law enforcement agency with the ability to create and manage a single, central identity for everything that’s attached to your IoT network, including IoT devices, applications, people and other resources.  New devices connecting to the network are immediately identified and, if authentication can’t be established, isolated. You have an end-to-end identity infrastructure that manages access, relationships and lifecycle for every IoT device in use within your organization.

Want to know more about how IoT is transforming all areas of the public sector? Visit our website.

Share this post

Share this post to x. Share to linkedin. Mail to
OpenText avatar image


OpenText, The Information Company, enables organizations to gain insight through market-leading information management solutions, powered by OpenText Cloud Editions.

See all posts

More from the author

Manutan combines digital services with the human touch to delight customers

Manutan combines digital services with the human touch to delight customers

At Manutan, we equip businesses and communities with the products and services they require to succeed. Headquartered in France, our company has three divisions, serving…

4 minute read

Reaching new markets in Europe and beyond

Reaching new markets in Europe and beyond

How information management specialists at One Fox slashed time to market for innovative products with OpenText Cloud Platform Services At One Fox, we’ve driven some…

4 minute read

SoluSoft helps government agencies tackle fraud faster

SoluSoft helps government agencies tackle fraud faster

Fraud, in all its forms, is a pervasive problem, spanning industries and preying on vulnerabilities in federal and state government systems. Each year in the…

3 minute read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.