Risks, opportunities and relying on computers
The Internet of Things (IoT) is becoming part of the everyday fabric of our lives with what is termed ‘ambient computing’. But it brings many of the same challenges we all face online. Regular reports of data breaches and Cambridge Analytica’s activities have brought this into focus recently. Privacy and security are key considerations when connecting to the wider web.
Regarding privacy, designers must ensure systems specified in buildings respect GDPR (general data protection regulations), and prevent harvesting of personal data without consent. In domestic situations this is relatively straightforward, as a homeowner is required to sign up to a vendor’s terms and conditions when registering.
In commercial buildings, privacy is more complex as systems are designed to enhance an occupant’s experience of a space; for example a network of information display screens around a building that can tailor displays for nearby occupants by detecting their mobile phones. These systems know who the occupant is and require them to ‘opt-in’ to be tracked. Further issues arise with connected systems and other functionalities use the user’s data. If a user hasn’t opted into these other systems (perhaps an app-operated locker) this would be a breach of the GDPR; so building operators must consider the functionality they want to achieve and what data is required when setting a brief.
Designers must ensure systems specified in buildings respect data protection regulations and prevent harvesting of personal data without consent
Security is a highly specialised field and there is no common standardised communication method for IoT devices from a single regulatory body. This means there is a layer of integration between a device and a system – posing potential security risks. In commercial projects, systems are generally designed to connect to a network that has specific security requirements. As the number of systems increases, the maintenance burden rises to keep software up to date and ensure no weak points occur. The IT system design must also be more closely aligned with the overall design for its building. Historically, the active IT equipment that drives a building’s data network has been procured outside the main contract for a project, but as ambient computing causes systems to converge, integrated approaches are required.
Domestic security can be a larger issue as homeowners seldom take all the necessary precautions to protect themselves. When proposing smart devices – such as learning thermostats, lighting controls or smart meters – for a dwelling, we advise that two wi-fi networks be used. One is to connect the IoT devices; the second would handle all traffic from personal devices that may handle banking and payment details, such as phones, laptops and media hubs .
Domestic systems, then, pose less of a privacy risk but may be more prone to compromises in security. In commercial systems security will be robust, but privacy issues are more complex to avoid artificial breaches of the GDPR.
Opportunities in the use of ambient computing are exciting. But we need to ensure security and privacy are carefully considered in system design, so we can confidently employ these impactful technologies.
Dan Cash is senior engineer at Max Fordham