Nisar Ahmed | Freelancer Portfolio Item #148724

Topic: Internet of Things. (IoT) Institution Affiliate: Name: Course Code: Instructor: Due Date: Table of Contents 1. Introduction to Internet of Things. (IoT)2 Description.3 Background.3 2. Limits and vulnerabilities of information systems towards end users.4 3. Ethical issues on impact of internet of things on privacy and security4 4. Social issues concerning impact of Internet of Things privacy and security4 6. Legal issues.7 Conclusion:8 References:9 1. Introduction to Internet of Things. (IoT) Internet of things refers to smart devices that collect information which sometimes PII and other important Information such as social security numbers and bank account numbers. This raises lots of ethical issues as transmission of that kind of data is often vulnerable to remote cyber-attacks hence there is need for these devices to have a high privacy infrastructure. Ethical issues also come up in ownership of the information collected and policy makers have a mandate to ensure there is trusted ownership of confidential information of end users. More than 75 billion objects will be connected to the internet of things by 2020 (Danova 2013) hence there is need for a strong ethical code of conduct. With the increasing popularity of the internet of things it is becoming prone to vulnerabilities that raise ethical issues. There are possibilities of dangers caused by exploitation of vulnerabilities of IoT devices they include massive loss of privacy, theft, noncompliance of devices, health and safety loss, poor productivity and tainting of reputation. (Lucero 2016) Internet of things technology uses network frames that connect physical devices to virtual digital through using information collected by the device’s sensors. The radio Frequency Identification (RFID) is new technology that uses electromagnetic fields to detect devices and assign them tags which are used to relay information collected by the device in form of electromagnetic codes. Because one can access information remotely, it poses various security threats if used wrongly can be used to violate various ethical principles such as privacy. (Popescul, 2013). Iot also uses technology that acquires location of devices such as GPS (global positioning systems) which uses satellites to estimate position and location of owner’s devices and can be used for monitoring. Bluetooth technology which creates a local area network which is cheap and personal and is short range (Gabrovica et.al; 2016), 3G and Wi-Fi networks are also modern networks used to transfer data and communicate at higher speeds. Description. The internet of things is system of devices or machines which are interconnected and have the capability of extracting, analyzing and transfering data over a network via the internet. Some scientist define IoT as simply the point in time when more ‘things or objects’ were connected to the Internet than people. IoT has brought tremendous changes in the world of business by connecting machines to machines and humans to machines. IoT spans from internet connected home appliances like fridges, thermostats, smart TVs to smart meters, ATMs, smart cars etc. Background. The name IoT was first used by a British entrepreneur Kevin Ashton but traces back to the Massachusets Institute of Technology (MIT) from a scientist in the Radio Frequency Identification (RFI) community, in 1999 who were working at the Auto-ID center. This group was chosen to design the architecture for IoT. IoT was fully achieved between 2008 and 2009 when more machines were connected to the internet than humans. Some scientists argue that the ATM was the first IoT device which was first used in 1974. 2. Limits and vulnerabilities of information systems towards end users. With the first rising growth of technology and the internet, users have become prone to information theft and attack by malicious hackers. User’s information has become easy to access due to their extensive connection to the internet. By connecting to the internet, we literally giving out our information to the world. IoT systems have inherent vulnerabilities such as poor/ weak encryption mechanisms, insecure protocols and unauthenticated APIs, all of which can be leveraged by an attacker to steal PII or perpetrate fraud. 3. Ethical issues on impact of internet of things on privacy and security All these new forms of technology if used in the wrong way will go against the ethical code of conduct which according to Valacich and Schneider (2010, p.484) requires Efficient access to information Ensure sufficient property rights information Information accuracy and integrity Right to privacy of end users When RFID technology is used to monitor movement of the device if it is accesses by unauthorized persons by scanning the RFID tags and a person’s personal information can be accessed breaching the right to privacy as well as the Global Positioning Systems can be used to relay information especially geographical information which can be used by unauthorized persons to geo tagging and spying. Bluetooth devices with expired or outdated protection systems can be accesses by hackers creating a back door and access to private information. Unsecure Wi-Fi networks can be vulnerable to attackers as they may be able to collect information through data snooping (Grabovica et al. 2016) The internet of things can pose a very serious threat to ethics if used wrongly and mismanaged. Iot has a responsibility to ensure a strong security infrastructure that is able to effectively protect personal information of end users as that is the beginning of breach of ethics. 4. Social issues concerning impact of Internet of Things privacy and security Internet of things has been about connecting people to people and people and devices which is helpful in making lives easier. There has been tremendous effect on IoT on a social level both positive and negative. Positive impacts have brought about mainly due to ease of communication and ease of doing business while negative influences which mainly include data breach causes invasion of one’s privacy. This article will look to what extend has privacy and security concerns has affected people mainly the end users socially. As IoT involves mainly data that is collected by smart devices and is relayed for processing. The providers responsible for handling the data and personal client information have a mandate to protect the information from malicious users. Personal information such as browsers histories, personal mails and health records if released can cause massive reputation taint. Hence the systems especially in the network layer should use the Hyper Text Transfer Protocol (HTTPS) for communication and data transfer as it uses an SSl certificate encryption on all data being transmitted. This guarantees information security and snoopers cannot access it. (Patel et.al, 2016) Smart devices such as apple watch contain personal electronic health records such as blood pressure and blood sugar which are confidential and could be used against a user in the event that this information falls into the wrong hands. These details can be used to target the data subjects for scams and other blackmail attacks in exchange for the information being kept secret. Uber application has location information of most of their clients. This information is private and confidential and should not be shared or sold to anyone (Earls R., 2017). Different social media sites usually have almost all the personally identifiable information (PII) of their users (Malay B. et al, 2016), all these data poses a great risk to the end user if managed poorly. If Uber was to have a security breach millions of client’s data would be exposed posing a lot of security risks to the users. Social media platforms such as Instagram, Facebook, Twitter, VSCO, just to mention a few, are all gold mines for PII. It is therefore paramount for the service owners to ensure that data subjects’ rights and interests are well addressed. With the generation and sharing of data using IoTs, cybercrimes arise to take advantage of this as well. There have been cases such as Mirai botnets (Rinward R., 2017) to cause DDoS attacks, hijacking of private hone cameras, and hacking of other smart devices at home. These issues grossly open up the surface for more attacks such as cyber bullying, identity theft and fraud, among others. 5. Professional issues: Impact of IoT on privacy and security. The internet of things which is the connection of devices to the internet has resulted into many professional issues. Many professions are governed by certain rules and regulations which dictate employee’s behavior. These particular set of rules is known as the code of conduct. Employees are expected to adhere to the code of conduct, failure to which one has to accept the consequences thereafter. Organizations and different entities must also adhere to a specific code of conduct. Erwin (2011) sates that code of conduct is a tool employed by companies to establish and communiacate responsible business practices and an ethical organization structure.’ One of the most famous codes of conduct in IT is the Association of Information Technology Professionals (AITP) code of conduct. In relation to IoT, there are various ways in which the professional code of conduct can be violated; One of them is giving out simple information like the WI-FI password or access to VPN network of an organization to unauthorized personnel. In the event that this information lands on the wrong person, it puts every user of that particular network at jeopardy. One of the easiest ways in which hackers can fetch information is through WI-FI. This is because WEP has one of poorest encryption which makes it easy for the hackers to by-pass. Hackers use this loophole to access the user’s passwords and credit card information rendering the user vulnerable to all sorts of attack. This is a simple classical example of violation of the code of conduct. Companies that collect and store data for users often find themselves in violation of the code of conduct. An example is telecommunication companies. Data from users is confidential, therefore it should be carefully stored and strongly encrypted to keep away hackers. According to the Assorsiation for Computing Machinery (2018); Only the minimum amount of personal information necessary should be collected in a system. The retention and disposal periods for that information should be clearly defined, enforced, and communicated to data subjects. Personal information gathered for a specific purpose should not be used for other purposes without the person's consent. Merged data collections can compromise privacy features present in the original collections. Therefore, computing professionals should take special care for privacy when merging data collections Information and data should be properly disposed once it is no longer needed for business. This information should also have a restricted access only by authorized employees since some of this information can be tempting.Honesty and trustworthiness is another code that should be adhered to in this fast rising technological environment. IoT has opened the door to many technological advances whereby some risky products find their way to the consumers. Computing professionals should give full disclosure of relevant information regarding system capabilities, weaknesses, limitations and potential challenges. Professionals should under-go a SWOT(strengths, weaknesses, opportunities and threats) analysis to bring out the need in working life to operate ethically even when we lack full competence (Hoole, 2014). According to Bledsoe (2007), “a code of ethics reminds IT professionals that they are not to impede or manipulate pre-authorized access to the information or hardware of which they are in control.” Manipulating data, falsifying information or taking bribes is a violation of the code of conduct. 6. Legal issues. IoT, in as much as it has greatly improved the daily normal operations of people and improved the quality of life, it has some more serious concerns. Legal issues with IoT majorly revolve around data privacy and the regulations that mandate user data be treated in a certain way. One legal issue of IoT is that your personal data may get lost while in the hands of the software provider. For example, health records held by Apple collected through the use of Apple watches may be lost. For Android devices, this can be done through fit bits that sync with the phone using applications. This arises the concern whether the third party application that syncs the fit bit and the pone is actually supposed to keep your data and how safe it is in their hands (Raul A., 2017). Not only this, but this data may be re-purposed. This is a need to ensure that data is used only for the purpose for which it was collected and initially contemplated for. There is too much interconnection between different IoT devices and therefore data subjects have no clue what data of theirs is being processed by who and what for (Solove D. and Hartzog W) The other legal issue with IoT is compliance of IoT vendors to data privacy regulations and standards. All vendors such and Facebook, Amazon, Google, Apple, Uber, just to mention but a few, have to comply with uptight regulations such as GDPR that grants end users rights such as the right to e forgotten, right to be informed, right of access, right to restrict processing, right to data portability, right to object and rights in relation to automated decision making and profiling (European Commission, 2018). All these are requirements of GDPR that vendors handling data for EU citizens must comply to, for example. Any new solutions that require integration will be required to abide by particular standards. Third parties are a great loophole in any technology system, including IoTs. In as much as the vendor may have set all the necessary controls to ensure secure access and operations of the device, third parties may be the proverbial weakest links. Weaknesses in the third party infrastructure may be used indirectly to compromise the system, leading to loss of personal data. The Department of Justice should therefore consider third party risk management while assessing the effectiveness of a company’s compliance and security controls (McGonigle S, 2017). The biggest concern and legal consideration for IoTs is, of course, cybersecurity. IoT has a potential to be quite a disruptive technology. The first attack that used IoT was the Mirai botnet and subsequently, more attack cases such as hacking through Wi-Fi enabled smart light bulbs and thermostats is a good example of these. (Lutz A, et al. 2017) Conclusion: The internet of things can pose a very serious threat to ethics if used wrongly and mismanaged. Iot has a responsibility to ensure a strong security infrastructure that is able to effectively protect personal information of end users as that is the beginning of breach of ethics. To sum up, IoT advances are the future and statistics show that by the year 2020, more than 500 billion devices will be connected to the internet. Companies and organizations have found a way of leveraging the power of IoT by using it to minimize the cost of production and maximizing profits. However, individuals and companies should portray professionalism as they interact with user’s information and data. References: 3. Danova, T., (2013) Morgan Stanley: 75 Billion Devices Will Be Connected To The Internet Of Things By2020, http://www.businessinsider.com/75-billion-devices-will-be-connected-to-the-internet-by-#ixzz2jIo3UCkd,-, accessed at-. Gabrovica, M., Popic , S, Pezer, D, & Knezevic, V. 2016,”Provided security measures of enabling Technologies in internet of things(IoT): A survey, 2016 Zooming Innovation in Consumer Electronoics International Conference(ZINC) pg.28-31 Propescul, D. & Georgescu, M. 2014,”internet of things- some ethical issues,” The USV Annals of Economics And Public Administration, vol.13, no. 2 (18), pp. 208-214. Lucero, S, 2016, IoT platforms: enabling internet of things, IHS ihs.com Valacich, J., Schneider, C., (2010), Information Systems Today. Managing in the Digital World, Ediţia a 4-a, Editura Pearson, Boston 4. Alan R (2016). IoT Car: The Internet of Things is Already Here and it is called Uber. Technical Paper Wolverine. Bhayani, Malay, Patel, Mehul and Bhatt, Chintan. (2016). Internet of Things (IoT): In a Way of Smart World. DOI: 10.1007/-_3 Publisher: -, Springer. Patel K.K, Suni M.P, the internet of things, Characteristics, Architecture and Application for The future. Challenges (2016). Retrieved from: www.researchgate.net/publication/-_internet_of_things_IoT_Definition_Characteristics_Architecture_enabling_technologies_Application_Future_challenges. Rinward R (2017). IoT Attack Handbook. A Field Guide to Understanding IoT Attacks from the Mirai Botnet to Its Modern Variants. 5. Association of the Computing Machinery, (2018). Retrieved from https://www.acm.org/code-of-ethics Bledsoe M (2007). Retrieved from https://www.google.com/url?sa=t&rct=j&url=https:// Careertrend.com/facts--importance-code-ethics-professionals.html. Erwin, P (2011). Corporate Codes of Conduct; the Effects of Code Content and Quality on Ethical performance. Journal of Business Ethics. 99(4), 535-548. Hoole, S H (2014). Honest Ethics for Engineers: A New, Realistic Approach to Teaching Ethics Codes, IETE Technical Review, 31(5), 317-326, DOI: 10.1080/- -. McGonigle S ( 2017). Benchmarking third party vendor risk management – global research Insights. European Commission, (2018). Questions and Answers – General Data ProtectionRegulation. Alan Charles Raul. 2017. The Privacy, Data Protection and Cybersecurity Law Review. Law Business Research Ltd. Lutz A, Doornbos A, Kehi A, Ghee A, Depauw L (2017). Data Protection, Privacy and Security for Humanitarian & Development Programs. World Vision International. Solove D & Hartzog W. (2016). The FTC and the New Common Law of Privacy. 114 Columbia Law Review.