Page 261 - Trust in ICT 2017
P. 261
Trust in ICT 5
1) Lack of control and information asymmetry: interaction between objects that communicate
automatically and by default, between objects and individuals´ devices, between individuals
and other objects, and between objects and back-end systems, will result in the generation of
data flows that can hardly be managed with the traditional tools that have been used to ensure
the adequate protection of the data subjects’ interests and rights.
2) Quality of the user´s consent: the possibility of rejecting certain services is not a real alternative
in IoT environments and classic mechanisms used to obtain consent are hardly applicable.
Therefore, new ways of obtaining the user´s valid consent should be considered, including
implementing consent mechanisms through the devices themselves as privacy proxies and
“sticky” policies (conditions and constraints attached to data that describe how it should be
treated).
3) Inferences derived from data and repurposing of original processing: secondary uses of data,
inferences from raw information, sensor fusion, make important that at each level IoT
stakeholders make sure that the data is used for purposes that are compatible with the original
purpose of the processing and that those purposes are known by the user.
4) Intrusive identification of behaviour patterns and profiling: generating knowledge from trivial
or even anonymous data will be made easy by the proliferation of sensors and that might enable
very detailed and comprehensive life and behaviour patterns.
5) Security risks: weak points can occur not only at device level but also in the communication
links, storage infrastructure and other inputs of this ecosystem.
c) Cyber-crimes
The Internet and smart objects are used to exploit users and data for materialistic gain, such as intellectual
property theft, a violation of patent, trade secret, copyright laws, identity theft, brand theft, and fraud. In
addition, cybercrime also includes attacks against computers to deliberately disrupt processing, or may
include espionage to make unauthorized copies of classified data.
Botnets are becoming a major tool for cybercrime, partly because they can be designed to very effectively
disrupt targeted computer systems in different ways, and because a malicious user, without possessing
strong technical skills, can initiate these disruptive effects in cyberspace by simply renting botnet services
from a cybercriminal.
Malicious codes, such as computer viruses, are used to infect a computer to make it available for takeover
and remote control. Malicious code can infect a computer when the user opens an email attachment, or
clicks an innocent-looking link on a website.
I.3 Risks at the social world
a) Risk of lacking trust in interactions
1) Human-to-human interactions: If there is no trust among peoples, their interactions (e.g.,
exchanging data and information) have meaningless due to lack of confidence with each other.
If the people are not trustworthy, personal interactions do not invoke any response. The unclear
decision making or unrealistic situation may be happening from low or broken trust in human
relationships.
2) Human-to-machine interactions: When a human cannot trust a machine (e.g., delivering
imprecise data from a machine to a human), human-to-machine interactions cannot be
established and potential benefits on system performance will be lost. The human-machine
systems have always proved unpredictable and fallible, whereas the nature of the system is to
function normally. It relies on technological dependency which accentuates risks.
b) Threats in the social world [b-Chen-2015]
A malicious entity is dishonest and socially uncooperative in nature and can break the basic functionality of
the ICT infrastructures and services. The entity can perform the following attacks.
253