Smart homes need clever security
The potential for connected, or smart homes, is enormous, and becoming an everyday reality as home automation becomes mainstream. But with great power comes great responsibility and remote access and cloud technologies hold inherent security risks. Graeme Wilson, Software Architect at Tunstall Healthcare, discusses the impact for older or vulnerable people.
Tunstall has been in the business of developing technology led solutions for older people since creating their original warden call system almost 60 years ago. Since then, telecare has come a long way with the development of sensors, which are now being used to detect events such as people falling, leaving the gas on and living in temperatures, which, for example, are unhealthily cold. More recently we’ve been able to link a person’s activities with the data gathered by sensors, so if someone leaves their bed during the night but there is activity in the kitchen, no alert will be raised.
Current and close to market developments progress further, giving us the potential to provide a platform of care to older people, which analyses behaviour to enable proactive and preventative care; allowing family members the ability to support remotely.
This digital era means we all access a range of services, supplied by a number of providers on various platforms. Most of us have a number of online identities and many of us are not good at creating and maintaining these identities and keeping them secure; older people in particular are likely to find it more difficult to use and remember multiple passwords.
There is also the risk that passwords are written down, infrequently changed, or worse that the same password is reused across many accounts. At the same time, online crime using Trojan horses and phishing is becoming more prevalent, leaving less tech savvy people at risk.
IP connected homes create unique security challenges as it shifts increasingly towards discrete, tailored services. In order to maintain their independence users may require several such services from different suppliers.
For our market, where we are often supporting older or more vulnerable people, we need to find a difficult balance between making products and services accessible and easy to use, and at the same time protecting users and their personal data. Silver surfers may continue to be on the rise, but technological advances and increasingly sophisticated online crime means that manufacturers and service providers have an ever-growing responsibility to keep their customers safe.
Who are you?
Further complicating the issue is that in the case of telecare and connected care technology the purchaser is not always the user. It is often the child of the consumer that seeks reassurance and buys the solution, and so we face another layer of security gatekeeping. Let’s say ‘Alice’s’ home is monitored. There may be multiple consumers of Alice’s data, for example a social care provider and Alice’s GP, as well as ‘Bob’, Alice’s son. When Bob asks to see Alice’s data we not only have to ensure that Bob is who he says he is, but also that Alice has consented to Bob seeing her data.
Crucially, in identity terms, we need to be sure that the Bob that Alice granted access to is the same Bob that we’re allowing to see her data. The issue is how we identify people without having to give them yet another online account, which stores yet another copy of their data leaving another attack surface , another potential source for a data leak.
Products are already widely available for monitoring activity in the home, which can be accessed from the web or on a mobile device, and therein lies the potential for sensitive information to fall into the wrong hands. There needs to be some form of standardised control; regulatory if need be, around explicit consent for exposing this kind of data to a third party. Gaining consent requires that the person understands what they’re consenting to. This can be challenging enough in straightforward technical solutions but when we add big data capabilities, the ability to use data for predictive modelling, or for inference, we risk losing users’ consent through scepticism or fear.
There are further issues surrounding capacity for people with dementia, who will be some of the people that could benefit most from connected care solutions, and yet who could also be most at risk of data misuse. It has to be part of the provider’s responsibility to ensure the individual understands the risks, as well as the benefits and how to keep safe.
In an increasingly connected world, our industry in particular faces a huge issue around integrity and it is one we urgently need to address – together. And these issues of digital identity, trust and consent affect not just ourselves, but as governments and healthcare providers strive to extend digital access, the whole population. Our challenge is to realise the full potential of the data that is available to us, providing reactive and predictive services, yet at the same time retaining the full trust of our users.
You can follow Graeme Wilson, Software Architect at Tunstall Healthcare, on Twitter @TunstallHealth. Don’t forget to follow IoTUK @IoTUKNews.