The widespread of the internet had a major impact on the economy through the rapid process of digitalising services,[1] which consequently led online platforms to become a habitat to numerous online transactions,[2] as such platforms allow their service providers to expand across borders and supply various markets.[3] Online platform providers can be defined as “a mediating entity operating in two or multi sided markets, which uses the internet to enable direct interactions between two or more distinct but interdependent groups of users.”[4] This article will cover the different kinds of legal liability to which platform providers may be subject to.

Oman has a wide variety of legal instruments that govern the activities of platform providers. In 2006, Oman established the Information Technology Authority by Royal Decree 52/2006, to activate the government policy for digital transformation.[5] The Information Technology Authority took the lead to establish regulations for the online environment in the Sultanate, in order to give individuals, businesses, and government agencies a high level of trust in the process of conducting transactions online. Consequently, Oman issued the Electronic Transactions Law promulgated by Royal Decree 69/2008 and the Cybercrime Law promulgated by Royal Decree 12/2011. Later, as part of the restructuring of the Omani government, the Information Technology Authority was replaced by the Ministry of Technology and Communications by Royal Decree 63/2019 which was later also replaced by the Ministry of Transport, Communications, and Information Technology by Royal Decree 90/2020, which now has the responsibility for issuing the laws and regulations governing e-transactions in general and online platform providers in particular.

The liability of online platform providers can arise under the following two categories:

Civil Liability

Generally speaking, civil liability revolves around two mediums, either the tort that may fall on the person himself, his money, or his honour,[6] or a breach of the conditions of contract.[7]  The basis of this responsibility is traced back to the rule that “there is no liability where there is no harm or breach of a prescribed right.”[8] Accordingly, civil liability can be classified into tort liability and contractual liability[9] which has been codified in Omani law in articles 157 and 176(1) of the Civil Transactions Law.

In the context of tort, it is possible to hold online platform providers liable under tort when they illegally breach their responsibility to take appropriate precautions to protect the platform users, and the breach results in violation of the rights and interests of the users.[10] Furthermore, the Electronic Transactions Law states in article 35(1) that “If damage occurs as a result of the invalidity of the certificate or because it is defective due to a mistake or negligence[…], he shall be liable for the resulting damage […]”

In the context of contractual liability, online platform providers may be held contractually liable if they fail to perform a contractually agreed-upon obligation. This is arguably the easiest approach to seeking civil responsibility for the conduct of online platform providers who have signed contracts with an operator.[11] This is confirmed by article 14(4)(a) of the Electronic Transactions Law, which states that the provisions of article 14 do not prejudice any obligations arising from any contract.

Those liable under any of the civil liability provisions mentioned above can be made responsible for compensation in accordance with article 176 of the Civil Transactions Law. This is also confirmed in regard to consumers under the Consumer Protection Law.

Criminal Liability

Criminal matters in Oman are governed by the Basic Statute of the State, which states in article 26 that “There shall be no crime or punishment except by virtue of law. There shall be no punishment except for acts subsequent to the implementation of the law providing for them. The punishment shall be personal.” In this context, criminal liability refers to the bearer of a person’s responsibility for a crime that he committed, and this is obtained by complying with the penalty prescribed by law.[12]

Criminal penalties serve a dual purpose in society: they aim to both punish individuals for their criminal actions and deter others from engaging in similar unlawful behaviour while also safeguarding the overall safety of the community. In Oman, the legislative framework has taken proactive measures to address electronic crimes and the associated penalties through the enactment of specialised laws, such as the Cybercrime Law. Additionally, the Electronic Transactions Law dedicates a chapter that addresses criminal penalties arising from the unlawful actions of platform providers. For instance, article 52 stipulates penalties such as imprisonment or fines for activities like computer intrusion, system disruption, website tampering, or internet-related offences resulting in data disruption, theft, or misuse. These penalties are consequently applied to the actions of platform providers as well.

Conclusion

In conclusion, this article has discussed the different kinds of legal liability to which online platform providers may be subject to in Oman. The article first provided an overview of the legal framework governing online platforms in Oman, before discussing the two main areas of liability: civil liability and criminal liability. In the context of civil liability, the article explained that online platform providers may be held liable for tortious acts, such as negligence, or for breach of contract. In the context of criminal liability, the article explained that online platform providers may be held liable for offences such as computer intrusion, system disruption, and website tampering.

Jumana Al-Masroori
Law Student
College of Law
Sultan Qaboos University

Fatema Al-Nuaimi
Law Student
College of Law
Sultan Qaboos University

[1] A. Ojala, A. Rialp, N. Evers ‘ Extending the international new venture phenomenon to digital platform providers: A longitudinal case study’ (2018) 53 Journal of World Business, at page 725.

[2] Kurtz, C. et al. ‘Accountability of Platform Providers for Unlawful Personal Data Processing in Their Ecosystems-A Socio-Techno-Legal Analysis of Facebook and Apple’s Ios According to Gdpr’ (2022) Journal of Responsible Technology, at page 1.

[3] Ojala, Evers, Rialp, supra note 1, at page 725.

[4] D. Beverungen, D. Kundisch, N. Wunderlich ‘Transforming into a platform provider: strategic options for industrial smart service providers’ (2020) Emerald Journal, at page 513.

[5] H. Alsaqri ‘e-commerce law in the Sultanate of Oman, obstacles and challenges and ways to confront it’ (2018) Sultan Qaboos University, at page 75.

[6] N. AlTuhami ‘liability’ (1985) Arab Journal of Security Studies, at page 8.

[7] Ibid.

[8] Ibid.

[9] T. Yoshimasa ‘A theoretical perspective on the civil liability of online platform providers’ (2019) J.Japan.L. (48) at page 72.

[10] Yoshimasa, supra note 9, at page 73.

[11] Yoshimasa, supra note 9, at page 73.

[12] Z. AlBraiki ‘Criminal liability for misuse of modern means of communication’ (2015) Sultan Qaboos University at page 25.

The Internet-of-Things (IoT) is a term used to refer to “physical objects embedded with sensors and software that connect them to other devices and systems over the internet.”[1] Using the Internet of Things (IoT) reduces the burden of managing the household manually.[2] One of the most common households IoT devices are cleaning devices which can be defined as “machines that dispense cleaning agents automatically and adjust the quantities according to different factors (e.g., dirtiness, weight) and allow remote switching on or off.”[3] Unfortunately, as cleaning devices become more common and develop faster, the pace of developing protection techniques is not always able to keep up with the pace of the development of cleaning devices, which can result in an increased risk in cyber threats including cyberattacks.[4]

This article will explore cyberattacks carried through smart cleaning devices, the methods that the hackers can use to breach an online system, some tips to improve the safety of cleaning devices, and finally the regulation of cyberattacks in Omani law. 

The Causes of Cyberattacks Through Cleaning Devices

The use of smart cleaning devices or any other smart devices in general has become more widespread, and the chances of cyberattacks are increasing overtime because of the behaviour of the users themselves.[5] Users usually just connect the devices to the network without being aware of the technology, which can allow easy unauthorized access to the network.[6] The most common reasons that may cause a cyberattack are:

Lack of Users Technical Knowledge

As mentioned previously, the lack of users’ knowledge affects the cybersecurity of cleaning devices, but sometimes the cyberattacks happen because the users themselves do not care about the consequences of their behaviours.[7] For example, many users set a weak password (such as 1234 or 1111), and do not install software updates, all of this makes it easy for the hackers to access the system of the cleaning device.[8] Also, the secondary use of data is one of the habits that the users do because of their lack of technical knowledge. This habit indicates when the users purchase and set up a new cleaning device, they usually agree to allow their data to be used in another manner that is not related to the purpose of using the cleaning device.[9] For example, some cleaning devices use allow the users to interact with it vocally, and then this voice sample could be used by the manufacturer to improve the voice recognition software of the device.[10]

Lack of Manufacturer Technical Knowledge

Many cleaning devices manufacturers are new to the cybersecurity sector, and they do not have prior experience with cybersecurity issues, and accordingly they add connectivity features and software to the devices without paying attention to cybersecurity.[11] On the other hand, some manufacturers have the needed knowledge, but they do not have the incentives to improve the cybersecurity in these devices, because the market prioritizes low cost over security.[12]

Sheikha Al-Yaqoubi
Law Student
College of Law
Sultan Qaboos University

Methods of Hacking Used for Cyberattacks

A good knowledge in hacking methods could increase the awareness of smart homeowners as more than 40% of the smart homeowners had faced a cyberattack.[13] Cleaning devices are connected to the Internet-of-Things (IoT), and the latter is divided into four layers of application, with each layer enabling a different method of hacking.[14] The most popular methods are:

Denial of Service (DoS)

Here the hacker uses the resources of the device to affect the service availability and make it unresponsive.[15] The cleaning devices are most likely to be affected by this method due to its low processing capabilities.[16]

Access Attack/Advanced Persistent Threat (APT)

This attack enables the unauthorized person to obtain access to the network using improper ways.[17]Moreover, this method is usually used for stealing information since the hacker can stay in the network for a long time.[18]

Flooding (FLD)

In this method, the hacker sends a huge number of requests to the network of the cleaning device until the device become overwhelmed and accordingly affects its performance.[19]

Injection

The hacker uses this method to modify the data of the cleaning devices to inject malicious content, and accordingly causing the devices to leak personal information or destroy the whole system.[20]

Prevention of Cyberattacks

Nowadays, a huge number of researchers consider smart devices security as the most important thing in a smart home, as they are used by individuals on a daily basis.[21] As a result, there is an increase in research to tackle the security challenges that the users of cleaning devices may face.[22]

Applying user configurations is one of the primary ways to enhance the awareness of the users of cleaning devices and to protect the whole network.[23] This method means that the user first should create a unique name for each cleaning device that he owns, because this step will help in providing the user with the device’s name that got hacked, by sending alerts using this unique name that the user created for that device.[24] Also, the user should check if there is another device connected with the cleaning device as it can be controlled by this device (e.g., smart camera connected to the cleaning device).[25] Moreover, users should create a strong and unique password, and they should answer the challenge questions without storing them in plain text form, due to the easy access of a malicious actor to such a form.[26]

Keeping the cleaning devices up to date by upgrading the most recent version of the operating system can also provide more security features in comparison to a previous version.[27] Furthermore, the owner of cleaning devices can update these devices either by enabling automatic updates, or by contracting with a trusted vendor if the previous method is not possible.[28]

Implementing wireless network segmentation on the network of the cleaning devices can also keep the wireless communication safe and secure, because it will keep the guest Wi-Fi, primary Wi-Fi, and the cleaning devices Wi-Fi separate from each other, and consequently keep the cleaning devices away from the less secure devices that may be connected to the guest or the primary Wi-Fi network.[29]

The Regulation of Cyberattacks in the Omani Law

Since cyber threats are increasing and changing over time, a lot of countries have issued legislation to control such threats, and Oman is one of the countries that issued a cybercrimes law.[30] The Omani Cybercrime Law was promulgated by Royal Decree 12/2011, and this law applies to cybercrimes even if they are committed wholly or partially outside Oman, provided that such a crime threatens the interest of Oman, and when the outcomes of the crime take place in Oman, or are intended to take place in Oman.[31]

Article 3 of the Omani Cybercrime Law is probably the most relevant to cyberattacks resulting from hacking cleaning devices as it stipulates in its first paragraph that “Whoever wilfully and without a legitimate basis accesses an electronic site, information system, information technology means, or part of it, exceeds the access he is authorised, or continues such access after being aware of this, shall be punished with imprisonment for a period no less than a month and not exceeding six months, and a fine no less than one hundred Rial Omani and not exceeding five hundred Rial Omani, or one of those two punishments. […]”[32]

The punishment is also increased if the access results in the deletion, alteration, or modification of the data as indicated in the second paragraph of this same article stipulating that “If the acts mentioned in the first paragraph result in the deletion, alteration, modification, defacement, corruption, duplication, destruction, publication, or republication of the electronic data or information stored in the information system or the information technology means; the destruction of that system, information technology means, or the information network; or causing damage to users or beneficiaries, the punishment shall be imprisonment for a period no less than six months and not exceeding a year, and a fine no less than five hundred Rial Omani and not exceeding a thousand Rial Omani, or one of those two punishments.“

The third paragraph of article 3 also provides greater punishments if the incident involves personal data as it stipulates that “If the data or information stipulated in the second paragraph is personal, the punishment shall be imprisonment for a period no less than a year and not exceeding three years, and a fine no less than one thousand Rial Omani and not exceeding three thousand Rial Omani, or one of those two punishments.”[33]

Conclusion

This article highlights the causes that may lead to a cyberattacks using cleaning devices, such as the lack of user technical knowledge and the lack of manufacturer technical knowledge. As mentioned previously, the hackers can access the system using a variety of methods such as the denial of service (DoS), access attack/advanced persistent threat (APT), flooding (FLD), and injection. Also, this articles provided a number of tips that may be used by the user to reduce the risk of cyberattacks such as utilising user configurations including using strong passwords, updating the system of the cleaning device, and implementing wireless network segmentation. Furthermore, the article highlighted the relevant articles in the Oman Cybercrime Law addressing the hacking of such devices, namely article 3 of the Cybercrime Law.

[1] Buil-Gil D., Kemp S., Kuenzel S., Coventry L., Zakhary S., Tilley D., & Nicholson J., “The digital harms of smart home devices: a systematic literature review”, Computers in Human Behavior 145, (2023), p 1.

[2] Saunders T.,” Cybersecurity challenges of the IoT-enabled home automation technology: A security by design perspective”, (2021), p 24.

[3] Nemec Zlatolas L., Feher N., & Hölbl M., “Security perception of IoT devices in smart homes”, Journal of Cybersecurity and Privacy, (2022), p 66.

[4] Ibid

[5] Hall F., Maglaras L., Aivaliotis T., Xagoraris L., Kantzavelou I., “Smart homes: security challenges and privacy concerns”, (2020), p 3.

[6] Ibid., at 3-4.

[7] Heuvel K., “Securing the Smart Home : A study on cybersecurity problems in smart home devices: does European product liability law offer meaningful legal solutions for consumers?”, Bibliotheek – Universiteit van Amsterdam, (2018), p 45.

[8] Ibid

[9] Hall, Maglaras, Aivaliotis, Xagoraris, Kantzavelou, above, at 4.

[10] Ibid

[11] Heuvel, above, at 45

[12] Ibid

[13] Ratkovic, N., “Improving Home Security Using Blockchain”, International Journal of Computations, Information and Manufacturing (IJCIM), (2022), 2(1), p 28.

[14] Hassija V., Chamola V., Saxena V., Jain D., Goyal P., Goyal B. A., “A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures,”, vol. 7, (2019), p 82725.

[15] Xhafa F., “Internet of things: engineering cyber physical human systems”, Internet of Things, (2018), p 3.

[16] Ibid

[17] Hassija, Chamola, Saxena, Jain, Goyal, Goyal, above, at 82727.

[18] Ibid

[19] Xhafa, above, at 3.

[20] Ibid, at 4

[21] Mazwa K., Mazri T., “Review on the security of smart homes in the internet of things”, (2019), p 706.

[22] Pillai MM., Helberg A., “Improving Security in Smart Home Networks through user-defined device interaction rules,” 2021 IEEE AFRICON, Arusha, Tanzania, United Republic, (2021), p 2.

[23] Ibid, at 3.

[24] Ibid

[25] Ibid

[26] National Security Agency., “Best practices for securing your home network”, Cybersecurity advisories & guidance, (2023), p 4.

[27] Ibid, at 2.

[28] Ibid

[29] Ibid, at 3.

[30] Shad H., “An overview of the sultanate’s cyber crimes law”, Oman Observer, (2017).

[31] Ibid

[32] Oman Cybercrime Law (The Cyber Crime Law 2011, Royal Decree 12/2011, Article (3).

[33] Ibid

When the term “Smart” is used, this usually means that a device is capable of making the life of its user easier. In the context of “smart homes”, this simply refers to a home equipped with connected appliances with software controls.[i] These connected devices may allow the user to control them through a mobile device while being away from the home by communicating with the devices and the servers that are linked to them.

These connected devices can put the privacy of their users in danger, as it might be possible to access the data of the user by third parties, especially in cases where the technical protection applied to the connection is not sufficiently strong. Given that privacy is recognised as a fundamental human right of great significance—as recognised by various domestic, regional, and international documents,[ii] there is a great incentive for scientists and specialists to improve the technologies used to protect this fundamental right.

This article aims to illustrate and analyse some key risks to the use of smart homes and attempts to identify reasonable solutions to mitigate such risks.

Privacy Risks for Smart Homes

Even though smart homes make life easy in different ways, they also have some risks. In this article, we will focus on the risks to user privacy associated with living in a smart home, especially as information security and data protection are dynamic fields that are constantly challenged and influenced by advances in digital technologies and innovation in business practices.[iii]

Security Vulnerabilities

Smart homes usually operate on the basis of the connection between the devices inside the home, but what if the connection is insecure? This can make the user a target for cyber-attacks that risk his privacy, especially as the connection is operated by software installed on the device,[iv] and it is generally agreed that it is impossible to build software that is secure to a 100%.[v]

Adeeb Al-Mazroui
Law Student
College of Law
Sultan Qaboos University

This risk highlights the importance of having a reliable mechanism for making secure updates,[vi] that updates the security of the software used to patch any detected “bug” that can be abused to break through to security measures of the user.[vii] Generally speaking, securing the software of the user is a reasonable way to mitigate such vulnerabilities.

Cloud Computing Risks

Cloud computing is usually defined as a distributed environment based on connected virtual computers with dynamic communications between them.[viii] Cloud computing enables users to share the data used on their devices on a global cloud storage, which may be subject to the risk of being accessed by unauthorised third-parties. Generally speaking, cloud computing as a technology does not usually violate the principles of data protection, but it can be considered a risk in regard to regulated cross-border data transfers,[ix] especially as there is no specific regional legislation for personal data protection when using cloud services.[x] 

Unauthorised Access

Authorisation in the context of connections means the process of identifying the user requesting to use the service by his username and password.[xi] This process differentiates between the users that have the right to access such servers and those who do not. If a device of the user is compromised, unauthorised parties might be able to access all the devices in the smart home.[xii] For example, imagine if a user uses his phone to turn on the washing machine at home while he is at work. If a person managed to intercept his connection to obtain the password for the washing machine application, he might be able to access the entire network of devices in the home, including the phones and computers of the user.

To mitigate this risk, many applications nowadays introduced mechanisms such as forcing the user to change his password constantly.[xiii] In addition, many applications require a minimum standard of password strength.[xiv] 

Privacy Protection Methods in Smart Homes

As the number of smart devices in the home increases along with the increase in cyberattacks, it is becoming necessary to establish a comprehensive protection system to ensure the safety and security of personal information. The appropriate methods depend on the scale of risk and the data in question. This section of the article will focus on several methods that can help mitigate these risks.

Improving User Behaviour

Awareness is a key factor in any system that aims to protect the user. Research has shown that as users grow more aware of various privacy tensions, their sense of worry or fear might evoke protective actions.[xv] Such actions depend on the experience that the user has lived. Furthermore, the level of fear and worry depends on the nature of the rules and resources available in the relationship between the user and these emerging technologies.[xvi] Accordingly, user awareness towards the mentioned risks is the best first step in protection.

Utilising User Configuration

An effective method to improve the security of the smart home is to enable the user to participate in setting up the connections and configurations at the home as this can help him develop a feeling of safety and trust by involving him in the process of defining and implementing the configurations of the smart home.[xvii] For this approach to be effective, the user must be enabled to contribute to the configurations in a user-friendly manner. For example, the configurations must enable the user to assign a unique name to each device in the home,[xviii] and to choose whether or not a device is activated by certain triggers.[xix]

Connection Security

Connection security refers to all the integrated elements of the devices, network connections, interfaces, software, mobile applications, cloud services, and other aspects of the smart device.[xx] Given that many smart homes rely on connections between smart devices and the network of the supplier of the device, it is vital for the connection between the smart device and the network to be secure, and this might require the implementation of the requirements of each element in the network in order to provide adequate security.[xxi]

Conclusion

Smart users of smart homes are those who are able to utilise the advantages of the new devices in the home while limiting the risks associated with them.

This article identified a number of sources of risk regarding the use of smart homes and also identified a number of methods that users can use to manage these risks to help protect the privacy of the user.

[i] Poh GS, Gope P, & Ning J., “PrivHome: Privacy-Preserving Authenticated Communication in Smart Home Environment”. IEEE Transactions on dependable and secure computing, VOL.18 (3), (2021), p. 1095.

[ii] Romansky RP., & Noninska I., “Challenges of the digital age for privacy and personal data protection”. Mathematical biosciences and engineering: MBE, (2020), p. 5291.

[iii] Ibid, at 5295.

[iv] Heuvel. K., “Securing the Smart Home” University of Amsterdam, (2018), p. 39.

[v] Ibid

[vi] Ibid

[vii] Ibid

[viii] Romansky RP, Noninska I., above 1, p. 5297.

[ix] Ibid

[x] Ibid

[xi]  Heuvel K., above 1, p. 41.

[xii] Ibid

[xiii] Ibid

[xiv] Ibid

[xv] Quach S., Thaichon P., Martin K., Weaven S. & Palmatier R., “Digital technologies: tensions in privacy and data”. Journal of the Academy of Marketing Science 50, (2022), p. 1310.

[xvi] Ibid

[xvii] Pillai MM., Helberg A., “Improving security in smart home networks through user-defined device interaction rules”. IEEE AFRICON, (2021), p.3.

[xviii] Ibid

[xix] Ibid

[xx] Romansky RP., Noninska I., above, p. 5300.

[xxi] Ibid

Biotechnology has been defined by many researchers in different ways, but the most common definition is applying technology to living organisms.[1] This field is a wide sea with lots of interesting caves, some of which we have already explored while others are yet to be discovered. Although biotechnology is filled with fertile soil for opportunities, it most of the time ends up in a two-case scenario: either a financial loss or an ethical dilemma.

If we examine the issue from a legal perspective, we would find that biotechnology has a lot to offer but requires some patience and a lot of delicate work to not cross the limits, e.g., procedures of cell line companies require some supervision and agreements made with trial patients to conduct empirical research must be overseen. A lack of supervision in the abovementioned examples can cause some serious incidents, sometimes even leading to biohazardous consequences.

This article will examine a number of issues viewed from a legal perspective, some are related to the ethics of biotechnology, while others raise a financial question regarding the field; hence, we will be covering human cloning, biological weapons, genetically modified organisms’ relationship with infectious diseases, exploiting trial patients, tension between a patentee and an industry partner, and finally the dispute of distributing cell profit.

Bassam Al-Balushi
Law Student
College of Law
Sultan Qaboos University

Ethical Issues

Over the years, the field of biotechnology has encountered some of the most interesting ethical issues as science has developed. We start the first part of the article by introducing some of those ethical concerns. 

Human Cloning

As one of the most ubiquitous ethical issues out there, human cloning remains far from achieving reality, or is it?[2] The reproduction of human genetics has more to it than meets the eye and is most certainly a different path from the case of Dolly the sheep,[3] which was the only successful experiment out of 277.[4] However, the Academy of Sciences located in Shanghai, China, achieved a successful experiment in 2018 regarding the cloning of monkeys Hua Hua and Zhong Zhong, hence leaving the world with many questions.[5]

It is undeniable that research papers on human cloning create new paths in science; however, the consequences of conducting factual experiments based on those papers would beg to differ. From a medical aspect, for instance, cloning can stimulate diseases to develop and change their Pathogenesis;[6] therefore, human cloning is considered dangerous and can cause unpredictable harm.[7] As for possible legal outcomes, police might have a tough time verifying their suspects since similar physical traits would be detected during the investigation. Cloning could also make fingerprints useless. Moreover, cloning could possibly disturb the process of proving kinship.
Clones tend to live in the shadows of their originals,[8] making them an easy target for psychological disorders and therefore a victim of emotional disruption.

As the temptation to carry out more experiments on human cloning increases, the United Kingdom has decided to ban it as a precautionary measure due to the high risks involved.[9] Other instruments banning human cloning would be the Universal Declaration on the Human Genome and Human Rights (1997) and the United Nations Declaration on Human Cloning (2005).[10]

Biological Weapons

As one of the many ethical challenges of biotechnology, we are confronted with the weaponization of biological agents and the use of biohazardous weapons. As it is internationally known, there is a famous convention regarding the regulation of biological weapons called the Biological Weapons Convention (BWC),[11] also known as as the Biological and Toxin Weapons Convention (BTWC). This multilateral treaty defines biological weapons and forbids their use as a tool for solving international disputes.[12]

Parties are encouraged by the BWC to enforce their domestic laws in accordance with the treaty and its obligations,[13] but does not request any formal verification of their compliance.[14]

The BWC began its phase of accepting signatures in 1972, and while it came into force in 1975,[15] Oman ratified its adoption of the treaty in 1992 by Royal Decree 17/92.[16]

That being said, with no required evidence or proof of the necessity of compliance, cell line companies and other research establishments with access to any essential tools for developing biological weapons supposedly would not get in trouble and be held accountable;[17] however, that is not true, as it was cleared in the final declaration of the 1996 conference that reviewed the treaty.[18]

Moreover, BWC’s prohibition included numerous conducts, but it most certainly did not limit the resort to the argument of doing it for “research purposes”, as long as it fell under the meaning of peace that the treaty has mentioned in Article 1.[19] In other words, a formal educational clearance or a research license would serve just fine as an exemption. This is one way of breaching the treaty’s firewall and getting beyond its obligations.

Biological Weapons are Unethical

Biological weapons have the ability to create chaos in a way that no weapon can, harm the environment, and develop diseases.[20] Consequently, after the well-known outbreak of the COVID-19 pandemic and its contagious phase, the United Nations Secretary General opened up suspiciously about the necessity to improve BWC so it can protect the world significantly more against weaponizing diseases.[21]

Moreover, in the current Russian-Ukrainian war, allegations of the intention to use biological weapons have increased.[22] UN denied any knowledge of the subject when confronted by the Security Council.[23]

Genetically Modified Organisms (GMOs) are Future Biological Weapons

The international community undeniably stands by its statement regarding the hazards of biological weapons; however, it has yet to discover what genetic manipulation[24] can cause. GMOs are clearly at an intersection with infectious diseases. However, their promising environmental benefits[25] and noticeable financial outcomes, including high-profit margins, satisfy the majority.[26] Therefore, international regulations Like the International Health Regulations (IHR) 2005 are struggling to rein in GMO production.[27]

As for Oman, it does not encourage growing GMOs within its borders but rather urges for proper labelling to continue the importation.[28]

Exploiting the Right to Privacy of Trial Patients

One form of exploitation towards trial patients is breaching their right to privacy by sharing private medical records. As we know, experiments are crucial for any research, especially in a field where new variables appear every now and then. However, the private information gathered through experimenting with human tissue and genetics should be preserved and guarded, as it is not meant for sharing unless given consent.[29]
While artificial intelligence is becoming the new face of science, entrusting it with private information does not sound like the best of ideas. AI is meant to exceed human capabilities, with machine learning (ML) not preserving data.[30] As a result, doors would be open freely to cybercrimes and data infringements.[31] Noteworthy, the biggest cyberattack in 2018 targeted AccuDoc Solutions, with a total of 2.7 million people affected.[32]

Another form of exploiting trial patients is taking advantage of them in clinical trials with no recognition for their participation whatsoever.[33] This incident occurs for those who do not acquire health insurance due to poverty.[34]

Financial Issues

As we have encountered, as legally as possible, some of the most interesting ethical issues regarding the field of biotechnology, we will now move on to explain some interesting financial incidents that may occur within the field.

Tension Between a Patentee and an Industry Partner

A patentee is someone to whom the law has given the right to grant permission over their work;[35] therefore, without the patentee’s authorization, no investor can lay hands on their research paper.[36]

Now imagine going back and forth to negotiate over groundbreaking research, spending extensively, yet still being required to wait a long time for any capital returns, let along peaking some proper profit.[37]

Although the aforementioned scenario seems factual, it is not reality, as there are legal protective methods available to prevent such financial tension.[38] International legal instruments such as the World Intellectual Property Organization (WIPO) and the Trade-Related Aspects of Intellectual Property Rights (TRIPS) treaty guarantee the consistency of funding during the fostering period, let alone the marketing Exclusivity they urge parties to provide.[39]

Noteworthy, Oman joined WIPO by Royal Decree 74/96; hence, Oman is required to offer the above-mentioned rights to its researchers in any field, not just biotechnology.[40]

Donor’s Eligibility of Gaining Profit After Cell Donation

Research establishments conducting empirical experiments rush for a patent request once a profit-making opportunity is apparent.[41] In this case, are those who donate cells eligible to gain some of the profit?[42]

To answer the previous question, we must first seek the provisions regarding the act of donation in law. For instance, Oman’s Civil Transactions Law (promulgated by Royal Decree 29/2013) stated in Article 465(1) that if a donee performed any conduct insinuating a transfer of ownership, the donor would be prohibited from recovering his donation.[43] As a result, the donor of a cell would not be eligible for any profit if the research establishment put a patent on it, as it is an act of requesting ownership.[44] Moreover, If there was an agreement beforehand to distribute the cell’s profit, then we apply the principle of pacta sunt servanda.[45]

Conclusion

There is neither a law nor certain regulations that can possibly cover all the legal outcomes in all the various subjects of biotechnology.[46] As it is a moving train, with every valid research conclusion a new legal implication is awakened; therefore, many ethical and financial issues take advantage of the presented legal gaps.[47]

Findings

-Cloning is not ethical due to the implications it may have on the clone’s well-being, let alone all the ethics left behind.

-BWC has great potential against those who want to obtain a shelf of biological weapons; however, it has some vulnerable gaps.

-GMOs are future biological weapons unless their process is monitored and supervised.

-Oman does not grow GMOs but allows for their import.

 -Data on trial patients is not shareable; hence, it must be protected from cybercrimes targeting analytical AI systems.

 -International legal instruments keep the tension down between the patentee and investors.

-An agreement concluded beforehand would protect the donor’s right to ask for cell profit.

Recommendations

-We recommend enhancing the supervision of human cloning experiments.

-We advise filling the vulnerable gaps in the BW convention.

-We recommend adding more supervision to the GMO sector.

-For more security in trial patients’ files, an electronic personal key is advised to be kept solely with the patient.

Notes

[1] For further information see Yashon, R., Cummings, M. “Biotechnology” (2019), Momentum Press, New York, p.1.

[2] Klotzko, A. “The Cloning Sourcebook” (2003), Oxford University Press, pp.23-24; for further information see Macintosh, K. “Human Cloning: Four Fallacies and Their Legal Consequences” (2013), Cambridge University Press, p. 195.

[3] Ibid, p. 196.

[4] Ibid, p.195.

[5] Kaya, I. “Genetically Modified Organisms and Regulations Concerning Biotechnological Products” (2020), Cambridge Scholars Publishing, Newcastle upon Tyne, UK, p.83.

[6] Klotzko, supra note 2.

[7] Vöneky, S., Wolfrum, R. “Human Dignity and Human Cloning” (2004), Leiden: Brill | Nijhoff, p.126.

[8] Klotzko, supra note 2 at 204-205.

[9] Mayor, S. “UK government confirms ban on human reproductive cloning” (1999) British Medical Journal vol 319,7201.

[10] For further information see Kaya, supra note 5 at 88-92.

[11] The Nuclear Threat Initiative, “Biological Weapons Convention (BWC)” (2023), available at: https://www.nti.org/education-center/treaties-and-regimes/convention-prohibition-development-production-and-stockpiling-bacteriological-biological-and-toxin-weapons-btwc/. accessed 25 July 2023.

[12] Ibid

[13] Ibid

[14] Ibid

[15] Ibid

[16] Royal Decree 17/1992 Approving the Accession of the Sultanate to the Convention on the Prohibition of the Development, Production and Stockpiling of Bacteriological (Biological) and Toxin Weapons and on their Destruction (issued 24 February 1992, published 1 March 1992) Official Gazette 474.

[17] The Nuclear Threat Initiative, supra note 11.

[18] Ibid

[19] Ibid

[20] Tychinin, D., Kosterin, P. “Contribution of Biotechnology to Chemical-Weapons Destruction”, (2002), available at: https://doi-org.squ.idm.oclc.org/10.1007/BF02987492. accessed 2nd July 2023, p.218.

[21] The Nuclear Threat Initiative, supra note 11.

[22] Ibid

[23] Ibid

[24] For further information see Kaya, supra note 5, at 1.

[25] Pool, R., National Research Council, Division on Earth and Life Studies, Board on Life Sciences, “Environmental Contamination, Biotechnology, and the Law: The Impact of Emerging Genomic Information: Summary of a Forum” (2001), National Academies Press, Washington, p.23; for further information see Kaya, supra note 5, at 11-15.

[26] Mariani, M. “The Intersection of International Law, Agricultural Biotechnology, and Infectious Disease” (2007), Leiden: Brill | Nijhoff, p.215; for further information see Kaya, supra note 5, at 8-10.

[27] Kaya, supra note 5, at 213.

[28] Al-Sadqi, N., Alansari, A. “Detection of Unlabeled Genetically Modified Soybean in the Omani Market” (2016), SQU Journal for Science vol 21(1), pp. 1-6, p.2.

[29] Khalid, N., Qayyum, A., Bilal, M., Al-Fuqaha, A., Qadir, J. “Privacy-preserving artificial intelligence in healthcare: Techniques and applications” (2023) Computers in Biology and Medicine Journal vol 163, pp. 1 – 21, p.3; for further information see Taylor, M. “Genetic Data and the Law: A Critical Perspective on Privacy Protection” (2012), Cambridge University Press, p.186.

[30] Khalid, supra note 29.

[31] Ibid, pp.4-7; for further information see Rathee, A. “Data Breaches in Healthcare: A Case Study” (2020), CYBERNOMICS vol 2(2), pp. 25-2, p.25.

[32] Khalid, supra note 29, at 4.

[33] Dal‐Ré, R., Rid, A., Emanuel, E., Wendler, D. “The potential exploitation of research participants in high income countries who lack access to health care” (2016) British Journal of Clinical Pharmacology vol 81, pp. 857 – 864.

[34] Ibid

[35] Marsoof, A., Kariyawasam, K., Talagala, C. “Reframing Intellectual Property Law in Sri Lanka: Lessons from the Developing World and Beyond” (2022), Springer Singapore, 1st ed, p.34.

[36] Gersten, D. “The quest for market exclusivity in biotechnology: Navigating the patent minefield”, (2005), available at: https://doi-org.squ.idm.oclc.org/10.1602/neurorx.2.4.572. accessed 2nd July 2023, p.573.

[37] The University of Tasmania, “We need to think about the legal implications of futuristic biotech” (2018), available at: https://www.utas.edu.au/about/news-and-stories/articles/2018/760-we-need-to-think-about-the-legal-implications-of-futuristic-biotech. accessed 25 July 2023.

[38] Abdel-Maguid, M. “Protection of Intellectual Property Rights for Biotechnology Products” (2007) Agricultural Investment Journal vol 5, pp. 45 – 49, p.45.

[39] Ibid, p.46; for further information see Gersten, supra note 36, p.573.

[40] Al-Wahaiby, J. “Intellectual Property System in the Sultanate of Oman”, WIPO Introductory Seminar on Intellectual Property (2004), Muscat, the World Intellectual Property Organization (WIPO), p.6.

[41] Hodgson, C. “Social and Legal Issues of Biotechnology” (1987) The Ohio Journal of Science vol 87, pp. 148 -153, p.152.

[42] Ibid

[43] The Civil Transactions Law 2013, Royal Decree 29/2013 (issued 6 May 2013, published 12 May 2013) Official Gazette 1012.

[44] Gersten, supra note 39.

[45] Kunz, J. “The Meaning and the Range of the Norm Pacta Sunt Servanda” (1945), American Journal of International Law vol 39(2), pp. 180-197.

[46] Morrison, A. “Biotechnology Law: A Primer for Scientists” (2019), Columbia University Press, New York, p.1; for further information see Novikova, R. “Legal regulation in the field of genetically modified organisms (GMO) turnover in Russia and foreign countries” (2021) RUDN Journal of Law vol 25, pp. 32 – 66, p.33.

[47] Pool, R., National Research Council, Division on Earth and Life Studies, Board on Life Sciences, “Environmental Contamination, Biotechnology, and the Law: The Impact of Emerging Genomic Information: Summary of a Forum” (2001), National Academies Press, Washington, pp.13-21.