Dynamic Coalition on the Internet of Things – Statement

for Sideevent on EuroDIG, 12. June 2014, Berlin

Going back to the 3rd IGF in Hydrabad (2008), the Internet of Things has been subject to debate during the IGF, as it was considered by multiple stakeholders as one of the “game changers” towards the future of the Internet. With the formal inauguration of the Dynamic Coalition during the IGF in Nairobi (2011) this relevance was confirmed, and the discussions between a wide range of stakeholders has continued, since.
Today, we are at a point where the Internet of Things (or: IoT) is widely recognized to as “inevitable” and developing with increased speed – though in a fragmented way and with limited accountability. Smart environments are going to be the next big thing, in fact is has started already. Smart meters, smart cars, smart TV and all the little additional things we can do with our smart phone by using smart apps. The technology is long used by other industries already, like the logistic industry or wholesale and retail. But still we know so little about the ethical and privacy implications this development will have on our daily life. We also do not have established policies relating to accountability and transparency with which the processes for storing and using the data collected in IoT will be treated.
With a clear calling for further introduction of IoT for different reasons, the importance of ensuring that it evolves in a way people want is also imminent. Some argue for growth and resource saving models – others against the damage this technology might cause to our health conditions and big brother scenarios. Now that Google spent 3,2 Billion Dollar on NEST Labs, we can start a discussion on a concrete example and explore to what extent there needs to be public policy discussions with regard to using this technology in the future in our house and daily life.
Multistakeholder perspective
The IoT will help in resolving societal challenges that couldn’t be addressed in other ways, or not without much higher costs. These challenges are different in different parts of the world, as with most things that have to do with the Internet. Whereas in some parts of the world the emphasis is on “ensuring privacy” in other parts of the world the emphasis may be on public safety, health, or on production and sales of goods in a new market.
It is clear that, like with the Internet itself, the IoT will only manifest itself in ways we want if industry develops solutions consumers want to buy or use, with “things” that citizens accept to be present in their environment (such as CCTV – different story in different societies), and with government accepting that the IoT environment is part of the public space in which they have a role of ensuring public safety, etc. No one party can do this alone.
Global perspective
Like the rest of the Internet, IoT doesn’t stop at the border. Whether it is a car, or a plane, full with communicating objects crossing a border, or whether it is data that flow across networks, or consumer goods with IoT attributes that are imported… it is clear that it would serve people best if global standards are set and followed. It offers local economies the opportunity to export to other parts of the world, and it allows the import of solutions that have been created elsewhere, as it is possible to just “plug them in” and have them work.
Governance challenges
It is likely that all governance challenges in IoT are already covered somewhere else. However: with the emergence of the IoT some challenges get a greater and a new emphasis, even more so when projected towards a future in which many (billions of) things will be connected.
These Governance and Public Policy issues are very much part of the broader Internet governance issues while taking into account the specific challenges related to IoT.
Some of the specific topic areas include:

  1. Big data: the amount of data is exploding by the increase of connected sensors that measure and share. These data range from being very much linked to persons to not being related to persons at all, the value towards users, businesses, and society is potentially huge, and so far there are no “good housefather” concepts for where and how to store the data in autonomous IoT networks: accountability and transparency of processes are needed here. As with all our concerns about big data, addressing these issues for IoT environments is a crucial governance issue, while recognizing that some data are at all subject of privacy concerns, and others are not, though when subject to correlations may still be. We are very early in understanding this from a technical level. Policy implications are also very rudimentary.;
  2. Security: the IoT includes “actuators” that are partly there to be triggered by people, and partly (semi-)autonomous, triggered by data from sensors and networks. As we know, everything that is networked is vulnerable to attack, and next to establishing what level of security may be expected from different applications, we may need to produce a “taxonomy” of applications in terms of their vulnerability (governance issue) or the privacy threats they enable. Whereas some applications will require no or limited security measures (such as meteo data), other IoT devices may not be detectable at all in a wireless space (such as peacemakers for the heart). In addition, a balance needs to be found in the use of IoT for ensuring security and respecting privacy, as the recent debate about pervasive monitoring on the Internet shows;
  3. Ethics: understanding the ethics is very much society context dependent, and that the underlying concepts even in the same society are subject to change over time, addressing this is crucial if “trust” is to be maintained in society at certain levels. In order to establish the right level of “ethics” in applications, it will be important that people are well informed, and that “things” are “transparent thus trusted” – otherwise it will not work. A clear example here is the abandoning of electronic voting systems because “the people” don’t trust the working of these black boxes. Ongoing dialogue on governance issues related to this is necessary at all levels;
  4. Spectrum: managing the radio spectrum has been an interesting dance over the last decades. Without going deep into the intricacies of this, it is clear that if we want to avoid having “spectrum” become an issue for the further roll-out in masses of IoT, we need to address that in two ways:
    1. ensuring there is bandwidth availability for IoT;
    2. ensuring that bandwidth is only used when needed, and if so very effectively.

In these areas we need to look at specific elements like:

  1. Privacy issues regarding IoT sensor data
  2. Data retention regulatory structure, if any, for IoT environments
  3. Use of IoT in surveillance, aka, pervasive monitoring;
  4. Access considerations of IoT
  5. Protocol threats

Global governance dialogue
Finding ways forward on these issues should be done at all levels, from the household itself, to the local community, nation, region and up to the global level itself. For the latter, the IGF has proven to be an excellent place to discuss these governance issues with different stakeholders at global level. The DC IoT can become a focal point where insights and concerns can be shared, and validated.
Author(s): Maarten Botterman; Avri Doria