In my last posting I touched on the difficulties that are being encountered with the rush to then Internet of Things (IoT). I highlighted the fact that all the scenarios outlined were possible now and the fact that we often pursue new technology objectives, usually for commercial reasons, without carefully considering the ramifications of foul play.
I ended with the plea hoping sanity would prevail and the same companies that are rushing into the IoT space give adequate time and investment to securing and protecting the very same customers whose lives they are trying make better.
It is becoming clear that this is a false hope. In the stampede to secure market share and, subsequently, investor attention we are seeing a land rush of monumental proportions with little or no care of the outcome.
Large numbers of sales mean higher company valuation so who cares about the consequences?
When you consider that the IoT is just the tip of a data iceberg and that almost every conceivable piece of one’s private and business life could be transmitted in real time across the ether then it starts to get nerve-racking.
But the behemoth is moving so fast neither regulators or legislators can keep up, let alone some basic standards being applied that could make the IoT world a little more stable, even secure.
There is a growing list of groups concerned that security and a lax attitude to privacy pose a risk to the Internet of Things (IoT), but no one seems big enough or string enough to dominate.
That’s partly because the IoT covers such a broad scope and range of existing standards - and yet to be established standards. Depending on what the IoT device is monitoring, controlling or accessing may bring it under any number of existing regulations or none at all. Simply determining what those are may be a costly and futile exercise for law enforcement agencies – even if they were interested.
It’s more likely that law suits will emanate from individuals or enterprises that feel they have been exploited or exposed by the IoT and its lack of standards and regulations. Is this another chicken and egg scenario?
Normally, new technology develops gradually and standards follow but in the case of the IoT the pace is far too great for the standards to catch up, despite a number of bodies wanting to play a role or take possession of the task.
The Internet Society (ISOC) is one, and it recently published a whitepaper highlighting the issues being faced. Quoting from the executive summary, “Appropriate standards, reference models, and best practices also will help curb the proliferation of devices that may act in disrupted ways to the Internet.” Really? But what exactly is the answer?
ISOC calls on the industry to be fair in how it collects and handles data, transparent in what it intends to do with that data, and to make privacy a design consideration.
The Register UK was quite condescending when it wrote, “In the face of their old complaint that standards efforts move too slowly, IoT device vendors appear to have collectively decided to ignore as many standards as they can – many haven’t even noticed that a preference for IPv4 over IPv6 is the height of stupidity.
The vendor clubs hoping to impose proprietary interfaces and communications on the IoT are also a threat not just to users but to the IoT as a whole, making it more expensive to develop standards, check interoperability, or ensure security.”
The IEE Standards Association, the ITU, Google with Thread and other collaborative groups such as Intel, Qualcomm, GE and many others are all in the race to establish standards for the Internet of Things – but who will succeed remains a mystery.
They all believe that if they can form an alliance big enough, with more compliant devices in the field than anyone else then they might define the pseudo-standard with all the benefits that entails.
On the other hand, if no standards emanate from these often disjointed groups then consumer confidence may be damaged as security and data privacy fears continue to grow. Where will that leave the IoT world?