Dead reckoning : where we stand on privacy and security controls for the Internet of Things

Karpf, Brandon Allan

Author(s)

Karpf, Brandon Allan

DownloadFull printable version (1.802Mb)

Alternative title

Where we stand on privacy and security controls for the IoT

Other Contributors

Technology and Policy Program.

Advisor

David D. Clark.

Terms of use

MIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission. http://dspace.mit.edu/handle/1721.1/7582

Metadata

Show full item record

Abstract

This thesis provides an analysis of privacy and security controls for internet-connected data-driven systems, known as the Internet of Things (IoT). The grounding theory is that numerous pre-existing privacy and security control methods -- not necessarily crafted for IoT -- will bear on the future of IoT privacy and security. This thesis covers fifteen case studies across six different control categories: Individual Choice, Command and Control Regulations, Operational Standards, Technical Standards, Compliance Frameworks, and Federal Authorities. These case studies reveal major deficiencies in current IoT privacy and security controls. IoT privacy and security controls lack a domain or contextual-use focus. Further, most current controls also fail to specify the risks or harms they intend to resolve. Therefore, the current IoT privacy and security controls induce a significant privacy and security market failure. This market failure is evident in recent IoT privacy and security events such as the Federal Trade Commission's cases against the IoT system developers TRENDnet and D-Link. I define three necessary paradigm shifts needed to improve IoT privacy and security controls. I also recommend a specific research endeavor to develop domain-, risk-, and harms-centric privacy and security standards. The realization of these paradigm shifts, and the products from this research endeavor, will navigate the IoT ecosystem towards more effective privacy and security control.

Description

Thesis: S.M. in Technology and Policy, Massachusetts Institute of Technology, School of Engineering, Institute for Data, Systems, and Society, Technology and Policy Program, 2017.

This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.

Cataloged from student-submitted PDF version of thesis.

Includes bibliographical references (pages 201-218).

Date issued

2017

URI

http://hdl.handle.net/1721.1/111231

Department

Massachusetts Institute of Technology. Institute for Data, Systems, and Society.; Massachusetts Institute of Technology. Engineering Systems Division.; Technology and Policy Program.

Publisher

Massachusetts Institute of Technology

Keywords

Institute for Data, Systems, and Society., Engineering Systems Division., Technology and Policy Program.