Privacy of IoT-Enabled Smart Home Systems

Digital ecosystems are going through a period of change due to the advancement in technologies such as Internet of Things (IoT) as well as proliferation of less expensive hardware sensors. Through this chapter, we present current emerging trends in IoT in different industry sectors as well as discuss the key privacy challenges impeding the growth of IoT to reach its potential in the smart home context. The majority of the existing literature on IoT smart home platforms focuses on functionalities provided by smarter connected devices; however, it does not address the concerns from a consumer’s viewpoint. Thus, the key questions are: What are the privacy concerns related to IoT, particularly from a “smart home device” consumer viewpoint? What are the existing remedial approaches for privacy management? This chapter proposes a framework to assist smart home user and IoT device manufacturer to make informed privacy management decisions. The findings of this research intend to help practitioners and researchers interested in the privacy of IoT-enabled smart systems.


Introduction
In last few years, we have observed a growing interest in IoT applications, which are being developed for the industries and ecosystems such as healthcare, smart home, manufacturing and agriculture ecosystems [1]. Presently, it is anticipated that there are about 16 billion IoT units installed worldwide generating vast amount of data. According to forecast reports from Frost and Sullivan, the number of interconnected objects is expected to increase above 60 billion by 2024 [2]. Aggregated data collected from different sensors are being used by organizations increasingly to gain data-driven business insights.
The growth of IoT has been possible due to the advancement of technologies like cheaper hardware sensors, ipv6, wireless coverage, smartphones and processing power of CPU [3]. While the use of IoT worldwide has been high, the maturity level of the solutions using this technology is varied. In this chapter, we highlight the various components making up IoT, evolution of IoT and the concerns related to privacy. We particularly focus on the IoT uses in the smart home context.
IoT ecosystem stands on the building blocks of multiple underlying technologies such as sensing (sensors and actuators), connectivity (mobile), analytics and computing. A typical IoT ecosystem involves the following stages [4].
• Things are fitted with electronics, software, actuators and sensors. They can be battery operated, electricity powered or use RFID transponders. Things collect raw data from the environments. Each thing has a unique identifiable address and of varying computational capability and complexity.
• Data collected from things are processed by applications.
• Applications collect data in real time from different things to store, process and analyze in computing platforms.
• Insights are derived from the collated data using robust analytics enabling informed business decisions to be taken involving process and people.
The term "Internet of Things" was officially introduced in 1998-1999 by Kevin Ashton of automatic identification center (Auto-Id) at Massachusetts Institute of technology (MIT). Kevin suggested that Internet-connected RFID technologies can be used in supply chains to keep track of items without human involvement [5]. The philosophy of IoT further gained momentum in 2005, thanks to the formal acceptance of IoT in a world summit on information society (WSIS) in Tunisia [6]. However, the concept of IoT applications can be traced back to 1982 when one of the first attempts of an IoT application was developed at Carnegie Mellon University. The Internetconnected coke machine was able to report the drinks contained and whether the drinks were cold [7] (Table 1). IoT has produced a number of sophisticated solutions that are growing in popularity among businesses. Many sectors have already graduated to this technology, and are putting IoT to use for digitizing their daily activities. The prominent adapters of IoT are Smart City, Retail, and Manufacturing. Some of the most notable applications rolled out in the marketplace are given in Table 2.
Although, there is a growing interest in IoT applications in different industry sectors, challenges in adoption exist. The key questions are: What are the privacy concerns related to IoT, particularly from a "smart home device" consumer viewpoint? What are the existing remedial approaches for privacy management? This chapter aims to address the above-mentioned questions. The remainder of this chapter is organized as follows. Section 2 presents various privacy concerns of IoT before proposing a novel framework to address IoT concerns from a consumer's perspective in Section 3. This is followed by an initial validation of the framework in Section 4 before we draw conclusions in Section 5.  Table 1.

Smart City Smartbin offers Smart Waste Monitoring through Smart Sensors & Route Optimization
Technologies [10].

Transport
Spanish train operator RENFE uses Siemens' high-speed train and monitors train developing abnormal patterns and sends them back for inspection to prevent failure on the track [11].

Agriculture
Semios uses sensors and machine vision technology to track pest populations in orchards, vineyards, and other agricultural settings [12] Financial Sector Progressive Insurance uses Snapshot to determine Insurance premium for car drivers [13].
Healthcare Abilify MyCite (aripiprazole tablets with sensor) has an ingestible sensor embedded in the pill that records that the medication was taken [14].
Government US municipality has implemented smart meter monitoring for the entire town's residential and commercial water meters. The project involved placing water meter sensors on 66,000 devices that used to be manually read and recorded [15].
Utility US oil and gas company is optimizing oilfield production with the Internet of Things. In this IoT example, the company is using sensors to measure oil extraction rates, temperatures, well pressure and more for 21,000 wells [15].

Environment
Autonomous sailboats and watercraft are already patrolling the oceans carrying sophisticated sensor instruments, collecting data on changes in Arctic ice [16].

Review of privacy literature with specific IoT focus
Privacy is defined by Clarke as the attention that individuals have in sustaining a personal space, free from interference by other people and organizations [17]. An intrinsic part of privacy issue is the exposure of sensitive data such as Personal Identifiable Information (PII) to non-intended recipients. Personal Identifiable Information (PII) comprises of details such as title, first name, last name, date of birth, address, and phone number, constituting some of the sensitive personal information (SPI). In addition, financial and health details and the geophysical location of an IoT user are also considered as sensitive information.
Internet of Things devices may collect data including sensitive data and store the data for further use for commercial purposes. It comprises of several stakeholders such as customer whose PII is collected; manufacturers who develop the sensors and other networking components and third parties who create IoT mobile apps or use the data for commercial advantage. According to McKinsey global report from 2015 [18], consumers are cautious about embracing IoT-based systems, particularly due to lack of privacy and the data at risk. OECD reported [19] that privacy incidents are growing in both number and sophistication. Similar concerns are expressed by several academic articles which suggest lack of privacy including unauthorized surveillance or eavesdropping [20] as a major concern for individuals.
Some researchers or practitioners confuse privacy with security. While security deals with the management of controlling who can access information, privacy is predominantly focused on granular control of what data can be collected, who can access what, when they can access specific data, and how long the data should be retained.
Protecting user's privacy comprises of technical, human and legal aspects. Other relevant aspects can also be considered.

Potential scenarios of privacy violation in smart home
Smart home segment comprises of connected appliances like TV set, thermostat, refrigerator, oven, home security, self-guided vacuum cleaners, cleaning and maintenance devices. Additionally, cameras, motion sensors and light sensors also collect data. Most of these data contain private and/or sensitive information such as locations, addresses, pictures and network access information. The data can be accessible to device manufacturer, mobile application owner, third-party vendors or public depending on use cases. There are several scenarios involving data collection such as: • Movement of individuals (unauthorized surveillance) using motion sensors, camera and GPS tracker.
• Monitoring of actions of customers.
• Sharing of health data publicly from wearable devices or implantable devices such as Abilify MyCite, and Bluetooth-enabled oximeter [18].
• Sharing of data (e.g., financial, health, PII, Payment Card Information and geophysical data) to third party without explicit consent [21].
• Search query of user shows his preference traits (Figure 1).
There are very few contributions that address privacy in the context of smart home [22]. While several studies conducted surveys and interviews with IoT end user consumers to investigate the factors affecting privacy including data processing and information risk [23], none proposed a feasible solution to fix them.

Legal aspects of privacy in IoT era
Government organizations are taking significant interest in IoT security, privacy and interoperability from legal aspects. This is in alignment with the studies which advocated further collaboration and dialogs between the regulators and manufacturers of IoT devices to develop appropriate methods to tackle the relevant problems [24]. From regulatory perspective, some of the most important legislative requirements are HIPAA for healthcare, MA risk for supply chain management, California's Senate Bill 327, IoT Cybersecurity Improvement Act of 2017 and General Data Protection Regulation (GDPR).
Data privacy requirements are complex and differ by jurisdictions in regard to the definition of data and the relevant laws/regulations. In Europe, GDPR was introduced on May 25, 2018. GDPR is a new regulation approved by EU parliament, Council and European Commission. It aims to safeguard the personal data rights of EU citizens and residents in this era of new technological advancements. As per GDPR, organizations are required to • Get explicit and affirmative consent before processing personal data. This includes financial, economic and health data and online information.
• Notify within 72 hours to the regulator and individual about any data breaches.
• Facilitate customers and employees' right to the removal of data from their system.
• Give the right of portability, and increased right of access and right to be forgotten by customer.
• Maintain records of processing activities.
GDPR non-compliance instances may incur penalties up to 2-4% of global revenue or 20 million Euros [25] to organizations based on the infringement. GDPR applies to any company, irrespective of their geographic location, that offers goods and services to European citizens and handles their data including IoT ecosystemgenerated data.
In USA, California Senate Bill 327 [26] was introduced recently which allows the State of California ability to bring enforcement complaints against those companies that do not build adequate security safeguards into their Internet-connected IoT devices [27]. It provides the state the right to hold IoT device makers more accountable for consumer's data security. IoT Cybersecurity Improvement Act of 2017 [28] requires: (i) that IoT devices are patchable, (ii) that devices do not contain known vulnerabilities, (iii) that devices rely on standard protocols, (iv) that devices do not contain hard-coded password and (v) technical aspects of privacy in IoT era.
At present, different privacy-enhancing technologies (PETs) exist to protect privacy. Prevention, by means of access restrictions, is an effective way to safeguard customer privacy. In [29], the authors put forward a concept of using access control list (ACL) and data classification model, to classify data according to its sensitivity and assign tag value to each category. In [30], the authors presented the idea of using Certification Authority (CA)-based encryption to confirm the authenticity of sensor. Some authors argue that it adds overheads and hence it cannot be used as a viable solution. Instead, they proposed incorporating a chaos-based cryptographic scheme and Message Authentication Codes (MAC) for data transmission. In a recent research, authors from IT service firm Tata Consultancy Services recommended that the IoT stakeholders can adopt Preventive Privacy (3P) Framework [31] in order to build trust and confidence among end users.
Privacy by Design (PbD) is defined as another popular approach that enables privacy to be "built in" to the design of the information systems and business processes, ensuring that privacy is considered before, and throughout, the development and implementation of all initiatives that involve personal information [32]. Dr. Ann Cavoukian first proposed it in Canada in the 1990s. PbD is one of the highly recommended approaches to protect individual's privacy [31, 33] concerns in IoT. Unfortunately, even though the USA Federal Trade commission (FTC) and the European Commission accepted PbD to be effective [34], not all manufacturers consider PbD when developing IoT devices and applications.

People aspects of privacy in IoT era
According to a survey conducted by Cisco in 2017, "human factors" such as organization, culture and leadership contributed to the success of IoT implementations 75% of the time-which was higher than technical aspects [35]. A number of stakeholders are involved in IoT digital ecosystem such as the end users, product suppliers, Internet service providers, cloud storage functionalities and retailers. As mentioned earlier, a significant aspect of the value of IoT for consumers refers to: aggregating data collected from many source systems, generating new knowledge and making fact-based choices. The utilization of data to add value is best explained by the well-known DIKW hierarchy from Ackoff [36]. DIKW is a fourlayer hierarchy comprising of data, information, knowledge and wisdom where each layer adds certain characteristics over and above the previous one. Table 3 shows DIKW in an IoT context.

Data
Most basic level of facts. Collected from things and used for storage and processing.

Information
Computing platform adds context to data (who, what, where, when) ingested.

Knowledge
This layer answers the question on how data are used. Analytics is applied in computing platform.

Wisdom
Evaluated understanding of when and why data are used

Consumer-centric approach
While IoT organizations are aware of the need for adopting PET and incorporating PbD, there is little guidance available on how to do so. Though there are PbD-driven frameworks available [34], no concrete solutions to establish auditing mechanism or control method systems have been developed ( Table 4).
The lifecycle of an IoT service or product is shown in Figure 2. Figure 3 summarizes: what can be done, at the minimal level, by consumer to safeguard his/her privacy. This provides the basis for the further development of • Products which notify user to provide dynamic consent for data use [37] • Products which stop working properly when consent is not given by user [38] • Firmware upgrade and patchability of IoT devices [24] are available.
• Products transparent on how disclosed data are used by the developer of the IoT system or application [39] • Established reputed product with no or negligible data breach history    an IoT privacy tool or framework, which can address the concerns of the consumer [31, [40][41][42][43][44][45] compiled in Table 5.

Proposed framework
As mentioned in earlier section, the existing frameworks are relevant primarily for thing manufacturer and do not involve end thing consumers. Through this chapter, we seek to provide answers to the questions mentioned in Table 5 by leveraging a four-phased data governance-driven 4I framework (Identify, Insulate, Inspect and Improve). The Identify phase of the 4I framework (Figure 4) comprises of seven key dimensions such as risk, compliance, policy, process, people, data asset and technology ( Table 6).

Consumer questions Risk factors
Who has access to the data? Will third parties have access to the data? What information can be inferred from the data?  Identify stage or phase refers to the key risks, requirements and context. Insulate stage refers to the precautionary measures taken to prevent lapses using technologies and non-technical risk remediation techniques. Inspect stage contains the essential toolkits such as maturity models, audit mechanisms, software agents required to continuously monitor, report and assess the IoT Data Governance Maturity from risk and value perspectives. The final stage focuses on continuous improvement.

The 4I framework applied to privacy context
To illustrate how the proposed 4I framework will work in an IoT-enabled home, a use case involving smart refrigerator is discussed in this section. Currently, when consumers buy an IoT device directly from vendors or service providers, they may have very little understanding when agreeing to the privacy policy (PP) and terms and conditions (T&C) before they start using the product or services or application. However, there are several risks associated with the data collected to render the services.
For example, the smart refrigerator can track our food preferences, search and order food from online stores [31]. Various traits of the fridge owners' eating behaviors can be inferred based on the search queries. If these data are sent to thirdparty business, they can use the information for the purpose of undesirable targeted advertisements. This can lead to the potential breach of privacy violating regulatory laws if explicit consent was not obtained from the consumer (Figure 5).
The Identify phase of the 4I framework discerns the potential risks associated with the consumer's data shared among the data processors in data supply chain. For example, it reviews the laws such as GDPR to understand the data protection rights of a smart home user [57] and ascertains the risk related to privacy and security breach. Policies related to data retention, service level agreement with vendors and data management are implemented in the Insulation phase of the framework. For instance, an agent called checkmyprivacyrules (CPMRs) can be installed at user's home router to ensure privacy policy and laws like GDPR are not violated based on a search query (Figure 6).

Dimension Description
Risk Risk dimension comprises of the factors that influence both the IoT end user and thing manufacturer. It includes attributes such as lack of consent data breach, legal penalties, service level agreement violation, and lack of upgradability, interoperability and security [20,41,48,49].

Compliance
Includes legal requirements (e.g., user consent), controls and baselines to be operationally compliant. There are a number of regulations such as SOX, GDPR, SPAM Act, Australian APP Privacy law, HIPPA and COPPA which are relevant for IoT [50].

Policy, standards and principles
This dimension spans the lifecycle from inception to deletion of data including items such as data sharing, acceptable use of data, data classification and storing rules. A well-defined and enforced governance providing the structure that works for the benefit of everyone concerned by ensuring that the IoT stakeholders adhere to accepted ethical standards [44,51].
Data asset Describes the benefit of the data and the salient features of the data [52,53].

Process
Defines how various interfaces and functionalities are to deliver a functioning and solution [54].

People
The different stakeholders and their accountability in the IoT ecosystem such as consumer, ombudsman, policy maker, IoT thing manufacturer, IoT cloud provider, Internet service provider and the IoT service operators. People dimension also includes leadership and organization structures [55,56].

Technology
This dimension includes hardware infrastructure, platforms and software agents that notify potential compliance violation through monitoring and workflows [34,53].   Smart home 4I ( filters, policies, rules, permissions) (adopted from [58]).  c. Consent is set to "Yes" d. Reverse Proxy is enabled. This will ensure even if the ISP or business gets IP address, it will not be accurate.
Listing 1 shows the Pseudo code of the agent.
The Inspection phase comprises of performing audit reviews periodically to assure the compliance of the process, systems and data flow. The Inspect phase can comprise of automated data quality checks and data access log monitoring. In the Improve phase, continuous improvement is done to ensure the continuous adaptation in response to changing data privacy requirements and landscape. For example, improving the agent to ensure software is not only patched to current version, but also data are secured using tokenization techniques [59] can be an outcome of this final phase of the 4I framework.

Conclusion
IoT's business growth potential is undeniable. Advancement in IoT has opened up new prospects for growth in the diversified areas such as health, energy, transport and smart home. In this chapter, we provided an overview of the IoT technology and reallife examples of usage of this technology. Next, we discussed the privacy problems in IoT from a consumer's perspective. A review of the related work was presented along with research gaps. Next, we proposed and provided an overview of a data governance-driven 4I framework. Finally, we provided the pseudocode and demonstrated the applicability of the 4I framework to address the privacy concerns in a smart home refrigerator context. This involved the policies, rules and configurations using timetested data governance principles. In future, we intend to further test and improve the 4I framework in the overall context of data governance in digital ecosystem.
© 2019 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/ by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.