FTC report provides good checklist to design in IoT security and privacy

FTC report on IoT

FTC report on IoT

SEC Chair Edith Ramirez has been pretty clear that the FTC plans to look closely at the IoT and takes IoT security and privacy seriously: most famously by fining IoT marketer TrendNet for non-existent security with its nanny cam.

Companies that want to avoid such actions — and avoid undermining fragile public trust in their products and the IoT as a whole — would do well to clip and refer to this checklist that I’ve prepared based on the recent FTC Report, Privacy and Security in a Connected World, compiled based on a workshop they held in 2013, and highlighting best practices that were shared at the workshop.

  1. Most important, “companies should build security into their devices at the outset, rather than as an afterthought.” I’ve referred before to the bright young things at the Wearables + Things conference who used their startup status as an excuse for deferring security and privacy until a later date. WRONG: both must be a priority from Day One.

  2. Conduct a privacy or security risk assessment during design phase.

  3. Minimize the data you collect and retain.  This is a tough one, because there’s always that chance that some retained data may be mashed up with some other data in future, yielding a dazzling insight that could help company and customer alike, BUT the more data just floating out there in “data lake” the more chance it will be misused.

  4. Test your security measures before launching your products. … then test them again…

  5. “..train all employees about good security, and ensure that security issues are addressed at the appropriate level of responsibility within the organization.” This one is sooo important and so often overlooked: how many times have we found that someone far down the corporate ladder has been at fault in a data breach because s/he wasn’t adequately trained and/or empowered?  Privacy and security are everyone’s job.

  6. “.. retain service providers that are capable of maintaining reasonable security and provide reasonable oversight for these service providers.”

  7. ‘… when companies identify significant risks within their systems, they should implement a defense-in -depth approach, in which they consider implementing security measures at several levels.”

  8. “… consider implementing reasonable access control measures to limit the ability of an unauthorized person to access a consumer’s device, data, or even the consumer’s network.” Don’t forget: with the Target data breach, the bad guys got access to the corporate data through a local HVAC dealer. Everything’s linked — for better or worse!

  9. “.. companies should continue to monitor products throughout the life cycle and, to the extent feasible, patch known vulnerabilities.”  Privacy and security are moving targets, and require constant vigilance.

  10. Avoid enabling unauthorized access and misuse of personal information.

  11. Don’t facilitate attacks on other systems. The very strength of the IoT in creating linkages and synergies between various data sources can also allow backdoor attacks if one source has poor security.

  12. Don’t create risks to personal safety. If you doubt that’s an issue, look at Ed Markey’s recent report on connected car safety.

  13. Avoid creating a situation where companies might use this data to make credit, insurance, and employment decisions.  That’s the downside of cool tools like Progressive’s “Snapshot,” which can save us safe drivers on premiums: the same data on your actual driving behavior might some day be used become compulsory, and might be used to deny you coverage or increase your premium).

  14. Realize that FTC Fair Information Practice Principles will be extended to IoT. These “FIPPs, ” including “notice, choice, access, accuracy, data minimization, security, and accountability,” have been around for a long time, so it’s understandable the FTC will apply them to the IoT.  Most important ones?  Security, data minimization, notice, and choice.

Not all of these issues will apply to all companies, but it’s better to keep all of them in mind, because your situation may change. I hope you’ll share these guidelines with your entire workforce: they’re all part of the solution — or the problem.

I Have Seen the Future of Agriculture & It is the IoT (Grove Labs)

Agriculture is a passion of mine, partially because of environmental concerns, and also because I love veggie gardening. There has been an encouraging trend in the US recently, with the advent of Community Supported Agriculture (CSA) and the localvore movement. However, that’s counterbalanced by the terrible continuing California drought, and the sobering realization that, worldwide, there are more than 805 million who are undernourished. Clearly, we need to produce more food — and do it much more efficiently and in line with natural principles.

Grove Labs Aquaponics system

That’s why I’m so excited about the new Grove Labs system being developed in, of all places, Somerville MA (which has become a start-up haven for ag-related companies through the Greentown Labs incubator. They include Freight Farms [ I will blog about them later..], which is pursuing a similar closed-loop approach on a larger scale, and Apitronics, which presented at one of our Boston IoT Meetups last year.).

It was developed by two young MIT grads, Jamie Byron (who became “obsessed” with the problems of current worldwide agriculture while on an internship) and Gabe Blanchet, who created the primitive precursor of the aquaponics system in their frat house. Now, in its beta testing form (sign up ASAP if you live in the Hub to buy a prototype!), the “Grove” is an integrated ecosystem attractive enough to be placed in your kitchen.

According to The Verge  (which pointed out that dope growers’ experience with hydroponics may have helped Byron and Blanchet, LOL!):

“The Grove system looks like a 6-foot-tall wood cabinet with four LED-lit boxes for plants. Three are smaller, for leafy greens and herbs, and one is larger, for things like tomatoes or peas. On the bottom left is an aquarium whose fish provide fertilizer for the plants. The fish are what make the system ‘aquaponic,’ a particularly organic variant on traditional hydroponics.

….” ‘Essentially we took the philosophy and biology of an actual ecosystem and shrunk it down and put it in a bookshelf tower,’ Blanchet says. The fish produce ammonia in their waste, which gets pumped to the plants, where bacteria convert the ammonia to nitrate. The plants consume the nitrate, filtering the water, which gets returned to the fish. ‘If you keep the system running optimally you can grow plants faster than you can outside,’ says Blanchet.”

A critical component that qualifies the system as an IoT one is the “Grove” app, which will tell owners important information about lighting schedules, when to add nutrients, etc. The all-important sensors will provide critical real-time data about growing conditions and what’s needed.

The Grove isn’t a panacea for world hunger: for one thing, it’s pricey ($2600), although economies of scale when the company is in full swing may bring that down. It also requires involvement by the owner: you can’t just sit there and admire how things grow. You’ll need to actively monitor the app and do routine maintenance. The LED lighting system, as efficient as it may be, won’t work in remote, poor areas where there’s no electricity (but that might come from an nearby PV panel!

Nonetheless, I can see the grove playing a growing (groan, sorry for the pun..) role in meeting the world’s food needs, and, best of all, doing so in a way that capitalizes on one of my key beliefs about the IoT, that it will bring about an era of unprecented precision in use of raw materials, manufacturing, whatever, because of real-time monitoring, and, increasingly, M2M systems where a sensor reading on one device will trigger operation of another. Large-scale farming is also getting more precise due to systems such as John Deere’s FarmSight, so count agriculture as yet another industry that will be revolutionized through the IoT.


The Grove Labs approach really resonated with me because I’ve been using two 8′ x 4′ 30″ high modules for my own veggies for the last twenty years, planted according to engineer/gardener Mel Bartholomew’s great “Square Foot Gardening” system, with varying levels of success. I had grand visions of manufacturing modules from recycled plastics and adding greenhouse-fabric domes to extend the season, and an app to remind owners of when to plant and fertilize but never followed through, so I really admire those who did, and the way they’re incorporating IoT technology.

New Alchemy’s Institute’s “Ark” (in rear)

When I contacted the co-founders, they were unaware that they stand on the shoulders of giants who have developed a natural systems-based approach to agriculture right here in the Bay State, especially John Todd, who (I believe) pioneered the approach with his wonderful New Alchemy Institute on the Cape, where he methodically added new elements — plexiglas water storage, tilapia, etc. — to the passive-solar “Ark” until he had a balanced, self-sustaining system.  John, who has since gone on to develop great natural-systems based wastewater treatment facilities, had a young apprentice, Greg Watson, who went on to become the Commonwealth’s incredibly innovative ag commissioner.

Oh well, it appears these guys have more than reinvented the wheel! Good luck to them.

“Enchanted Objects” — adding delight to the IoT formula

Posted on 21st January 2015 in design, Essential Truths, Internet of Things, marketing, smart home

For good reason, most discussions of opportunities with the Internet of Things focus on the potential to improve businesses’ operating efficiency or creating new revenue streams.

But what if the IoT could also bring out the hidden 6-yr. old in each of us? What if it could allow us to invent — enchanted objects?

That’s the premise of IoT polymath David Rose’s Enchanted Objects: Design, Human Desire, and the Internet of Things.

Enchanted Objects: Design, Human Desire, and the Internet of Things

Rose is both a stalwart of the MIT Media Lab and a pioneering, serial IoT entrepreneur. Oh, and he’s got an impish grin that shows you he is still as delighted at tinkering with things as he was as a little boy in his grandfather’s workshop:

“Grandfather’s tools were constructed and used with a respect for human capabilities and preferences. They fit human bodies and minds. They were a pleasure to work with and to display. They made us feel powerful, more skilled and capable than we were without them. They hung or nestled quietly, each in its place, and never made us feel stupid or overwhelmed. They were, in a word, enchanting.”

Rose fears that’s not the path we’re heading down with most current techno-products, dismissing them as “cold, black slabs … [resulting in a ] colder, more isolated, less humane world. Perhaps it is more efficient, but we are less happy.”  Yea!

By contrast, enchanted objects resonate with our deepest desires:

“The experiences that do enchant us reach into our hearts and souls. They come from the exotic place of  ‘once upon a time.’ They help us realize fundamental human desires. The fantastic technologies we have invented over the centuries , the ones of ancient tales and science fiction, enable us to do things that human beings earnestly want to do but cannot do without a little (or a lot) of help from technology. They make it possible to fly, communicate without words, be invisible, live forever, withstand powerful forces, protect ourselves from any harm, see farther and travel faster than the greatest athletes. They are tools that make us incredible, supercapable versions of ourselves. These are the visions and stories of our most beloved authors of fiction and fantasy — Tolkien and C. S. Lewis and J. K. Rowling and the Grimms — and the realities of fantastic characters such as Cinderella, Dick Tracy, James Bond, Superman, and Wonder Woman. The designers creating enchanted objects must, therefore, think of themselves as something more than manipulators of materials and masters of form. They must think beyond pixels, connectivity, miniaturization , and the cloud. Our training may be as engineers and scientists, but we must also see ourselves as wizards and artists, enchanters and storytellers, psychologists and behaviorists.”(my emphasis).

Rose discusses a number of the products he’s designed, such as the Ambient Orb, which can be hacked to unobtrusively (the physiological phenomenon that makes them work is called “pre-attentive processing” in case you’re looking for a term to throw around at a cocktail party…) display all sorts of information, from stock market trends to energy consumption and the Ambient Umbrella, whose handle glows if rain is predicted (that one hasn’t been a big success, which I predicted — it’s as easy to lose an expensive, “smart” umbrella as a $10 one. I prefer the IFTTT recipe that has your HUE lights blink blue if rain is predicted, reminding you to take your utterly conventional, cheap umbrella…), as well as one of my favorites, the Vitality Glow Cap, which can reduce the billions in wasted medical spending attributable to people not taking their prescriptions.

Skype Cabinet

And then there’s one that every child or grandparent will love, the Skype Cabinet, a square that sits in your living room, and, when the door is opened, shazaam, there is your grandchild or grandparent, instantly connected with you via Skype. Enchantment indeed!

However, the real meat of the book is his methodology for those of us to whom enchantment doesn’t come as naturally. First, Rose lists seven basic human drives that designers should try to satisfy: omniscience, telepathy (human-to-human communication), safekeeping, immortality, teleportation (that’s high on my personal list after my recent up-close-and-personal encounters with rogue deer.), and expression.

Then Rose explains how technology, especially sensors, will allow meeting these desires through products that sense their surroundings and can interact with us.  In terms of my IoT “Essential Truths,” I’d classify enchanted objects as exemplifying “What Can You Do Now That You Couldn’t Do Before,” because we really couldn’t interact with products in the past.  Other examples in this category that I’ve cited before range from the WeMo switches that helped me make peace with my wife and the life-saving Tell-Spec that lets you find food allergies.

Other thought-provoking sections of the book include “Seven Abilities of Enchantment,  “Five Steps on the Ladder of Enchantment,” and “Six Future Fantasies,” the latter of which is must reading for product designers and would-be entrepreneurs who want to come up with fundamentally new products that will exploit the IoT’s full potential for transformation.

The other day I finally met with Mahira Kalim, the SAP IoT marketing director who whipped my thinking into shape for the “Managing the Internet of Things Revolution” i-guide.  She asked me for examples of the kind of radical transformation through the IoT that are already in existence.  I suspect that some of Rose’s inventions fall into that category, but, more important, Enchanted Objects provides the roadmap and checklist for those who want to create the next ones!  Get it, devour it, and profit from it!

Cree Connected Bulb 1st Truly Affordable IoT Device

Cree Connected LED bulb

Not absolutely certain on this, but I’m pretty sure the new Cree Connected Bulb is an important landmark in the evolution of the consumer Internet of Things — the first really affordable home IoT device.

The bulb, soon to be available at Home Depot and online sources, will be priced at $15, according to a very favorable C|Net review.

When you consider that the average LED bulb will last more than 20 years and uses about 20% of the electricity that an equivalent incandescent does, that’s really a breakthrough — and could make a dent in electrical use (see my post about how the WeMo socket allows me to meet my wife’s desire for lights on when she gets home while I can save electricity) as part of smart grid strategies that’s even more important with the growing concern about global warming.

You’d need a $50 Wink hub, but just do the math:  a HUE kit, with a hub and three 60-watt equivalent bulbs, costs $199, as compared to $95 for the Cree/Wink equivalent. Of course, there is a major difference: the Cree bulb will only be available in white, while the HUE bulb can create 16,000 million (no, that wasn’t a typo!) light combinations from its built-in RBG elements.  That is very cool, but when you think about the gazillion bulbs throughout a typical house, adding additional HUE bulbs at $60 for the RBG ones or $29 for the white “Lux” ones, compared to $15 for the Cree ones, is a big difference that puts it out of reach for most of us. (BTW: Hue does have competition now, with a 10 pack of LIFX bulbs (no hub required) priced at $910).

This is exciting in its own right, but also gets one wondering whether economies of scale and/or new market entrants may mean more affordable alternatives to the $250 Nest thermostat and August deadbolt. If and when that happens, the IoT will really be mainstream, with huge implications for both the economy and home operations!

The IoT Gets Real: My Own Experience

Sometimes, when we focus on the truly dramatic things that will be possible when the Internet of Things is fully implemented, such as fully automated smart homes or the end of traffic jams, it may divert attention from how the IoT is already making a tangible difference in our daily lives even with only early-stage devices and apps, and why everyone should be seriously considering IoT devices now.

Here’s my personal story.

Belkin WeMo Switch

I finally put my money where my mouth is this Christmas, and invested in two WeMo Switches from Belkin. What I like about them is that, unlike spending $250  for a new Nest Thermostat or a new August Dead Bolt, the WeMo switch allows me to increase the IQ of my decidedly old-fashioned current coffee maker and table lamps (OK, I still lust after the 16 million light combinations possible with HUE lights, but those will have to wait until I’m not paying college tuition for my youngest). Yeah, the $199 smart coffee maker would be cool, but not cool enough to justify tossing a perfectly good one.

Most important, the WeMos deliver on one of my IoT Essential Truths, namely, What Can You Do Now That You Couldn’t Do Before?

You see, we used to have a major bone of contention in the Stephenson household. My wife, understandably, didn’t like to come home to a dark house. Cheap Yankee and zealous environmentalist that I am, I didn’t want to leave the lights on all day just so they’d be on when she got home, and my ADD made it really iffy that I’d turn them on when leaving in the afternoon.

Major conflict.

But that was sooo 2014!  Now, I have a spiffy IFTTT “recipe” enabled:

IFTTT_Wemo_recipe

IFTTT/Wemo recipe

IFTTT_Wemo_recipe

Everyone wins (including the environment)! Instant domestic bliss: the lights go on precisely at sunset (I mean precisely:  it uses NWS data — how cool is that?), I get to save energy, my wife gets a warm and welcoming house when she returns.

Admittedly, it’s not world-changing, but it really does solve a tangible issue that we couldn’t solve to both our satisfactions in the past. IMHO, it’s precisely this kind of real-world, incremental improvement due to the Internet of Things that is going to speed IoT adoption this year

If your company is rolling out far-reaching IoT product either for the industrial or consumer market, think of what individual or limited offerings you could release now that would allow buyers to make a limited investment, realize substantive returns, and then build on those initial findings.

Thanks Kevin Ashton!


 

Sweet! Just saw news that Belkin plans to add WeMo compatibility for Apple’s HomeKit app in near future.

My personal vision for the Apple Watch is that, by linking to both the Health App and the HomeKit, it may bring about cross-fertilization of health and smart-home apps and devices similar to how the Jawbone UP alarm can now trigger the Nest thermostat.

This would be an important step toward my “Smart Aging” vision that would improve seniors’ health and allow them to “age in place” instead of being institutionalized.

Resolved: That 2015 Is When Privacy & Security Become #IoT Priority!

I’m a right-brained, intuitive type (ENFP, if you’re keeping Myers-Briggs score…), and sometimes that pays off on issues involving technology & the general public, especially when the decidedly non-technical, primal issue of FEAR comes into the equation.

I used to do a lot of crisis management work with Fortune 100 companies, and usually worked with engineers, 95% of whom are my direct opposite: ISTJ.  Because they are so left-brained, rational and analytical, it used to drive them crazy that the public would be so fearful of various situations, because peoples’ reaction was just so darned irrational!

I’m convinced that same split is a looming, and extremely dangerous problem for the Internet of Things: the brilliant engineers who bring us all these great platforms, devices and apps just can’t believe that people could be fraidy cats.

Let me be blunt about it, IOT colleagues: get used dealing with peoples’ fears. Wise up, because that fear might just screw the IoT before it really gains traction. Just because a reaction is irrational doesn’t mean it isn’t very, very real to those who feel it, and they might just shun your technology and/or demand draconian regulations to enforce privacy and security standards. 

That’s why I was so upset at a remark by some bright young things at the recent Wearables + Things conference. When asked about privacy and security precautions (a VERY big thing with people, since it’s their very personal bodily data that’s at risk) for their gee-whiz device, they blithely said that they were just a start-up, and they’d get to security issues after they had the device technology squared away.

WRONG, KIDS: security and privacy protections have to be a key priority from the get-go.

That’s why I was pleased to see that CES asked FTC Chair Edith Ramirez to give opening remarks at a panel on security last week, and she specifically focused on “privacy by design,” where privacy protections are baked into the product from the get-go. She emphasized that start-ups can’t get off the hook:

“‘Any device that is connected to the Internet is at risk of being hijacked,’ said Ms. Ramirez, who added that the large number of Internet-connected devices would ‘increase the number of access points’ for hackers.

Ms. Ramirez seemed to be directing her remarks at the start-ups that are making most of the products — like fitness trackers and glucose monitors — driving the so-called Internet of Things.

She said that some of these developers, in contrast to traditional hardware and software makers, ‘have not spent decades thinking about how to secure their products and services from hackers.'”

I yield to no one in my love of serendipitous discoveries of data’s value (such as the breakthrough in early diagnosis of infections in neonates by researchers from IBM and Toronto’s Hospital for Sick Children, but I think Ms. Ramirez was on target about IoT developers forcing themselves to emphasize minimization of data collection, especially when it comes to personal data:

“Beyond security, Ms. Ramirez said that technology companies needed to pay more attention to so-called data minimization, in which they collect only the personal data they need for a specific purpose and delete it permanently afterward. She directly challenged the widespread contention in the technology industry that it is necessary to collect large volumes of data because new uses might be uncovered.

‘I question the notion that we must put sensitive consumer data at risk on the off chance a company might someday discover a valuable use for the information,’ she said.

She also said that technology companies should be more transparent about the way they use personal data and should simplify their terms of use.”

Watch for a major IoT privacy pronouncement soon from the FTC.

It’s gratifying that, in addition to the panel Ms. Ramirez introduced, that CES also had an (albeit small…) area for privacy vendors.  As the WaPo reported, part of the reasons for this area is that the devices and apps are aimed at you and me, because “consumers are finding — thanks to the rise in identity theft, hacks and massive data breaches — that companies aren’t always good stewards for their information.” Dealing with privacy breaches is everyone’s business: companies, government, and you and me!

As WaPo reporter   concluded: “The whole point of the privacy area, and of many of the products being shown there, is that technology and privacy don’t have to fight. They can actually help each other. And these exhibitors — the few, the proud, the private — are happy to be here, preaching that message.”

So, let’s all resolve that 2015 when privacy and security become as big an IoT priority as innovation!


Oh, before I forget, its time for my gratuitous reference whenever I discuss IoT privacy and security, to Gen. David Petraeus (yes, the very General “Do As I Say, Not As I Do” Petraeus who faces possible federal felony charges for leaking classified documents to his lover/biographer.), who was quite enamored of the IoT when he directed the CIA. That should give you pause, no matter whether you’re an IoT user, producer, or regulator!

My take on the IoT at CES

Here I am languishing in bitterly-cold Massachusetts, while all the cool kids are playing with toys at CES!  I’ll try to get over it and give you my impressions of the Internet of Things new product introductions, as filtered through the lens of my IoT Essential Truths:

  • Perhaps the most important development is Samsung’s whole-hearted embrace of the IoT, building on its acquisition of SmartThings.  In his keynote, Samsung CEO BK Yoon struck exactly the right notes, emphasizing the need for open standards and collaboration.Within 5 years, all new Samsung products will be IoT enabled.Don’t forget that Samsung doesn’t just make consumer products, but also critical IoT tools such as sensors and chips.  Its 3-D range sensors that can detect tiny movements may be a critical IoT components.SmartThings CEO Alex Hawkinson was part of the presentation, and stressed:

    “For the Internet of Things to be a success, it has to be open, Any device, from any platform, must be able to connect and communicate with one another. We’ve worked hard to accomplish this, and are committed to putting users first, giving them the most choice and freedom possible.”

  • If was accurate, the GoBe calorie counter could be a great Quantified Self device. I still find it waaay to time-consuming and laboriously to look up specific foods’ caloric content and enter them into an app. However, The Verge says not so fast…..  What might be feasible is the InBody Bend, to measure the result of those calories — your body fat — and your heart rate. It’s also a pedometer and measures your calories burned. Oh, yeah, the Bend also tells time. Best of all, it will go 7-8 days between charges.
  • The HereO children’s watches seem like a great product for worried parents, allowing them to locate the wee ones via GPS.
  • While I think the key to realizing my “Smart Aging” paradigm shift will primarily be tweaking mainstream IoT Quantified Self and smart home devices for seniors’ special needs, there are some issues, such as hearing loss, that particularly affect seniors. In that category, Siemens’ Smart Hearing Aid looks promising, and an interesting example of enhancing a not-so-great existing product using IoT capabilities. A key is the unobtrusive clip-on easyTek  which complements the in-ear device, and can connect (via Bluetooth) to smartphones, computers or TVs, so that the hearing aides also function as earphones for those devices. As The Verge reports, even those with good hearing might end up using it.
  • However, my two favorite CES intros both enhance a decidedly 19th-century product, the bike.They illustrate the Essential TruthWhat Can You Do Now That You Couldn’t Do Before?
    Smart Pedal

    Smart Pedal

    One is a nifty substitute for a plain-vanilla pedal, from Connected Cycle. On a day-in-day-out basis, the pedal is a Quantified Self device, recording your speed, route, incline, and calories burned.

    However, when some miscreant steals your ride, it’s the two-wheel equivalent of Find My iPhone, telling you and the cops exactly where the bike’s located.

    Ok, that’s nice, but the other bike device introduced at CES can save your life!

    Smart Bike Helmet

    In the spirit of IoT collaboration, Volvo, Ericsson & sporting goods manufacturer POC have worked together on a smart helmet.

    The bike’s and the car’s locations are both uploaded to the cloud.

    If the  helmet is connected to a bike app such as Strava, built-in warning lights warn it there’s a car nearby, while a heads-up display on the dash warns the driver at the same time.

    I can’t see Volvo gaining any competitive advantage from this, and, of course, the technology will really only be effective if every hemet and every car are equipped with it, so I hope the partners will release it for universal adoption. Who would have ever thought that the IoT could peacefully bring bicyclists and motorists together. Just shows you that with the IoT, we’ll have to re-examine a lot of long-held beliefs!

 

My #IoT predictions for 2015

I was on a live edition of “Coffee Break With Game-Changers” a few hours ago with panelists Sherryanne Meyer of Air Products and Chemicals and Sven Denecken of SAP, talking about tech projections for 2015.

Here’s what I said about my prognostications:

“I predict that 2015 will be the year that the Internet of Things penetrates consumer consciousness — because of the Apple Watch. The watch will unite both health and smart home apps and devices, and that will mean you’ll be able to access all that usability just by looking at your watch, without having to fumble for your phone and open a specific app.

If Apple chooses to share the watch’s API on the IFTTT – If This Then That — site, the Apple phone’s adoption – and usability — will go into warp speed. We won’t have to wait for Apple or developers to come up with novel ways of using the phone and the related devices — makers and just plain folks using IFTTT will contribute their own “recipes” linking them. This “democratization of data” is one of the most powerful – and under-appreciated – aspects of the IoT. In fact, Sherryanne, I think one of the most interesting IoT strategy questions for business is going to be that we now have the ability to share real time data with everyone in the company who needs it – and even with supply chain and distribution networks – and we’ll start to see some discussion of how we’ll have to change management practices to capitalize on this this instant ability to share.

(Sven will be interested in this one) In 2015, the IoT is also going to speed the development of fog computing, where the vast quantities of data generated by the IoT will mean a switch to processing data “at the edge,” and only passing on relevant data to the cloud, rather than overwhelming it with data – most of which is irrelevant.

In 2015 the IoT is also going to become more of a factor in the manufacturing world. The success of GE’s Durathon battery plant and German “Industry 4.0” manufacturers such as Siemans will mean that more companies will develop incremental IoT strategies, where they’ll begin to implement things such as sensors on the assembly line to allow real-time adjustments, then build on that familiarity with the IoT to eventually bring about revolutionary changes in every aspect of their operations.

2015 will also be the year when we really get serious about IoT security and privacy, driven by the increasing public concern about the erosion of privacy. I predict that if anything can hold back the IoT at this point, it will be failure to take privacy and security seriously. The public trust is extremely fragile: if even some fledgling startup is responsible for a privacy breach, the public will tend to tar the entire industry with the same brush, and that could be disastrous for all IoT firms. Look for the FTC to start scrutinizing IoT claims and levying more fines for insufficient security.”

What’s your take on the year ahead? Would love your comments!

Smart Washing Machine: another example of “just because you can doesn’t mean you should”

When I buy the much-hyped smart refrigerator, you’ll know I’ve officially gone around the bend, and have officially surrendered to IoT hype: it makes sense for those who buy a ton of processed foods with bar codes on them, but I just can’t see the value to those of us who buy a lot of label-less veggies from farmers markets, for example.

In a close second place on my personal list of those IoT devices that violate one of my Essential Truths of the IoT: “just because you can do something doesn’t mean you should” would be a smart washing machine.

As the Washington Post wrote about Whirlpool’s $1,699 “smart” washer,

“Few expected ‘smart’ machines would fly off the shelves. They’re expensive, and Americans don’t typically replace their washers and dryers all that often. But analysts say the problem is bigger than that. Today’s smartest washer and dryer set won’t fold your clothes, erase wrinkles or stop you from mixing reds and whites. It won’t even move a load from one machine to the other. So what’s the point?”

I know there are going to be some false starts in creating IoT-enabled products that really do provide value, and good for Whirlpool for experimenting, but I do wonder whether something we used to call “common sense” is sorely lacking in some companies’ IoT decision-making.

IMHO, it would really be helpful if my washer and dryer could go on late at night to take advantage of utilities’ off-peak pricing as part of their smart grid initiatives (to their credit, as you’ll see from the photo of the companion smart dryer, a smart grid link is part of these appliances)

smart grid button on Whirlpool dryer

. However, I suspect that would be easily possible if the utilities just published APIs so some smart IFTTT user could create a “recipe” that would turn on an utterly-conventional washer that was plugged into a WeMo smart plug (hmm: did a search for that, and found a recipe that would automatically turn off a washer plugged into a WeMo if a Nest alarm detected a fire: nice, but rather low on my list of what I’d want to have done in case of a fire….).

So, yea, smart appliances, but let’s also make sure that one of the questions companies ask before committing to a really expensive initiative is: “do we really need it?”

Live Blogging from IoT Global Summit

I’ll be live-blogging for the next two days from the 2nd Internet of Things Global Summit.

  • Edith Ramirez, FTC chair:
    • potential for astounding benefits to society, transforming every activity
    • risks: very technology that allows this can also gather info for companies and your next employer
    • possible consumer loss of confidence in connected devices if they don’t think privacy w
    • 3 challenges:
      • adverse uses
      • security of the data
      • collection of the data
    • key steps companies should take:
      • security front and center
      • deidentify data
      • transparent policies
    • data will provide “startlingly complete pictures of us” — sensors can already identify our moods, even progression of neurological diseases
    • how will the data be used? will TV habits be shared with potential employers? Will it paint picture of you that others will see, but you won’t
    • will it exacerbate current socio-economic disparities?
    • potential for data breaches such as Target grows as more data is collected
    • FTC found some companies don’t take even most basic protections. Small size and cheap cost of some sensors may inhibit data protections
    • steps:
      • build security in from beginning
      • security risk assessment
      • test security measures before launch
      • implement defense and depth approach
      • encryption, especially for health data.
    • FTC action against TrendNet
    • follow principle of “data minimization,” only what’s needed, and dispose of it afterwards.
  • she’s skeptical of belief that there should be no limits on collection of data (because of possible benefits)
    • de-identified data: need dual approach — commit to not re-identify data
    • clear and simple notice to consumers about possible use of data.
    • Apple touting that it doesn’t sell data from Health App — critical to building consumer trust
    • transparency: major FTC priority. FTC review of mobile apps showed broad and vague standards on data collection & use.
  • Ilkka Lakaniemi, chair, FIWARE Future Internet PPP, EU perspective on IoT:
    • lot easier to start IoT businesses in Silicon Valley because of redundant regulations in EU
    • Open Standard Platform + Sustainable Innovation Ecosystem. “Synergy Platform”
  • Mark Bartolomeo,   vp of integrated solutions, Verizon:
    • Bakken Shale area visit: “landscape of IoT” solutions — pipeline monitoring, water monitoring, etc.
    • concerned about rapid urbanization: 30% of city congestion caused by drivers looking for parking. $120B wasted in time and fuel yearly.
    • cars: “seamless nodes” of system.
    • market drivers & barriers:
      • increased operational efficiency, new revenue streams, better service, comply with regulators, build competitive edge
      • fragmented ecosystem, complex development, significant back end obstacles
    • they want integrated systems.
    • need to remove barriers: aging infrastructure, congestion, public safety, economics
    • remove complexity
    • economies of scale: common services
    • trend to car sharing, smart grid
    • yea: highlighting intellistreets — one of my 1st fav IoT devices!!
    • Verizon working primarily on parking & traffic congestion on the East Coast, and water management in CA.

Smart Cities:

  • Nigel Cameron: nation-state receding, cities and corporations on ascendency
  • Sokwoo Rhee, NIST: Cyber-Physical Systems — emphasis on systems dynamics, data fed back into system, makes it autonomous.  Did Smart America Challenge with White House. Fragmentation on device level. Demonstrate tangible effects through collaborations. Examples: health care systems, transactive energy management, smart emergency response, water distribution, air quality. 24 projects.  Round Two is application of the projects to actual cities. Now 26 teams.
  • Joseph Bradley, VP, IoT Practice, Cisco Consulting: value isn’t in the devices, but the connections. Intersection of people, data, process, and things. Increase City of Nice’s parking revenue 40-60% without raising taxes through smart parking. They project $19 trillion in value over 10 years from combo of public and private innovations. Smart street lighting: reduces crime, property values increase, free wi-fi from the connected street lights. Barcelona is Exhibit A for benefits. Need: comprehensive strategy (privacy is a contextual issue: depends on the benefits you receive), scalability, apps, data analytics, transparency, powerful network foundation, IoT catalyst for breaking down silos, IoT must address people and process.
  • Ron Sege, chair and ceo of Echelon Corp: got started with smart buildings, 25 yrs. old. Why now with IoT: ubiquitous communications, low cost, hyper-competition, cloud. They do outdoor & indoor lighting and building systems. Challenges: move to one infrastructure/multiple use cases, will IT learn about OT & visa-versa?, reliability: critical infrastructure can’t fail & must respond instantly.
  • Christopher Wolf, Future of Privacy Forum: flexible, use-based privacy standards. Industry-wide approach to privacy: auto industry last week told NISTA about uniform privacy standards for connected cars (neat: will have to blog that…).
  • Peter Marx, chief innovation officer, City of LA:  big program to reduce street lights with LEDs: changed whole look of city at night & saves lot of money. 6 rail lines being built there. Adding smart meters for water & power. EV chargers on street lights. Held hackathon for young people to come up with ideas to improve city. Procurement cycles are sooo arcane that he suggests entrepreneurs don’t do business with city — he just tries to enable them.

Outside the City:

  • Darrin Mylet, Adaptrum: Using “TV white space spectrum” in non-urban areas. Spectrum access critical:need mix of spectrum types. Where do we need spectrum? Most need in non-line-of-sight areas such as trees, etc. Examples: not only rural, but also some urban areas (San Jose); Singapore; Africa; redwood forests;
  • Arturo Kuigami, World Bank: examples in developing nations: (he’s from Peru); most of global migration is to smaller cities; look at cities as ecosystems; “maker movement” is important — different business models: they partnered with Intel and MIT on “FabLabs” in Barcelona this year. MoMo — water access point monitoring in Tanzania.  Miroculus: created by a global ad hoc team — cheap way to make cancer diagnosis: have identified 3-4 types of cancers it can diagnose. Spirometer to measure COPD, made by a 15-year old! “IoT can be a global level playing field.”
  • Chris Rezendes, INEX Advisors: Profitable sustainability: by instrumenting the physical world, we can create huge opportunities for a wide range of people outside our companies. Focusing on doing a better job of instrumenting and monitoring our groundwater supplies: very little being done in SW US right now (INEX investing in a startup that is starting this monitoring). If we have better data on groundwater, we can do a better job of managing it. “Embrace complexity upfront” to be successful.
  • Shudong Chen, Chinese Academy of Sciences: talking about the Chinese food security crisis because of milk production without a food production license.  Government launched “Wuxi Food Science & Technology Park.”

Smart Homes:

  • Tobin Richardson, Zigbee Alliance: critical role of open, global standards. Zigbee LCD lights now down to $15.
  • Cees Links, GreenPeak Technologies: Leader in Zigbee-based smart home devices. Smart home waay more complex than wi-fi.  1m chips a week, vs. 1 million for whole year of 2011. “Not scratching the surface.” Small data — many small packets.
  • Todd Green, CEO PubNub: data stream network.
  • no killer app for the smart home..  Controlling by your phone not really that great a method.
  • FTC agrees with me: a few adverse stories (TrendNet baby cam example) can be really bad for an industry in its infancy.
  • always hole in security. For example, you can tell if no one’s home because volume of wi-fi data drops.W
  • FTC: consumer ed critical part of their work. Working now on best practices for home data protection.
  • mitigation after a security breach? Always be open, communicate (but most hunker down!).

DAY TWO

Beyond Cost Savings: Forging a Path to Revenue Generation

  • Eric Openshaw: (had tech problems during his preso: very important one — check the Deloitte The Internet of Things white paper for details) cost savings through IoT not enough for sustainable advantage: need to produce new revenue to do that. Defined ecosystem shaping up, which creates clarity, breaks down silos.
    • areas: smart grid, health care, home automation, cars, industrial automation
    • study the GE jet model for health care: what if doctors were paid to keep us healthy.
    • need comprehensive understanding of the change issues
    • be very specific: singular asset class, etc. — so you get early victories
    • companies will have overarching, finite roadmap
    • security & privacy dichotomy: differentiate between personal health care data and data from your washing machine. Most of us will share all sorts of information if there’s something in return
    • get focused on customer and product life cycle — that’s where the money will be. Focus on operating metric level. This is most far-reaching tech change he’s seen.

Managing Spectrum Needs

  • Julius Knapp, Chief, FCC Office of Engineering & Technology: new opportunity to combine licensed and unlicensed space. Described a number of FCC actions to reconsider role of various types of spectrum. “Hard to predict I0T’s long-term spectrum needs” because industry is new: they’ll watch developments in the field.
  • Prof. H. Nwana, exec. director of Dynamic Spectrum Alliance: most spectrum usually not used in most places at most time.  His group working to use changes to spectrum to end digital divide: (used incredible map showing how much of world, including US, China, India, W. Europe, could be fitted into Africa).
  • Carla Rath, VP for Wireless Policy, Verizon: “in my world, the network is assumed.”  Need for more spectrum — because of growth in mobile demand. Praises US govt. for trying to make more spectrum available. Don’t want to pigeonhole IoT in certain part of spectrum: allow flexibility.  Tension between flexibility and desire for global standards when it comes to IoT.
  • Philip Marnick, group director of spectrum policy, Ofcom UK:  no single solution.  Market determines best use. Some applications become critical (public safety, etc.) — must make sure people using those are aware of chance of interference.
  • Hazem Moakkit, vp of spectrum development for 03b (UK satellite provider for underserved areas of developing world): “digital divide widened by IoT if all are not on board.” Fair allocation of spectrum vital.
  • interesting question: referred to executive of a major farm equipment manufacturer whose products are now sensor-laden (must be John Deere…) and is frustrated because the equipment won’t work in countries such as Germany due to different bands.

Architecting the IoT: Sensing, Networking & Analytics: 

  • Tom Davenport: IoT highly unpredictable. “Great things about standards is there’s so many to choose from” — LOL.  Will IoT revolution be more top down or bottom up?
  • Gary Butler, CEO, Camgian: announcing an edge system for IoT. Driven by sensor info. Need new networking architecture to combine sensing and analytics to optimize business processes, manage risk. Systems now built from legacy equipment, not scalable. They’re announcing new platform: Egburt. Applicable to smart cities, retailing, ifrastructure (I’ll blog more about this soon!!). “Intelligence out of chaos.” Anomaly detection. Real-time analysis at the device level. Focus on edge computing. Must strengthen the ROI.
  • Xiaolin Lu, Texas Instruments fellow & director of IoT Lab: Working in wearables, smart manufacturing, smart cities, smart manufacturing, health care, automotive. TI claims it has all IoT building blocks: nodes, gateway/bridge or router/cloud.  Power needs are really critical, with real emphasis on energy harvesting from your body heat, vibration, etc. Challenges: sensing and data analytics, robust connectivity, power, security, complexity, consolidation of infrastructure and data. Big advocates for standards. They work on smart grid.
  • Steve Halliday, president, RAIN RFID: very involved in standards. 4 BILLION RFID tags shipped last year. Don’t always want IP devices. Power not an issue w/ RFID because they get their power from the reader. Think RFID will be underpinning of IoT for long time. Lot of confusion in many areas about IoT, especially in manufacturing.
  • Sky Mathews, IBM CTO: IBM was one of earliest in the field, with Smarter Planet. Lot of early ones were RFID. A variety of patterns emerging for where and how data is processed. What APIs do you want to expose to the world? “That’s where the real leaps of magnitude will occur” — so design that in from beginning.

‘People’ Side of the IoT: meeting consumer expectations:

  • Mark Eichorn, asst. director, Consumer Protection Bureau, FTC: companies that have made traditional appliances & now web-enable them aren’t always ready to deal with data theft. Security and privacy: a lot don’t have privacy policies at all. At their workshop, talk about people being able to hack your insulin readings.
  • Daniel Castro, sr. analyst, Center for Data Innovation: thinks that privacy issue has been misconstrued: what people really care about is keeping data from government intrusion. Can car be designed so a cop could pull it over automatically (wow: that’s a thought!). Chance for more liability with misuse of #IoT data.
  • Linda Sherry, director of national priorities, Consumer Action: “convenience, expectations and trust.” “What is the IoT doing beside working?” Connecting everything may disenfranchise those who aren’t connected. Need to register those who collect data – hmm. Hadn’t heard that one before. Even human rights risks, stalking, etc. — these issues must be thought about. Can algorithms really be trusted on issues such as insurance coverage? How do you define particularly sensitive personal data? “Hobbling the unconnected” when most are connected? “Saving consumers from themselves.” “Document the harms.” Make sure groups with less $ can really participate in multi-stakeholder negotiations.
  • Stephen Pattison, vp of public affairs, ARM Holdings: disagrees with Linda about slowing things down: we want to speed up IoT as instrument of transformation. We need business model for it. Talks about how smart phone didn’t explode until providers started subsidizing purchase. He suspects that one model might be that a company would provide you whole range of smart appliances in return for your data. “Getting data right matters.” “Freak events” drive concerns about data security & privacy: they generate concern and, sometimes, “heavy-handed” regulation.
    Industry must work together on framework for data that creates confidence by public. Concerns about data are holding back investment in the field. They’re working with AMD on a framework: consumers own their own data — must start with that (if they do, people will cooperate); not all data equally sensitive — need chain of custody to keep data anomyzed; security must be right at the edge; simplify terms and conditions.
    Sometimes thinks that, in talking about IoT, it’s like talking about cars in 1900, but we managed to create a set of standards that allowed it to grow: “rules of the road,” etc.
comments: 2 »
http://www.stephensonstrategies.com/">Stephenson blogs on Internet of Things Internet of Things strategy, breakthroughs and management