PUBLIC POLICY ACTIVITY
Page 1 of 26 10/07/2012
EC IoT Consultation (2012)
RFID in Europe - Collective Response Report
Coordinator: Trevor Peirce, RFID in Europe Public Policy Activity Leader Status: Final Draft Version: 0.5 Date: 10th July 2012
PUBLIC POLICY ACTIVITY
Page 2 of 26 10/07/2012
Table of Contents EC IoT Consultation (2012) ..................................................................................................................... 1
RFID in Europe - Collective Response Report .......................................................................................... 1
Introduction ......................................................................................................................................... 3
Report Summary.................................................................................................................................. 3
Privacy: “The right to be left alone” ................................................................................................ 3
Security ............................................................................................................................................ 3
Security of Critical IoT Support Infrastructure ................................................................................ 4
Ethics ............................................................................................................................................... 4
Open Object Identifiers and Interoperability .................................................................................. 4
Governance ..................................................................................................................................... 5
Standards for meeting policy objectives ......................................................................................... 5
Bibliography ............................................................................................................................................. 7
Section 1 – Privacy ................................................................................................................................... 8
Section 2 - Security .................................................................................................................................. 9
Section 3 – Security of Critical IoT Support Infrastructure .................................................................... 11
Section 4 – Ethics (Group 1) .................................................................................................................. 11
Section 4: Ethics – Group 2 .................................................................................................................... 13
Section 5 - Open Object Identifiers and Interoperability ...................................................................... 14
Section 6 – Governance – part 1 ........................................................................................................... 17
Section 6 – Governance – part 2 ........................................................................................................... 18
Section 7 – standards for meeting policy objectives ............................................................................. 19
APPENDIX A) – Internet/Intranet .......................................................................................................... 21
APPENDIX B) – IoT Applications ............................................................................................................ 22
APPENDIX C) Terminology and Definitions: .......................................................................................... 23
PUBLIC POLICY ACTIVITY
Page 3 of 26 10/07/2012
Introduction RFID in Europe1 engages in promoting the European adoption of RFID and related technologies. The
Internet of Things (IoT) is therefore well within the scope of RFID in Europe activities. RFID is a prime
IoT enabling technology as identified by the IoT European Research Cluster (IERC) through an online
survey completed in 2010. Further the membership of RFID in Europe covers a diverse group of
stakeholders many of whom have a direct interest in and actively participate in the development of
IoT.
During the “RFID in Europe – 2012” event held in Leuven, Belgium late May 2012 the attending
members supported the development proposal of a coordinated joint response to the EC’s IoT
Consultation. Members of the EC attending “RFID in Europe – 2012” encouraged this activity within
the IoT Consultation deadline of 14th July 2012.
Report Summary Generally speaking the IoT Consultation is challenging to respond to due to the wording of some of
the questions and the wording of the presented selection of responses. RFID in Europe considers this
to be unfortunate as the topic headings selected for the IoT Consultation are important if not critical
to IoT’s future success. This document addresses each and every question in a way which seeks to
remove ambiguity in the interpretation of RFID in Europe’s collective responses and diminish any
resulting potential confusions. A supporting contribution to this approach is the definition of
terminology, an exercise completed by RFID in Europe at the start of the preparation of this
document in order to foster a common and shared understanding and facilitate efficient
communication. Common terminology was a RACE networkRFID deliverable which is publically
available through the RFID in Europe Web site2, although the original version did not specifically
focus upon privacy, security, ethics nor governance terms. For information on the IoT relevant
terminology and definitions as defined by RFID in Europe please refer to Appendix C.
The process of developing this document has involved a core group of RFID in Europe volunteers. The
final draft was provided to the whole RFID in Europe membership for review and comment.
Privacy: “The right to be left alone”
RFID in Europe believe that IoT’s success is founded upon respecting privacy. Privacy is not easily
defined representing a major hurdle to progress towards privacy compliance.
Security
Security often translates from English into other European languages where it refers to security as
well as safety. For this reason RFID in Europe considers security to comprehensively cover security in
its broadest context. This means not only safety but also all aspects influencing the protection of
data, individuals, organizations, property and infrastructure.
Public communication such as notification has a sometimes overlooked contribution to security and including safety. This my avoid challenges of following your Google glasses IoT based visual head-up
1 RFID in Europe is a not-for-profit organization based in Belgium and originates from the EC Thematic network
entitled RACE networkRFID. RFID in Europe started operating on the 1st
March 2012, RACE networkRFID concluding on the 29
th February 2012 after 3 years of operation.
2 http://www.rfidineurope.eu/sites/default/files/RFID_Definitions_and_Terminology_5_version_1.pdf
PUBLIC POLICY ACTIVITY
Page 4 of 26 10/07/2012
displayed instruction to cross the road while indicating no traffic when for one reason or other there is.
Security of Critical IoT Support Infrastructure
RFID in Europe were not able to identify established references which fully or comprehensively
defines what “critical IoT support infrastructure” comprises of. Internet critical support infrastructure
may represent a critical part, however IoT devices do not necessarily rely on the Internet to execute
processes including communication with other devices or networks. An IoT device may continue to
capture data or communicate with other devices without the availability for some extended periods
of time before some or all device related applications have critically failed due to the absence of
connectivity to a working Internet.
Ethics
The ethical issues overlap with privacy and security. To a large degree it is considered that ethical
issues are addressed by established legislation either at European or Member State levels. Ethics is
perhaps particularly difficult to address globally and reference to the current situation within the
Banking sector illustrates this vividly.
Open Object Identifiers and Interoperability
Identifiers, naming and addressing are core elements of IoT architecture. It is not clear what is meant
by “Open” being interpretable as either meaning accessible or, possibly freely available to all or,
both. These options can alternatively be expressed as available to see or, to use or, both. An
alternative approach in seeking clarification would be to consider “closed” identifiers which may
refer to some established identifier issuing authorities whom do not offer free access.
Objects are assumed to mean IoT devices and not therefore equivalent to “things” which are
interpreted to refer to anything which the IoT device or devices are attached to, either for an instant
or for any period over the thing’s life and, beyond with respect to virtual objects.
There are several forms of identifiers. At IoT device level (edge) there exists both embedded and user
defined identifiers. The network level communications to and from IoT devices communicators (near-
edge) are often associated with other message identifiers. The distinction between identifiers is
important to recognize, the former being much more challenging to secure without increasing and
often excessive demands upon limited resources either at device level or upon the air interface.
Device level identifiers are used for a multitude of purposes. Embedded identifiers are machine
optimized and are often essential to applications where performance is important or critical. User
defined identifiers are potentially more efficient but in practice the differences in open IoT systems
are commonly marginal, there being significant efficiencies in both when comparing active IoT
devices in active service against the total pool of IoT devices (stocked, deployed and retired).
Identifiers are also used for authentication. There are a number of challenges to relying solely upon
the identifier or identifiers. One, over time less-and-less identifiers will be unique as allocations are
following typical human nature to divided, sub-divided and divided yet again. This places huge
demands upon allocations as users provision for forecast demand. Serialization can be associated
with the familiar problem of “how many times do I need to fold a piece of paper to reach the
PUBLIC POLICY ACTIVITY
Page 5 of 26 10/07/2012
moon?3” Identifier serialization and the use of header structures in the least worst-case scenarios
should only be considered for always networked devices where the identifiers can be monitored and
dynamically reallocated if necessary where duplicates are identified.
Addressing is another aspect needing careful consideration. As a clear example the recent ruling by
the European Court of Justice (ECJ) underlined the fact that IP addresses are personal data.
“The court took issue with the fact that ISPs would have had to record IP addresses to determine
who was file sharing, as IP addresses are considered to be ‘protected personal data’ by the court.”4
An IP address serves two principal functions: host or network interface identification and location
addressing. Its role has been characterized as follows: "A name indicates what we seek. An address
indicates where it is. A route indicates how to get there."5
Objects are typically things with attributes: but the thing and the attribute (s) may change roles at least in terms of addressing depending on the scenario. Virtual as well as physical things may be represented as legitimate and correct and also all other combinations too.
Interoperability depends on defined and widely available rules. It does not depend upon using a
single identifier or address structure for the whole world of IoT. Positive identification and
authentication can only be achieved through assessing a number of attributes. EPCglobal’s e-
Pedigree model demonstrates this same approach to reasonably rigorous authentication, although
false virtual attributes can always undermine this approach it creates yet another hurdle making the
process of impersonation or counterfeiting more costly and requiring greater diligence.
Governance
Governance, regulation and controls are good ideas but practically in a domain such as IoT without
borders, how can such disciplines be implemented? IoT is perhaps especially challenging as it mixes a
global internet with movable things which are not necessarily connected and electronically
accessible. This could mean that even if IoT Governance can be enforced at a network level it may
not stop the IoT device from capturing information in the area of rigorous enforcement and then
connecting to the Internet once outside this area, effectively breaking the Governance model. RFID in
Europe would not support the complication of such Governance at any level if it cannot be
universally effective.
Standards for meeting policy objectives
Standards are often a “Trojan horse” concealing critical IPR6. Standards can stifle innovation and slow
technological evolution. Standards nevertheless can positively contribute to adoption by bringing
together IPR holders and in arresting technological development sufficiently to allow market stability.
3 The answer is theoretically 42, however it is not possible to practically fold a piece of paper more than 7
times. 4 The European Court of Justice (ECJ) has finally issued their ruling on the seminal case of SABAM v. Scarlet,
which has been ongoing since 2004. http://pilr.blogs.law.pace.edu/2012/04/21/isps-cant-be-forced-to-block-file-sharing-in-the-eu/ 5 http://en.wikipedia.org/wiki/IP_address
6 Reference the ITU meeting upon respecting IPR declaration rules within standards creation processes which is
scheduled for autumn of 2012.
PUBLIC POLICY ACTIVITY
Page 6 of 26 10/07/2012
Standards therefore can also lower adoption barriers and assist with interoperability. As RFID in
Europe is orientated towards assisting European adoption it leans towards support of standards.
Voluntary and global standards are perhaps the most suitable for an emerging IoT which is a
convergence of many established components as well as some elements of new innovation.
All too often standards and specifications are confused, not always accidentally. A standard is usually
a relatively timeless (and legal) document, a specification is for a particular technology. A standard
has quite strict criteria and is peer reviewed, a specification may not be so rigorous even when it is
produced by an industry consortium especially in terms of interoperability (ever had the U73 error
when using HDMI). In fact, the formal standards process includes the option of a Technical
Specification (TS), and this approach is underused. A TS can be considered as a pre-standard, and
helps rather than hinders the creation of a full standard (if appropriate).
PUBLIC POLICY ACTIVITY
Page 7 of 26 10/07/2012
Bibliography Castells, M. (2010). The Rise of The Network Society. UK: Wiley-Blackwell.
PUBLIC POLICY ACTIVITY
Page 8 of 26 10/07/2012
Section 1 – Privacy
The question may perhaps be understood as why cannot application operators be expected to make
clear what the purposes of their applications are and, which data would they collect, use/process,
store and share/communicate? Why should going beyond the sole purpose of the application
necessarily provide any tangible benefits? How would operating outside European Law advantage
society, particularly when considering the example provided. Service providers already run statistics
on use and do generate forecast energy demands which feed their planning and provisioning so
perhaps better examples exist to illustrate what questions is being asked. Why cannot applications
clearly identify a sole set of purposes irrespective of whether or not they are using virtual data or real
data or both?
An additional valid question related to the example may even ask why IoT? Where is the advantage
provided by IoT over non Internet connected smart meters?
Generally IoT applications necessarily need to generate benefits to justify their investment. The
question is therefore interpreted as asking whether “I” as an individual will gain advantages from IoT.
For many of the members of RFID in Europe the benefits they receive may be through IoT providing
them employment or opportunities to further their careers. This does not prevent RFID in Europe
members from anticipating more general benefits from their daily future interaction with IoT
applications. What is reasonably sure is that today it is probably too early to have any confidence in
the latter and very difficult to differentiate smart city applications of smart devices from those
founded upon IoT.
The anticipated changes to European Data Protection in terms of the two vehicles proposed may
throughout the remaining process change existing principles. Mindful that the past principles may be
revised to align with ICT developments and Data provisions
PUBLIC POLICY ACTIVITY
Page 9 of 26 10/07/2012
It is somewhat surprizing departure from the established RFID PIA Framework to consider a Data
Protection Impact Assessment. The possible challenge with a DPIA is that does not necessarily cover
wider privacy issues and it causes possible confusion between the RFID PIA Framework and a DPIA. If
a DPIA is the preferred direction for the future the RFID PIA Framework should probably rapidly
superseded to avoid a great deal of confusion by operators, end user, the general public and
government organizations.
The evolution of the RFID PIA Framework tools has shown a preference by some European Member
States to include security provisions in the form of a security risk assessment. This has seen the
backing of industry e.g. Daimler, VW, etc.. It is somewhat concerning that a future IoT DPIA should in
some way be limited to personal data.
Section 2 - Security
How do guidelines or standards ensure anything? They can contribute either through being available
on a voluntary basis or mandated, but how does either ensure data confidentiality, integrity or
availability? There are data breaches through human error or security attacks which are reported
almost daily in the Press, yet seldom is it mentioned that this as because technical standards have
not been complied to e.g. LinkedIn, Sony, Nortel, Tomtom, etc...
Standards and guidelines are not a replacement for International Law which makes it explicitly clear
the responsibilities and defines the limits.
RFID in Europe would agree with this question. In fact the guidelines could extend to policy,
implementation and, other aspects as well.
PUBLIC POLICY ACTIVITY
Page 10 of 26 10/07/2012
RFID in Europe would recommend guidelines as a minimum. Depending upon the IoT application
there may be a justified requirement for other additional measures to ensure compliance and enable
enforcement.
It is not clear what is meant by “reliable data”. Is data reliable if it is available when we need it? Is it
reliable when it is accurate? Or do we mean reliable as a measure of quality as mentioned in
“Demings 14 points”? Should there be a question related to the broader topic of IoT data quality?
It is suggested that the question really needs to define different categories of data and specific
requirements regarding privacy or security. And even in some cases, there is a need to provide the
data source identity for authentication before allowing access to functionality which has implications
for human safety. In effect it is suggested that generic IoT policy principles may be too distanced
from the application specific challenges to be of assured and sufficient influence.
It is practically impossible to answer this question because the terms are not clear. How will
guidelines on safety and security requirements compromise economic viability? What evidence is
there that guidelines have ever compromised economic viability? Further will ignoring safety and
security assist economic viability of any IoT application in either the short term or long term? Is the
risk of IoT directly or indirectly bringing harm to employees, the general public, etc. worthwhile
taking from an economic perspective?
PUBLIC POLICY ACTIVITY
Page 11 of 26 10/07/2012
Section 3 – Security of Critical IoT Support Infrastructure
It is known to a number of RFID in Europe members that the EC funded IoT-A research project is
defining a reference architecture for IoT. It is however not well known what criteria nor options have
been considered in defining the reference architecture and “reference design principles”. It is fully
expected that IoT-A will determine accessibility to the ‘live’ or ‘active’ IoT application environments
but it is not expected that the influence of reference IoT architecture will extend to virtual objects
whose information is likely to be found replicated across the Web environment.
RFID in Europe members have requested more information and examples to be able to respond
confidently to this question.
It is unclear why the public sector is solely considered crucial to defining security aspects of IoT
future architecture. RFID in Europe believes that the public sector is potentially an important
stakeholder but it is necessary to make mention of all stakeholders. Multiple critical sectors need to
be taken into account such as for example: Defence: Banking: Aviation: Automotive: etc..
The suggestion that policy makers should be asked to provide guidance on security-by-design and
applicable security technologies is concerning. Policy makers are after all expected to make policies
and to expand their scope of responsibilities lacks any form of justification. RFID in Europe suggests
that practical guidance is best developed by all stakeholders and policies should reflect the need for
such a stakeholder engagement in such transparent processes.
Section 4 – Ethics (Group 1)
PUBLIC POLICY ACTIVITY
Page 12 of 26 10/07/2012
It is imaginable that some future IoT applications will and some will not pose threats to the
protection of an individual’s identity. Also likely is that the authentication of an individual’s identity
will change and increasingly number of multiple identities many of them existing only in the virtual
sense and within the Internet domain. IoT may well pose a threat to one or more identities and it is
possible data from some IoT applications and other sources could be used to create falsify identities.
RFID in Europe would suggest that IoT applications are categorized and all threats including those to
an individual’s identity could be addressed through appropriate measures.
As with the preceding question the influence of IoT applications on our perception of identity and
definition of personal identity will much depend on the nature, purpose and type of IoT application.
RFID in Europe recommends that IoT applications are categorized where the list of anticipated effects
can be attributed to each IoT application category.
Everything in this question hinges upon the “in so far as possible” statement and the nature and
purpose of the IoT application. RFID in Europe would prefer that consent requirements were
considered based upon a number of criteria and suggests that flexibility is built-into IoT applications
allowing provision for a changing environment and user requirements.
The response to this question must state specific examples. IoT applications which draw certain
forms of public domain data from other sources than directly from IoT devices to fulfil the IoT
application objectives may arguably not need explicit consent. It is not clear what challenges not
having explicit consent may create for IoT application autonomy. What are the IoT application
specific challenges of requesting consent, which IoT applications are likely to be impacted and to
what degree? RFID in Europe would recommend that this area is the subject of one or more targeted
studies to make the position clearer.
PUBLIC POLICY ACTIVITY
Page 13 of 26 10/07/2012
Future IoT applications may realistically have an impact upon our choices and autonomy, influencing
to some degree or other a broad range of aspects of what we do and think. Some aspects of these
changes may be positive for society and others not. Some may be blatantly clear and others go
unnoticed. RFID in Europe would recommend that IoT operator responsibilities and duties of care are
made explicitly clear and that these should refer to wellbeing, safety and all aspects of fundamental
human rights.
The responsibility upon IoT application operators (including organizations operating applications
using IoT application generated data) need to take into consideration and account for the different
capacities, constraints, needs and expectations of individuals. Such a process should be documented,
reviewed periodically and some form of summary publically available. There may be some IoT
application exceptions where there are no links to individuals or where it replaces another accepted
long established non-IoT application.
The quantity of data generated by IoT applications may exceed what is reasonable to monitor or
control. There is also device to device communication which may feature in some IoT applications
not to mention data upon virtual “things”. RFID in Europe considers that effective Governance of IoT
will be challenged by a number of factors of which the quantity of data is only one element.
Section 4: Ethics – Group 2
PUBLIC POLICY ACTIVITY
Page 14 of 26 10/07/2012
It is not clear by who or how sufficiency will be judged. Prior to proposing an “IoT ethical charter” it is
recommended that there is some basis for belief in an effective working global Governance model,
without which any such charter is unlikely to be followed.
RFID in Europe would wish to contribute to this process but only after there is some assurance of an
effective working global Governance model coming into existence.
RFID in Europe would wish to contribute to this process when there is some assurance of an effective
working global Governance model coming into existence.
Section 5 - Open Object Identifiers and Interoperability
Business scenarios already dictate a common identifier of one sort or another where these are
needed. One universal identifier for all IoT devices would be hopelessly inefficient and unworkable.
Those who see no interest or need for a universal device identifier are unlikely to respect the need
for such a “monster”. Many IoT devices will be fleetingly and infrequently connected and this creates
huge challenges to any notion of a universal identifier.
PUBLIC POLICY ACTIVITY
Page 15 of 26 10/07/2012
Unfortunately the lack of any dimension, even forecast metrics from anticipated future IoT
applications means this question is difficult to answer. The question alludes to a single service
provider needing access to multiple IoT platforms outside their immediate ownership or authority
where standards and or probably a standard device identifier could assist them. This tries to build a
picture that service providers or operators will have direct access to all devices, which is highly
unlikely and if not a significant concern. When you accept a letter at home or work it arrives in a mail
box or reception. The Post person does not enter your home or work place to give the letter to you.
There will in the most applications be enterprise data exchange interfaces. Routes to edge devices do
not need to be, or should not be universally transparent and accessible.
RFID in Europe would question the justification and need for an IoT identifier policy. It is not clear
that there are only two options as the questions suggests. For example would reference to “business
models” include government and other non-business IoT applications and users? Note should be
taken that monolithic approaches risk bringing greater security and privacy challenges, undermining
confidence, impeding performance and adding cost. Structured diversification allowing for legacy and
new emerging approaches, allowing degrees of market freedom may provide the most credible way
of allowing early adoption while simultaneously promoting growth and the necessary evolution to
ensure sustainability.
PUBLIC POLICY ACTIVITY
Page 16 of 26 10/07/2012
RFID in Europe considers that the question does not adequately reflect a choice related to the ‘real’
world. Phone numbers are addresses and not identifiers, although they can be used as an
identification authentication attribute. The notion that identifiers ‘open’ or ‘closed’ preserve
competition is not substantiated. It is understood that the SIM card is considered by some (such as
the OECD) to be a form of competition barrier. However just as with the SIM card example removal
of such a barrier is considered to have little effect as there is a wide choice of other barriers to
replace it. The fundamental issue or root cause is not in most cases the technology but the
motivation for how the technology is used. RFID in Europe would prefer that the motivational root
cause is the focus of study and further consideration to avoid if at all possible a long chain of
initiatives focused upon technical issues.
What is meant by openly accessible, and freely and readily available? Openly available could be a
potential security flaw, allowing opportunities for open discovery, impersonation (real or virtual),
DNS and loss of control.
Does “openness” refer to the possibility of accessing to an Object (and their services) by other entities that have the required security access level?
The direct relation between: “universal openness” and competition is not clear. Some domains will
require “closed solutions” to facilitate security. Should Openness and Security be facing each other?
This is a loaded question which as a result is impossible to answer without accepting that open
identifiers are need for IoT interoperability. As it is not clear what is being referred to by “open
identifiers” it is a challenge to highlight that indeed there are other essential aspects to IoT
interoperability. RFID in Europe would request greater stakeholder input around IoT interoperability
dropping the inference that open identifiers are a prerequisite.
Uniqueness is more often than not a flawed concept and, especially when associated with identifiers.
If IoT is built upon unique identifiers (or worse one unique identifier) it will struggle and may
eventually fail, there is nothing more certain. Identifier allocation processes in no way guarantee
uniqueness. The most robust serialized identifier open environments providing the greatest degree
of uniqueness requires a diligent policing service which monitors demand, use and resolves conflicts.
Nevertheless IoT applications should not in any way rely upon unique identifiers. Such applications
PUBLIC POLICY ACTIVITY
Page 17 of 26 10/07/2012
will through necessity quickly revert to Intranet or proprietary network solutions in order to establish
control and protections from duplicate identifiers or, cease to function.
Section 6 – Governance – part 1
Responding to this question is frustrated by offering “one” or “multiplicity” within the same
sentence. RFID in Europe would encourage greater research and broad stakeholder engagement in
identifying the merits and challenges to each approach, supporting an eventual decision if it is
necessary.
Again it is necessary to question firstly whether any IoT Governance model can truly be effective. If
there is some realistic chance of an effective IoT Governance then the question may turn toward
what influence can Governance have and over which technical and non-technical aspects of IoT
hardware? RFID in Europe would encourage further consideration of IoT Governance, a process to
which it would be delighted to be invited to participate.
It is unclear as to how environmental disruption and IoT Governance could be linked. Examples to
illustrate the measures a future IoT Governance could effectively make a contribution and to
identifying the potential threats and impacts would be helpful if not essential to being able to answer
this question.
Again it is necessary to question firstly whether any IoT Governance model can truly be effective. If
there is some realistic chance of an effective IoT Governance then the question may turn toward
what influence can Governance have and over which technical and non-technical aspects of IoT
PUBLIC POLICY ACTIVITY
Page 18 of 26 10/07/2012
device deployment? RFID in Europe would encourage further consideration of IoT Governance, a
process to which it would be delighted to be invited to participate.
The statement may be partly true. What is important is perhaps to ask if they are covered adequately
for IoT applications? As stated earlier the Internet and IoT represent overlapping but also significantly
different elements which cannot be governed in entirely the same ways.
Section 6 – Governance – part 2
RFID in Europe agree that multi-stakeholder participation is required to ensure IoT success, this
equally applies to any future IoT Governance.
Firstly it is important to understand what the existing multi-stakeholder platforms are willing to
embark upon and whether they are singularly and collectively sufficiently able to meet the
requirements for IoT Governance. If these organizations are unwilling and/or unable then the
reasons for their positions should be referenced in assessing the risks of any alternative approaches.
Approaches need to match a number of criteria. The criteria may include the anticipated
effectiveness of the future IoT Governance, the type of threats, the degree of risk, the IoT application
types/catagories, the nature of the evolution of IoT development and deployment, etc.. RFID in
PUBLIC POLICY ACTIVITY
Page 19 of 26 10/07/2012
Europe encourages some form of study and further dialogue in determining the initial approach.
Such actions should be repeated at suitable intervals into the future to make sure the approach
remains aligned with the requirements.
Approaches need to match a number of criteria. The criteria may include the anticipated
effectiveness of the future IoT Governance, the type of threats, the degree of risk, the IoT application
types/catagories, the nature of the evolution of IoT development and deployment, etc.. RFID in
Europe encourages some form of study and further dialogue in determining the initial approach.
Such actions should be repeated at suitable intervals into the future to make sure the approach
remains aligned with the requirements.
Approaches need to match a number of criteria. The criteria may include the anticipated
effectiveness of the future IoT Governance, the type of threats, the degree of risk, the IoT application
types/catagories, the nature of the evolution of IoT development and deployment, etc.. RFID in
Europe encourages some form of study and further dialogue in determining the initial approach.
Such actions should be repeated at suitable intervals into the future to make sure the approach
remains aligned with the requirements.
Section 7 – standards for meeting policy objectives
Global standards need only be developed where there is an identified need. There is already a wealth
of globally available standards and guidelines some of which have been implemented that could
serve the implementation of future IoT policy direction. New standards should be initiated with
caution as they may introduce additional complexity and possible create premature obsolescence of
some existing of IoT or IoT-‘like’ applications.
PUBLIC POLICY ACTIVITY
Page 20 of 26 10/07/2012
IoT Governance may get involved in determining “a reference architecture for IoT standards” but
prior to that it would be recommended to address and clarify why a reference architecture for IoT
standards would be necessary? A reference architecture for IoT standards would seem to infer that
there would be a role to ensure standard organization harmonization of initiatives which would be
attribute to the IoT Governance organization(s). The question begs why does IoT need such an
architecture for standards when there are already established mechanisms to ensure such
harmonization e.g. “standstill” between ESOs.
RFID in Europe supports the notion that existing standardisation frameworks must be considered
when addressing needs for future IoT standards.
PUBLIC POLICY ACTIVITY
Page 21 of 26 10/07/2012
APPENDIX A) – Internet/Intranet While Intranet will provide some potential advantages wider societal benefits and applications will
be possible by using the Internet platform.
1. How will policy objectives raised by the IoT Consultation with regards to privacy, security,
governance, etc. be reinforced by the Internet domain?
2. How will IoT deleted records in the IoT domain be also removed from the wider Internet,
given the challenges today for deletion of records on the Internet? If the Internet records
cannot be deleted with some success what will be the results on public trust and confidence
in IoT? What will be the value of efforts to provide such functions in the IoT environment?
3. If IoT devices and domain have optional or mandated security measures, some of which will
be essential for critical or sensitive IoT applications how will this be matched by Internet
security measures? How will all the security elements of an IoT application be visible, be
monitored and appropriate security measures invoked across the Internet
A challenge insufficiently represented within the IoT Consultation is the problem of IoT resilience, and the rapidly increasing reliance of societies around the world on the Internet not just for entertainment but for basic life support. It is hoped that governments are paying attention to the protection on nodes and links (especially the undersea ones which seem particularly vulnerable) but are they ensuring that the way companies set up their internet applications are not introducing systematic risk? This is not as so much of a concern for the Internet itself, but from the response of the field items in an M2M system. A lot of the issues of buffering, sub-optimising were worked out in the 1950's when systems theory started to develop , but RFID in Europe member experience suggests that this knowledge has been discarded. The problems which RBS/NatWest have had during June/July 2012 is a warning, as is the effect of the tanker drivers going on strike in the UK. They showed how fragile our society is because people have been stripping out buffers as being wasteful, but in fact they are needed if you want 99.9% reliability. So when it comes to governance it is reasonable to suggest that there is a need for National security agencies to be constantly stress testing critical IoT applications to make sure that systematic risk does not build up over time. The lessons learnt should be incorporated into academic or practical training for IT, or some similar or equivalent means of dissemination.
PUBLIC POLICY ACTIVITY
Page 22 of 26 10/07/2012
APPENDIX B) – IoT Applications Smart Cities, environmental monitoring, disaster warning, perimeter security, utilities resource
(energy, water, etc.) management, intelligent transport, patient prescription instruction adherence,
clinical trials, assisted living, tracking of Alzheimer’s patient and probation criminal location tracking,
smart energy/grid, etc.. The breadth of potential IoT applications is vast.
1. Should all applications be treated the same?
2. What about IoT related technologies which do not use the Internet, should they also have
the same governance structures, guidelines and ethical standards applied? How will the
public be able to differentiate an IoT application from one that uses IoT resembling devices
but does not use the Internet? Where is the divide? And how will the public be able to
recognize it?
3. The RFID Recommendation placed emphasis upon public notification. Should the IoT
Consultation not be asking what role has public information campaigns, including
notification? If a European citizen is asked “Opt-in to IoT?” How would they know what IoT is
and which IoT and what potential impact upon them has opting-in or out?
4. The World is suffering an economic crisis which economists often explain as being due to a
number of factors including: Lack of global regulation of financial markets: Machine-2-
machine networked financial transactions based on predefined decision rules: A lack of
transparency ( (Castells, 2010) . Is IoT at risk of potentially creating the same chaos with
everything that is not financial instruments?
To produce a stable IoT we need less complexity but more diversity. Basically systems with diverse characteristics tend to be more stable than those with less diverse systems because you don't get the
'swings and roundabouts’ affect. Also there needs to be a clear understanding of the role of sub-optimisation in creating stability, which
is also a proxy for achieving maximum throughputs. If you try to run a system flat-out you often find
it becomes unstable, and you may get better throughput if you operate at 85% of theoretical capacity because the system stabilises. Sub-optimization means diligently setting the design targets to achieve
higher performance than is needed to ensure that the combination or elements can deliver upon the IoT application requirements.
PUBLIC POLICY ACTIVITY
Page 23 of 26 10/07/2012
APPENDIX C) Terminology and Definitions: It is important to the generation of a collective position that the contributors to the development
have a shared understanding of what are the meanings of the most common and central terms to the
IoT Consultation. Absolute alignment to one view is not the objective as the emotive topics
addressed by the IoT Consultation are likely to highlight differing expectations.
What? Comment Additional Info.
Privacy Protection from intrusions into how we think.
(Personal) Data which is not misused.
Defence of our own territory, but this is difficult to address.
Privacy is the area of an individual's personal life that takes place in
a reserved space and should be kept confidential.
Maintain the anonymity of an individual during the collecting, storing and processing of personal data. Knowing who owns our personal data. Privacy in the digital world should be considered in the same way as privacy in the real world. In this sense we must consider “Contextual Privacy”: The permission to access personal data depends on the origin of the request, i.e. an object from the Government can request personal data that should be considered as private information but should be given, but probably that information should not be given to an object from a commercial site. How can privacy be warranted when relating anonymous data from different sources the identity or other personal details of an individual could be inferred?
First of all it is necessary to differentiate what privacy is and what to
guarantee the privacy means.
The privacy
Many definition of privacy exist. According to the most classic
definition of the Warren and Brandeis7, privacy is: the right to enjoy
life, - the right to be let alone; the right to the exercise of liberty Secures
Extensive civil privileges, and the term "property" has grown to comprise
every form of possession - intangible, as well as tangible. According to the
famous American linguist Noam Chomsky the concept of privacy “is
not a static concept but a dynamic concept that refers to changing the
barrier between what is public and what is private, and then tells us that
privacy is an interaction information between the rights of different parts
which then collide”. Moving the context in the IoT scenario is it
possible to mention the Cardoso “pragmatic definition” of privacy8:
7 Warren and Brandeis, “The Right to Privacy”, Harvard Law Review, Vol. IV December 15, 1890
http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html
8 Cardoso, R. S. (2007). Architecting Pervasive Computing Systems for Privacy : A Survey, 0-3.
PUBLIC POLICY ACTIVITY
Page 24 of 26 10/07/2012
What? Comment Additional Info.
privacy is control over information disclosure, and then: a privacy-aware
system allows for conscious disclosure decisions. A privacy invasion occurs
when information regarding an entity is disclosed without its explicit
consent.
Among all these definitions a more general one seems should be:
“The right to choose which/how/when all the information belonging to
people, group or entity should be shared with other people, group or entity”.
This definition covers all the social aspect of the privacy concept: we
could start, for example, from the right to close the window of your
home to the right of an exclusive access to our Facebook account.
The definition doesn’t care about the reason of the need to
distribute or not those information, because this reason is private
too, paradoxically, this motivation may not exist.
In the field of informatics (ICT/IoT) the concept of privacy is
commonly associated with the protection of data: data may contain
personal information and, for some reason, people/group/entity
might want to hide them.
To ensure the privacy
Ensure privacy means to avoid the unauthorized access to personal
information and to take countermeasures in case of violation. So
guarantee the privacy means provides instruments and regulations.
In the field of informatics (ICT/IoT) to guarantee the privacy means provide adequate protection in relation to instrument used and potential risks. E.g., users should have the possibility to choose how/when/which their personal information should be exposed through adequate and easy to be used instruments.
Ability to decide to reveal personal details; individual choice.
Many descriptions.
Sociological effects. Privacy vs. convenience. Where there are benefits which outweigh risks of/or harm then privacy does not exist.
Privacy is the last consideration of consumers.
Privacy is the right to be left alone, either individually or as a group.
Privacy and data protection overlap but are very different.
The privacy choice of anyone acting alone or collectively should not undermine the rights to privacy of others.
Must align with Data Protection revisions under development now. All IoT users must comply, without exception in normal circumstances e.g. not at war, no public threat, etc..
What is the role of IoT Governance?
PUBLIC POLICY ACTIVITY
Page 25 of 26 10/07/2012
What? Comment Additional Info.
IoT Governance
Association to ensure things do not go astray nor get out of control.
Avoid multiple owners who may compromise access and interoperability.
Defines someone who is responsible.
IoT Governance could be similar to Internet Governance. In this sense IoT Governance would include the development and application of shared principles, norms, rules, decision-making procedures, and programs that shape the evolution and use of the Internet of Things.
Ideally an IoT Governance should drive and promote the development and adoption of IoT standards. IoT Governance may be a commercial or public body and will probably work as the Internet authority actually do. An IoT Governance, working toward establishment and maintenance of an overall worldwide compliance, should orchestrate the standardization process. The standardization is the key for the future IoT full exploitation.
No comment!
An IoT Governance body is needed but which one?
Internet Governance bodies exist. What will an IoT Governance organization do more, or better? How would such a body collaborate with established Internet Governance organizations?
Internet Governance organizations were established long after the Internet. Is this the right time for IoT Governance? Should early adoption not come first to ensure market input from users?
Where should such a Governance body be based? Beijing or Seoul would be my best guess given their established commitment to IoT applications and technologies.
Security Measures to reduce the risk from intentional acts to do something “bad” through or with IoT. An examples being to harm someone or a group. Anything which is intentional and unlawful.
May include grey areas e.g. an intruder entering a property where the door has been left open either deliberately or accidentally.
Each object must be secure from design in terms of not responding to intruders and of having a predictable behaviour independently of normal or failure mode. The combination of several objects to perform a certain tasks or set of tasks must also be secure and predictable. In case of a failure in security who is responsible for it? Safety should also be considered.
Each object must be secure from design in terms of not responding to intruders and of having a predictable behaviour independently of normal or failure mode.
The security aims to guarantee procedures and instruments to protect illegal or offensive usage of private information. In the modern ICT environment it is impossible to totally guarantee this protection, for this reason is it necessary to understand that many
PUBLIC POLICY ACTIVITY
Page 26 of 26 10/07/2012
What? Comment Additional Info.
security level exist, depending on complexity of both protected data and security instrument used. Furthermore, speaking about the IoT, people needs to acquire the idea of “enough secure to be used”, like today almost all people do with email, credit cards, mobile phone (accepting these services as sufficiently non-hazardous). Once made these premises, is it possible to say that a security feature effectively provides a certain protection level, but also provides an emotional feeling of confidence in the use or not of a technology.
Related to Governance. Identifying trusted parties.
Providing data sharing protection.
Secure data, processes, communication. Ability to increase the barriers to reduce the potential for unauthorized access. Providing data sharing protection.
Security sometimes translates to a word in some European languages which includes safety aspects.
We should consider that privacy & security by design extends to application effects of failure modes e.g. a sensor malfunction, simulation of virus attack upon the IoT control system, etc.
Must allow for the protection of data by users, application hosts, communications providers and national authorities and Government bodies (law/defence).
Must allow for changing risk environment and for different application requirements.