In my completely impractical approach, it would be up to the user (or whoever controls the gateway) to decide what data the device can send.
So you also have an IDL that describes the fields, potential values, and update rates for your earthquake monitoring, that a user can either allow or deny.
Obviously it starts to become easier to slip in data covertly, but this idea is impractical anyway, so what the heck!
You really do highlight the problem though. There is a great amount of legitimate useful purpose for this kind of stuff, but there is really no easy way to control that data once it's gone.