This module is a resource for lecturers
This section contains material that is meant to support lecturers and provide ideas for interactive discussions and case-based analysis of the topic under consideration.
Exercise # 1: IoT Toys
The mass deployment and adoption of IoT toys raise real (and not hypothetical) security and privacy concerns. These concerns arise from the design of these devices, which often include microphones and/or cameras, and the way they operate, such as their ability to connect to Bluetooth and/or Wi-Fi, GPS capabilities, collection of vast quantities of data about users and owners, storage of collected data in the cloud, and sharing of collected information with manufacturer and third parties.
Please review the following:
- Maras, M.-H. 4 ways "Internet of things" toys endanger children. The Conversation (10 May 2018).
- Connected toys pose child safety risk - Which? Investigates (length: 1:00).
- Hacked smart toy used to order item off Amazon - Which? Investigates (length: 0:53).
- Hacking a Furby - Which? Investigates (length: 0:58)
- 'Smart' Toys Like 'My Friend Cayla' Raise Questions About Child Security and Safety, Today (length: 4:17)
- Could Smart Toys Be Spying On Your Kids? NBC Nightly News (length: 2:02)
- What are the security risks associated with the use of IoT toys?
- What are the privacy implications of using IoT Toys?
- What privacy by design measures could be implemented to secure IoT toys and protect data collected, stored, analysed, and shared by them?
Exercise # 2: National Data Protection Laws: An Assessment
National data protection laws can be accessed on this website that has a searchable database of worldwide legislation.
Students should be randomly assigned to a group before the class to enable them to complete the assignment before the class meets. Each group should be randomly assigned a country.
Students should conduct research on the data protection laws of their assigned country. They should identify the following:
- National data protection law (or laws)
- National data protection authority
- Agency and/or authority responsible for enforcing national data protection laws
- Principles of data collection and processing
- Rules governing transfer of data and data breach notification
- Data security requirements
Exercise # 3: Learning from Literature and Films: Privacy Implications of Data Aggregation
Privacy, data aggregation, security and surveillance are prominent themes in literature and film. In 2013, Dave Eggers, wrote The Circle, a dystopian society where people are encouraged to "go transparent" as a way to live an "authentic existence." This full transparency involved, among other things, the 24/7 surveillance of a person broadcast to viewers in real-time. The novel was adapted into a movie in 2017.
Please read the book or watch the movie. Answer the following questions:
- How was privacy depicted in the book/movie?
- Is this an accurate depiction?
- In what ways was a person's security impacted by "going transparent"?
- What are the implications of technologies like those depicted in The Circle?
Exercise # 4: Privacy Enhancing Tools
The Electronic Privacy Information Center (EPIC) Online Guide to Practical Privacy includes a variety of anonymity-enhancing tools. Instruct students to review these tools.
Have them access and utilize one of the tools. Students should be prepared to discuss their observations and findings concerning their chosen tool's protection of user anonymity and privacy.
Next: Possible class structure