Skip to Content

Exploring the Neglected Morality of IoT

Andy Greenberg was cruising at 70 mph (113 kph) when the connected car he was driving suddenly began blasting frigid air, hip hop music and wiper fluid. He wasn’t even touching any of the controls — but he was being hacked.

IoT Morality 07-27-2015-A.jpg
“Often the morality question comes too long after [the hype and implementation],” Josh Oakhurst said.

“As the two hackers remotely toyed with the air-conditioning, radio and windshield wipers, I mentally congratulated myself on my courage under pressure,” Greenberg stated last week on “That’s when they cut the transmission.”

Connecting cars, medical instruments and other devices to the Internet can prove very useful, alerting experts and authorities when lives and systems are in danger. But security breaches, such as the one that left Greenberg powerless behind the wheel, illustrate the need to look beyond the hype, examining far-reaching implications of the Internet of Things (IoT).

Just Because We Can Doesn’t Mean We Should

“Often the morality question comes too long after,” Skookum Digital Works CSO Josh Oakhurst said in The Denver Post last week. “We should think about what should be connected, what data should be transmitted from our daily lives.”

Not every portable object needs to communicate with other devices, The Denver Post noted, and users don’t always employ the numerous security solutions that are already available for IoT devices. There are also privacy issues associated with wearable devices that gather personal data.

Fitbit data showed up in court to help an injured personal trainer show she is less active,” The Denver Post stated. “It could also go the other way.”

Making the Rules

Even if we focus only on the positive, devices could use this personal data to predict how we might behave, determine whether or not we’re injured, or just recommend we take umbrella when we leave the house, computer science Prof. Peter McOwan stated last year. That means doing more than just setting boundaries for devices.

“Intelligent devices also need some understanding of these rules for us to be able to interact with them as naturally as possible,” McOwan said. “Once a device is able to offer opinions or take actions as well as carry out its main function, we start to consider it differently.”

Greenberg was in on the hack that shut down his ride at highway speeds. But the incident highlights the need to set the ground rules for IoT morality and ethics now — while we’re still in the driver’s seat.

Follow Derek on Twitter: @DKlobucher

More From SAP Business Trends:

7 Tips to Bring Morality to Your Big Data Program

Do Your Big Data Decisions Reflect Your Company Values?

Big Data Trends Questions

IoT Morality 07-27-2015-A.jpg
You must be Logged on to comment or reply to a post.
  • The gadgets are made to make human life comfortable and easy. But if we look from other perspective, the gadgets are making us dependent on them very badly. We as human need to decide what IoT gadgets can do bare minimum things to make our life easy and not dictate us.

      • Derek, I feel that this IoT should be restricted to Companies or Organizations only for doing their day to day operations and there by making the operations more lean oriented.

        I am very much concerned about its usage at personal level. Well, before I say anything further I must say that I am a good person with sound state of mind and I am socially well also πŸ™‚ . I am worried about what will happen if somebody hack my smartphone and laptop and steal my data and it would be a nightmare if they can see though my smartphone and laptop cameras 😯 and also hear the conversations. And moreover they can follow me continuously all the time if they want without me aware of it at all. Very much horific, is not it?

        So what basically I want to say is this IoT should not be focussed at individual level but should be for use in Organizations only πŸ™‚ . What do you say Derek?

        • It's up to individuals as well as organizations to act responsibly, Deepak. To paraphrase my blog post, just because we can share and collect all of this data doesn't mean we should.

          Individuals must be responsible about what they share, just as organizations must be responsible about data and software security. Otherwise we could end up with our cars hacked -- and our breaks disabled, which happened in the story.

          As one expert told The Denver Post, "Plan to put security at the front."

  • I chose to use a fitness app on my smartphone that allowed me to opt out of being connected socially. The last thing I need or want is an insurance company getting that data.

    Thanks for the food for thought.


    • You're welcome, Gretchen. Your comment brings up a good point about incentives.

      Would we feel differently about sharing our exercise data, for example, if insurance companies offered us lower premiums? And how could we incentivize organizations to take the aforementioned moral and ethical imperatives into account as they develop IoT solutions?

        • It sure is, Matt. In fact, it has been for years (my apologies for not better wording that question).

          And I love All Tech Considered. πŸ™‚

          But what about getting organizations to make IoT morality a higher priority? Is there a better way than shaming companies with embarrassing hacks, as the folks did?

      • Wouldn't it be good time for the Big Bad Government to step in? I wouldn't really rely on the for-profit businesses to police themselves in such matters. Although with all those NSA scandals the government is not doing that well either... So I guess we'll have to keep some foil handy just in case. πŸ™‚

      • Derek,

        I don't know, I'm a bit leery of where this is going. The insurance company that gives me a discount today ( "Wow, 30 days in a row for >10,000 steps! Congratulations, Gretchen!") could turn that into a penalty/ surcharge just as easily ( "Alert: we do not see any health insurance claims for this week, and yet you have not exercised at all. Get moving or face a surcharge on next month's premium.").

        I, too, like Jelena Perfiljeva do not trust for-profit companies to self police. Maybe it is the industry experience I have, but I would rather have regulations in place before going there.


        • I suspect you're in good company, Gretchen. Anyone looking for reasons not to trust for-profit organizations to police themselves needn't look beyond the financial crisis of 2008.


  • Just to throw in another real-world example, though admittedly this isn't an "Internet" hack but rather a close-proximity WiFi hack (but who's to say some clever individual couldn't bridge that gap?), here's the case of a "wired thing" device in which the manufacturer does not appear to have given due consideration to access security.

    Hackers Can Disable a Sniper Rifle—Or Change Its Target | WIRED

    "Change its target?" Now that gives me pause.

    • Rightly so, Matt! This is pretty scary, especially when we consider how much money is at stake with the computer -- and what else could be at stake with the sniper shot!

      But responsibility may go beyond the manufacturers. An expert told The Denver Post that he didn't blame Chrysler for the hack: "It's more a matter of technology moving faster than what we're ready for."

  • In the Internet of Things, who is responsible for monitoring / securing your data ?

    If you dig a bit deeper into the Jeep hacking case, you find that the first vulnerability was in the Uconnect system, that links to the Internet via a cellular connection through Sprint, also creating a WiFi hotspot in the car. So who is responsible (either legally or morally) for any ill effects ? In the current situation, Fiat/Chrysler have notified owners of  ten models, including Ram pickups, Chrysler 200s and Grand Cherokees, of a software update to their Uconnect systems, but this isn't the answer, even in this case.

    What if these updates aren't installed ? Does the buck stop with Fiat-Chrysler, the makers of uConnect, the cell service provider, or (worst case scenario) the average joe owner ?


    • These are great micro questions that parallel the macro issues we're exploring here, Martin. I doubt that any organization -- private, public or government -- has the drive, stamina and budget to turn this around on its own.

      Everyone has to take responsibility for their part, otherwise the machine breaks down. That means learning about these issues, taking them seriously and acting appropriately.

      The buck shouldn't stop with the auto maker -- or anyone else -- because no one should be passing it.