Privacy in IoT
A major concern with the proliferation of seemingly “free” cloud based services, as well as IoT devices, is their impact on one’s expectation of privacy. We expect our homes to be private, a place where we relax and live our lives at ease. However, there is a growing uneasiness that the IoT devices we bring into our homes compromise that expectation of privacy; after-all these devices are littered with a dizzying array of sensors which, if misused, could compromise a person’s privacy in almost every conceivable way.
Unfortunately these concerns are not necessarily misplaced. The business of IoT as it stands today not only involves the sale of the device itself, but also the exploitation of the data and metadata gleaned from that device. In fact, IoT device manufacturers have every incentive to capture as much data as possible due to the business model of profiting on the sale of access to that data. While a major consumer of this data are advertisers, some manufacturers sell it to institutions, governments, and anyone who is willing to pay for it for their own uses. Regardless of where their data ends up, consumers are correct to be concerned about their IoT devices because the business model of the device manufacturers isn’t a benevolent one of making our lives easier. Selling the devices themselves is a one time transaction with slim profit margins while selling of the data that comes out of our homes is a highly profitable recurring revenue stream, regardless of the privacy implications.
The Data Collection Revenue Model
This is further complicated by the limitations of the IoT devices themselves.
While manufacturers may make some effort to avoid collecting data from minors, devices cannot differentiate between a child and an adult with absolute accuracy. Therefore they cannot determine whether the person, whose data is being collected, can legally consent to the data collection itself. Despite this, IoT devices in the home often collect data from minors, violating the privacy expectations of society’s most vulnerable population - our children. We believe that data collection from vulnerable people, including children, is unethical. We also believe that the expectations of privacy in the home are directly incompatible with the current business model of monetizing the data collected by IoT devices.
Sadly, companies that make IoT devices are heavily dependent upon revenue from the collection and monetization of user data. It serves as fuel for the engine that drives their true source of revenue - advertising (or something even worse). While advertising is not necessarily a bad thing, the direct targeted advertising models employed by social media and tech companies require the bulk collection of almost every piece of data and metadata a person generates. Done properly, it’s extremely successful, and can effectively generate more sales than any other type of advertising. Companies who want to advertise know this, and have a strong demand for the data being collected. This creates a vicious cycle where companies who want to leverage targeted advertising drive the collection of more and more data, and companies which can provide the data seek new ways - including with IoT devices - of procuring the data to gain insight into people’s lives. This, in turn, drives technical decisions on how to best collect and store this data and to support this business model.
The Vicious Cycle of Data Collection
The model has pushed companies toward massive Cloud storage and processing of user data, prompting enormous investments of capital and manpower into the development of expensive centralized repositories of compute power and storage. This becomes a self-perpetuating cycle, where the company now has to generate sufficient capital to upkeep their Cloud backend by data-mining more data to sell more ads, which requires the perpetual addition of more Cloud storage. All of this is built on the ability to gather information from the end user, and again, leads to the creation of increasingly creative ways of gaining insight into a person’s personal life.
Breaking the Cycle
Two things are necessary to break this dangerous cycle - a shift in business model simultaneously coinciding with a shift of storage and compute to the end device.
WhiteStar’s business model directly rejects what we believe is unethical data gathering practices, and instead embraces a direct sales model. Our users, and their data, are not our product. Ordinarily IoT devices, if not subsidized by the revenue generation of user data collection, would be prohibitively costly. This is where WhiteStar’s novel and patent pending technologies allow for a paradigm shift in storage and compute away from the expensive Cloud to the user end-device, alleviating the need to monetize a user’s data.
Replacing the traditional business model of advertising facilitated through data mining, WhiteStar instead charges a small monthly fee for a subscription to all of its services, including access to, and control of, a user’s IoT devices. This small cost is due in large part because WhiteStar’s novel architecture results in dramatic reduction in the cost of the network and its’ resultant infrastructure. This reduction creates the opposite feedback loop of cascading effects, ultimately cumulating in the complete obsolescence of the need to gather user data. Put in other terms, this allows devices that utilize WhiteStar to not only deliver a less expensive service, but also promotes a transformative shift in the need to collect user data.
The WhiteStar Solution
We accomplish this shift via the WhiteStar Network Operating System allowing devices with WhiteStar enabled apps to function as their own “Cloud” at the edge of the network. This eliminates the need for a centralized repository of information and compute power. By taking advantage of the beyond Moore’s law expansion in compute and storage capabilities at the device level, WhiteStar is able to directly connect a user’s mobile device to their IoT devices via a hybrid peer to peer network. We achieve this via WhiteStar’s Cohort technology, in which devices form a first-party trusted network with full attestation and security. By leveraging WhiteStar’s hybrid architecture, we alleviate the need, and cost, for IoT manufacturers to acquire technical expertise in building and maintaining a Cloud backend while also eliminating the need to monetize their users by mining and selling their private data.