When asked whether the internet of things would be a boon for the NSA or merely a whole lot of digital noise to sift through, NSA deputy director Richard Ledgett replied, "Both."
Should we be worried?
I can see the temptation IoT provides the NSA (and other governments' spies). I mean, we voluntarily carry devices that can be both hacked and tracked. However, I’m sure that no one -- not even the NSA -- is interested in how much sleep I got last night or the fact that my steps consisted of those from the TV to the refrigerator.
On the other hand, the fact that the NSA’s top brass publicly state that IoT devices are fair game makes me think this is a slippery slope for IoT, as well as for cloud computing in general.
I don’t get particularly wigged out about this kind of spying stuff. Geeks are naturally suspicious of organizations like the NSA, and in light of the Snowden leaks, some of the conspiracy theories turned out to be true. That said, I don’t see the NSA harboring any interest in the IoT devices that heat my home, track my fitness, or even drive my car. But the fact that they are looking into it is scary.
How does this relate to cloud computing? If the NSA is willing to use IoT devices to track suspected terrorists, peering into public cloud providers won’t be much of stretch. Indeed, considering the revelations from Snowden and from the Prism scandal, it already seems to be in practice in some cases.
This is where we attempt a balancing act. The government is tasked to keep us safe, which it says justifies the need to see and track some data, even data that is private to people or to companies. This means emails, social media, public cloud servers, and our Fitbits.
However, there need to be checks and balances in the process to ensure that these kinds of activities are justified. Without those checks and balances, we’ll get into a technological shoving match with the government. We’ll encrypt everything, the feds will figure out how to break the encryption, we’ll change the type of encryption we use, and so on.
I suspect that neither side will benefit. Perhaps it’s time that we worked more closely together, the government and data holders. I’m sure we can find a compromise.