Improved integration of domestic IoT capabilities came up on a number of occasions in the BCS survey, and it has wider implications than just your fridge ordering more milk for you.
As a consumer, knowing that you have certain food in the fridge is useful, but from a societal perspective having access to data that gives a greater understanding of local, regional and national habits which can then be cross-referenced against waste data collected from, for example, weighing bins becomes a powerful tool. Imagine if that data were further cross-referenced with local (anonymised) health data.
This example demonstrates that IOT technology should not be looked at as an independent vertical but as part of an interconnected world.
If vehicle telematics were interoperable with GPS journey monitoring and the traffic light system, even simple things such as traffic jams could be reduced, if not eliminated. On public transportation automated monitoring of passenger usage could enable better utilisation of capacity, and dictate when extra services may be required.
These sorts of approaches are in development - and will not only benefit transport users, but local communities. Imagine how much better Twickenham in London would be if these systems were in place for major events... or indeed any suburban area with large entertainment venues.
On a purely personal level, some are interested in the ideas of the ‘quantified self’. With systems such as these engaged an individual could much more effectively assess his or her impact on the environment - perhaps a precursor to much more widespread ‘green-thinking’.
Healthcare is an area that has already seen extensive usage of IOT-enabled devices. IBM have for several years been running an experimental community in Italy. Called ‘Living Safe’ the project is being run in Balzano to help older residents who live by themselves to do so for longer, with the use of relatively simple monitoring systems.
Helping the elderly in society to live more independently and actively adds to their self-worth, with concomitant societal benefits, and also reduces the impact on welfare and health services. A win-win.
Ethics and opt-outs
Respondents to the BCS survey were asked whether the thought consumers should have a basic right to opt out of an IOT solution? 82 per cent said yes.
Privacy is not seen as optional, but a basic digital civil liberty. So, whilst the IOT has the potential for great good, it is also seen by some to be ‘creepy’ and ‘scary’ - especially if it intrudes without explicit understanding and consent into our everyday lives.
Indeed 68 per cent had privacy concerns related to smart meters and sensors, a relatively straightforward and easily understood IOT application.
The IOT is inextricably linked with big data and its usage, reflected in the view of half of the respondents who disagreed with the idea that the current trend of gathering data is morally right and ethical. 74 per cent either strongly agreed or tended to agree that we need a global treaty to address this.
What do you see as the role of government in terms of regulating increased data collection by everyday objects? This question garnered a number of responses citing the requirement of international regulation, with the need to participate in global forums to agree rules and then to enact national legislation to ensure they are enforced. The rules should cover acceptable levels of security and the degree to which that security is maintained.
The role of government was seen as being to set the law and standards for the IOT in order to prevent abuse of personal data. Whilst the Data Protection Act was mentioned as achieving this to a limited extent, it was consistently seen as inadequate. One of the problems here, of course, is that the pace of technological change completely outstrips the rate of change of law laid down through statute.
The survey asked whether the current security of the internet, applications and networks in general safe to build the IOT on. Only 13 per cent said yes, with a definitive 74 per cent in the ‘no’ camp.
The internet is seen as being quite fragile and in need of serious upgrade and architecture change by many in IT. The implication of that view is that, technologically, it probably isn't the platform on which to build anything like IOT at this time.
Specific concerns were expressed over the domain name system (DNS).
Lori MacVittie of F5 recently commented on the IOT and DNS: ‘we often focus on the impact on data centre architectures. That's because there will be an increasing need for authentication, for access control, for security, for application delivery as the number of potential endpoints (clients, devices, things) increases. That means scale in the data centre. What we gloss over, what we skip, is that before any of these "things" ever makes a request to access an application it had to execute a DNS query. Every. Single. Thing.’
One respondent quoted Castell's dictum: 'you can't secure an ontologically unreliable and insecure technology by use of an ontologically unreliable and insecure technology.’
TCP / IP was not designed with security or rights management in mind, it’s an evolutionary technology. Some hold that if we had the opportunity to start from scratch that TCP / IP is not what we would have used.
Techies are often accused of rushing in with immediate technical solutions to issues, and not considering the security implications at the outset. Of course building the IOT on the current infrastructure means this approach is a given, although some of the respondents were of the view that good sense, good engineering and an ethical understanding of proportionality will make this successful nonetheless.
At the moment even ‘manned’ devices are not actively maintained / upgraded so remain open to compromise, and this could be exacerbated if the multiple unmanned objects on the IOT are not correctly configured.
The additional security precautions that those who responded to the survey would like to see overlapped with many of the points already mentioned. ‘Real international responsibility with teeth and real penalty for misuse’. ‘Security policies / procedures will need to be tighter around the use personal and sensitive data’. ‘IT information security and the computing industry have tended to forget the human!’
Again some practical solutions were proffered:
- Full implementation of IPV6;
- Longer encryption keys, standardisation of security elements on smartphones;
- A wholly new, ontologically reliable and secure machine architecture;
- Enforceable rights management over identifiable data;
- Total anonymity outside of agreed local interactions and segregation of specific data types to ensure that it cannot be misused;
- A worldwide public key infrastructure (PKI), headed by the UN, with each country having its own PKI. Each country's postal authority would be an ideal candidate to host the PKI as they have a relationship with all citizens, businesses and properties;
- Ensure there is an independent body which certifies the devices and the support processes to ensure that security management is an integral feature;
- Data from connected things should be protected in transit as standard;
- Virus checking built into the 'things' on the IOT - they will need more processing power and storage;
- All collected data to be encrypted at the point of collection;
- Standard, non-proprietary, security elements associated with all devices and sensors etc. on the internet.
In terms of regulatory bodies, participants were asked whether current regulators e.g. OFGEM, OFCOM, OFWAT and the ICO, have done enough to ensure that IT solutions procured are sufficiently secure now and audited to ensure they remain secure. 70 per cent said no.
At the moment IPv4 and IPv6 do not talk directly to each other, which poses near-term issues on how and when vendors and providers will choose to switch.
Another issue is the sheer speed of change.
It’s still people who have to use and control these IOT-connected devices. It was suggested that they need to be designed with the ability to easily turn off the transmission of data over the internet without any deterioration in performance. And the vendors need not only to be transparent about what they are selling, but know the implications of what they are selling.
The other issue is the sheer range of things covered by the IOT; some optional, such as wearable tech, and some not e.g. smart meters. So the biggest challenge may simply be that it is not one challenge. And it’s not simple.
BCS is involved in advising government of the implications of the IOT as part of our charter responsibilities.