Speed read The Internet of Things is poised to radically enhance society

This great promise of efficiency is matched by its monstrous potential for abuse

Francine Berman discusses what can be done to ensure an ethically implemented Internet of Things

The Internet of Things (IoT): let’s define some terms here.

Internet: Well that’s simple enough — that electronic communications network through which we all gather our mail, news, and cat videos.

Then what’s this ‘things’ part?

Examples might help here: Refrigerators, phones, copy machines, baby monitors, automobiles, microwaves, street lights – really, any computerized object that can link to the internet.

In this brave new world of networked devices, how do we maintain individual rights and manage the IoT safely and ethically?

That’s the question we put to Francine Berman, the Edward P. Hamilton distinguished professor in computer science at Rensselaer Polytechnic Institute.



What’s the promise and peril inherent in IoT?

The IoT has tremendous potential to enhance society, work, and life. Smart, networked systems can make us safer in our homes and vehicles, increase our efficiency at work and at play, empower us through information, and create new opportunities. But technologies have neither social values nor ethics.

The same systems that can be used to enhance our lives can also be used to facilitate misbehavior. Denial-of-service attacks or hackers can put smart infrastructure systems — and the people they serve — in danger. Remote surveillance systems that allow parents to check on their infants, or adult children to check on aging parents have also been used to spy on unsuspecting individuals and scream at babies.

The potential of the IoT will be achieved when we have a common sense of appropriate behavior, social mechanisms to enforce responsibility and accountability, and when we enable technical architectures that incorporate safety, security, and protections. For best results, we need to develop all of these in coordination and not just after technologies have matured.

Many people assume the rights and protections we enjoy in democratic society are applicable to the IoT realm. Is this not the case?

Whether we’re dealing with rights and protections in existing scenarios or new ones, the IoT will be a brave new world. We will need to conceptualize, extend, or re-establish a working notion of individual rights and the public good.

Our mileage will vary: In some cases, rights and protections from other spheres of life will be extensible to the IoT, although the IoT and digital technologies will vastly impact the interpretation and potential consequences of existing policy and law.

For example, we have seen policy makers and lawmakers struggle to extend copyright law into digital media such as YouTube and apply health information privacy laws to smartphone health apps.

These scenarios provide vastly different environments than the original scenarios covered by law and policy and will need to evolve to adequately promote responsible behavior in IoT environments.

The IoT will also necessitate new rights and protections. For example, in environments with embedded surveillance, do you have a right to opt out? It may be that in many instances you don’t. What are your rights and what is society’s responsibility toward you in these environments?

An IoT ‘Bill of Rights’ sounds like a good idea — to what extent will or won’t it work?

An IoT Bill of Rights provides an important framework for thinking about the impact of IoT, but will only be as good as its scope, interpretation, and enforcement.

For example, a ‘right to privacy’ that gives individuals control of the data they generate and the metadata collected about them could ensure control over a digital persona.

However, the technical infrastructure that implements this right may be challenging to engineer.

The potential of the IoT will be achieved when we have a common sense of appropriate behavior, social mechanisms to enforce responsibility and accountability, and when we enable technical architectures that incorporate safety, security, and protections. ~Francine Berman

Will individuals want to or be able to sift through all records for all on-line IoT services and devices they use (smart phone, refrigerator, car, shopping site, browser, etc.) to pick and choose which information is private and what can be shared?

Will a strong individual right to privacy also make public data in the IoT less valuable? For example, if half of the residents in an area choose to keep the location and images of their homes private, the Google map of that area may cease to be useful.

How we determine what information is private and under what circumstances, who can control it, who can access it, who can enforce it, and what happens when things go wrong will be critical for a ‘right to privacy’ to be meaningful.

So how to safely and ethically deploy IoT?

I don’t think that we should set up a governance system for the IoT without substantive discussion and experience with IoT technologies.

So now is exactly the right time for thought leadership and exploration. We need to be developing the intellectual groundwork for IoT governance, policy, and laws to understand how to prioritize and promote the public good within the IoT.

We need to understand intended and unintended consequences for a broad spectrum of potential IoT policy, regulation, and frameworks.

We need to work now to understand the specifics of how the IoT will impact current social mechanisms or necessitate new ones to create an environment in which the IoT can achieve its highest potential.

We also need to pilot and experiment with various IoT policies now to gain experience with how various approaches will work. Smart systems, cities, and workplaces can collect information on the success and challenges of various policies, system coordination and security mechanisms, and approaches to data rights, privacy, stewardship and use.

This is already happening in opportunistic areas like transportation (Who is responsible when a self-driving car has an accident? What information should be private within a vehicle-net?) but is needed for the broader spectrum of IoT scenarios, systems, and devices.