Internet of ThingsUncategorized

Internet of Things [IoT]: Legal Issues

The concept “internet of things” has suddenly become a reality and its not science fiction anymore. The Internet of Things (IoT) is a system of interconnected computing devices, mechanical and digital machines, objects or people that are provided with unique identities and the ability to transfer data over a network without requiring human to human or to human to computer interaction. A ‘thing’ in the internet of things can be a person with a heart monitor implant, a farm animal with a biochip transponder, an automobile that has built-in sensors to alert the driver when tire pressure is low or any other natural or manmade object that can be assigned an IP address and provided with the ability to transfer data over a network.

The concept of IoT first appeared in the literature in 2005. The term IoT includes Radio Frequency Identification (RFID) tags that businesses place on products in stores to monitor inventory, sensor networks to monitor electricity used in hotels, Internet-connected jet engines and drills on oil rigs.

Existing IoT products include wearable technologies like the fitness devices Fitbit and Jawbone, which can track steps, sleep habits, and heart rate, and transmit that data to another device. IoT technologies are not limited to health products or even consumer-facing products; they include industrial applications as well. Just like IoT, it is difficult to define Big Data as well. The data generated by people and devices within the Internet of Things is a crucial contribution to the present and future state of the Big Data phenomenon, but it is not the only contribution. It is important to keep in mind IoT coexists with Big Data privacy concerns and developments, given that Big Data technologies, including IoT, can derive value from large datasets in ways that were previously impossible.[1]

Today, companies are developing products that would have been unimaginable a decade ago. Six years ago, for the first time, the number of “things” connected to the internet surpassed the number of people. According to the experts, there will be 50 billion connected devices by 2020. Three and one-half billion sensors are already in the marketplace, and some experts expect that number to increase to trillions within the next decade. All of these connected machines mean much more data will be generated globally and by 2018 mobile data traffic will increase by fifteen exabytes.

RISK TO PERSONAL DATA

A consumer’s privacy is being jeopardized by the flow of IoT. Privacy Risk is one of the major concerns flowing from the Internet of Things. Some of the risks involve the direct collection of sensitive personal information, like a person’s precise geolocation, financial account numbers, or health information risks. According to the FTC Staff Report, 2015 the existing smartphone sensors can be used to interfere with a user’s mood, stress levels, personality type, bipolar disorder, demographics, smoking habits, overall well being, sleep patterns and physical movements. It was observed that though such information provides beneficial services to consumers, but could also be misused. There are chances that companies might use this data to make credit, insurance, and employment decisions. For example, a customer may use a fitness tracker solely for the wellness-related purpose, the data gathered by the device could be used in the future to price health or life insurance. Many times companies fail to protect their customer information from a simple and well-known type of attack – an SQL injection – to install hacker tools on the companies’ computer networks. [2]

A variety of potential risks that could be exploited to harm consumers are by

(1) enabling unauthorized access and misuse of personal information;

(2) facilitating attacks on other systems; and

(3) creating risks to personal safety.

First, on IoT devices, as with desktop or laptop computers, a lack of security could enable intruders to access and misuse personal information collected and transmitted to or from the device. For example, new smart televisions enable consumers to surf the Internet, make purchases, and share photos, similar to a laptop or desktop computer. Like a computer, any security vulnerabilities in these televisions could put the information stored on or transmitted through the television at risk. If smart televisions or other devices store sensitive financial account information, passwords, and other types of information, unauthorized persons could exploit vulnerabilities to facilitate identity theft or fraud. Thus, as consumers install more smart devices in their homes, they may increase the number of vulnerabilities an intruder could use to compromise personal information.

Second, security vulnerabilities in a particular device may facilitate attacks on the consumer’s network to which it is connected, or enable attacks on other systems. For example, a compromised IoT device could be used to launch a denial of service attack. Denial of service attacks are more effective the more devices the attacker has under his or her control; as IoT devices proliferate, vulnerabilities could enable these attackers to assemble large numbers of devices to use in such attacks. Another possibility is that a connected device could be used to send malicious emails.

Third, unauthorized persons might exploit security vulnerabilities to create risks for physical safety in some cases. One participant described how he was able to hack remotely into two different connected insulin pumps and change their settings so that they no longer delivered medicine. Another participant discussed a set of experiments where an attacker could gain access to the car’s internal computer network without ever physically touching the car. Although the risks currently may be small, they could be amplified as fully.[3] Likewise, unauthorized access to data collected by fitness and other devices that track consumers’ locations over time could endanger consumers’ physical safety. Another possibility is that a thief could remotely access data about energy usage from smart meters to determine whether a homeowner is away from home. The companies entering the IoT market may not have experience in dealing with security issues. Although some IoT devices are highly sophisticated, many others may be inexpensive and essentially disposable. Malicious attacks are becoming more and more sophisticated, varied and harder to defeat. A study by HP revealed that 70% of the most commonly used IoT devices contained vulnerabilities. The increase in the number of devices can also mean vulnerabilities spread very rapidly.


[1] Jacob Morgan, Article on A Simple Explanation of ‘The Internet of Things’ https://www.forbes.com/sites/jacobmorgan/2014/05/13/simple-explanation-internet-things-that-anyone-can-understand/#500d58ba1d09

[2] www.lexology.com

[3] The internet of things, www.cisco.com


This article, contributed by our Advisory Board member, Mr. Rodney D. Ryder, is first in our series on the Internet of Things.

Tags

Leave a Reply

Close