IoT Expert Group governance, privacy, m2m
The fourth meeting in Brussels of the EC expert group on the internet of things providing another interesting day of debate around the policy needed to support a humane yet commercial internet of things. On the agenda for the meeting were: continuing the review of a martyr paper on “governance”, a discussion on privacy and in particular the “privacy impact assessment” created through the RFID working party, and the implications of m2m standardisation.
The debate around the “Governance” martyr paper started, and didn’t really end, with a discussion on the definition of the internet of things that will be used in this groups final output. Several different versions have been proposed but there was a clear difference in opinion on whether the definition should have a human or technical focus. At the moment the definitions are technically oriented but there was a call to have the human at the center and themes such as “provide a secure and trusted platform” were proposed and with several objections to the definition relating to IoT operating “without the intervention of a human”. Those last six words alone were discussed for over an hour.
Taking a historical perspective, IoT is not the first technology with which we have discussed the balance between the damage it can do and the benefits it could deliver. I really liked the presentation by Marcel van Galen from Qiy who summed up this issue quite nicely with their video that introduces their business concept.
Qiy is a utility to collate your data. They are working with companies and public bodies who create data and enabling them to share your data with you. Has been in development for past five years but not clear on the split between how many companies send you a copy of the data and how many let only you store your data. One to watch.
Rudolf Van Den Berg – OECD – focused his M2M implications discussion on GSM and the implications of lock in to network operators. He showed an interesting diagram of M2M networks by type but focused on the fixed / dispersed quadrant.
2G,3G,4G are best for dispersed applications – they have near global coverage and the SIM based approach means zero config (vs me setting up my wifi at this meeting which required me to authenticate – I didn’t bother to authenticate my phone or fitbit). But the downside here is that in the M2M environment the user is not the consumer, it is the service provider. And the M2M user has different requirements since they are often responsible for millions of SIMs (phones, traffic lights, sensors in the field etc.) meaning there are very practical problems with switching operators without swapping SIM cards (hence think of the lock-in operators currently have). Like international roaming their is a need to negotiate roaming with local operators. Even static objects like SIM based traffic lights suffer from network effects since at rush hour the cells will change shape to actively manage communications traffic.
His main plea was a need to liberalise the ability to network swap without changing SIM cards – this will create an open communications platform and increase the potential for radical innovation in applications as experienced on the internet. However, this shift of power from operator to consumer would have significant impact on the telecoms providers.
Sarah Spiekermann reported on the learning from the privacy debate in the recent EC RFID consultations. It focused on “privacy by design” – the Privacy Impact Assessment encourages companies to focus on how to think about privacy in the design stages of developing RFID applications. The PIA is setup to help companies creating RFID applications question the potential risks to personal data being compromised with their application so that they can answer the question “do I run the risk of not complying with the EU law?” (EU Directive on Data Protection).
Interesting to see how this would actually work in a commercial environment. The cost impact of PIA is not in terms of direct financial costs (it would be cheaper to pay fines if data protection was broken than pay for the PIA’s), it is more focused on the brand cost associated with fallout of wrong doing. In the future world of the internet of things how will we quantify the value of trust and brand over commercial necessity?