wordpress blog stats
Connect with us

Hi, what are you looking for?

What the Internet of Things is, its security & privacy concerns – CCGNLU, Delhi


By Dhruv Somayajula


On 21st October 2016, multiple cyber-attacks on the Internet infrastructure company Dyn shut down web browsing across America and Europe for hours. Over 100,000 devices were reportedly connected via a malware botnet named Mirai for this attack. The attack was a Distributed Denial of Service attack (DDoS), which is carried out by flooding the bandwidth of a web server with artificial traffic from multiple devices. This causes it to crash and renders it inaccessible. This attack specifically was carried out by using a medley of devices connected over the internet, including security and street view cameras used for industrial security.

The Dyn attack was another reminder to the global community about the potential dangers of unregulated devices connected over the internet, otherwise known as the ‘Internet of Things’ (IOT).

This post, the first of a two-part series, will examine the IOT framework, its practical applications and the risks associated with it. The second part will discuss the challenges to law that IOT may possibly create, the existing legal framework to deal with them, and the areas where change is required to accommodate the IOT.

What is the Internet of Things?

Advertisement. Scroll to continue reading.

First coined by Kevin Ashton, the phrase ‘Internet of Things’ describes the network of devices connected via the internet promoting a smarter way of life. Any device with a function that connects it to the internet is a part of the IOT. These devices include smart home devices, cameras, wi-fi routers, television sets and smart cars.

A comprehensive definition of the ‘Internet of Things’ is offered by the International Telecommunications Union (ITU) which defines it as “a global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies.”

The Indian Government, in a draft policy released last year, defined the ‘Internet of Things’ as “a seamless connected network of embedded objects/ devices, with identifiers, in which M2M communication without any human intervention is possible using standard and interoperable communication protocols.” This definition only covers a small subset of the IOT since it makes exclusive reference to machine-to-machine communication (M2M communication). This includes only isolated device-to-device communication through embedded hardware and cellular or wired networks. In general, however, the IOT is a broader collective of devices, which also includes communication of data through wireless and cloud-based networks.

Uses and Applications of the Internet of Things

The IOT operates as a network of devices that can share data among themselves to help create convenience for people, by creating patterns of daily activity and executing them. This convenience is in relation to both ease of living, as well as adding value to necessary infrastructure.

There are many practical applications for consumers using IOT devices, including through the usage of wearable devices, sensors for quantification of personal data, and home automation. The use of smartwatches and trackable bands for fitness is an example of devices sharing data over the IOT. Quantified self apps, which claim to track one’s heart rate, calories consumed sleep cycles through sensors for keeping track of one’s habits are examples of sensor-based devices on IOT networks. Another growing category of devices for personal consumption is home automation, where light bulbs, thermostats and alarm clocks are connected to each other in a smart home.

Advertisement. Scroll to continue reading.

However, in addition to consumer-oriented uses, smart cities like Barcelona, Amsterdam and Singapore are using IOT to improve road safety management, traffic diversion into alternate routes, waste accumulation triggers and water management portals by use of data accumulated from sensors. For example, the project Autonomous Intersection Management was designed to demonstrate how smart cars can avoid traffic congestion at intersections through the Internet of Things. The UN Commission for Broadband Commission for Sustainable Development also identifies specific IOT devices as useful for developing industries, including devices that can collect medical data to check for epidemics, measure water quality, enable remote access to irrigation pumps in farms and monitor wildlife.

Risks posed by increasing use of the IOT

The collection of data through the IOT creates databases for accurately predicting actions. This accumulation of sensitive data (including mapping of personal habits, geo-tracking, video recording on CCTVs and home electricity patterns) needs to be safeguarded against cyber-attacks or theft. Information concerning the activity patterns of consumers can be mapped through the data collected to accurately predict the activities of a person, and this power can be susceptible to misuse in the wrong hands.

This is where the fundamental risks of the IOT lie – in the twin issues of security and privacy. The DDoS attack on Dyn last month was caused by an estimated 100,000 unsecured devices, using malware to flood the server with requests, causing it to crash. Moreover, recent security breaches by online hacker groups using the IOT create a legitimate concern for the safety of the devices used on the IOT and a need for evaluation of India’s level of preparedness for a possible attack. Breaches of IOT devices in the past have led to disastrous consequences, such as a smart car being switched off remotely in a busy intersection, or baby cams activated to spy on over 700 people. A huge number of devices, especially pre-2000s devices, have extremely low protection due to outdated standards and are vulnerable to cyber-attacks. The onus is on the industry to reduce the gap between the vulnerabilities of older devices and the global standards for cyber security adopted by IOT devices.

Attacks such as that on Dyn also raise questions about the safety of the data which the device seeks to utilize for its application, and whether a person’s privacy can be breached by way of these cyber-attacks. A smart city monitoring roadways and controlling traffic, or an automated smart lock used for home security, can also potentially be breached by hackers, or misused for surveillance purposes. These concerns will only grow with the increasing adoption of IOT devices. A secure IOT framework would need to include include robust laws on security standards, data protection and privacy. The next post in this series will examine the legal framework for data protection with particular reference to the IOT in India and across the world, and evaluate how Indian laws can best accommodate the challenges thrown up by the rising use of online devices.

About the author: Dhruv Somayajula is a third year student at NALSAR University of Law, Hyderabad and is currently interning at CCG.

Advertisement. Scroll to continue reading.

Crossposted with permission from CCG at NLU Delhi.

Written By

Free Reads


Paytm has tried to distance itself from Paytm Payments Bank due to the regulatory scrutiny.


This amendment widens the scope of those allowed to delete records pertaining to the direction of interception from law enforcement bodies to other authorities...


Pensioners can now use bank passbooks instead of mobile or Aadhaar for identity verification.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Notably, Indus Appstore will allow app developers to use third-party billing systems for in-app billing without having to pay any commission to Indus, a...


The existing commission-based model, which companies like Uber and Ola have used for a long time and still stick to, has received criticism from...


Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...


Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...


RBI Deputy Governor Rabi Shankar called for self-regulation in the fintech sector, but here's why we disagree with his stance.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ