Consumer Electronics Show 2017: security and privacy sidelined yet again

Big Brother Watch Team / January 6, 2017

This week has seen the tech world descend on Las Vegas for the annual Consumer Electronics Show (CES).

Thousands of companies large and small attend the four day event to reveal their latest technological products, ideas and ambitions for the future. It’s an event which the tech press attend in droves.

Last year we blogged on the pitiful number of events at CES that referenced either privacy or security, this year is even worse which when you consider how many companies have been impacted by data breaches and hacks in the past 12 months is somewhat astonishing.

Looking at the CES official event schedule, a mere 3% of the conference sessions reference privacy (down from 7% last year), whilst a measly 1% place privacy and security at the heart of the discussions.

It seems that once again the organisers of the show have chosen to ensure that delegates have little opportunity to discuss these critical issues, despite the products being the focal point for hacks, breaches, cyber security and data loss in the Internet of Things world we now inhabit.

Internet connected devices are by their nature insecure. The first generation of connected devices have brought with them a range of security problems. Cheap connected devices come with limited privacy protection and are vulnerable to even rudimentary hacking attempts. Not only can they easily be accessed to obtain valuable personal information about their users, but they are now often used on mass in Botnet attacks targeting major websites including Twitter and Netflix.

Just last week on the other side of the Atlantic at the Chaos Communication Congress (CCC) – the oldest hacking event in the world – hackers (of the ethical rather than illegal type) demonstrated how the security of the devices on show at previous tech shows, now commonplace in society, is non-existent.

That these two conferences take place every year within a few days of each other is just coincidence but as they are both features of the technology calendar, it is surprising that the work presented at CCC doesn’t translate into the presentations at CES. After all, isn’t it of immense value to the exhibitors at CES to guarantee that their latest product offers not just convenience but security for the consumers they are keen to lure in?

So why then do the two groups still seem to be so far removed from one another and why are so many of the big tech companies still seeing privacy by design as an inconvenient inhibitor to innovation, rather than a benefit to be shouted from the rooftops? It is a question we regularly ask but are yet to hear a reasonable answer.

Yet answers will have to come and soon. The General Data Protection Regulation (GDPR) will make privacy by design a legal necessity. Companies may see regulation heavy handed but their persistent avoidance of embedding privacy by design means they only have themselves to blame for being hit with the regulatory stick.

With more and more products connecting our lives to the internet, listening to our every word and monitoring our every move, the potential for cyber criminals to infiltrate these systems through poor security and bad privacy design is huge. Firms would be wise to place security at the front and centre of their sales pitch to the public. Once again we hope that next years’ CES heeds the research of the CCC, and as we said last year, that these products can be designed to encourage a connected world which is security sound and not privacy poor.