This document discusses ethical issues related to smart technology in IoT. It begins with an introduction to IoT, architecture, and privacy/security concerns. It then examines stakeholders and their interests/risks. Resolutions discussed include security measures at different layers and increasing user awareness. Two specific examples are analyzed: a teddy bear hack that leaked personal recordings, and Fitbit sharing customer health data. Considerations for dealing with ethical issues include regulations, following ethics codes, customer benefit, and security improvements. Examples of IoT uses in business and related incidents/vulnerabilities are also summarized.

1. Ethical Issues – Smart Tech in
IoT

2. Introduction
• Internet of things
• IoT architecture
• Privacy and Security
Tank, B., Upadhyay, H. & Patel, H. 2016, 'A Survey on IoT Privacy Issues and Mitigation Techniques', paper presented to the Proceedings of the Second International Conference on
Information and Communication Technology for Competitive Strategies, Udaipur, India.
Lucero, S. 2016, IoT platforms: enabling the Internet of Things, IHS, ihs.com.

3. Stakeholders
• Interests
• Power/interests grid
• Risks
https://www.stakeholdermap.com/images/stakeholder-analysis.gif

4. Resolutions
• Security Measures
• Perception layer
• Access control – secure tags
• Key management – forward/backward secrecy
• Network layer
• Authentication
• Application layer
• Technical – protection of privacy
• Non-Technical – increase user awareness

5. Internet of Things
Ethical Issues

6. Ethical Issues
• What is Ethics?
• IEEE ethic code
• IoT Ethical Issues

7. Personal message recording leak – Teddy bear
• Ethical Issues:
• Internet connected Teddy bear leak 2 million recordings of parents and their
children
• 800, 000 records of personal information were exposed (emails, password)
Chester, R. 2017, 'Millions of recorded messages between parents and children targeted in teddy bear toy hack'.

8. Personal message recording leak – Teddy bear
• Ethical Issues:
• Database design flaw
• Irresponsible vendor
• Records were sold
Chester, R. 2017, 'Millions of recorded messages between parents and children targeted in teddy bear toy hack'.

9. A Case study - FitBit
https://support.endomondo.com/hc/en-us/articles/202228488-Fitbit

10. A Case study - FitBit
• Ethical Issues:
• Shared their customers’ fitness
information with their business
partners
• Advertisement emails, phone calls,
and ad notices on the phone were
interrupting the customers

11. Considerations dealing with Ethical issues
• Government regulations of IoT
• When making decisions, follow the ethics code
• Always think about the customers’ benefit
• Improve IoT security
• Customer awareness

12. Internet of Things
In Businesses

13. Examples of IoTs used in businesses
1.3 million robots in factories that are at risk of being hacked by 2018 (CNet)
https://www.cnet.com/au/news/factory-robots-industry-machines-can-be-easily-hacked/

14. Incidents
• In 2014 a German Steel Mill was hacked, some of the furnaces
blasted. Hackers obtained access by infecting emails with malicious
scripts sent to the employees’ inbox.
• A uranium enrichment facility in Iran was infected by a virus called
StuxNet leading a failure to some of the equipment in the facility.
http://www.bbc.com/news/technology-30575104
http://www.abc.net.au/triplej/programs/hack/the-worlds-first-digital-weapon-stuxnet/7926298

15. Internet of Things
Legal issues

16. Legal issues is?
• Intellectual property
• Cybercrime
• Liability of providers
• Data protection and privacy
• Telecom

17. Case Study: Trane
• Connected thermostat vulnerabilities detected by Cisco’s Talos group
allowed foothold into network
• It tooks 12 months to find fixes for 2 vulnerabilities
• 21 months to publish fix for 1 vulnerability
• The device owners may not aware of fixes or have the skill to install
updates
http://blog.talosintel.com/2016/02/trane-iot.html

18. Solution
• Policies, procedures and standards
• Awareness training
• Risk management and weakness management
• Forensics
• Additional types of logging, log storage
• Increased demand for IP addresses both IPv4 and IPv6 and Increased network complexity
• Strengthen partnerships with researchers, vendors, and procurement department
http://krebsonsecurity.com/2016/02/iot-reality-smart-devices-dumb-defaults/
http://www.gsma.com/connectedliving/gsma-iot-security-guidelines-complete-document-set/