Monday, 17 October 2016

Children and the Internet inquiry

Together with colleagues from Horizon we submitted evidence to the House of Lords Select Committee on Communications inquiry into Children and the internet. The evidence was from the ESRC funded CaSMa project looking into citizen-centric approaches to social media research. Working with 5Rights, we investigated young people's attitudes to various topics related to internet use, including:

o Personal data tracking
o Removal of embarrassing or inconvenient content
o Unhealthy dependence upon digital communication technologies
o Effect of online networks on young people’s self-esteem, feelings of exclusion, anxiety
o Digital literacy

Using Youth Juries, a specific form of vignette methodology, we elicited interesting insights into how young people are growing up with technology, and putting the lie to the cliche "young people don't care about privacy anymore" - they most certainly do... a final report on this project coming soon, so watch the twittersphere @horizonder.

Then last week it was time to don the grey suit again and head to the Palace of Westminster to offer verbal evidence (video, transcript). It's a long (and of course thoroughly riveting) watch/read, but in summary:

Baroness Kidron: ".... I would really like to hear from you what industry could do that is a little bit more radical and a little bit more user-friendly when we are talking not simply about protection but about the normative use of “children being children” in this digital sphere."

Professor Derek McAuley: "Stop trying to monetise every piece of data."

It'll be radical shake up of the Digital Economy when that comes to pass.

Wednesday, 2 March 2016

How risky is your IoT

Copy of an article first appearing on the IoTUK blog.

In a previous blog, we kicked off a discussion about the categorisation of IoT applications and systems; and their technical complexity.
Today we will analyse risk as a further dimension in helping us differentiate various IoT applications. Our mission in all of this categorisation is to start an in-depth discussion about the subsets of IoT applications and their common problems and solutions; otherwise we are in an endless apples and oranges discussion.
Our risk dimension includes privacy, safety and resilience; in fact anything that in project management terms should be included on a (sensibly used!) project risk register. We are interested in what could go wrong, how to decrease the likelihood of such events and how to mitigate the effects; because rest assured things will go wrong.

The inevitability of failure

It is the nature of all computers and communications systems to do unexpected things; even if we could dream of removing all software bugs, the very physics of the systems lead to an underlying failure rate (see metastability). Many of these IoT systems will involve interactions with fallible human beings. Things fail and IoT designers need to deal with it.
We have included privacy here, as one aspect of the impending EU General Data Protection Regulation move, welcomed by many, to a risk based assessment of the requirements for handling personal data.
Such risk assessments are subtle and not solely related to the type of the data, but the context in which it is being used – it might be an annoyance to have your credit card details stolen, but if it is published they were stolen from Ashley Madison’s website that tells a different story.

Privacy risks

Privacy risks are present everywhere where we have sensing technologies in IoT. It will often be possible to correlate the sensing with an individual’s activities.
You can expect to see this data used in unexpected ways – the court case involving FitBit data is a sign of a trend where IoT data can be used as evidence of a person’s innocence or guilt. Mitigations could include strong encryption, ephemeral data or only maintaining statistical and aggregated data in the longer term.
Many IoT devices also have the ability to actuate and affect the physical world – so what could possibly go wrong? Human safety checks are absent when moving to automation in IoT. We will need to design with safety in mind as everyday domestic objects become known killers – whether automatic door openers or even something as mundane as a venetian blind.
Picking up the theme of care for the elderly in their homes, again from a previous blog, we also start to see the need for resilience in our IoT designs. A particularly dangerous episode for many elderly people is a power outage – from the heating stopping, to lack of lighting, leading to increased risk of falls or other accidents.

Resilient IoT design

A resilient IoT design would include several hours of protected power supply for the sensors and router; backup communications using 3G as the ADSL or cable modem may not be available to access the internet (fixed line telecoms operators are required to have the phone service available during a power outage, not the broadband); and the ability to act independently of internet servers to raise alarms, so that operations are maintained when there are network and server failures or DDOS attacks on the infrastructure.
To build an IoT we trust we must first learn to handle the risks. Importantly, while showing damages in privacy cases has proven hard, the rise in citizens injured by devices will rapidly lead to product liability cases.

Monday, 1 February 2016

What is IoT? That is not the question

Copy of an article first appearing on the IoTUK blog.

I have many conversations with colleagues about what is and what is not ‘The Internet of Things’. These discussions along with many of the definitions that others have offered often focus on the technical capabilities of the system – does it have embedded computing; can it communicate; does it use the internet; does it have a screen; does it involve a “thing” that we previously had never thought to put online?
Some aim to partition even further by defining which things are not IoT:
  • That’s not IoT, that’s a “connected product”
  • That’s not IoT, that’s M2M
  • That’s not IoT, that’s a smart phone
The list of things that some consider are not IoT could get very long and still provide us with no useful insight or handle for discussion.
As noted in a previous IoTUK post, people have been putting unexpected things online for years, and traditionally being considered weird for doing it – but that is the joy of research and innovation.
So for me, IoT is not about technical capabilities or novelty, rather it is a social phenomena that reflects a significant proportion of society, and importantly businesses, who have started to recognise that there is value in building a virtual presence for many of our everyday physical things. These connected ‘things’ are enabled by the continued reduction in cost of communications, computing, storage and sensing.
So shall we discard the consideration of technical capabilities when thinking about IoT? Absolutely not. In considering any system design, we need to understand how to trade off the technical complexity against the functional and commercial requirements.
We also need to consider the risks, such as privacy and safety, for example, alongside the requirements, or not, for data sharing. Those two latter topics will be the subjects of forthcoming blogs and finally a report from IoTUK, but for now we should consider the technical complexity alone.
At the most basic level we should continue to embrace even the simplest technologies that enable us to uniquely identify passive objects. RFID and NFC tags still have much value to add, while advancements in visual marker technologies such as d-touch allow designers to hide the equivalent of barcodes in decorative patterns. However, even such long established technologies present us with emergent issues due to the scale of deployment, such as the ‘clash of the plastic’. Who would have expected we’d be carrying multiple tags in such close proximity? Do a personal survey of your pockets and bags: contactless payment cards, building access tokens, loyalty cards, and smart phone etc.
One specific vision for the use of IoT is how it will help look after our ageing population and keep them living independently in their homes for longer. Technology will provide monitoring and assistance through devices that are both worn and carried, as well as embedded in homes.
Looking at the IoT landscape today, there has been a shift from simple vertical applications to a wider landscape of ecosystems built around various proprietary standards such as Apple’s HomeKit, Google’s “Works with Nest” and Samsung’s SmartThings. The downside to these proprietary architectures is that products and services are not compatible across vendors – not so much of a problem when the devices are all portable, but a challenge for IoT where elements of the systems will be embedded in the buildings around us. In the commercial deployment context this sort of technical complexity is a dream (= profit) for systems integrators, who will build and maintain bespoke software infrastructures to make it all interoperate.
However, returning to our care in the home application, the need is to reduce the technical complexity by ensuring systems are designed to interoperate. Hypercat has done a great job for enumerating things. Next, let’s standardise some of those APIs (Application Programme Interface) to “things”…I mean how many ways do we need to talk to a thermostat?
You can follow Derek McAuley at @drdrmc and don’t forget to follow IoTUK @IoTUKNews.

Friday, 8 January 2016

IoT: Finding the true value of an article first appearing on the IoTUK blog.

Engineering and Physical Sciences Research Council (ESPRC) recently hosted a day of presentations at the British Library discussing both their previous work, as well as their future plans for the Digital Economy and ICT research programmes within the UK.

Professor of Software Systems Engineering, Anthony Finkelstein, of University College London, took the opportunity to highlight the importance of understanding how technology is embedding itself within society, as well as the social and economic drivers underpinning its adoption. He also reflected on what the role of technology means for the trajectory of future research.

The current narrative around IoT is primarily focused around the technology’s great promise, but first we need to better understand how these technologies need to be shaped so they can be successfully embedded into everyday life.

The issue with casually referring to all emerging solutions simply as the ‘Internet of Things’ is the term is too generic; the emerging solutions need to be much more clearly contextualised in order to understand their opportunities and challenges.

graphThe emergence of the term IoT reflects the growing realisation that with the continued reduction in the cost of processing, storage and communications, we can add an ‘online’ existence to an ever increasing range of everyday objects, where it was previously the preserve of more specialised niches.

As with many technologies as costs decrease, we begin to see a migration from military and scientific uses to more commercial and increasingly consumer applications.

So, to be clear we’ve been putting “things” online for years:
  •  Researchers demonstrating how crazy the internet could be in the early 1990s placed coke machines, coffee pots and toasters on the Internet. Amusement value aside, these provocations lead to more serious research on what happens when things are connected. This research started in the mid-90s when the US government funded a massive programme of wireless sensor networks with applications as far afield as fire suppression systems on battleships to ecological monitoring.
  • The invention of the humble RFID tag dates back to the earliest “identity friend or foe” systems for World War Two aircrafts, which would respond to a radio frequency ping with an identifier. This led to one of the first low cost means to track objects and was widely adopted in manufacturing across supply chain management and in protecting high value products from theft.
  • The definition of the Universal Product Code (UPC) allowed the addition of tracking to objects at near zero marginal cost through printed barcodes, it enabled shops to track inventory, deploy laser scanners for faster checkouts and most recently enable self checkout by mapping the UPC to the products weight to ensure only “expected items in the bagging area”.
  • Indoor locative technology was originally developed at the Olivetti Research Laboratory, which caused controversy in some quarters by tracking people. This technology is now the basis of many successful deployments of technology from Ubisense (founded 2002), which has been adopted by over 50 companies including high tech manufacturing businesses such as BMW and Airbus.
The value in each of these examples is clear but so too are the challenges. Rather than making a sweeping statement about how “IoT has privacy challenges” we can get down to the detail and determine the risks and mitigations associated with how this technology is used.

For example in the early 2000s RFID uses became controversial (e.g. RFID in Razors packs) leading to the RFID Privacy Impact Assessment Framework ratified in 2011 as a model for co-regulation by government and industry.

Just because a product falls under the term ‘The Internet of Things’ does not mean it will automatically transform our lives. Let’s take the ‘smart fridge’[1]. While there has been talk about how it is going to change our domestic food inventory and offer us new dining experiences, we should first question and understand its true consumer value, work through the security and privacy issues and determine whether there is a market for this, or if it is merely a technical flight of fancy, another smart gadget for the home.

[1] Addendum: apparently it's not a 'smart fridge' it's "a sophisticated multi-tasker that reconnects families, organizes groceries and home tasks, and provides entertainment".