HANNOVER, Germany—I ran across professor Martina Zitterbart while visiting a few companies at the CeBIT Press Preview here. This event is designed to give members of the press a brief glance at some of the top exhibits coming for the CeBIT trade show in March.
When I stopped by the display for the Karlsruhe Institute of Technology, I found the professor trying to explain a tough problem. The problem is finding effective ways to protect sensitive information when you have to share it.
The specific issue Zitterbart was facing was finding ways to provide the data that public utilities such as the power and water companies need while not compromising customer privacy.
In addition, she was working on ways to improve the security of the connections between smart devices in homes and businesses while still allowing them to work effectively. This is becoming ever more important with the expansion of what's become known as the Internet of things (IoT).
The problem is made more complex with smart devices because of their limited capabilities. You can't just slap a software firewall on an electric meter, after all, because it doesn't have the computing capacity.
The problem boils down to finding a way to share necessary information with those government agencies and private companies that collect data, give them the information they actually need to do business with you, but still maintain security and privacy.
In a connected world, this is a difficult problem because there's some data you have to share to make your world work. But this data could tell anyone more about you than you might want them to know if it's seen by prying eyes.
Zitterbart is one of Europe's top security and privacy researchers. She's looking for approaches that balance the need of the government and private companies to know information about their customers so they can function while still protecting the public's privacy.
This is a growing problem in the U.S. and Europe. The problem exists everywhere there are smart devices, including water and power meters that automatically report their readings.
But it goes beyond that and can include appliances such as cable boxes and Internet routers. The problem is there's also a legitimate need to know some of this data if only to find out how much to charge you for your electric service or your pay-per-view choices.
In the U.S. it's common for law enforcement to monitor electricity use as a way to look for potential illegal activity. So if a certain house has higher consumption than the law enforcement organizations think is normal for a single-family home, that information can be used to obtain a search warrant.
In many cases, this information may not be considered legally protected. Unfortunately, a detective or a prosecutor looking for a warrant can use such data without much else as an excuse to carry out a search.
But how do you protect the usage information so that it remains private, while still giving the power, water or cable company the details it needs to bill you?