This is a guest blog post written by Arthur van der Wees, Managing Director of international tech-by-design law firm Arthur's Legal, Founding Member of AIOTI, co-Chair of AIOTI WG4 (Policy) and project leader of the AIOTI WG3 Privacy-by-Design working group.
What does the user think of all this? How are customers, users, and other stakeholders in the value chain of these vast and highly complex ecosystems going to understand, trust and use IoT products and services in a durable, trustworthy, productive, civilised and pleasant way in our society?
Trust is always one of the main challenges with any new technology and any change. Regarding IoT, customers and users will need time to adapt and to learn what the benefits are, and how to trade-off usability versus risk to a fair level. The maturity level of adequate trustworthiness will differ per IoT device, service, application and per type of use.
Think of the difference of impact between, for instance, smart wearables in sports, and smart health in hospitals. We all perceive a different trust level, right?. What about smart grids and industry 4.0 connected to critical infrastructure versus smart meters at home? Again, some issues are more important than others. Such as security and safety, or usability and personal data protection. How about smart resident services in a city versus smart augmented-reality city for tourists? Or think of smart autonomous valet parking versus high speed autonomous vehicles on the highway. Who makes the decision of your welfare and life, when a crash is imminent? How do the other vehicles react? And who developed those algorithms? What does M2M mean to you?
For each application in each field you will identify different risk profiles, usability expectations and trust levels. You can even have numerous different trust levels on one single device; just look at your mobile device and think about it. Developing and using multi-purpose devices triggers the necessity to understand the contextuality of trust.
Components of trustworthiness are security, data management, (personal) data protection as well as the way vendors, providers, customers, users and the related community will act and react in real-time. Another prerequisite of building contextual trust is taking care of customers and users with insufficient knowledge. For instance, insufficient knowledge has been established by EuroStat to be the number 1 reason for businesses not to procure paid cloud services. The IoT industry should try to avoid that the same barriers arise in the various maturing IoT markets.
I see this as one of the main roles of Alliance for Internet of Things Innovation (AIOTI). Several initiatives are ongoing in the Working Groups of the AIOTI to deep dive into these issues.
For example, recently, the AIOTI Working Groups 3 (WG3: Standardisation) and 4 (WG4: Policy) joined forces and brain power again in an AIOTI Workshop on Security and Privacy, hosted by ETSI and co-organised by the Commission, NXP and Arthur’s Legal. In this workshop the attendees, including the Commission, ENISA and other public and private sector stakeholders deep-dived into two essential components to build, strengthen and keep trust of citizens, consumers, businesses and other organisations in their connected and hyper-connected day-to-day commercial and private life.
We explored and debated in both plenary as well as expert breakout sessions whether and to what extent a minimum level of basic requirements can be identified and formulated for security and privacy in IoT that can be taken into account while thinking about a certain evidence-based trust label linked to IoT products and services (which Commission's initiative ‘Trusted IoT Label’), while remaining open to innovation and competiveness.
Think about data control, privacy-by-default, privacy-by-design, security in IoT hardware, components, interfaces, communications and applications, and data-centric security. Quite a few potential minimum requirements have been identified in this quest towards trustworthy IoT. We will report on this shortly.
Later this year, at the Digital Assembly 2016 we will assemble forces and brain power again, then to deep-dive into ePrivacy in IoT, where the above topics and trustworthiness of IoT will be part of the dialogue for sure.
I am convinced that initiatives such as these as well as the numerous other initiatives AIOTI has already started and plans to start the coming period, help build and foster the uptake of an useable, solid, trustworthy and fruitful digital economy and society.
One last thought for now: the best things in life are not things, so let’s aim to combine IoT with the internet of humanity (including digital inclusion) to get to the internet of human prosperity. I am keen, honoured and excited to be able to help out, and hope you will help and support the journey towards a trustworthy hyper-connected world. You are already hyper-connected so better start today!