On May 26, 2020
IOT – Internet of Things
SH – Smart Homes
SHS – Smart Home Systems
BCS – British Computer Society
IEEE – Institute of Electrical and Electronics Engineers
UK- United Kingdom
PRIVACY AND SECURITY CONCERNS
LIMITS AND VULNERABILITIES OF SMART HOMES AND IOT
There has been a remarkable increase in the number of digital devices in this present age, through the constant development of automated sensors, RFID Tags, and other digital-based components, that enable individuals or industries to perform activities with greater efficiency and also lead to enhanced productivity (Briere, 2013). This has resulted in a mutual dependency and interactivity between humans and computerized devices, for various purposes ranging from leisure, health, education, and business amongst others (Nagender, 2016). Therefore, this has also led to the increased popularity of Internet of Things (IoT), because individuals have not just realized the need for utilizing digital devices, but they also require all their digital devices to be interconnected and seamlessly interact with each for enhanced performance (Augusto, et al., 2006).
Borgeson (2013) defined Internet of Things (IoT), as the unified interconnection of embedded-computerized devices, within an internet (web-based) infrastructure. Internet of Things (IoT) empirically offers an advanced-interconnectivity of various digital systems, networks and devices with the primary objectivity of enhancing the interactivity between human and machines (McEwen, 2014 ). Smart Homes has been a major component of Internet of Things (IoT) and various smart homes elements such as Apple’s HomeKit, Samsung’s Smart-Things and Google’s Brillo have been widely recognized and accepted all over the world (Okadome, et al., 2003 ).
A smart home can be defined as a confined-physical environment which consists of digital devices such as actuators, sensors and other computerized elements that are all inter-connected to each other, and exchange information seamlessly in order to offer an optimized and personalized experience to users (Mokhtari, 2009). The potentials and benefits of Smart Home has been extremely huge as most medical agencies now design Smart Homes for elderly patients, through which it is capable of actively sensing and processing vital health data and then relaying it to the patients through the various integrated and inter-connected systems (Abowd, 2003).
This has presented individuals, businesses, industries and societies with immense benefits which is valued globally. According to Cisco, the global smart-home value is estimated to exceed $47billion by the year 2020. Despite the advantageous effects and value of Smart-Homes, some privacy and security issues have remained predominant, therefore putting the inhabitants of smart homes to be at high anonymity risk and security challenge which would be discussed in this report.
Finally, based on the objective and learning outcomes of this module which primarily includes educating students the foremost legal, ethical, social, and professional components of Information Systems, this intrinsic examination of Smart Homes was selected, being one of the vast information systems under IoT. The privacy and security challenges relating to Smart Homes with all respective Ethical, Professional, Social, and Legal issues would be addressed in this report.
Firstly, to put things into perspective, Privacy can be defined as a state of optimum liberty or solitude whereby an individual, their belonging or information is not being interrupted or interfered with in any form (Hubaux, et al., 2004). Security in simple terms, deals with the absence of dangers or threats, and this study would primarily focus of digital (data) privacy and security. Mohktari (2009) itemized that digital privacy and security helps to give individuals all the necessary freedom needed to conveniently perform their desired task or interact with others without any risk of external interference or danger. This helps to enhance reliability and dependability. Smart Homes falls under the field of Technology referred to as Internet of Things (IoT), which is gradually revolutionizing the way in which Humans and Machines or other computerized systems relate (Khurana, et al., 2010). The privacy and security issues relating to Internet of Things (IOT) largely involves data breaches, hacking and Denial of Service (DDOS) attack which most IOT Systems are prone to (Gaglio, 2014).
However, to be specific, the highly sensitive and heterogeneous nature of smart homes has resulted into some prevalent privacy and security concerns which would be the focal point of this report. This concerns primarily ranges from the ability of Smart Homes Sensors and other inter-connected devices to effectively predict the actions of individuals, as a result of retrieved data or constant interaction with humans (Miller, 2015). Additionally, the possibility of hackers to penetrate through Smart-Homes systems and retrieve confidential information relating to individuals has also created more privacy and security concerns (Borgeson, 2013). This is because, in some Smart Homes especially those made for old people or sick patients, the medical records to the Smart-Home occupants are embedded to the system to enable the various sensors and controllers to interact smartly with individuals (Knapp, et al., 2013). Going forward, the social, ethical, professional and legal issues with Smart-Homes would be elaborated in connection to the privacy and security concerns stated.
In the field of Information Technology, there has been an inherent and urgent quest to ensure that people make judicious use of computer technologies in a way that clearly guarantees respect of other individuals (Waradpande, 2015). Abowd (2003) itemized that the fundamental way through which an action can be decided on whether it brings respect and value for others is by judging on whether such action is ethical or unethical, and this can be done using standard ethical theories or principles such as the Deontological ethics or Utilitarianism.
An ethical issue relating to smart-homes is the collection of BIG DATA about the smart home inhabitant. It is a well-known fact that smart-homes consist of numerous interconnected sensors, networks and other digital components that are interconnected to function uniformly. These sensors or other smart home components are integrated at various locations in homes, offices or other IOT-Based environments and have the capability to sense the movement, temperature, health details and sensitive details of smart home occupants (Borgeson, 2013). However, Minoli (2016) explained that the collection of excessive data by smart home system is unethical based on the Kantian Ethics. This ethical theory primarily judges’ actions to be either ethical or unethical based on the level of respect and moral-esteem exhibited (Pathy, et al., 2017). In this case, the collection of excessive reflect disregard and respect for the privacy of the smart home inhabitants (Briere, 2013).
To further explain this point, Fiona (2016) explained that although social networks, cloud computing platforms and other technologies are criticized for collection of numerous personal data of users, however an argument can be made that no existing Information System obtains more Data about users than Smart Homes (Waradpande, 2015). This puts smart-homes inhabitants at high privacy risk. Also, the Fair Information Protection Policy (FIPP) which aims to enhance data privacy protection explains that Data Minimization is an essential component of enhancing privacy protection, however most smart home systems fall short of this (Briere, 2013).
On the other hand, Gaglio (2014) affirmed that the collection of Big data about users by Smart Homes Systems (SHS) and other IOT components is performed so as to make real-time decisions based on the information. The sensitive nature of smart homes which performs intimate actions such as medical prescription, food recommendations and many intimate functions based on the lifestyle or other records of users, makes it necessary for sufficient data about the smart home inhabitants to be obtained (Calvary, 2013). Therefore, the collection of excessive data by Smart Homes Inhabitants is ethical based on consequentialism which judges any action on the basis of its consequences (end-result) which the action presents. In this case, the end result/consequence of large dataset collection is the optimization and utmost improvement in the service delivery and effectiveness of smart home components (Helal, 2008).
Also, Wechsler (2012) also identified that another similar ethical issue relating to smart homes is Eavesdropping, which simply refers to the process whereby the manufacturers or developers of smart-homes components digitally invade smart-home environment. This is done so as to secretly examine the kind of cloths that people love, the TV Series they watch or other related information and this data is then transferred to third-parties primarily for commercial purposes, without any consent or knowledge of the users (Fiona, 2016).
Therefore, judging by the Kantian ethical principle, the Eavesdropping of smart home users’ activities is unethical. The Kantian ethical principle also known as Kantianism examines actions based on the level of respect which it offers other humans based on sound moral doctrines that promotes stability (Fiona, 2016). In this case, the eavesdropping of smart-homes users is morally wrong and portrays gross disrespect for the users, because the manufacturers prioritize business benefits rather than the privacy protection of Smart-Homes Inhabitants (Borgeson, 2013).
Correspondingly, Miller (2015) maintained that a core-part of privacy involves data confidentiality which basically prevents the disclosure of people’s information to unauthorized parties, irrespective of any situation. However, the eavesdropping of users’ data and then transferring it to other parties is morally noxious which indicates that the privacy of smart home inhabitants is the least priority of most smart home manufacturers or developers (Helal, 2008).
The advent of Internet of Things (IoT) and Smart Homes in particular, have been globally recognized as a key element for social development as a result of its evident impact on the society and the surrounding environment (Wechsler, 2012).
A primary social concern of smart homes and other related IoT-based system as stated by Helal (2008) is the resultant change or impact of smart homes systems on human behaviors. Smart Homes greatly influences on human behavior as it creates emotional distress or behavioral changes within humans due to the awareness of being surrounded by sensing technologies (Borgeson, 2013). Miller (2015) explained that normally a home is supposed to act as an intimate location whereby people could express their complete freedom and liberty as there is no external monitoring or intrusion (Wechsler, 2012).
However, this is not applicable to smart home occupants who tend to live by extreme caution and confinement knowing that they are literally being monitored, studied and recorded (Briere, 2013). Also, previous cases whereby smart homes systems such as the Netgear Arlo-Pro smart (home) security cameras were sabotaged, thereby various details/video footages of smart home users in Manchester, UK were leaked (Calvary, 2013). These incidences tend to create immense discomfort, fear and anxiety amongst inhabitants of smart homes, even elderly/sick people who are placed within smart spaces for medical purposes have to alter their normal lifestyle (Borgeson, 2013). In addition, Ecological (environmental) impacts of smart homes have equally generated some social concerns (Miller, 2015). The Environmental Protection Board (EPB, 2017) have reported that the operational interconnection of various Smart Homes constituents such as sensors, automated Smart-Lightings Systems, Heaters and other motion controls that control environmental forces such as Temperature and humidity usually affects the environment (Miller, 2015). This is through poisonous emission of used gases or biodegradable artifacts which is detrimental to the environment and other surrounding individuals (Miller, 2015).
However, on the opposing side, others authors such as Nagender (2016) explained that of all the modern technologies developed over the last decades, it could be said that Smart Homes and other pertinent IoT infrastructures have presented the most profound social benefits (Waradpande, 2015).
Smart Homes is presently used by most medical specialist and firms in order to optimize medical service delivery as sick people or elderly ones are placed within smart spaces, with all the relevant smart systems which could effectively sense their temperate and also perform actions such as adjusting the home temperature or lightings just to suite the health requirements of ill/elderly persons (Briere, 2013). Also, Moolayil (2016) further explained that other attributes of smart homes such as Smart fire detection, through which the various interconnected smart-home sensors or components could effective detect any incoming fire outbreak and then automatically relay this details to appropriate parties. This has severally help to prevent fire outbreak and other man-made hazards, thereby leading to safety of lives and properties in the society (McEwen, 2014 ).
Despite the importance or benefits of any technology such as Smart Home, it is important to ensure that all the actions or activities of such system is guided within the boundaries of the law, as that is the only way it can be certified as a legitimate technology (Fiona, 2016). Many UK legislations have been drafted to regulate how technological systems should operate, especially while interacting with humans (Helal, 2008).
A fundamental legal concern in smart homes and other IoT based components is the transfer of the personal or confidential information of smart-home residents or users to third parties (Lobaccaro, 2016). Smart homes systems which usually comprises of numerous interconnected systems typically involves the transfer of information relating the smart-home inhabitants via various third party networks (Fiona, 2016). However, a critical assessment of this action indicates that it contradicts and legally violates the Data Protection Act (1998). This is fundamentally because sections eight (8) of the Data Protection Act imposes that it is illegal for the confidential or any form of user’s data to be given out to third parties without the due consent of the users (Mokhtari, 2009). Likewise, the Freedom of Information Act of 2000 also states that users or customers are entitled to explicitly know why their personal information is being used, and also the users could stop the collection or transfer to their information (Moolayil, 2016). However, most smart home systems are not designed to comply with the edicts from this legislations because smart home inhabitants are not given adequate explanation of why and how their data would be processed (Moolayil, 2016). This is therefore regarded as a violation of the fundamental human rights of smart home inhabitants, as prescribed by Article eight (8) of the Human Rights Act of 1998 which enforces the need for the privacy of all humans to be maximally respected either by firms or even the government (Fiona, 2016).
Also, in order to further dissect this issue, the Freedom of Information Act 2000, summarizes that the basic goals or characteristic of every reliable Information System or digital platform is to promote Confidentiality, Integrity and Availability (CIA) of the users’ data. However, it is practically obvious that most smart homes systems and IOT components in general largely compromise both the integrity and confidentiality of users’ information which is a violation of the Freedom of Information Act (2000) and the Data Protection Act (1998).
However, to objectively view this case for the legal perspective, the illegal access or sabotage of smart home networks by hackers is an illegal act that violates the sections four of the Computer MisUse Act of 1990 which primary states that computer technologies should never be used to perform illicit or mischievous activities which include the unauthorized access to third-party networks (Augusto, et al., 2006).
The usage of smart-homes and other analogous Internet of Things (IoT) based components, have presented some professional issues which is worth examining and discussing. In this case, professional issues simply deal with the impact of IoT and Smart-Homes, in relation to professional codes of conducts which was formed to guide computer professionals and other specialists (Moolayil, 2016).
The main observation of the Information Security Risk Analysis (ISRA) agency relating to Smart-Homes indicates that hacking or sabotage of smart homes or other IOT-Based components can be fundamentally traced down to the lapses in the design or network configuration of this systems, which the Hackers take advantage of (Briere, 2013). However, this is a serious professional issue because sections 2a of the BCS Code of Conduct advocates that both firms and developers should only undertake or provide services which are have adequate technical and legislative knowledge about. This in other words emphasizes that IT Professionals should never indulge in developing any system or providing services which is beyond their abilities or competence-level. In respect to this therefore, it could be ascertained that most companies that either manufacture or develop smart home system do not have the sufficient technical knowledge or infrastructural resources to ensure total security of the smart home systems without any form of leakage or backdoors (McEwen, 2014 ). This therefore, is a contradiction of the section 2A of the BCS Code OF Conduct.
However, from the opposing perspective, most manufacturers of Smart Home Systems such as Amazon, have all highlighted the fact that most of the fundamental issues relating to smart homes deals with the illicit hacking and sabotaged of this systems (Abowd, 2003).This is not solely the fault of the Smart Home Manufacturers as various parties such as Internet Service Providers (ISP) are also involved in the complete functioning of smart homes (Schwartz, 2016). However, to further put things into perspective, Abowd (2003) referenced Sections 2F of the BCS Code of Conduct. This states that both computer professionals/specialists or other users should never make or sabotage the works of others through malicious acts such as illicit hacking which is professionally prohibited (Moolayil, 2016). Therefore, proper adherence to section 2F of the BCS code of conduct (either by professionals or users) would eliminate enormous issues relating to Smart Homes.
Also, it is impossible to explicitly discuss the professional issues relating to Smart Homes and other IoT based components without making reference to the excessive collection of data relating to Smart Home occupants, as this has been a prolonged professional concern (Moolayil, 2016). In respect this issue, Gaglio (2014) explained that the First Section (1a) of the BCS Code of Conduct emphasizes the need for firms or professionals to respect the autonomy and privacy of others within their environment. However, this author further explained that most Smart Home Systems and other Internet of Things (IoT) are designed to extract and amass excessive private data about individuals and this does not depict that the privacy of users (smart-home inhabitant) are being respected in any form just as stated by the section 1A of the BCS Code of Conduct (Gaglio, 2014).
Although, most professionals that manufacture smart home systems might argue that it is impossible for the devices to function adequately with sufficient information about users. Borgeson (2013) reaffirmed that section 4B of the BCS code of conduct emphasizes that need for professionals to continuously seek development and optimization of their product and services either through trainings or other forms of professional development. In this respect, the smart home system developers should constantly try to make professional modifications to their systems so as to enable it function effectively even without obtaining excessive data from individuals (Helal, 2008). Finally, Wechsler (2012) explained that even after the personal data of Smart-Home Inhabitants have been obtained, it is essential that Section 1.8 of the Applied Computing Machinery (ACM) Code of conduct should be upheld. This code simply enforces the need for enforcing confidentiality of all personal data of users obtained, and a definite way of maintaining this is to avoid leaking users information to any third-party mediums without adequate (due) consent of the users (which in this case is the smart-home inhabitants) (Briere, 2013).
Smart Homes and other related Internet of Things (IoT) Systems have continued to experience constant reformations and upgrades which has resulted into monumental enhancement in its performance and operational capabilities (Abowd, 2003). However, some common limit and vulnerabilities exist in most smart home systems which creates substantial security and privacy risk, therefore making it essential to address it in this study.
A significant limit and vulnerability in this case, deals with the a lot of data breaches associated with most smart home system (Augusto, et al., 2006). Internet of Things (IoT) and Smart-Homes in particular comprises of various digital components which are interconnected to a central network within the internet (Wootton, et al., 2006). This might include specialized integrated networks, commercial servers or the cloud. However, hackers presently take advantage of the security gaps and loopholes of IoT networks, by deciphering encrypted data relating to smart home inhabitants (Borgeson, 2013).
However, security experts such as Okadome (2003) highlighted that this issue is largely as a result of the negligence of Smart Home System developers to adequately stiffer encryption and security measures. In addition, an intrinsic research conduct by MIT Lab practically indicated that asides the infiltration of smart home networks by hackers, even Internet Service Providers (ISPs) could passively assess and analyses the IoT mainstream networks (Borgeson, 2013). This therefore makes the confidential information of smart home inhabitants vulnerable to data breaches.
Also, another common vulnerability that tends to limits the effective functioning of Smart Homes is the Denial of Service (DOS) attacks, which usually occurs due to the injection of destructive Trojans, Botnets or Malware into IoT Networks (Hubaux, et al., 2004). This tends to complete alter the operations of the central networks which facilitates data transfer and interconnectivity of all the digital components connected in smart home or IOT ecosystem (Moolayil, 2016).
Internet of Things (IoT) and Smart Homes, are both regarded as one of the most influential technologies, and probably one of the few technologies which has had the most impact on Society (The developed World). However, as just as the utilization and proficiency of smart homes have continued to increase, so has the privacy and security risks associated with this technology.
A Smart home comes loaded with benefits such as: Managing all of your home devices from one place, Flexibility for new devices and appliances, Remote control of home functions, increased energy efficiency and Home management insights.
The excessive gathering of user data has raised a lot of ethical, social, and legal concerns as this has led to privacy evasion and behavioral changes of smart home occupants, Authors such as Knapp and Schmitt (2013) explained that despite various technologies such as social media platforms and augmented reality frameworks that extensively work with people’s data, it can never be compared to the magnitude of information which smart home components generate & gather.
All this has led to genuine calls for enhancement of smart-home architectures through stiffer encryption protocols, strict adherence to data protection policies and also forensic techniques, in order to protect the privacy and security of smart-home inhabitants.
Abowd, G., 2003. Smart homes or homes that smart?. ACM SIGCHI Bulletin, 12(12), pp. 123-221.
Augusto, J. C., Nugent, C. & Dricker, D., 2006. Designing Smart Homes. IV Edition ed. Berlin: Springer.
Borgeson, S. D., 2013. Targetted Efficiency. 1st Edition ed. Berkeley, CA: Springer.
Briere, D. H., 2013. Smart Homes for Dummies. 2nd Edition ed. Hoboken: New Jersey.: John Wiley & Sons.
Calvary, G., 2013. Computer science and Ambient Intelligence. 3rd Edition ed. London, United Kingdom: Iste.
Fiona, N. F.-H., 2016. HCI in Business, Government, and Organizations: Information Systems. 1st ed. Cham Palace, United Kingdom: Springer International Publishing.
Gaglio, S., 2014. Advances onto the Internet of Things (IOT). 3rd Edition ed. Cham: Springer International Publishing.
Helal, A. A., 2008. Smart homes and health telematics. 1st Edition ed. Berlin: Springeer.
Hubaux, J., Capkun, S. & Luo, J., 2004. The security and privacy issues in Smart Vehicles. IEEE Security & Privacy Magazine, 3(2), pp. 49-55.
Khurana, H., Hadley, M., Ning, L. & Frinckle, D., 2010. Smart-Grid Security Issues. IEEE Security & Privacy Magazine, 8(1), pp. 81-85.
Knapp, E., Schmit, D. & Samani, R., 2013. Applied Cyber Security and Smart Grid. 1st Edition ed. Burlington: Elsevier Science Press.
Lobaccaro, G., 2016. A Review of Systems and Technologies for Smart Homes and Smart Grids. Energies, 9(5), p. 348.
McEwen, A., 2014 . Designing the Internet of Things. 3rd Edition ed. Chichester: Wiley.
Miller, M., 2015. The Internet of Things. 12th Edition ed. New York City: Que Corporation.
Mokhtari, M., 2009. Ambient assistive health and wellness management in the heart of the city. 2ND EDITION ed. Berlin Heildelberg,: Springer.
Moolayil, J., 2016. Smarter Decisions – The Intersection of Internet of Things and Decision Sciences. 2nd Edition ed. Birmingham, UK: Pack Publishing.
Nagender, K. S., 2016. Smart Homes. IV Edition ed. Chicago: Springer.
Okadome, T., YAMAZAKI, T. & Makhtari, M., 2003 . Pervasive computing for quality of life enhancement. IV Edition ed. Amsterdam: IOS Press.
Pathy, M. S., Sinclair, A. & Morely, J. E., 2017. Principles and practice of geriatric medicine. 2nd Edition ed. Chichester: United Kingdom.
Schwartz, M., 2016. Internet of Things with ESP8266. 1st Edition ed. Orlando: Packt Publishing.
Waradpande, P., 2015. Activity recognition using radars. 5th Edition ed. Oakland, CA: Springer Publishers.
Wechsler, H., 2012. Biometric Security and Privacy Using Smart Identity Management and Interoperability: Validation and Vulnerabilities of Various Techniques. Review of Policy Research, 29(1), pp. 63-89.
Wootton, R., Dimmick, S. L. & Kvedar, J. C., 2006. Home Telehealth. 3rd Edition ed. Los Angeles, California.: Hodder Education.