Professional Documents
Culture Documents
IOT Notes
IOT Notes
IOT Notes
Q1 : Identify the three legal aspects of IOT and proposed solutions for same.
ANS:
Data Privacy & Protection
The risk of a data security breach is great since there are so many IoT devices communicating with
one another online. As more IoT devices are released onto the market, this problem will only
become more complicated.
The Information Technology Act of 2000 (ITA) and the "Reasonable Practices and Procedures and
Sensitive Personal Data or Information Rules, 2011" (Rules) enacted under Section 43A of the ITA
both contain provisions relating to the protection of individual personal information (as amended).
According to Section 43A of the Information Technology Act (ITA), which deals with safeguarding
data on electronic means, a body corporate is negligent if it neglects to create and maintain
"adequate security standards and procedures" in respect to any individual.
The IoT service provider can have a carefully crafted privacy policy outlining the private
information that is gathered by the service provider, the breadth and amount of use to which such
information is put, and the procedures taken to ensure the protection of the collected information.
The Service provider can also adopt precisely drafted terms & conditions which typically regulate,
Limitation of Liability, Responsibilities of the service provider and consumer/user, Indemnification,
Intellectual Property Rights, Assignment/Licensing, and Dispute Resolution etc.
Further, in order to ensure compliance with Section 72 of ITA, the service provider can execute
stringently drafted Non-Disclosure Agreements with its customers.
Liability Issues
The service provider may be required to delegate the task of gathering, processing, and storing the
data to third-party "specialised data brokers/vendors" due to the volume of the data/information and
the number of stakeholders involved, which is likely to grow in the near future.
In such a case, it is important that the service provider take all necessary precautions to guarantee
that the privacy and data protection provisions are not violated before disclosing any information to
any third party.
The service provider needs to strike the right balance concerning the "allocation of risk". This is
particularly vital in order to set the limitation of liability for the service provider in the event of
breach of data privacy and non-disclosure requirements. The allocation of risk can be dealt with by
incorporating relevant provision in the terms & conditions of use of service. Alternatively, the
service provider can have software End User Licensing Agreements (EULA) drafted that
incorporate the relevant clauses which can be executed each time a user of IoT agrees to use the
service provider's software/services.
Data Ownership
Due to the involvement of multiple stakeholders/IoT users, involvement of third parties and the
multitude of sources of the data, the data may come into possession of many data processors. The
IoT service provider, being the data controller would essentially determine the scope, extent,
manner and purpose of the use of the personal data, whereas the service provider may have different
third party data processors, functioning to process the data on the instance and under the control of
data controller. Therefore, an aspect worth noting is that since there are numerous channels of
dissemination of the data/information and multiple stakeholders involved, the IoT service provider
(data controller) at all times should ensure that the line between data controller and data processor
does not get obscured. Additionally, the Machine Generated Information (MGI) and Machine to
Machine Communication (M2M) generated in an IoT environment would also pose ownership and
liability issues.
In light of the above, the allocation of risk and responsibilities between the parties must be defined
preciselyin particular, which party bears the liability for any damage caused to the user of an IoT
and which party owns the information generated by the IoT project. Hence, warranties and
indemnities regarding data protection, security and privacy will become important to help draw the
line between data controller and data processor which are made all the more complex by the large
number of stakeholders involved in an IoT environment. The question that who will own the data
will be purely based upon the agreement between the two entities.
Manufacturing
Many of us believe, the biggest use of IoT technology is with the end consumer products, however
in my opinion, in the next couple of years the biggest drive for IoT technology will be from
manufacturing and industrial automation domain. As per a survey in 2016, 38% of the organizations
have already adopted IoT, almost 57% are planning to go for it in this year, and 69% of them are
planning to increase their budget in this space. 2017 and years to come, looks bullish for IoT;
especially in this domain.
Security and Privacy
The basic principle of IoT is that number of devices will be connected to internet and that to AI
driven internet in future. The rate at which these devices will increase and the amount of data and
information these devices will share brings the risk of device, data and information security in
future. It will remain the point of concern for organization opting for IoT platforms. They will be
aware of the security concerns and will be ready to invest in solutions offering security measures for
these IoT devices.
Features of Wi-Fi 6
The evolution of the latest Wi-Fi 6 standard has introduced several new technologies that overcome
the traditional limitations of Wi-Fi networks.
For one, the Orthogonal Frequency Division Multiple Access (OFDMA) makes Wi-Fi 6 a much
better-suited option for IoT than its previous versions, providing better performance, lower latency,
and faster data rates.
In addition, it comes with advanced capabilities like Target Wake Time (TWT) for better scheduling
and longer device battery life and directional beamforming that focuses wireless signals toward
specific clients instead of having the signal spread in one direction.
Lastly, when it comes to security, Wi-Fi certified technologies like Wi-Fi 6, Wi-Fi 6E, and Wi-Fi
Harlow support strong WPA3 security and worldwide interoperable assurances, letting vendors
deliver the best experiences to their customers.
Ans :- IoT security is the technology segment focused on safeguarding connected devices and
networks in the internet of things (IoT). IoT involves adding internet connectivity to a system of
interrelated computing devices, mechanical and digital machines, objects, animals and/or people.
Each "thing" is provided a unique identifier and the ability to automatically transfer data over a
network. Allowing devices to connect to the internet opens them up to a number of serious
vulnerabilities if they are not properly protected.
A number of high-profile incidents where a common IoT device was used to infiltrate and attack the
larger network has drawn attention to the need for IoT security. It is critical to ensuring the safety of
networks with IoT devices connected to them. IoT security, includes a wide range of techniques,
strategies, protocols and actions that aim to mitigate the increasing IoT vulnerabilities of modern
businesses.
What is IoT security?
IoT security refers to the methods of protection used to secure internet-connected or network-based
devices. The term IoT is incredibly broad, and with the technology continuing to evolve, the term
has only become broader. From watches to thermostats to video game consoles, nearly every
technological device has the ability to interact with the internet, or other devices, in some capacity.
IoT security is the family of techniques, strategies and tools used to protect these devices from
becoming compromised. Ironically, it is the connectivity inherent to IoT that makes these devices
increasingly vulnerable to cyberattacks.