Saturday, October 1, 2016

PF Nov 2016 - The Internet of Things vs. Personal Privacy - Introduction

Resolved: On balance, the benefits of the Internet of Things outweigh the harms of decreased personal privacy.


Introduction

This will be our first "real" topic of the 2016/2017 season.  Our novices used the previous student-search topic as a means to learn basic research, case writing and the mechanics of running a Public Forum debate round. But this topic is the one that will be debated in the first varsity tournaments of the new season, where we compete. It seems, the NSDA feels a certain obligation in selecting what many claim are "good novice topics" for the November resolutions and indeed, I heard many comments that this and the "smart phone" choice also proposed by the NSDA for November were elementary and perhaps one-sided. For others, the terminology, "Internet of Things" was strange and unknown. No problem about terminology.  Debate is all about learning new things but even more important is learning how to argue both sides of a resolution, even if there seems to be an inherent bias toward a particular point of view. Having said that, I don't think this topic is one-sided and it is anything but elementary.

This topic will obviously seek to examine the clash we often face as the promise of wonderful new, technologies which potentially improve the quality of life are vulnerable to the exploits of others who seek to expose the personal information of users for a myriad of nefarious purposes. For example, email, social media, online shopping, online banking, and many other life-enhancing advancements in communications and commerce have all been exploited and continue to be exploited by individuals or groups for the purpose of harassing, threatening, stealing, deceiving, or whatever. It would be foolish to think current technologies being developed or future ones yet to be developed will not continue to be exploited by those who seek non-utilitarian ends. This resolution, assumes the Internet of Things (IoT) has benefits. Moreover, this resolution concedes the IoT decreases personal privacy to the harm of users. And as we shall see, this resolution claims the benefits outweigh the harms. There is nothing more we need debate.

Definitions


On balance
This is  another way of saying, "all things considered". It brings to mind a "balance beam" type of scale in which a thing to be measured or weighed is place on one side of a beam balanced on a fulcrum, and another thing is placed on the other side of the beam, and we observe to which side the beam tilts. This metaphor lets us understand the resolution will require a comparison between two or more items or issues. Fortunately, this resolution is quite clear about which comparisons are required. Unfortunately, it does not tell us what kind of means we must use to perform this comparison.

the benefits of
Merriam-Webster tells us, a benefit is a "good or helpful result or effect". Therefore on one side of the balance, we are placing good/helpful results/effects" of...

the Internet of Things
Before we define, the Internet of Things, let's understand a little about what is meant by the "Internet". Merriam Webster states the Internet is "an electronic communications network that connects computer networks and organizational computer facilities around the world".  More simply it is a massive set of pathways over which computers and similar devices can exchange information. These pathways are comprised of wires, fiber-optic cables, satellites and radio waves which extend around the world enabling information to be exchanged from virtually anywhere on the planet.  These communication packets are sent (unbeknownst to many users) to various communication centers with large computers which route the various packets of information to their destinations like giant, electronic switchboards used in the past century to route phone calls from point A to point B. As usage of the Internet has grown in popularity, the Internet has expanded with additional capacity and speed enabling trillions of packets of information to be routed around the world every second.

One other definition I want to, umm, float, is the meaning of "cloud" with respect to the internet. The "cloud" is a computer (or group of computers) located on the Internet which provides some useful services for users.  Some "cloud" services include the storage of information for users, like pictures, emails, files, etc such as Dropbox, Photobucket, Gmail and Instagram.  Some cloud services include management of applications such as Facebook, various music services, games, etc.

To define the "Internet of Things", we do not have to look too deeply with our Google search.  There are many good explanations such as this from Forbes.

Morgan 2014
Simply put, this is the concept of basically connecting any device with an on and off switch to the Internet (and/or to each other). This includes everything from cellphones, coffee makers, washing machines, headphones, lamps, wearable devices and almost anything else you can think of.  This also applies to components of machines, for example a jet engine of an airplane or the drill of an oil rig. As I mentioned, if it has an on and off switch then chances are it can be a part of the IoT.

However, this meaning is a little vague because we still have ambiguity as to what the "things" really are.  I mean, today, millions of computers are connected to the Internet, and computers are things so are they connected to the IoT?  As it turns out, not necessarily, because there are defining qualities of these "things" as explained Andy Mulholland, as quoted in TechWorld.

Mercer 2015:
The standard definition of the IoT gives a broad understanding of the connectedness of IoT devices but fails to properly defining which 'things' actually are IoT devices.
"A better approach is by recognising an IoT Device through the presence of four capabilities; connected, intelligent, interactive, and autonomous" says Constellation Research VP and Analyst Andy Mulholland.
"Using these four parameters a smartphone becomes recognisable as an IoT device, and a number of smartphone apps such as Uber become recognisable as IoT smart services" he added. For example, launching the Uber app and booking a taxi sends information about your location and necessary personal details to 'enable a smart response'.
The concept of "smart" devices communicating over networks, responding automatically to incoming data, is not new.  Industry has been doing this for years through machine control technologies empowered by programmable devices which run "autonomously", day and night, 365 days a year. But until relatively recently, these networks have been private.  Only recently has there been a explosion of smart device connectivity on the Internet. So let's be clear about something.  In the past, only certain people had access to these private networks, but more and more these devices are connecting to the same Internet people have been using publicly for the last twenty or more years so the IoT is actually a new use for the already existing public Internet and it is the public Internet which is a kind of open-world frontier where unscrupulous individuals lurk in the shadows.

For the most part, the contents of these packets of information which flash across the frontiers of the Internet are "private". After all, there are machines routing the information, not people.  But occasionally, and some would claim far too often, others have exploited the availability of these open pathways to steal personal information from users.

outweigh
I am hoping there is no need to formally define this word since we can surmise it means to have the quality of being heavier. But in the context of the resolution we can extend that meaning to having the quality of being more significant, or being more important. The concept of weight fits well with the visual of the balance beam.  One thing will be weighed against the other and we shall see to which side the beam tilts.


the harms of
Merriam Webster defines a harm as physical or mental damage.  It is a form of injury and as such it is an undesirable consequence of some action. In this resolution, it is injury arising from...


decreased personal privacy
To maintain personal privacy is to retain control over who, when and how private information about oneself can be accessed by others. In the context of the Internet considered the following from the Wex Legal Dictionary.

Wex (undated):
The right of privacy has evolved to protect the ability of individuals to determine what sort of information about themselves is collected, and how that information is used. Most commercial websites utilize "cookies," as well as forms, to collect information from visitors such as name, address, email, demographic info, social security number, IP address, and financial information. In many cases, this information is then provided to third parties for marketing purposes. Other entities, such as the federal government and financial institutions, also collect personal information. The threats of fraud and identity theft created by this flow of personal information have been an impetus for right of privacy legislation requiring disclosure of information collection practices, opt-out opportunities, as well as internal protections of collected information. However, such requirements have yet to reach all segments of the marketplace.

The above definition is significant because it acknowledges that the efforts to provide information protection in the Internet has not exactly been adopted globally.  Within the U.S. and other nations around the world, there are various laws and regulations in place which make it possible for Internet users to maintain a degree of control over their personal privacy. However, not all Internet services and users fall under these protections.  And even for those that do, there are many ways in which protections and laws are bypassed or ignored by those who act against personal privacy protection. One of the best ways to protect personal privacy on the Internet is to not connect to the Internet in the first place because there are no totally secure places.  But, because the Internet is becoming so ingrained into our systems, devices, machines, and very lives, it becomes increasingly difficult to live "unconnected".

The best definition I have found so far which describes personal privacy within the the context of the IoT was put forth by Ziegeldorf , et al in an paper for Security Comm, Networks.

Ziegeldorf, et al (2013):
Privacy is a very broad and diverse notion for which literature offers many definitions and perspectives. From a historic view, the notion of privacy shifted between media, territorial, communication, and bodily privacy. With the increasing use and efficiency of electronic data processing information privacy has become the predominant issue today. Information privacy was defined by Westin in 1968 as ”the right to select what personal information about me is known to what people”. While Westin’s definition, although it referred to nonelectronic environments, is still valid, it is also too general to enable focussed discussion about privacy in the IoT. We thus adapt and concretize definition:
Privacy in the Internet of Things is the threefold guarantee to the subject for
• awareness of privacy risks imposed by smart things and services surrounding the data subject
• individual control over the collection and processing of personal information by the surrounding smart things
• awareness and control of subsequent use and dissemination of personal information by those entities to any entity outside the subject’s personal control sphere
Our definition of privacy captures in essence the idea of informational self-determination by enabling the subject (i) to assess his personal privacy risks, (ii) to take appropriate action to protect his privacy, and (iii) to be assured that it is enforced beyond his immediate control sphere.
[2]


The Status Quo

Before getting into the Pro and Con positions, I thought it would be worthwhile to look into the question, of what impact the IoT has on personal privacy at the present time, keeping in mind it would be difficult to frame positions around future innovations in information security and the skills of clever individuals to circumvent said innovations.

Pollack 2016:
All the services provided by the IoT depend on monitoring something—a user’s GPS location, the amount of electricity or fuel being used, the location of a package in transit, the amount of medicine being dispensed by a medical device, the image feed from a security camera—and all those monitors are transmitting massive amounts data that can be used or misused by anyone with the determination to get it. The IoT is exploding, and if the businesses that are benefitting from it don’t get ahead of the privacy and security issues, they and their customers will quickly become victims of their own success.

Born of a vision to streamline and maximize the efficiency of providing services to consumers, the IoT is experiencing explosive growth.  More and more, services are provided at the touch of a smart phone button, which connect consumers and users to some form of near real-time response and it seems people are loving it for the most part, unaware of the potential risks.

Pollack 2016:
But the other large privacy risk of the IoT is the sheer volume of personal data that will be available to organizations via these devices, and the challenge of protecting it. Cisco research estimates that the IoT will generate over 400 zettabytes of data annually by 2018. (That’s 400 trillion gigabytes.) In addition to information directly related to whatever service or process the device delivers, organizations will be able to gather a potential treasure trove of data on trends, user behavior and preferences, locations, and more. In many cases, the inclination will be to warehouse most or all of that information and figure out how to leverage it later. Data analysis could reveal new opportunities for product offerings, personalized advertising, location-specific services, or selling information to other businesses.

Ziegeldorf, et al, isolate seven specific security threats to user privacy which though enumerated individually may work in tandem to decrease individual privacy. These include, Identity, Location Tracking, Profiling, Exposure (Privacy-violating presentation), Life-cycle data-collection, Query identification (Inventory attacks), and Linkage. I urge you to read the source for specific details. The authors acknowledge the full implications of the IoT and user privacy are evolving but concede, "The involved technical challenges have hence received little attention in the related work so far and require new ways of using technology as well as a fair amount of foresight and sensitivity for privacy implications." (Ziegeldorf : 11)


So, perhaps this will be a very interesting debate after all.




For the Pro and Con positions or for more information on past topics or Public Forum debate in general, click the Public Forum tab at the top of this page, for additional links.



Sources:


Mashable, undated, The Beginner's Guide to the Cloud, www.mashable.com, accessed 10/1/2016 at: http://mashable.com/2013/08/26/what-is-the-cloud/#Q7JYr5mxCkqj


Mercer, c, 2015, What is the Internet of Things? Everything you need to know about IoT, Tech World, Dec 07, 2015, accessed 10/1/2016 at: http://www.techworld.com/big-data/what-is-internet-of-things-3631109/


Morgan, J, 2014, A Simple Explanation Of 'The Internet Of Things', Forbes, May 13, 2014, accessed 10/1/2016 at: http://www.forbes.com/sites/jacobmorgan/2014/05/13/simple-explanation-internet-things-that-anyone-can-understand/#298f46c86828


Pollack, D, 2016, Internet of Things Makes Big Data Even Bigger (And Riskier), ID Experts, January 18, 2016, accessed 10/1/2016 at: https://www2.idexpertscorp.com/blog/single/internet-of-things-makes-big-data-even-bigger-and-riskier


Ziegeldorf, JH; Morchon, OG; Wehrle, K; 2013,
Privacy in the Internet of Things: Threats and Challenges, Security Comm. Networks 2013, DOI: 10.1002/sec.795; accessed 10/1/2016 at: https://www.comsys.rwth-aachen.de/fileadmin/papers/2013/2013-ziegeldorf-scn-privacy-in-the-iot.pdf



6 comments:

  1. What is the updating schedule for the NSDA PF topics?

    ReplyDelete
    Replies
    1. The NSDA site has their release schedule, but basically they release a new topic each month which will be debated the month following release. Thus the November topic is released Oct. 1, December topic is released Nov. 1, etc. See topic release schedule at the bottom of this page: https://www.speechanddebate.org/topics/

      Delete
  2. is there any evidence/ brief packets for this?

    ReplyDelete
    Replies
    1. I will soon be publishing a full (and free) Pro and Con position for this topic, but I do not have time to produce and publish briefs. Sorry. There are plenty of others who are happy to sell you evidence.

      Delete
  3. Will you be posting counters too? (Both Pro and Con)

    P.S. Keep up the great work! This is by far my favorite debate sight!

    ReplyDelete

Feel free to leave comments relevant to the topics and activity of competitive high school debate. However, this is not a sounding board for your personal ideologies, abusive or racist commentary or excessive inappropriate language. Everyday Debate blog reserves the right to delete any comments it deems inappropriate.