Opening:

SVP of products and engineering at the security firm Rapid7, Lee Weiner, said that, When you
look at information security, the rules to build software are not like the rules to build a bridge. If
you want to build a bridge there are well-known structural codes. That is not the case in the
software world. The only way those flaws get found is the equivalent of someone driving on that
bridge with different types of vehicles.

Technology surrounds us all and seems to always be advancing and interconnecting. However,
as technology continues to develop, privacy and security begins to take a lower priority and
efficiency is held at a higher importance than safety.

We negate the resolution which states Resolved: The benefit of the Internet of Things
outweigh the harms of decreased personal privacy.

Definitions: We would like to define the following terms for clarification...

Internet of things (IoT): An interconnected network of physical devices and other items,
embedded with electronics, software, sensors, and network connectivity, which enables
these objects to collect and exchange data.
Outweigh: Be greater or more significant than.
Personal Privacy: Freedom from damaging publicity, public scrutiny, secret
surveillance, or unauthorized disclosure of one's personal data or information, as by a
government, corporation, or individual

1. Main Argument One: Access to personal information enables unauthorized access and
misuse of personal information by both third parties and state and federal governments.
a. (Sub point A):
i. Point: Information provided by devices connected to the IoT can be
bought and sold by data brokers.
 1. Evidence:
a. According to Federal Trade Commissioner Julie Brill, we
have lost control of our most personal information.
Companies and marketing firms have been gathering
information about customers and potential customers for
years, collecting their names and addresses, tracking credit
card purchases, and asking them to fill out questionnaires,
all so they can offer discounts and send catalogues. But
nowadays we as a people are giving up more and more
private information online without knowing that it's being
harvested and personalized and sold to lots of different
people...our likes and dislikes, our closest friends, our bad
habits, even your daily movements, both on and offline.
b. Data brokers infer consumer interests from the data they
collect. Then, they use those interests to make inferences
about consumers and place them in categories. Potentially
sensitive categories include those that primarily focus on
ethnicity and income-levels, a consumers age, or health-
related conditions like Expectant Parent, Diabetes
Interest, and Cholesterol Focus.
2. Explanation: Information that the user agrees to release to the
company online can be sold to data brokers that utilize that data to
infer the consumers interests and monitor their daily habits.
b. (Sub point B):
i. Point: The government can use smart devices to gain personal
information that can be used to access data to be utilized in the
criminal justice system.
1. Evidence:
a. Director of national intelligence, James Clapper noted
that, Privacy advocates have known about the potential
for government to exploit the internet of things for years.
 Law enforcement agencies have taken notice too,
increasingly serving court orders on companies for data
they keep that citizens might not even know they are
transmitting.
b. Police have already been asking the Google-owned
company Dropcam for footage from cameras inside
peoples homes meant to keep an eye on their kids. Fitbit
data has already been used in court against defendants
multiple times.
2. Explanation: Personal information can be utilized by the
government to impose upon ones privacy through the use of
network-connected cameras and wearable technology that can be
obtained from companies that gather data under the terms of
service.
2. Main Argument Two: Access to personal information such as passwords, logins, and IP
addresses allows interconnected networks to facilitate attacks on other systems
a. (Sub point A):
i. Point: Personal data in the form of login information allows hackers
to manipulate ones devices and to carry attacks out on high-profile
targets, such as websites or Internet service providers .
1. Evidence:
a. In 2016, the botnet malware Mirai performed
international wide-ranging scans of IP addresses to locate
under-secured IoT devices that could be remotely accessed
via easily guessable login credentialsusually factory
default usernames and passwords. Mirai used 61 of these
login combinations to attack Dyn, a DNS service provider,
by infecting hundreds of thousands of network based
cameras and internet routers, thus leaving large percentage
of the populations\ of North America and Europe unable to
 access major internet platforms such as Amazon, Airbnb,
BBC, and The New York Time.
2. Explanation: In this case, the result of decreased personal privacy
can impact the general publics access to high profile services,
which, on a larger scale, has the potential to further compromise
customers private information.
b. (Sub point B)
i. Point: Home systems can be hacked by multiple devices and be used
to leak invasive information about the homeowner to anyone.
1. Evidence:
a. "If your router isn't secure, it exposes your entire home
system," FTC Chairwoman Edith Ramirez said in an
interview with CNN. "We're trying to convey to companies
that security needs to be top of mind. They need to make
sure they have reasonable security in place to protect
personal information."
b. In January 2012 hackers posted live feeds to the Web from
nearly 700 D-link DCS-930L Network Cloud Cameras by
exploiting faulty software that allowed hackers to override
set passwords and create their own, which granted access
to video feeds for anyone who obtained a camera's IP
address to look through it -- and sometimes listen as well.
2. Explanation: These cameras were designed with the intention of
easing a homeowner's mind that their house is secured and safe
while they are away, but once connected to the Internet of Things,
these cameras designed for convenience began leaking invasive,
personal materials to hackers.
3. Main Argument Three: Misuse of personal information can allow unauthorized users
access to domestic devices that can compromise ones health and threaten their safety.
a. (Sub point A)
 i. Point: Access to ones automotive or financial records enables hackers
to access vehicles and compromise the safety of drivers
1. Evidence:
a. In 2015, Chrysler recalled 1.4 million vehicles after a pair
of cybersecurity experts proved that they could remotely
take complete control over the car. The pair remotely
hacked into the car and cut the transmission it on highway
I-64... they were able to pull off even more dangerous,
unprecedented tricks like causing unintended acceleration
and slamming on the car's brakes or turning the vehicle's
steering wheel at any speed.
b. Research done by the security firm Trend Micro
highlighted a fundamental security issue in the CAN
protocol that car components use to communicate and send
commands to one another within the car's network,
effectively launching a Denial of service attack like Mirai,
one that would allow a hacker who accesses the car's
internals to shut off key automated components, including
safety mechanisms.
c. This type of attack is far harder to detect, and easily
circumvents existing intrusion detection systems that look
for the anomalous frames that represent malicious
communication within a car's network.
2. Explanation: A users connection to the internet of things and
the personal information that they share, whether they are
aware or not, can affect their safety and the security of their
property. This can in turn affect the general public as IoT and
network connected vehicles gain popularity.
b. (Sub point B)
i. Point: Personal information in the form of electronic health records
(EHRs) allows hackers to take control of medical devices that are
 manufactured with the intention of promoting health and improving
the quality of life for patients.
1. Evidence:
a. The FDA has reviewed information concerning potential
cybersecurity vulnerabilities associated with St. Jude
Medical's Merlin@home Transmitter and has confirmed
that these vulnerabilities, if exploited, could allow an
unauthorized user to remotely access a patient's RF-
enabled implanted cardiac device [this] could then be
used to modify programming commands to the implanted
device, which could result in rapid battery depletion and/or
administration of inappropriate pacing or shocks.
b. The Animas OneTouch Ping pump, which was launched in
2008, enables diabetics to dose themselves with insulin
using a Wifi remote control. However, Jay Radcliffe - a
diabetic and researcher with cyber security firm Rapid7 -
found communications between the pump and its radio
frequency remote could be hijacked allowing a hacker to
administer unauthorised injections
2. Explanation: St. Jude's pacemakers and J&Js insulin pumps ,are
both examples of how hackers could utilize private digital
information that could be accessed through the data shared
between IoT connected devices to cause physical harm and turn
what should be life-sustaining instruments into weapons for
malicious, personal attacks.

Closing Statement:

As the technology associated with the IoT develops, the decision to compromise a consumers
safety and security is left up to companies that produce these network connected devices for
profit, rather than the consumers themselves. The personal information that can be revealed by
the Internet of Things vulnerabilities can allow the misuse of this personal information through
facilitating attacks on other systems and devices that can compromise ones family, home,
freedom, and safety.

Josh Corman, co-founder of IATC, says that: The ultimate end state is to not give up on
technology, but to realize that there are risks and not just rewards and to stop adopting things
faster than we can fix them.

Therefore, my partner and I negate the resolution that states: The benefit of the Internet of
Things outweigh the harms of decreased personal privacy.