Archive

Posts Tagged ‘IoT’

Kenya Needs IoT-specific Laws to Protect Consumers

October 18, 2018 Leave a comment

IoTThe rapid growth of the Internet brings with it new technology and applications. Of these, the most significant is the Internet of Things (IoT) which is bound to transform the Internet and move it from a virtual platform into the real world. The IoT will interconnect many devices to each other via the Internet and in the process, collect, process, store and transfer a large volume of information collected via these devices sensors. This data includes personal data which if misused can lead to personal harm or financial loss. To prevent this from happening, the IoT device end user might need to be protected by use of legislation from unwarranted misuse of their private data. If the current state of Kenyas data protection is anything to go by, the IoT will dig us deeper into the privacy issues that arise due to the sheer amount of data collected.  There is need to have laws in place that will protect the IoT end user’s private data from misuse. Upon my analysis of existing laws, the level of preparedness of the national regulator towards the privacy issues arising from the IoT use and adoption is wanting. Also,  end users and would-be end users are not aware of the privacy concerns surrounding the IoT adoption.

The IoT stands to benefit Kenyas in many ways, the connection of previously unconnected items such as furniture, cars, manufacturing plants and many more will have a huge positive impact on the quality of life for many. An example closer to home of what connecting previously unconnected physical things has on our lives is the advent taxi hailing apps such as Uber and Taxify. A cab on any of these platforms is essentially a car that is connected to the internet (not to be confused with a car that has Internet). The connecting of cars to the Internet has led to the lowering of travel costs for many and increased convenience because of improved economies of scale and efficiencies introduced. Now imagine this at a grand scale where everything we use in our daily lives is connected. The benefits will be immense. Take for example in the health sector, IoT sensors connected to patients will collect vital patient statistics in realtime and share with medical personnel immediately a threshold is reached to enable them take action and save a life.

In January 2018, The Communication Authority of Kenya (CA) said that Kenya’s Internet penetration stood at 112.7%[1] meaning that there are more Internet connected devices in Kenya than there are people. In other words, people own more than one device that is connected to the Internet. Between 2009 and 2010, the number of Internet connected devices in the world outnumbered the world’s human population (Ammar and Samer, 2016). Kenya is therefore a late entrant to the list of countries whose number of internet connected devices outnumbers the human population.

At the moment, most of these are personal computing and communication devices such as mobile tablets, mobile phones and personal computers. However, there is an increasing number of sensors and everyday objects that were previously unconnected that are now connected to the Internet. It is these new entrants into the connected space that will be the focus of this article. The IoT is what we get when we connect Things which are not operated by humans to the Internet (Waher, 2015). These things will not be general purpose devices such as smartphones and Personal Computers but dedicated-function objects such as furniture, vending machines, jet engines, connected cars and a myriad of other devices (Hung, 2017). The International Telecommunications Union defines IoT as “A global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication”[2]. According to Gartner[3], there is estimated that there will be over 30 billion connected devices by 2020; this is projected to rise to 75 billion devices by 2025. These devices will initially be adopted in commercial and industrial settings before eventual adoption for personal use. One characteristic of the IoT devices is the presence of sensors that can electronically detect the environment and generate data. According to Kenny (2015), the data collected by sensors will exceed 1.6 Zettabytes by 2020. This data will include data of a personal nature that will have been collected with or without consent of the IoT direct users or bystanders.  Six in ten IoT devices don’t properly tell end user how their personal information is being used or even when it is being collected. This leaves the end user in the dark as far as what happens to this data. The privacy risk posed to the end users whose personal data has been collected by IoT sensors. According to Renaud and Aleisa (2015), the percentage level of concerns identified by most scholars on IOT privacy is as below:

  • Location and tracking, this is the threat of determining and recording a person’s location through time and space at 31.5%
  • Identification threats that happen when sharing of un-anonymised data where a person’s identifier such as a pseudonym or an address is user to identify and locate the person in real life at 25.9%
  • Analysis of individuals data by use of data mining techniques for the purposed of profiling them at 21.3%
  • Inventory attacks, where the IoT device is hit by a Denial of Service attack to render it incapable of normal function at 8.3%
  • Interaction and presentation threats which occur when a user’s private data is transmitted through a public medium such as the internet and in the process disclosing it to unintended audiences at 6.5%
  • Life cycle transitions, where an end-of-life IoT device is discarded with it still holding private data at 3.7%
  • Linkage where previously autonomous systems are interconnected such as the combination of data sources creates new information that would have been impossible to create before. This threat is at 3%

It is emerging that users do not have the power to control what data is collected about them and how this data can be used or stored, privacy concerns have been on the rise in recent times.

The government and the Communication Authority need to empower users through primary and secondary legislation to enable them control quantity and types of data collected about them. A starting point would be putting in place IoT device manufacturing best practices to give control to the individual about that data is collected and how it is stored or transmitted. Devices that do not meet this criteria shouldn’t be imported into the country.  The empowered user should be in a position to:

  • Know when and what type of data about them is recorded and transmitted by an IoT device before purchasing or using it
  • Be adequately informed about how the IoT device protects any collected data on the device and also during transmission of this data.
  • Carry out the configuration and customization of privacy preferences on IoT devices to their level of comfort as concerns their security.

There is a push in the industry that manufacturers of IoT devices that collect personal data should be able to self-regulate and not wait for external and forced compliance to the above-mentioned privacy best practices. However, history lends that self-regulation has rarely worked. A good example was the need to have all mobile phone handsets charge using a common micro USB charger; it had to take the European parliament to pass laws that forced all European handset manufacturers to have their devices charge through a micro USB port for this to happen. Several countries are proposing regulations around IoT privacy and security. Australia and the United States of America are working towards laws to regulate the IoT devices so that at the minimum all the IoT devices:

  • Have non-default passwords on all manufactured IoT devices. This is because many devices today usually contain a default password to enable initial login in for device configuration purposes
  • All IoT device software must be patchable for discovered vulnerabilities and should be based on standardized protocols
  • Well laid down vulnerability handling and disclosure policies by manufacturers to ensure transparency and proper threat assessment of possible privacy and security weaknesses

One of the key roles of Communication Authority of Kenya is the safeguarding and protection of consumer interests in relation to the provision of ICT services (CA, 2015). This is achieved through the use of various regulatory instruments that are guided by laws. The current consumer protection regulations are as below:

  • The Kenya Information and Communications (Consumer Protection) Regulations, 2010
  • The Kenya Information and Communications (Dispute Resolution) Regulations, 2010
  • The Kenya Information and Communications (Registration of subscribers of Telecommunication services) Regulations, 2012

None of the above regulations addresses the privacy concerns the IoT users have when using the IoT. It is worth noting that the Kenya Information and Communications (Registration of subscribers of Telecommunication services) Regulations were passed in 2012. This was after the fact that it was realized the lack of mandatory legislation-backed mobile subscriber registration hampered the fight against mobile phone-based fraud. Criminals had laid their hands on subscriber details from M-pesa outlet booklets and have been using them to carry out fraud and identity theft.

The lack of a legal and regulatory framework for the protection of consumer right to privacy on the IoT can lead to negative consequences such as those witnessed on the mobile telephony space where criminals perform fraud and identify theft.

 

[1] Communication Authority of Kenya First quarter (July-September 2017) sector statistics report for the financial year 2017/2018
[2] https://www.itu.int/en/ITU-D/Regional-Presence/AsiaPacific/SiteAssets/Pages/Events/2016/Dec-2016-IoT/IoTtraining/IoT%20Intro-Zennaro.pdf
[3] https://www.gartner.com/doc/3659018/iot-global-forecast-analysis-
Advertisements

The Internet of Things is about to change how we live and work

January 2, 2018 Leave a comment

intel_iot-m1Last week, the Communication Authority of Kenya released its sector statistics report for July to September 2017 showing that Internet penetration has hit 112.7% in the country. This is higher than the mobile penetration rate which stood at 90.4% for the same period.

The availability of Internet access presents a great opportunity for individuals and businesses to improve their lives and operations through efficiencies gained by adopting the Internet as a tool in their daily activities.

As the technology evolves, the Internet as we know it is also rapidly changing, it is now no longer restricted in virtual interfaces such as web browsers and apps such as WhatsApp or Youtube. The Internet is now moving out of the screen and into the real world and will soon be part and parcel of our living and working environments. Many items in our environment from the clothes we wear, furniture to electric appliances and homes will become part of the Internet in what is now known as the Internet of things or IoT in short.

By connecting all these items to the internet (and ultimately to each other), The IoT will present us with endless possibilities to better our lives from an individual perspective and also lower costs and create new revenue streams for businesses.

Take for example the idea of connected fabrics and wearables which will connect all your clothes and other attire to the Internet. This will enable your shirt for example to detect the chemicals in your sweat and send this information to your email or WhatsApp telling you that based on the chemicals in your sweat, you are about to come down with an infection, the shirt or wearable will also be able to take your heart rate and blood pressure constantly and warn you or even share this information directly with your doctor. Another example in IoT connected fabrics is wearing your favourite football jersey that immediately glows when your team or favourite player scores a goal. Connected homes will also present a great opportunity for families. Take for example a fully connected home where the fridge detects that butter is running out and automatically adds this to the your shopping list that is resident in your phone or tablet. The phone or tablet will then send you a reminder when it detects you approaching a supermarket that stocks that particular brand of butter that you love. Imagine also getting an early morning meeting appointment in your calendar and this automatically adjusts your wake-up alarm to an earlier time than normal bases on traffic conditions of the route you intend to use to the meeting from your house. This same alarm will also send a signal to switch on the water heater slightly earlier than normal.

On the business front, organizations stand to benefit a great deal from the IoT. Using the butter and connected shirt example above, the supermarket can place small screens on shopping trolleys that automatically display your shopping list when your phone is near the trolley and automatically deletes each item you pick and place in the IoT-enabled trolley, the screen can also have shopping floor navigation aids to help you easily locate shelves hosting the items in your shopping list. They can also place sensors at the shelves that will make your shirt give you a signal (this can be vibration or change in colour of the shirt) when you pass by the frozen display area where butter is kept. Businesses can also adopt IoT in their processes to improve efficiency. For example, insurance companies can use sensors embedded in cars they insure to accurately gauge driver behaviour on the road and offer lower premiums to good drivers and higher premiums to reckless ones. County governments can also leverage the IoT to improve efficiency in parking space management in cities and towns. For example, sensors under each parking slot can be connected to mobile app or to IoT-enabled cars to indicate free or occupied slots and automatically navigate the drive to the nearest free slot, they can also measure how long a particular car has parked and automatically bill the car owner on time spent basis. The county government can also implement different parking rates based on demand for space and for traffic control too (e.g slots farther from the CBD would be made cheaper than those in CBD.

The IoT can also bring significant efficiencies into the agricultural sector. Aquaculture farmers in Vietnam are already using IoT sensors to detect pond water salinity and automatically switching on fresh water pumps to dilute the pond water to the correct salinity, the pump switching system is also connected to an IoT-enabled mini weather station that will delay switching on if rains are forecasted.

Despite great strides made on the internet penetration in Kenya, more needs to be done to create a conducive environment for the growth and adoption of the IoT. This could include passing the necessary legislation on cyber security and privacy, two major concerns in the adoption of the IoT. It is estimated that there will be over 75 billion IoT devices in the world by 2025 making IoT enabled devices ubiquitous, this presents a great opportunity for Kenya to once again lead its peers on new technology adoption.

Categories: IoT Tags: , , ,