maanantai 5. kesäkuuta 2017

Human rights and IOT

This week I'm at the EuroDIG conference, discussing policy issues related to the Internet. I will be on a panel focusing human rights and the Internet of Things (IOT).

And that's an interesting topic! At the IETF, we've had plenty of debates about the general topic of whether human rights should be a consideration when designing Internet technology. If you are interested, read the Human Rights Research Group's draft on the topic.

But back the more specific question of IOT. The panel is hosted by the Dynamic Coalition on IOT. This is a group of people who have looked at the role of ethics in IOT systems. I've been an occasional contributor in that group as well, and their document also makes good reading: it covers things like meaningful transparency and user control.

But, to be honest, I'm not the human rights or ethics expert. I know a few things about the tech though. Amidst various IOT discussions I find that it is useful to set of few things straight, so that we at least have a good basis for understanding the technology. And then we can have a more accurate discussion of the ethics or human rights.

Done right, the Internet of Things can bring great benefit and support our societies and human rights: the environment, energy efficiency, quantity and quality of food production, safety and many other things stand to benefit. But it takes effort to ensure that we can enjoy these benefits, and to avoid side effects. And it takes education for all of us to understand how IT is shaping our lives, and how it can be managed and used.

I wanted to highlight four issues:

1. It is not about the gadgets, dammit!
Many IOT discussions focus on the efficiency, security issues or other characteristics of the devices. While that's important, that is far from the full picture. We'd be far better off to consider cloud servers as an even more important component in most systems; that's where the most of the interesting functionality usually resides. And that's what you also want to be under the user's control. 
Similarly, we are often focused on the gadgets and servers, but from my perspective the true value of IOT systems in the data produced or consumed by them. Having user control of the data is very important. How that data is used and by whom is important. It needs to be put to good use by or with the consent of those whose data is being used. It should not be used to violate privacy or in a discriminatory manner.
Also, the architecture of IOT systems as a whole matters a lot. The IRTF Thing-to-Thing Research Group, for instance, is looking at various designs where the devices are talking to each other, rather than (for instance) connecting through a centralised cloud entity. A classic example of where this is the right way to design the system are light control systems; you don't want your ability to turn on lights be dependent on your Internet connection :-) 
 2. Collateral damage
When we talk about security of the IOT systems, we need to understand that security is not merely about protecting the devices or even the data. 
The attacks that caused some common Internet services to fail last year were launched from compromised IOT devices, but the target of the attack was not the devices themselves. It was the other parties, this time the Internet naming infrastructure. (For a discussion of this incident, see the video from IETF-97 technical plenary.) 
The friendly neighbour principle: You cannot design Internet-connected systems without having to consider the effect of your systems to others in the Internet. 
 3. Interoperability
Interoperability is a key issue in creating a large market of useful applications and enabling user control. With more and more Internet-based smart devices, I believe we are on a good path with regards to interoperable devices being able to use the same networks and run over Internet protocols. However, this not enough. We also need applications that are interoperable. Otherwise it will not be possible to plug light switches from one manufacturer to light bulbs from another. 
We also need interoperability for the sake of driving competition, and to ensure that the market supports these systems on a long-term basis regardless of individual manufacturer's decisions. Application level interoperability was discussed in the 2016 IAB workshop on semantic interoperability
 4. Rights of the user
The ability of the user to be in the driver's seat with regards to information concerning him or her is important. I wanted to highlight one additional issue that is important: the right to tinker
This isn't just an issue for hobbyists, it also important for our ability to update products that may be used for decades after they have been manufactured and long after support for them has ceased. I also believe the ability to build new things and modify various consumer systems is important for a healthy, innovative ecosystem.
And as for the opening picture above, that was the message waiting for me this morning on my Inbox. My IOT devices, such as the weight scale, telling how I'm doing. I think the machines have something to learn still from instilling confidence and positive attitude! 😀 Then again, maybe the weight scale would be more efficient, if it slapped me on the face for my failure to have a more healthy diet. Would the positive attitude or the slapping IOT be more ethical?

Jari Arkko

Screenshot (c) 2017 by Jari Arkko. I'd like to acknowledge Ari Keränen, Anna Larmo and Francisco Alcoba for interesting discussions in this problem space.

Have an idea, buy components at midnight

Have an idea, fetch parts at midnight to implement ❤️

Photos (c) 2017 by Jari Arkko