The Internet Society (ISOC) recently released a 50-page whitepaper examining the opportunities and challenges associated with the Internet of Things – The Internet of Things: An Overview – Understanding the Issues and Challenges of a More Connected World
There is a lot of discussion about the Internet of Things (IoT) (examples here, here and here), but what ISOC’s whitepaper provides is a valuable informational resource to help people navigate the conflicting dialogue surrounding the IoT. It should encourage further, focused discussion on the five issues the whitepaper identifies as major challenges to the IoT, as summarised below for numbers folk to consider.
Security is an essential pillar of the Internet and one that ISOC perceives to be equally essential and ‘the’ most significant challenge for the IoT.
Increasing the number of connected devices increases the opportunity to exploit security vulnerabilities, as do poorly designed devices, which can expose user data to theft by leaving data streams inadequately protected and in some cases people’s health and safety (implanted, Internet-enabled medical devices and hackable cars) can be put at risk.
Many IoT deployments will also consist of collections of identical or near identical devices. This homogeneity magnifies the potential impact of any single security vulnerability by the sheer number of devices that all have the same characteristics.
To deal with these and many other unique challenges, a collaborative approach to security will be needed, a sentiment that APNIC’s security specialist Adli Wahid often blogs about. For many users, they will ultimately need to consider the cost vs. security trade-offs associated with mass-scale deployment of IoT devices.
The IoT creates unique challenges to privacy, many that go beyond the data privacy issues that currently exist. Much of this stems from integrating devices into our environments without us consciously using them.
This is becoming more prevalent in consumer devices, such as tracking devices for phones and cars as well as smart televisions. In terms of the latter, voice recognition or vision features are being integrated that can continuously listen to conversations or watch for activity and selectively transmit that data to a cloud service for processing, which sometimes includes a third party. The collection of this information exposes legal and regulatory challenges facing data protection and privacy law.
In addition, many IoT scenarios involve device deployments and data collection activities with multinational or global scope that cross social and cultural boundaries. What will that mean for the development of a broadly applicable privacy protection model for the IoT?
In order to realize the opportunities of the IoT, the ISOC whitepaper suggests that strategies will need to be developed to respect individual privacy choices across a broad spectrum of expectations, while still fostering innovation in new technologies and services.
Lack of standards and documented best practices have a greater impact than just limiting the potential of IoT devices. As APNIC’s Geoff Huston has pointed out previously, absence of standards can enable stupid behaviour by IoT devices.
Without standards to guide manufacturers, developers sometimes design products that operate in disruptive ways on the Internet without much regard to their impact. If poorly designed and configured, such devices can have negative consequences for the networking resources they connect to and the broader Internet.
A lot of this comes down to cost constraints and the need to develop a product for release quicker than competitors.
Add to this the difficulties with managing and configuring larger numbers of IoT devices, the need for thoughtful design and standardization of configuration tools, methods, and interfaces, coupled with the adoption of IPv6, will be essential in the future.
Like privacy, there are a wide range of regulatory and legal questions surrounding the IoT, which need thoughtful consideration.
Legal issues with IoT devices include crossborder data flow; conflict between law enforcement surveillance and civil rights; data retention and destruction policies; and legal liability for unintended uses, security breaches or privacy lapses. Further, technology is advancing much more rapidly than the associated policy and regulatory environments.
Regulatory analysis of IoT devices is increasingly being viewed from a general, technology-neutral perspective legal lens, which seeks to prevent unfair or deceptive practices against consumers.
The broad scope of IoT challenges will not be unique to industrialized countries. In fact, the IoT holds significant promise for delivering social and economic benefits to emerging and developing economies.
By 2025, McKinsey Global Institute projects that as much as 38% of annual economic impact of the IoT applications will derive from less developed regions.
Like current challenges in this area, less-developed regions will need to address policy requirements, market readiness and technical skill requirements to take advantage of the IoT potential.
Download the Internet Society’s whitepaper The Internet of Things: An Overview – Understanding the Issues and Challenges of a More Connected World and give us your opinion in the comments section: which of the five issues do you think is most critical to the numbering community, your situation or your economy?
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.