Dynamic coalition on the Internet of Things Meeting
at the Ninth Annual IGF Meeting, held in Istanbul, Turkey, on 2-5 September 2014
Thursday, 4 September 2014, 11:00am-12:30pm
DC IoT Chair person/ Moderator: Avri Doria, USA, civil society
Contributors (in order of speaking):
- Maarten Botterman, Netherlands, Business
Setting the scene: looking back from the future
- Hosein Badran, ISOC Egypt, technical community
Contribution: Balancing IoT benefits and IoT concerns in developing economies
- Vint Cerf, USA, Google, technical community
Contribution: observation from a high level perspective on IoT and the Internet
- Narelle Clark, ACCAN, ISOC Board member, civil society
Contribution: Consumer right dimension
- Hiroshi Esaki, Japan, University of Tokyo, ISOC Board member, technical community
Contribution: Development and implementation of IoT in Asia Pacific, emphasis on technology perspective and domotics
- Ram Mohan, India, Afilias, ICANN Board member, business
Contribution: IoT and the future if Internet
- Rolf Weber, Switzerland, academia
Contribution: Legal issues issue to be considered
Kuo Wei Wu, Taiwan, research institute, ICANN Board member
Contribution: IoT, privacy and security
- Wolfgang Kleinwaechter, Germany, University of Aarhus, ICANN Board member, academia
Contribution: IoT in historic perspective
As a result of earlier meetings of the Dynamic Coalition in Berlin and Washington in 2014, this meeting was framed as an opportunity to work towards an Action Plan with a focus on identifying “treasures and mines” that come with the Internet of Things. All speakers agreed that the IoT is developing as we speak, and currently mainly driven from economic and business perspectives, without sufficient attention for the potential downsides that can be much better addressed when taken into account from the outset. In order to ensure IoT development is informed and guided by societal choices, it is important all stakeholders are aware and active to ensure IoT technology and services development and deployment is done in a sustainable way.
It was recognised that the trend is towards all objects getting smart, eventually. And as many objects are mobile and/or portable, there is a high need to be able to connect wherever they are in the world. Whereas standards remain important in this on all levels of the OSI model, we will be moving towards data centred networks. In this, the Internet, and IoT which is part of it, is in practice a network of networks in which fragmentation is to be avoided. Towards the future it will be key to consider aspects of privacy, security, ethics, and spectrum, and standards that take both social and economic sustainability of networks into account: networks should be developed in a way people want (people centric values) and in such a way that upgrades, changes of services providers and new applications are possible and affordable.
The discussion in the meeting was very energetic with more than 50 people from all parts of the world and all stakeholder groups in the room. There was a good interaction between the panel and the audience. Unfortunately there was no interest from any remote participants. Participants agreed to contribute towards an action plan over the coming year, with the aim to identify the opportunities and challenges, as well as a clear identification of governance aspects at global level to be addressed at the 10th IGF in 2015.
Panel – issues discussed
Going back to the 3rd IGF in Hydrabad (2008), the Internet of Things has been subject to debate during the IGF, as it was considered by multiple stakeholders as one of the “game changers” towards the future of the Internet. With the formal inauguration of the Dynamic Coalition during the IGF in Nairobi (2011) this relevance was confirmed, and the discussions between a wide range of stakeholders has continued, since.
Today, we are at a point where the Internet of Things (or: IoT) is widely recognized to as “inevitable” and developing with increased speed – though in a fragmented way and with limited accountability. Smart environments are going to be the next big thing, in fact is has started already. Smart meters, smart cars, smart TV and all the little additional things we can do with our smart phone by using smart apps. The technology is long used by other industries already, like the logistic industry or wholesale and retail. But still we know so little about the ethical and privacy implications this development will have on our daily life. We also do not have established policies relating to accountability and transparency with which the processes for storing and using the data collected in IoT will be treated. We are also still discovering the legal implications of IoT.
With a clear calling for further introduction of IoT for different reasons, the importance of ensuring that it evolves in a way people want is also imminent. In the IGF context, the development aspects of IoT are also a serious concern. Hence the work of the Dynamic Coaltion on IoT: these concerns need to be identified and well understood at global level. In this we can think of privacy concerns, security concerns, ethics, and also subjects as spectrum and standards require a global platform to be addressed comprehensively, as “things” will be used all over the world, and in addition, many things will be mobile or portable.
Hosein Badran pointed at the economic and environmental necessity of IoT introduction, and the opportunity even more so in emerging economies to address challenges like food production and distribution, irrigation, and the usage of oil (actually subsidized in some countries). He also called for putting a framework in place for collection and usage of some data. There are needs for filling the vacuum and building applications consumers use and getting to know and feel the benefit of using.
Vint Cerf confirmed this, and pointed out that it would be important to identify the properties we wanted to exhibit for things: what kind of common properties should we want? He expressed his worries about a number of subjects. First, it would be important to protect things against unintended use (for instance: “controlling the neighbours things, as they obey to the same commands”). We really need to have strong access controls. Next: standards are key, as they allow third parties to build devices for you. There are many standards, such as IPSO (Internet Protocol Smart Objects) and also some that you never considered to be related before as they are not persé ICT standards. “At some point”, he said: “all objects will be smart”. And we better get it right: “Just imagine the headline: Bank of America attacked by some hundred thousand refrigerators”.
In addition, he seconded the mention of spectrum as something to deal consciously with. We will need a better use of the spectrum than today. High frequency bandwidth, intelligent use of spectrum, and where possible near-field-communication (NFC) are important in this.
Narelle Clark focused on consumer rights – giving an overview of the widely accepted 8 consumer rights outlining where shortfalls currently exist in the IoT context. Currently many rights are not being taken into account due to a lack of standardisation, information, compliance and the disposable nature of many devices. She pleaded for ensuring that control of the IoT environment would be with the users, with proper consumer protection, especially the rights to safety, information and redress and clear rights on use of data on individuals. In order to exercise all rights, consumers will need to be alert and aware, and there need to be ways to identify who to complain to, or eventually: who would be liable for specific use. This was widely applauded.
Narelle also seconded the need to consider our current use of spectrum, and later pointed to the inherent nature of IoT devices as having low capacity in many ways and therefore only capable of lightweight security, privacy and feature capability.
From a more technical/architectural perspective, Hiroshi Esaki pointed out that we are moving towards data centric networks, as data is the point where value is generated. Key in such an environment is security, and identity. And while building up this network as part of the Internet, we know the Internet is intended for multiple purposes, so we should seek to take that into account when designing IoT environments: to do it in such a flexible way that it can even accommodate uses that have not been foreseen, yet.
The technology has lots to offer for smart buildings, for instance. In combination with LED lights, IoT can create a working and living environment that is eco-friendly, and safe, and convenient … for instance also using as location (and direction) device. The challenge is that the traditional building industry is not always aware of the new possibilities, combining innovations from different sectors.
Ram Mohan focused on a specific aspect that had not been discussed, yet: all these devices are operated by software, and as we will talk about billions of devices it will be crucial to consider how we will be able to keep this software up-to-date in a simple, affordable way. In this we also need to consider the use of embedded devices. In the long run, it is inevitable that we will discover, for instance, security vulnerabilities that require updates. Or new use that wasn’t foreseen before may be enabled by software updates rather than “thing” replacement.If we don’t, we may be facing massive attacks using objects that cannot be dealt with using the current mitigation models.
Another important security aspect is that with “connected Things” there are new end points for physical attacks, as well. It would be annoying if someone sets the thermostat in your house on extreme high – or low – levels, for instance. And it can become life threatening when one considers insulin pumps, pace makers, etc.
At enterprise level, most attention is focused on the data element. There is a focus on volume, velocity, and structure of data that is coming in, and taking good care of data storage, data analysis and data protection is and will be even more so a critical issue for all business when considering the ongoing growth of data collectors.
With all this, it is important to consider law as a useful and necessary part of this new environment. Rolf Weber warned against the illusion that we don’t need legal norms for cyberspace: cyberspace has it specifics, and proper law can prevent that technology and business models go into the wrong direction. Foremost the challenges where law will need to play a role will be in the field of data protection and the field of security. Next to that, we have Human Rights to protect, and responsibility on corporate and societal level that should be clear. And of course there is the anti-trust problems. SO there is a clear invite not to forget about how law can help keeping on track.
Another issue is related to the way we design and manufacture “things” in the world today. Kuo Wei Wu pointed out that much can be gained by bringing designers and manufacturers together. Nowadays, they seldom meet, and designers describe in very fine detail what needs to be done – not benefiting from the experience of the manufacturer.
Playfully, he pointed at the fact that the RFID root server was much less subject to scrutiny than the DNS. He also calls for clarity on data ownership: what part is public, what can be touched by the service provider, and what is “mine”.
Avri Doria invited participants to come in on the points raised, and took a number of comments before turning to the panel again.
Rudolf van der Berg (OECD) commented that he was very pleased with a clear mention of consumer rights, and announced that the OECD’s Consumer Policy Commission is currently drafting a chapter on IoT for the upcoming Digital Economy Outlook. He also pointed out that it will be important to consider standards from a perspective of global trade: how to make sure that systems can be sold across the world. A global harmonised framework for this is currently missing.
Whereas “things’ don’t need names, as such, to be easily memorable, things need identifiers, too. Peter Dengate Thrush asks for the possible role of DNS in IoT. Some participants felt there would be a role, as the uniqueness of DNS is guaranteed, yet machines can work with numbers etc. as well as with names. It was recognised that there was not a clear perspective on this, yet. Mr. Agarwal further reiterated that there is a real need for unique identifiers recognisable across borders – for instance also SIM cards. Now – as there are multiple sources for identifiers – how are we going to have a collaborative approach? Ram Mohan points out that interoperability is a prerequisite for things to talk together, and much is to do there, as well. Related to this, Alexander Climberg raised that he would be more worried if there would be global unique identifiers, especially when they are fixed. And also extended that worry to the privacy aspect related to the use of IPv6 – as it is possible to de-randomize numbers nowadays.
Robert Pepper came back to the standards question, expanding … pointing out that there are many different standards that now interrelate more and more. It is not just about ICT. Think of devices in smart cars: inevitably they relate to safety standards, etc. So – how do they interrelate? Time to also take this on board in IETF and other standards meetings.
Hiroshi Esaki pointed out that interoperability can be complemented by gateways, and is not always needed across systems. More remarks were made about binding addresses to devices, unbinding them, and how this all works – or could work better, in the future that will contain many devices.
At this point, Vint Cerf raised some points that had been missing, so far: “One of them is safety. We talked about security but I think safety is going to be even more important. You don’t want devices that turn out to put you at risk, physical risk, potentially. So that’s one point. Second thing is wearables have the property that they are both mobile and portable. There’s one of them. I’m not wearing my Google glass right now because I loaned it to one of my engineers. But these are coming and we have to factor that into our architectural design. The last point I wanted to remind you about is liability. And what obligations the maneuverers of these things might have. It gets a little scary. I think about this with the Google self driving car. The first time there’s an accident who is liable? Is it the programmer? Is it the company? Is it something else. I think the machine to machine communication and Internet enabled machines will invoke some of that issue as well.”
In addition to this, Arda Gerkens pointed at the need for addressing the ethical question. Whereas this was touched upon, in particular when talking about consumers rights and data protection, there is a call to be proactive from an ethical stance.
Further on the human factor, one of the participants asked whether people were ready for this, emotionally. Sandra Hofenrichter raised the concern that as humans we would become too dependent on our “intelligent surroundings”, not being able to serve our own basic needs without an “enhanced environment” anymore. Let’s make sure we continue to be able to choose “not to be connected”: “The engineers should always at least consider if someone was choosing to go the old fashioned way still be able to by a refrigerator that is not able to track the bank of a America.”
In a final round, the “committed contributors” (those speaking from the front of the room) were invited to share a closing remark: one comment on one thing:
Narelle Clark: Let’s ensure a “right to turn it off” (next to the “right to be forgotten”);
Hiroshi Esaki: liability is the door stop up and beyond legislation.
Ram Mohan: consider “smart waste”, markets of used MAC addresses, and the danger of apparently trustworthy things that turn out to be “Trojan horses” but maybe “Trojan mites” is a better word.
Hosein Badran: in particular the “overlapping standards” are a clear thing to address – hoping IETF will pick this up. And very much reiterated the use of IoT for emerging economies. Not only to better the standard of living for humans but basically being able to help them live and support and necessities in terms of reducing subsidies, availability of food, availability of water for irrigation and drink.
Kuo Wei Wu: it is time we should consider the development lifecycle together with the security, ethical, and liability issue – this will be fundamental to bring things forward.
Vint Cerf: remote diagnostics may be a useful tool to help a user figure out what is not working; how to better use the environment (and info from devices in that environment) in case of emergencies.
Rolf Weber: Technologies are going to grow and to evolve over time so representatives of social sciences have to see it to that they have accompany technology.
Maarten Botterman: We cannot hide behind law that is not applicable – we will need to do what we do in a responsible way. Liability is a good stick behind the door in this – where law doesn’t apply you are still responsible for what you do!
The last word was given to Wolfgang Kleinwaechter, who was one of the originators of the Dynamic Coalition on the Internet of Things, recognising the DC on IoT is a great place for identifying issues at an early time and stimulate discussion across silos where stakeholders are sitting. He concluded with a SWOT observation. IoT is full with promise, and its Strength lies in the wealth of opportunities, both those we see already, and those services we are not even thinking of yet. Weakness: lies in the fact that we still know so little about it, with a danger of unintended consequences that may be harmful. Opportunity: lies in the promise how technology can make our lives easier and help ensure and enhance the environmental sustainability of our world. The thread: is that we lose control over the technology, with great reduction of privacy as we know it, and possibly control over our lives.
Following this, a final word was given by Avri Doria, as current Chair of the DC and moderator of the session. She thanked all participants and contributors for the rich debate. Following this session, Avri confirms her commitment to set up a WIKI for DC IoT, and announces that we will continue to work on a paper that is online, to which all members of the DC IoT mail list will be invited as well.
At this point Avri proposes Maarten Botterman to take the Chair for the coming period: a proposal supported by her previous Chair: Wolfgang Kleinwaechter. There are no hands raised against this, and people present express their support. Maarten accepts the Chair, thanking Avri and people present for the honor, and expressing his commitment to work with the DC to further the debate over the coming year.
- Release a new revision of the DC IOT discussion paper taking into account the discussions held at IGF2014 on Internet of Things;
- Schedule a set of event for the coming year to discuss the paper further, prior to IGF2015;
- Develop the wiki to:
- Include reports and references on other IOT activities
- Track ongoing work
- Develop a method for doing outreach to users of IoT technology