Technology: An Introduction to IoT, the Associated Risks and How to Address Them
What is IoT? IoT is when we take anything besides a traditional computer, add computational intelligence, and add network connection to the device (to allow it access to resources that is not local), in order to enhance its functions. Therefore, IoT devices are in many ways identical to embedded systems with the only difference being internet connectivity, thus the name Internet of Things.
More broadly, IoT devices are typically expected to 1) Provide enhanced functionality without additional complexity to the device, 2) Have IoT capability, including networking ability embedded within an object, and 3) The device should conform to what the users want and have an interface that makes it easy for the users to use. Based on these 3 principals, if we were to ignore networking, what we have is essentially an embedded system.
Embedded systems are nothing new and have been around for years. Just like IoT devices, they are computer based systems that do not appear to be computers and the complexity is hidden from the user. Common embedded systems found in homes include refigerators, TV and washing machines. These devices typically come with programs built into the product which enhances its capabilities. For example, a smart washing machine may have pre-set wash cycle parameters, rather than manually tuning washing time, cycle speeds and water temperature, users can simply dial for a pre-set mode which can automatically figure out the best wash settings based on the load.
So how did embedded systems evolve to IoT? A number of technological trends and the development of which has led to IoT. These are
1) Decrease cost of hardware - decrease the cost of building IoT devices and thus increase its supply and move towards mainstreamness and technology’s wide adoption
2) Decrease in size and weight for the same computation power - enables the devices to be more mobile and lightweight (which often associates with power supply)
3) Increase in computational ability - increases the number of and difficulty of tasks which can be performed
4) Improved access to internet, particularly wireless internet - enables access to non-local resource
5) Low data costs - making the concept and practice of connecting devices to internet feasible
6) High data bandwidth - a lot of data can be transmitted at the same time quickly
Similar to many other technologies, it was the confluence of the above factors which has given rise to the technology and all these ingredients play a critical role in the development and advancement of the technology.
How is computational power on IoT devices different to regular computers?
As mentioned above, one of the key elements to the practicality of IoT is the decrease in size and weight for the same computational power over time and this is a key driver for success of the technology. IoT devices are almost exclusively mobile, this means they typically do not have access to power through a wall. Therefore, these devices carry mobile battery packs that are built into the device.
Typically the battery is the heaviest component on an IoT device, by far. In order to minimise the battery size on these devices, designers of the device need to think strategically when designing the product, to have the bare minimal computational power needed for the IoT device’s task to cut down on power consumption and improve efficiency of the system. These are reflected in the two main design principals of IoT.
1) Embedded systems tend to be application-specific, meaning they are designed to perform one task or a set of related tasks
2) General purpose machines like computers are very inefficient because most of the time the user is not utilising 100% of its capabilities. It is because of this, general purpose machines cost more than they need to do any individual task.
3) Since IoT is application specific, high design efficiency is possible when compared to design of a general purpose machine
1) Hardware and software are usually designed together
2) Designer needs to know the limitations of the hardware well in order to design a software that well utilises the hardware and performs efficiently
3) For general purpose machines, the hardware and software are usually developed by different companies
What are the gaps?
Since IoT devices are designed to have the bare minimum computational power that is needed for their tasks, IoT devices typically lack computational power that is needed to run operating systems (OS) and cybersecurity softwares. When considering the volume of data that is being transmitted by these devices via the internet, together with the growing adoption of these technologies such as in smart homes, there is increasing concerns across the globe regarding the newly created gap in data and personal privacy exposed by IoT.
At the moment, the most prominent IoT ecosystems for smart homes are developed by Google, Amazon, Apple and Xiaomi. Although these companies may be highly sophisticated in their technology, the real developers behind the various IoT devices are those smaller companies and factories which produce, for example Google-compatible IoT devices. These smaller businesses purchase the right to build devices which are compatible with these ecosystems via a chip developed by the tech-giants and it is their lack of sophistication and governance in this space which has become a major security concern.
For instance, Google does not necessarily produce the light bulbs that are compatible with Google Home. In fact, most Google Home compatible products are not developed by Google. As more and more people adopt IoT technologies to build their smart homes, it has become common place for traditional electronics producers to incorporate this shift in market demand into their own products. A factory in China which has traditionally manufactured regular light bulbs may decide to negotiate with Xiaomi to build Xiaomi compatible bulbs. However, the factory itself may not have invested in the research and development of these bulbs in consideration of data protection and cybersecurity. Sure, the light bulb works as expected but what if someone were to hack into the user’s smart home and suddenly have access to and can control the devices within the user’s home?
Addressing the concerns
The Internet of Things is connecting more devices every day, and it is expected that by 2025 we will be living in a world with 64 billion connected IoT devices. We can expect that as IoT continues to grow, it will change the way we live and have major impact to our day-to-day lives across all aspects of living.
To increase the safety of these devices, there needs to be major changes to how the industry and technology is being regulated at a global level. As the technology at this stage is often labeled as vulnerable to hacking, they open channels for unwanted surveillance, lack of true security, support and regular security updates, our lawmakers need to start thinking about how the industry is ought to be regulated through a highly enforcable robust framework.
Hong Kong is a high-tech global financial centre and will definitely be prone to the above mentioned risks associated with IoT. To address the above concerns, our legal and compliance team at Aurum is kicking off a series of research and development work to assist ammendment and refinement to the The Personal Data (Privacy) Ordinance (PDPO) in conjunction with the Privacy Commissioner for Personal Data (PCPD) to continue our mission to protect data and personal privacy of the people of Hong Kong and more broadly as a global citizen, we are committed to improving data governance globally and contributing to conversations across the globe on this front.
Please stay tuned for updates from us as we traverse this uncharted territory of data protection and governance in IoT.