Protect state consumers’ personal data with a ‘no’ vote

Times Union: Protect state consumers’ personal data with a ‘no’ vote

By Tim Sparapani

“We live in a world where nearly every “thing” soon will be connected to the Internet, thus virtually connecting to each other and to us. The aptly named “Internet of Things” holds tremendous promise.

For Consolidated Edison in New York City, the IoT means the ability to connect more than 4 million electricity and gas customers to a smart grid and support New York’s efforts to cut carbon emissions by 80 percent in the next 32 years. In the Capital Region, the town of Clifton Park has installed 14,000 smart meters as part of the state’s energy efficiency program. For the city of Buffalo, a “smart” recycling tote that has sensors attached to the underside of its lid can send data over a wireless network so that refuse collectors can monitor when the tote is full to improve the efficiency of recycling routes.”

>> Read more

New bill would set a dangerous precedent for cybersecurity in Illinois

State Journal-Register: New bill would set a dangerous precedent for cybersecurity in Illinois

By Paul Paget

“We live in exciting times when Internet-connected products are enabling surgeons to operate on patients from thousands of miles away and traffic sensors on roads, light poles and buildings talk to cars to reduce daily commute times and bring you home safely to your family.

The Internet of Things (IoT) is changing society as we know it. And, it is happening quickly. Connected objects and products are critical to our daily lives. But that integration poses new security and privacy challenges. In the coming years, billions of interconnected products will interface and communicate with each other — from autonomous vehicles to smart cities and artificial intelligence.”

>> Read more

Solutions of the Past Don’t Help with Challenges in the Future

Fox and Hounds Daily: Solutions of the Past Don’t Help with Challenges in the Future

By Paul Paget

“The Internet of Things (IoT) is here. We see it around us every day — from our wireless thermostats to our voice-activated Bluetooth speakers to road sensors that alert our cars to cold surface temperatures.

The IoT already includes billions of Internet-connected products that provide a myriad of services that simplify things, as they sense, calculate and control processes, helping us to execute basic tasks or informing us to make better decisions. Since the inception of the Internet, we have heard much about cybersecurity – mostly about breaches — but also a lot of discussion about the need for consumers, businesses and governments to protect themselves from identify theft, ransomware, and predators attempting to disrupt our lives.”

>> Read the full article here

Repairing consumer privacy in a digital world

Capitol Weekly: Repairing consumer privacy in a digital world

By Tim Sparapani 

“Recently introduced legislation in the California Assembly (AB 2110), would require manufacturers to provide independent repair shops with the same parts, tools, software, and other information that they provide to their authorized repair shops for the repair of Internet-connected electronics – from smart phones to home appliances to toys to fire alarms.

The idea is to create more repair options for consumers. One effect of the legislation, however, is that it would provide anyone with full access to the security and privacy features of these products, both physical components and software/firmware.”

>> Read the full article here

IoT Product Safety: If It Appears Too Good to Be True, It Probably Is

Dark Reading: Proposed connected-product repair laws will provide hackers with more tools to make our lives less secure.

By Pat Osborne

“There are times when you see or read something for the first time and it makes sense. But later, after you have had some time to think about it, the idea or proposal might not be as straightforward as you originally thought. This is where I am on connected-product repair legislation that has been introduced in more than 17 states.”

>> Read the full article here

Statement on Proposed California Repair Legislation

Yesterday, California Assemblymember Susan Talamantes Eggman announced plans to introduce electronics repair legislation. Below is a statement from Tim Sparapani, a consumer privacy advisor for the Security Innovation Center, on the proposed legislation:

Statement from Tim Sparapani, consumer privacy advisor for the Security Innovation Center

“Laws and regulations should first and foremost protect consumers from bad actors. We are concerned that the proposed bill, written with the best of intentions, is laced with unintended consequences that could lead to the creation of more vulnerabilities for California consumers. While I respect the opinions of my fellow consumer advocates, the privacy and cybersecurity risks outweigh any potential benefits.”

Digital Insecurity: As Billions of Products Connect to the Internet, Concerned Americans Prioritize Security and Privacy When Getting Them Repaired, Study Finds.

Only a Third of Americans Confident That a Hacked Device Wouldn’t  Expose Family, Friends and Colleague to Harm

Many Americans Think Hackers Could Do More Damage Than Burglars; 88 Percent Say Cybersecurity a National Priority

WASHINGTON, February 13, 2018 – As billions of products connect to the Internet each year,
Americans are increasingly concerned about security and privacy, including the prospect that a
hacking of their own device could expose family, friends and colleagues to risk, a new research
survey released today by the Security Innovation Center reveals.

Almost two-in-three American consumers said that the explosive growth of Internet-connected
products makes them more concerned about their privacy and security, the survey of 1,015
Americans found. And only 1 in 3 Americans expressed confidence that people they know
would not be affected if one of their devices was hacked. These concerns have placed a focus
on security when getting Internet-enabled products fixed: 84 percent value the security of their
data over convenience/speed of service.

“From smartphones in our hands to fire alarms in our homes to pacemakers in our bodies to
sensors on roads and in cars, we are connected to each other like never before,” said Josh
Zecher, executive director of the Security Innovation Center. “This interconnectivity will enable
opportunities to solve society’s most vexing problems. However, it also brings challenges that
can only be overcome by ensuring that privacy and security are the foundational elements of all
technology-related policies.”

With nearly 30 percent of American consumers owning six or more products that connect to
the Internet daily (smartphones, computer tables, smart TVs, thermostats, home appliances,
home assistant, security systems, etc.) and 60 percent expecting to buy more over the next five
years, the Internet of Things (IoT) has arrived. Perhaps that is why many Americans report that
a hack would do more damage than a burglary to their house.

More than 700 million IoT products have been deployed in the U.S and Americans have high
expectations for how they get repaired.

More than 80 percent expect repair professionals to both provide a warranty for their repairs
and demonstrate that they are trained or certified to fix their specific product. Further, 75
percent value warranty protections over convenience and 70 percent feel most comfortable
having their products fixed by a manufacturer or authorized repair shop. Yet, only 18 percent
can determine if an electronics repair shop is protecting their security and privacy.

As we can connect to billions of products, they can connect to us. One compromised product not
only affects the owner of the product, but anyone whose information may be on it. And as we
connect more “things” those risks could increase exponentially from loss of data to loss of life.

Additional results of the Security Innovation Center survey include:

  • 59 percent fear that one of their Internet-connected products could be used by a hacker as
    part of a cyber attack.
  • 79 percent hold themselves or a software/app provider most responsible if their devices are
    hacked.
  • Nearly 50 percent have information on their Internet-connected devices that would be
    harmful to friends, family or business associates.
  • 73 percent believe they have a personal responsibility to keep data of friends, family
    members and business associates from hackers.
  • Only 35 percent would purchase a used Internet-connected product with concerns about
    security and privacy as the number one reason for not buying a used Internet-connected
    product.

About the Survey
The interactive survey of 1,015 U.S. consumers was conducted by Zogby Analytics from Jan. 23-
25 and has a margin of error of +/- 3.1 percentage points.

About the Security Innovation Center
The Security Innovation Center is dedicated to fostering a policy environment that enhances
consumer security and privacy protections in today’s connected world.