Original Story: nytimes.com
LAS VEGAS — THE Internet of Things arrived in force at this year’s International CES, the huge trade show here. But while manufacturers at the event painted a rosy picture of connected grills, coffee makers, refrigerators and door locks, security experts and regulators warned that the Internet of Things could be a threat to both security and privacy.
Hackers have already breached Internet-connected camera systems, smart TVs and even baby monitors. In one case, someone hacked a networked camera setup and used it to scream obscenities into a baby nursery.
Connected-home security threats, at least so far, have not usually been about a hacker trying to break into your home or using your data. Criminals aim mostly at giant databases of personal information or credit cards that they can sell on the black market. Home automation allows you to control many features inside and outside your home.
Even so, the more connected our technology becomes, the more data our devices and appliances can gather about us. That data can be shared in ways we don’t anticipate or can be revealed as part of larger breaches.
In a speech at International CES, Edith Ramirez, chairwoman of the Federal Trade Commission, said the trend toward having so many things constantly connected to the Internet presented serious risks that start-ups and big companies needed to take seriously.
“Any device that is connected to the Internet is at risk of being hijacked,” she said in her prepared remarks. “Moreover, the risks that unauthorized access create intensify as we adopt more and more devices linked to our physical safety, such as our cars, medical care and homes.”
The concerns, Ms. Ramirez and security experts say, include widespread collection of personal information with or without consumers’ knowledge, misuse of that information and actual stealing of the data. Aside from automated home security, a home theater is a great way to improve your home entertainment system.
And perhaps because connected devices are relatively new, there are few security features built into many of them or the apps and services that power them. Even fewer products exist to lock down your smart home.
One noteworthy product, though — perhaps the sort of device we will see more of soon — was introduced at International CES. It comes from Bitdefender, which makes antivirus and anti-malware software for computers, and is called the Bitdefender Box. The box is a physical device that plugs into your Internet router and constantly scans your network and the websites you visit for potentially harmful software or viruses.
“The whole idea is not to let it inside your network,” said Bogdan Dumitru, the company’s senior threat analyst.
“When you’re opening a malicious page, before the page is downloaded, it is intercepted in the box, flags are sensed in the cloud and it doesn’t show up in the first place,” he said.
One common security problem, for example, is that a person visits a website that has malicious code embedded in it. You don’t have to click anything for the code to run, and after it does it can deliver a virus that can co-opt your computer and put it to work as part of a botnet. A botnet is a giant network of computers linked together to break codes or passwords or initiate distributed denial-of-service attacks that can take down entire sites.
When less traditional devices like smart TVs or refrigerators are connected, they can become part of botnets as well, Mr. Dumitru said.
“It doesn’t quite matter to the hacker how much processing power or what task those smart devices can accomplish,” he said. If they can reach a website — and most can, because they connect to their own websites — they can be used.
“Getting something knocked off the Internet is still worth a lot of money, and the Internet of Things is a powerful tool for doing that,” he said.
The Bitdefender Box is expected to be released this month for $199 and will include a year of service. After the first year, the service is $99 a year. The box includes other features that can help its users control devices on their home networks. It can give extra Internet bandwidth to certain computers for Skype calls, for example. And if you have one installed, you can connect to it when you’re not at home over a secure, private network.
But as with most antivirus and anti-malware products, the box can scan for and detect only code that has already been identified as a threat. Something new could still sneak through.
And the box can’t do anything about the personal data harvested by all the various apps that control smart devices in the home or outside of it.
For example, at International CES this week, Ford announced plans to collect information about driving habits of company volunteers in Dearborn, Mich., and of volunteer drivers in London. The London project aims to create personalized driving information that can be used to calculate personalized insurance rates.
As usual with data collection, there may be benefits in the long run, but we will have to trust a new set of companies with our information.
Ford’s new chief executive, Mark Fields, said at International CES that Ford understood the responsibility.
“We believe customers own their data and we are simply stewards of that data,” he said. “And we commit to being trusted stewards of that data.”
But many companies have failed to safeguard customer data over the last year, so companies like Ford may have to do a lot more than commit. They will have to be transparent about how they protect our information, and make sure customers know what they are opting into when it comes to sharing information.
Customers seem wary. Accenture, the research firm, released a study this week that said consumers around the world doubted whether their personal data was secure online. With companies of all stripes suddenly interested in collecting reams of information about their customers, both on the Internet and elsewhere, those concerns are likely to continue.
And as Chris Babel, chief executive of the data privacy management company TrustE, noted, we are still in the very early stages of the Internet of Things.
“Everything is still very siloed and it’s not very connected,” he said. “But there’s massive amounts of value when it gets connected — both from the users’ perspective and from the hackers’ perspective.”
Mr. Babel echoed the advice of the Ms. Ramirez of the F.T.C., who said companies needed to “prioritize security and build security into their devices from the outset.”
She recommended privacy and risk assessments in the design phase of new products, forcing users to set new passwords instead of using default passwords on sensitive devices like Internet routers and using encryption wherever possible.
So if you are creating a smart home for yourself, keep security in mind. Think twice about what you connect to your network. And hopefully security will evolve in lock step with the connected world we are entering. Home automation allows remote access to security systems and surveillance cameras while away from home.
Showing posts with label Privacy. Show all posts
Showing posts with label Privacy. Show all posts
Thursday, January 8, 2015
Thursday, November 11, 2010
Feds: Woman illegally fired over Facebook Remarks
Associated Press
A Connecticut woman who was fired after she posted disparaging remarks about her boss on Facebook has prompted a first-of-its-kind legal case by federal authorities who say her comments are protected speech under labor laws.
The National Labor Relations Board alleges that American Medical Response of Connecticut Inc. illegally fired Dawnmarie Souza from her job as an emergency medical technician late last year after she criticized her supervisor on her personal Facebook page and then traded Facebook messages about the negative comments with other employees.
The complaint, filed Oct. 27 by the board's Hartford, Conn., regional office, could set a precedent for employers to heed as more workers use social networking sites to share details about their jobs.
"It's the same as talking at the water cooler," said Lafe Solomon, the board's acting general counsel. "The point is that employees have protection under the law to talk to each other about conditions at work."
Federal labor law has long protected employees against reprisal for talking to co-workers on their own time about their jobs and working conditions, including remarks that may be critical of managers. The law applies whether or not workers are covered by a union.
NLRB officials claim the Connecticut ambulance company has an unlawful policy that prohibits employees from making disparaging remarks about supervisors and depicting the company "in any way" over the Internet without permission.
"This is the first complaint we've issued over comments on Facebook, but I have no doubt that we'll be seeing more," Solomon said. "We have to develop policies as we go in this fast-changing environment."
The trouble for Souza started when her supervisor asked her to prepare an investigative report when a customer complained about her work, according to the complaint. Souza claimed she was denied representation by her union, the Teamsters Local 443.
Later that day, Souza logged onto her Facebook page from a home computer and wrote: "Looks like I'm getting some time off. Love how the company allows a 17 to be a supervisor."
A 17 is the code the company uses for a psychiatric patient. Souza also referred to her supervisor with two expletives. Her remarks drew supportive Facebook postings from other colleagues.
John Barr, an attorney representing the company, said the real reason Souza was fired was because of two separate complaints about her "rude and discourteous service" within a 10-day period. He said Souza would have been fired whether the Facebook comments were made or not.
Barr said the company understands that workers have right to talk about wages and working conditions. But he said it stands by its policy against employees discussing the company on the Internet, including social media sites.
"If you're going to make disgusting, slanderous statements about co-workers, that is something that our policy does not allow," Barr said.
Jonathan Kreisberg, director of the board's regional office in Hartford, said the company's policy is overly broad. He acknowledged that the law protecting worker speech has some limits, such as not allowing employees to disrupt the workplace or engage in threatening conduct. But Kreisberg argued that Souza's Facebook comments did not cross a legal line.
"Here she was on her own time, on her own computer and on her own Facebook page making these comments," Kreisberg said. "If employees are upset about their supervisor and get together on their own time talk about him, criticize and call him names, they can do that."
A hearing on the case before an administrative law judge is set for Jan. 25.
Monday, June 14, 2010
CVS Prescriptions Blowing in the Wind
NY Daily News
It's an Rx for carelessness.
A pile of prescriptions - which included patients' names and personal information - was found tossed on E. 18th St. near a CVS pharmacy's back door Friday.
"I'm just so angry. I'm going to blow my stack!" said Gramercy resident and CVS customer Shirley Okin.
She was shocked to learn that a prescription for fioricet with codeine that she filled back in 2002 was just blowing around on a sidewalk outside of the pharmacy at 215 Park Ave.
The scrips strewn on the sidewalk yesterday were all from 2002, including one for painkiller Hydrocodone filled for an Astoria, Queens, woman and Valium generic Diazepam for a Kips Bay resident.
Marcia Robinson, 73, from Stuyvesant Town, was fuming after hearing that one of her old prescriptions was lying on the ground for anyone to pick up.
"Even though the prescription is no good, it bothers me that it would be out on the street," added Robinson, who said she always fills her prescriptions at CVS, but not at the Park Ave. location. "To say I'm furious would be putting it mildly," she said.
CVS spokesman Mike DeAngelis said that the company has strict waste disposal policies, including separating all trash that may include patient or private information and shredding it.
"We will investigate this matter to determine whether our procedures were followed properly at our Park Ave. location," DeAngelis said.
Under the Health Insurance Portability and Accountability Act, it is illegal to disclose confidential medical information.
In 2009, parent company CVS Caremark paid a $2.25 million settlement after patients' prescription records were found in Dumpsters outside Indiana stores.
"I thought they would destroy these things," Okin said. "Especially since no one wants strangers to find out our personal information. These days, we need to protect that."
A pile of prescriptions - which included patients' names and personal information - was found tossed on E. 18th St. near a CVS pharmacy's back door Friday.
"I'm just so angry. I'm going to blow my stack!" said Gramercy resident and CVS customer Shirley Okin.
She was shocked to learn that a prescription for fioricet with codeine that she filled back in 2002 was just blowing around on a sidewalk outside of the pharmacy at 215 Park Ave.
The scrips strewn on the sidewalk yesterday were all from 2002, including one for painkiller Hydrocodone filled for an Astoria, Queens, woman and Valium generic Diazepam for a Kips Bay resident.
Marcia Robinson, 73, from Stuyvesant Town, was fuming after hearing that one of her old prescriptions was lying on the ground for anyone to pick up.
"Even though the prescription is no good, it bothers me that it would be out on the street," added Robinson, who said she always fills her prescriptions at CVS, but not at the Park Ave. location. "To say I'm furious would be putting it mildly," she said.
CVS spokesman Mike DeAngelis said that the company has strict waste disposal policies, including separating all trash that may include patient or private information and shredding it.
"We will investigate this matter to determine whether our procedures were followed properly at our Park Ave. location," DeAngelis said.
Under the Health Insurance Portability and Accountability Act, it is illegal to disclose confidential medical information.
In 2009, parent company CVS Caremark paid a $2.25 million settlement after patients' prescription records were found in Dumpsters outside Indiana stores.
"I thought they would destroy these things," Okin said. "Especially since no one wants strangers to find out our personal information. These days, we need to protect that."
Subscribe to:
Posts (Atom)