IoT-summit: Privacy by design the way forward

BRUSSELS Forum Europe organises the Fifth Annual Internet of Things Summit in Brussels this week. Netopia takes a special interest in this event as its topic is close to the recent report “Can We Make the Digital World Ethical?

Henri Barthel of GS1 Global addressed a panel on governance and suggested that laws and regulation need to take IoT and other developments like social networks and cloud computing into account as the evolve.

Netopia: What about the opposite perspective, that technology and standards take laws and regulation into account when it is developed?

– Good point, RFID has maybe not been expanding as fast as some predictions suggested. This due to a lack of certainty. Laws were discussed, but not in a positive sense. Big players wait for the legal framework to be more stable. Predictability are key ingredients for business. Also, standardization is not done by industry in a glass hut away from the rest of the world, it is a process involving industry and other stakeholders.

Geoff Mulligan of the US Department of Commerce’s NIST (National Institute of Standards and Technology) in his intervention made the point that there is no need for new protocols, the technology and tools to do it are available now and not in ten years. He also stressed the importance of supporting the IP-standard which has merits of resilience – Mulligan pointed to an example where a hardware company had operated IP-traffic through a barbed-wire fence – and can support multiple file formats. The focus should not be on developing new protocols, insisted Mulligan.

Mulligan also stressed that governments should stay clear of protocol optimization, but rather focus on issues of privacy and security. Government should stay “out in front, but not too far out in front”

Netopia: If governments play a role but should stay away from the standards, then where can it join the process?

– What is the role of government? Usually, government is too slow to pick protocols, corporations do much better job of that. Government should say we have some needs for security and privacy. For example, social security numbers. They are supposed to be a secret, but you could probably find mine on Google. Governments move too slow. If they instead said “we need something new that does this better”, a new company could create that overnight. That’s where we could find this balance. I could give a lot more examples, but would probably get in trouble.

Other buzz-words were “privacy by design” – the idea that privacy should be included in the software development from the get-go rather than added as an after-thought – and “privacies” – rather than thinking of privacy as a binary function, the needs for privacy vary depending on context and content. Marilyn Arndt, chair of M2M at telecom standards institute ETSI, suggested that users should be regarded as participants, rather than subscribers. The question remains whether this is a priority for the users or the IoT-businesses. While that may have been left unanswered, the IoT Summit should be credited for giving the societal considerations so much focus in what is traditionally a very tech-focused field.

Per Strömbäck, editor Netopia