This student article is written by Adeeb Al-Mazroui, Law Student at Sultan Qaboos University College of Law, under the supervision of Dr Saleh Al-Barashdi. This article is part of a series of student articles published on Decree in collaboration with Sultan Qaboos University College of Law to showcase the legal academic writing of Omani law students.
When the term “Smart” is used, this usually means that a device is capable of making the life of its user easier. In the context of “smart homes”, this simply refers to a home equipped with connected appliances with software controls.[i] These connected devices may allow the user to control them through a mobile device while being away from the home by communicating with the devices and the servers that are linked to them.
These connected devices can put the privacy of their users in danger, as it might be possible to access the data of the user by third parties, especially in cases where the technical protection applied to the connection is not sufficiently strong. Given that privacy is recognised as a fundamental human right of great significance—as recognised by various domestic, regional, and international documents,[ii] there is a great incentive for scientists and specialists to improve the technologies used to protect this fundamental right.
This article aims to illustrate and analyse some key risks to the use of smart homes and attempts to identify reasonable solutions to mitigate such risks.
Privacy Risks for Smart Homes
Even though smart homes make life easy in different ways, they also have some risks. In this article, we will focus on the risks to user privacy associated with living in a smart home, especially as information security and data protection are dynamic fields that are constantly challenged and influenced by advances in digital technologies and innovation in business practices.[iii]
Security Vulnerabilities
Smart homes usually operate on the basis of the connection between the devices inside the home, but what if the connection is insecure? This can make the user a target for cyber-attacks that risk his privacy, especially as the connection is operated by software installed on the device,[iv] and it is generally agreed that it is impossible to build software that is secure to a 100%.[v]
Adeeb Al-Mazroui
Law Student
College of Law
Sultan Qaboos University
This risk highlights the importance of having a reliable mechanism for making secure updates,[vi] that updates the security of the software used to patch any detected “bug” that can be abused to break through to security measures of the user.[vii] Generally speaking, securing the software of the user is a reasonable way to mitigate such vulnerabilities.
Cloud Computing Risks
Cloud computing is usually defined as a distributed environment based on connected virtual computers with dynamic communications between them.[viii] Cloud computing enables users to share the data used on their devices on a global cloud storage, which may be subject to the risk of being accessed by unauthorised third-parties. Generally speaking, cloud computing as a technology does not usually violate the principles of data protection, but it can be considered a risk in regard to regulated cross-border data transfers,[ix] especially as there is no specific regional legislation for personal data protection when using cloud services.[x]
Unauthorised Access
Authorisation in the context of connections means the process of identifying the user requesting to use the service by his username and password.[xi] This process differentiates between the users that have the right to access such servers and those who do not. If a device of the user is compromised, unauthorised parties might be able to access all the devices in the smart home.[xii] For example, imagine if a user uses his phone to turn on the washing machine at home while he is at work. If a person managed to intercept his connection to obtain the password for the washing machine application, he might be able to access the entire network of devices in the home, including the phones and computers of the user.
To mitigate this risk, many applications nowadays introduced mechanisms such as forcing the user to change his password constantly.[xiii] In addition, many applications require a minimum standard of password strength.[xiv]
Privacy Protection Methods in Smart Homes
As the number of smart devices in the home increases along with the increase in cyberattacks, it is becoming necessary to establish a comprehensive protection system to ensure the safety and security of personal information. The appropriate methods depend on the scale of risk and the data in question. This section of the article will focus on several methods that can help mitigate these risks.
Improving User Behaviour
Awareness is a key factor in any system that aims to protect the user. Research has shown that as users grow more aware of various privacy tensions, their sense of worry or fear might evoke protective actions.[xv] Such actions depend on the experience that the user has lived. Furthermore, the level of fear and worry depends on the nature of the rules and resources available in the relationship between the user and these emerging technologies.[xvi] Accordingly, user awareness towards the mentioned risks is the best first step in protection.
Utilising User Configuration
An effective method to improve the security of the smart home is to enable the user to participate in setting up the connections and configurations at the home as this can help him develop a feeling of safety and trust by involving him in the process of defining and implementing the configurations of the smart home.[xvii] For this approach to be effective, the user must be enabled to contribute to the configurations in a user-friendly manner. For example, the configurations must enable the user to assign a unique name to each device in the home,[xviii] and to choose whether or not a device is activated by certain triggers.[xix]
Connection Security
Connection security refers to all the integrated elements of the devices, network connections, interfaces, software, mobile applications, cloud services, and other aspects of the smart device.[xx] Given that many smart homes rely on connections between smart devices and the network of the supplier of the device, it is vital for the connection between the smart device and the network to be secure, and this might require the implementation of the requirements of each element in the network in order to provide adequate security.[xxi]
Conclusion
Smart users of smart homes are those who are able to utilise the advantages of the new devices in the home while limiting the risks associated with them.
This article identified a number of sources of risk regarding the use of smart homes and also identified a number of methods that users can use to manage these risks to help protect the privacy of the user.
[i] Poh GS, Gope P, & Ning J., “PrivHome: Privacy-Preserving Authenticated Communication in Smart Home Environment”. IEEE Transactions on dependable and secure computing, VOL.18 (3), (2021), p. 1095.
[ii] Romansky RP., & Noninska I., “Challenges of the digital age for privacy and personal data protection”. Mathematical biosciences and engineering: MBE, (2020), p. 5291.
[iii] Ibid, at 5295.
[iv] Heuvel. K., “Securing the Smart Home” University of Amsterdam, (2018), p. 39.
[v] Ibid
[vi] Ibid
[vii] Ibid
[viii] Romansky RP, Noninska I., above 1, p. 5297.
[ix] Ibid
[x] Ibid
[xi] Heuvel K., above 1, p. 41.
[xii] Ibid
[xiii] Ibid
[xiv] Ibid
[xv] Quach S., Thaichon P., Martin K., Weaven S. & Palmatier R., “Digital technologies: tensions in privacy and data”. Journal of the Academy of Marketing Science 50, (2022), p. 1310.
[xvi] Ibid
[xvii] Pillai MM., Helberg A., “Improving security in smart home networks through user-defined device interaction rules”. IEEE AFRICON, (2021), p.3.
[xviii] Ibid
[xix] Ibid
[xx] Romansky RP., Noninska I., above, p. 5300.
[xxi] Ibid