EC IoT Consultation – RFID in Europe Collective Response Consultation - final... · RFID in...

PUBLIC POLICY ACTIVITY

of 26 10/07/2012

EC IoT Consultation (2012)

RFID in Europe - Collective Response Report

Coordinator: Trevor Peirce, RFID in Europe Public Policy Activity Leader Status: Final Draft Version: 0.5 Date: 10th July 2012


of 26 10/07/2012

Table of Contents EC IoT Consultation (2012) ..................................................................................................................... 1

RFID in Europe - Collective Response Report .......................................................................................... 1

Introduction ......................................................................................................................................... 3

Report Summary.................................................................................................................................. 3

Privacy: “The right to be left alone” ................................................................................................ 3

Security ............................................................................................................................................ 3

Security of Critical IoT Support Infrastructure ................................................................................ 4

Ethics ............................................................................................................................................... 4

Open Object Identifiers and Interoperability .................................................................................. 4

Governance ..................................................................................................................................... 5

Standards for meeting policy objectives ......................................................................................... 5

Bibliography ............................................................................................................................................. 7

Section 1 – Privacy ................................................................................................................................... 8

Section 2 - Security .................................................................................................................................. 9

Section 3 – Security of Critical IoT Support Infrastructure .................................................................... 11

Section 4 – Ethics (Group 1) .................................................................................................................. 11

Section 4: Ethics – Group 2 .................................................................................................................... 13

Section 5 - Open Object Identifiers and Interoperability ...................................................................... 14

Section 6 – Governance – part 1 ........................................................................................................... 17

Section 6 – Governance – part 2 ........................................................................................................... 18

Section 7 – standards for meeting policy objectives ............................................................................. 19

APPENDIX A) – Internet/Intranet .......................................................................................................... 21

APPENDIX B) – IoT Applications ............................................................................................................ 22

APPENDIX C) Terminology and Definitions: .......................................................................................... 23


of 26 10/07/2012

Introduction RFID in Europe1 engages in promoting the European adoption of RFID and related technologies. The

Internet of Things (IoT) is therefore well within the scope of RFID in Europe activities. RFID is a prime

IoT enabling technology as identified by the IoT European Research Cluster (IERC) through an online

survey completed in 2010. Further the membership of RFID in Europe covers a diverse group of

stakeholders many of whom have a direct interest in and actively participate in the development of

IoT.

During the “RFID in Europe – 2012” event held in Leuven, Belgium late May 2012 the attending

members supported the development proposal of a coordinated joint response to the EC’s IoT

Consultation. Members of the EC attending “RFID in Europe – 2012” encouraged this activity within

the IoT Consultation deadline of 14th July 2012.

Report Summary Generally speaking the IoT Consultation is challenging to respond to due to the wording of some of

the questions and the wording of the presented selection of responses. RFID in Europe considers this

to be unfortunate as the topic headings selected for the IoT Consultation are important if not critical

to IoT’s future success. This document addresses each and every question in a way which seeks to

remove ambiguity in the interpretation of RFID in Europe’s collective responses and diminish any

resulting potential confusions. A supporting contribution to this approach is the definition of

terminology, an exercise completed by RFID in Europe at the start of the preparation of this

document in order to foster a common and shared understanding and facilitate efficient

communication. Common terminology was a RACE networkRFID deliverable which is publically

available through the RFID in Europe Web site2, although the original version did not specifically

focus upon privacy, security, ethics nor governance terms. For information on the IoT relevant

terminology and definitions as defined by RFID in Europe please refer to Appendix C.

The process of developing this document has involved a core group of RFID in Europe volunteers. The

final draft was provided to the whole RFID in Europe membership for review and comment.

Privacy: “The right to be left alone”

RFID in Europe believe that IoT’s success is founded upon respecting privacy. Privacy is not easily

defined representing a major hurdle to progress towards privacy compliance.

Security

Security often translates from English into other European languages where it refers to security as

well as safety. For this reason RFID in Europe considers security to comprehensively cover security in

its broadest context. This means not only safety but also all aspects influencing the protection of

data, individuals, organizations, property and infrastructure.

Public communication such as notification has a sometimes overlooked contribution to security and including safety. This my avoid challenges of following your Google glasses IoT based visual head-up

1 RFID in Europe is a not-for-profit organization based in Belgium and originates from the EC Thematic network

entitled RACE networkRFID. RFID in Europe started operating on the 1st

March 2012, RACE networkRFID concluding on the 29

th February 2012 after 3 years of operation.

2 http://www.rfidineurope.eu/sites/default/files/RFID_Definitions_and_Terminology_5_version_1.pdf


of 26 10/07/2012

displayed instruction to cross the road while indicating no traffic when for one reason or other there is.

Security of Critical IoT Support Infrastructure

RFID in Europe were not able to identify established references which fully or comprehensively

defines what “critical IoT support infrastructure” comprises of. Internet critical support infrastructure

may represent a critical part, however IoT devices do not necessarily rely on the Internet to execute

processes including communication with other devices or networks. An IoT device may continue to

capture data or communicate with other devices without the availability for some extended periods

of time before some or all device related applications have critically failed due to the absence of

connectivity to a working Internet.

Ethics

The ethical issues overlap with privacy and security. To a large degree it is considered that ethical

issues are addressed by established legislation either at European or Member State levels. Ethics is

perhaps particularly difficult to address globally and reference to the current situation within the

Banking sector illustrates this vividly.

Open Object Identifiers and Interoperability

Identifiers, naming and addressing are core elements of IoT architecture. It is not clear what is meant

by “Open” being interpretable as either meaning accessible or, possibly freely available to all or,

both. These options can alternatively be expressed as available to see or, to use or, both. An

alternative approach in seeking clarification would be to consider “closed” identifiers which may

refer to some established identifier issuing authorities whom do not offer free access.

Objects are assumed to mean IoT devices and not therefore equivalent to “things” which are

interpreted to refer to anything which the IoT device or devices are attached to, either for an instant

or for any period over the thing’s life and, beyond with respect to virtual objects.

There are several forms of identifiers. At IoT device level (edge) there exists both embedded and user

defined identifiers. The network level communications to and from IoT devices communicators (near-

edge) are often associated with other message identifiers. The distinction between identifiers is

important to recognize, the former being much more challenging to secure without increasing and

often excessive demands upon limited resources either at device level or upon the air interface.

Device level identifiers are used for a multitude of purposes. Embedded identifiers are machine

optimized and are often essential to applications where performance is important or critical. User

defined identifiers are potentially more efficient but in practice the differences in open IoT systems

are commonly marginal, there being significant efficiencies in both when comparing active IoT

devices in active service against the total pool of IoT devices (stocked, deployed and retired).

Identifiers are also used for authentication. There are a number of challenges to relying solely upon

the identifier or identifiers. One, over time less-and-less identifiers will be unique as allocations are

following typical human nature to divided, sub-divided and divided yet again. This places huge

demands upon allocations as users provision for forecast demand. Serialization can be associated

with the familiar problem of “how many times do I need to fold a piece of paper to reach the


of 26 10/07/2012

moon?3” Identifier serialization and the use of header structures in the least worst-case scenarios

should only be considered for always networked devices where the identifiers can be monitored and

dynamically reallocated if necessary where duplicates are identified.

Addressing is another aspect needing careful consideration. As a clear example the recent ruling by

the European Court of Justice (ECJ) underlined the fact that IP addresses are personal data.

“The court took issue with the fact that ISPs would have had to record IP addresses to determine

who was file sharing, as IP addresses are considered to be ‘protected personal data’ by the court.”4

An IP address serves two principal functions: host or network interface identification and location

addressing. Its role has been characterized as follows: "A name indicates what we seek. An address

indicates where it is. A route indicates how to get there."5

Objects are typically things with attributes: but the thing and the attribute (s) may change roles at least in terms of addressing depending on the scenario. Virtual as well as physical things may be represented as legitimate and correct and also all other combinations too.

Interoperability depends on defined and widely available rules. It does not depend upon using a

single identifier or address structure for the whole world of IoT. Positive identification and

authentication can only be achieved through assessing a number of attributes. EPCglobal’s e-

Pedigree model demonstrates this same approach to reasonably rigorous authentication, although

false virtual attributes can always undermine this approach it creates yet another hurdle making the

process of impersonation or counterfeiting more costly and requiring greater diligence.

Governance

Governance, regulation and controls are good ideas but practically in a domain such as IoT without

borders, how can such disciplines be implemented? IoT is perhaps especially challenging as it mixes a

global internet with movable things which are not necessarily connected and electronically

accessible. This could mean that even if IoT Governance can be enforced at a network level it may

not stop the IoT device from capturing information in the area of rigorous enforcement and then

connecting to the Internet once outside this area, effectively breaking the Governance model. RFID in

Europe would not support the complication of such Governance at any level if it cannot be

universally effective.

Standards for meeting policy objectives

Standards are often a “Trojan horse” concealing critical IPR6. Standards can stifle innovation and slow

technological evolution. Standards nevertheless can positively contribute to adoption by bringing

together IPR holders and in arresting technological development sufficiently to allow market stability.

3 The answer is theoretically 42, however it is not possible to practically fold a piece of paper more than 7

times. 4 The European Court of Justice (ECJ) has finally issued their ruling on the seminal case of SABAM v. Scarlet,

which has been ongoing since 2004. http://pilr.blogs.law.pace.edu/2012/04/21/isps-cant-be-forced-to-block-file-sharing-in-the-eu/ 5 http://en.wikipedia.org/wiki/IP_address

6 Reference the ITU meeting upon respecting IPR declaration rules within standards creation processes which is

scheduled for autumn of 2012.


of 26 10/07/2012

Standards therefore can also lower adoption barriers and assist with interoperability. As RFID in

Europe is orientated towards assisting European adoption it leans towards support of standards.

Voluntary and global standards are perhaps the most suitable for an emerging IoT which is a

convergence of many established components as well as some elements of new innovation.

All too often standards and specifications are confused, not always accidentally. A standard is usually

a relatively timeless (and legal) document, a specification is for a particular technology. A standard

has quite strict criteria and is peer reviewed, a specification may not be so rigorous even when it is

produced by an industry consortium especially in terms of interoperability (ever had the U73 error

when using HDMI). In fact, the formal standards process includes the option of a Technical

Specification (TS), and this approach is underused. A TS can be considered as a pre-standard, and

helps rather than hinders the creation of a full standard (if appropriate).


of 26 10/07/2012

Bibliography Castells, M. (2010). The Rise of The Network Society. UK: Wiley-Blackwell.


of 26 10/07/2012

Section 1 – Privacy

The question may perhaps be understood as why cannot application operators be expected to make

clear what the purposes of their applications are and, which data would they collect, use/process,

store and share/communicate? Why should going beyond the sole purpose of the application

necessarily provide any tangible benefits? How would operating outside European Law advantage

society, particularly when considering the example provided. Service providers already run statistics

on use and do generate forecast energy demands which feed their planning and provisioning so

perhaps better examples exist to illustrate what questions is being asked. Why cannot applications

clearly identify a sole set of purposes irrespective of whether or not they are using virtual data or real

data or both?

An additional valid question related to the example may even ask why IoT? Where is the advantage

provided by IoT over non Internet connected smart meters?

Generally IoT applications necessarily need to generate benefits to justify their investment. The

question is therefore interpreted as asking whether “I” as an individual will gain advantages from IoT.

For many of the members of RFID in Europe the benefits they receive may be through IoT providing

them employment or opportunities to further their careers. This does not prevent RFID in Europe

members from anticipating more general benefits from their daily future interaction with IoT

applications. What is reasonably sure is that today it is probably too early to have any confidence in

the latter and very difficult to differentiate smart city applications of smart devices from those

founded upon IoT.

The anticipated changes to European Data Protection in terms of the two vehicles proposed may

throughout the remaining process change existing principles. Mindful that the past principles may be

revised to align with ICT developments and Data provisions


of 26 10/07/2012

It is somewhat surprizing departure from the established RFID PIA Framework to consider a Data

Protection Impact Assessment. The possible challenge with a DPIA is that does not necessarily cover

wider privacy issues and it causes possible confusion between the RFID PIA Framework and a DPIA. If

a DPIA is the preferred direction for the future the RFID PIA Framework should probably rapidly

superseded to avoid a great deal of confusion by operators, end user, the general public and

government organizations.

The evolution of the RFID PIA Framework tools has shown a preference by some European Member

States to include security provisions in the form of a security risk assessment. This has seen the

backing of industry e.g. Daimler, VW, etc.. It is somewhat concerning that a future IoT DPIA should in

some way be limited to personal data.

Section 2 - Security

How do guidelines or standards ensure anything? They can contribute either through being available

on a voluntary basis or mandated, but how does either ensure data confidentiality, integrity or

availability? There are data breaches through human error or security attacks which are reported

almost daily in the Press, yet seldom is it mentioned that this as because technical standards have

not been complied to e.g. LinkedIn, Sony, Nortel, Tomtom, etc...

Standards and guidelines are not a replacement for International Law which makes it explicitly clear

the responsibilities and defines the limits.

RFID in Europe would agree with this question. In fact the guidelines could extend to policy,

implementation and, other aspects as well.


of 26 10/07/2012

RFID in Europe would recommend guidelines as a minimum. Depending upon the IoT application

there may be a justified requirement for other additional measures to ensure compliance and enable

enforcement.

It is not clear what is meant by “reliable data”. Is data reliable if it is available when we need it? Is it

reliable when it is accurate? Or do we mean reliable as a measure of quality as mentioned in

“Demings 14 points”? Should there be a question related to the broader topic of IoT data quality?

It is suggested that the question really needs to define different categories of data and specific

requirements regarding privacy or security. And even in some cases, there is a need to provide the

data source identity for authentication before allowing access to functionality which has implications

for human safety. In effect it is suggested that generic IoT policy principles may be too distanced

from the application specific challenges to be of assured and sufficient influence.

It is practically impossible to answer this question because the terms are not clear. How will

guidelines on safety and security requirements compromise economic viability? What evidence is

there that guidelines have ever compromised economic viability? Further will ignoring safety and

security assist economic viability of any IoT application in either the short term or long term? Is the

risk of IoT directly or indirectly bringing harm to employees, the general public, etc. worthwhile

taking from an economic perspective?


of 26 10/07/2012

Section 3 – Security of Critical IoT Support Infrastructure

It is known to a number of RFID in Europe members that the EC funded IoT-A research project is

defining a reference architecture for IoT. It is however not well known what criteria nor options have

been considered in defining the reference architecture and “reference design principles”. It is fully

expected that IoT-A will determine accessibility to the ‘live’ or ‘active’ IoT application environments

but it is not expected that the influence of reference IoT architecture will extend to virtual objects

whose information is likely to be found replicated across the Web environment.

RFID in Europe members have requested more information and examples to be able to respond

confidently to this question.

It is unclear why the public sector is solely considered crucial to defining security aspects of IoT

future architecture. RFID in Europe believes that the public sector is potentially an important

stakeholder but it is necessary to make mention of all stakeholders. Multiple critical sectors need to

be taken into account such as for example: Defence: Banking: Aviation: Automotive: etc..

The suggestion that policy makers should be asked to provide guidance on security-by-design and

applicable security technologies is concerning. Policy makers are after all expected to make policies

and to expand their scope of responsibilities lacks any form of justification. RFID in Europe suggests

that practical guidance is best developed by all stakeholders and policies should reflect the need for

such a stakeholder engagement in such transparent processes.

Section 4 – Ethics (Group 1)


of 26 10/07/2012

It is imaginable that some future IoT applications will and some will not pose threats to the

protection of an individual’s identity. Also likely is that the authentication of an individual’s identity

will change and increasingly number of multiple identities many of them existing only in the virtual

sense and within the Internet domain. IoT may well pose a threat to one or more identities and it is

possible data from some IoT applications and other sources could be used to create falsify identities.

RFID in Europe would suggest that IoT applications are categorized and all threats including those to

an individual’s identity could be addressed through appropriate measures.

As with the preceding question the influence of IoT applications on our perception of identity and

definition of personal identity will much depend on the nature, purpose and type of IoT application.

RFID in Europe recommends that IoT applications are categorized where the list of anticipated effects

can be attributed to each IoT application category.

Everything in this question hinges upon the “in so far as possible” statement and the nature and

purpose of the IoT application. RFID in Europe would prefer that consent requirements were

considered based upon a number of criteria and suggests that flexibility is built-into IoT applications

allowing provision for a changing environment and user requirements.

The response to this question must state specific examples. IoT applications which draw certain

forms of public domain data from other sources than directly from IoT devices to fulfil the IoT

application objectives may arguably not need explicit consent. It is not clear what challenges not

having explicit consent may create for IoT application autonomy. What are the IoT application

specific challenges of requesting consent, which IoT applications are likely to be impacted and to

what degree? RFID in Europe would recommend that this area is the subject of one or more targeted

studies to make the position clearer.


of 26 10/07/2012

Future IoT applications may realistically have an impact upon our choices and autonomy, influencing

to some degree or other a broad range of aspects of what we do and think. Some aspects of these

changes may be positive for society and others not. Some may be blatantly clear and others go

unnoticed. RFID in Europe would recommend that IoT operator responsibilities and duties of care are

made explicitly clear and that these should refer to wellbeing, safety and all aspects of fundamental

human rights.

The responsibility upon IoT application operators (including organizations operating applications

using IoT application generated data) need to take into consideration and account for the different

capacities, constraints, needs and expectations of individuals. Such a process should be documented,

reviewed periodically and some form of summary publically available. There may be some IoT

application exceptions where there are no links to individuals or where it replaces another accepted

long established non-IoT application.

The quantity of data generated by IoT applications may exceed what is reasonable to monitor or

control. There is also device to device communication which may feature in some IoT applications

not to mention data upon virtual “things”. RFID in Europe considers that effective Governance of IoT

will be challenged by a number of factors of which the quantity of data is only one element.

Section 4: Ethics – Group 2


of 26 10/07/2012

It is not clear by who or how sufficiency will be judged. Prior to proposing an “IoT ethical charter” it is

recommended that there is some basis for belief in an effective working global Governance model,

without which any such charter is unlikely to be followed.

RFID in Europe would wish to contribute to this process but only after there is some assurance of an

effective working global Governance model coming into existence.

RFID in Europe would wish to contribute to this process when there is some assurance of an effective

working global Governance model coming into existence.

Section 5 - Open Object Identifiers and Interoperability

Business scenarios already dictate a common identifier of one sort or another where these are

needed. One universal identifier for all IoT devices would be hopelessly inefficient and unworkable.

Those who see no interest or need for a universal device identifier are unlikely to respect the need

for such a “monster”. Many IoT devices will be fleetingly and infrequently connected and this creates

huge challenges to any notion of a universal identifier.


of 26 10/07/2012

Unfortunately the lack of any dimension, even forecast metrics from anticipated future IoT

applications means this question is difficult to answer. The question alludes to a single service

provider needing access to multiple IoT platforms outside their immediate ownership or authority

where standards and or probably a standard device identifier could assist them. This tries to build a

picture that service providers or operators will have direct access to all devices, which is highly

unlikely and if not a significant concern. When you accept a letter at home or work it arrives in a mail

box or reception. The Post person does not enter your home or work place to give the letter to you.

There will in the most applications be enterprise data exchange interfaces. Routes to edge devices do

not need to be, or should not be universally transparent and accessible.

RFID in Europe would question the justification and need for an IoT identifier policy. It is not clear

that there are only two options as the questions suggests. For example would reference to “business

models” include government and other non-business IoT applications and users? Note should be

taken that monolithic approaches risk bringing greater security and privacy challenges, undermining

confidence, impeding performance and adding cost. Structured diversification allowing for legacy and

new emerging approaches, allowing degrees of market freedom may provide the most credible way

of allowing early adoption while simultaneously promoting growth and the necessary evolution to

ensure sustainability.


of 26 10/07/2012

RFID in Europe considers that the question does not adequately reflect a choice related to the ‘real’

world. Phone numbers are addresses and not identifiers, although they can be used as an

identification authentication attribute. The notion that identifiers ‘open’ or ‘closed’ preserve

competition is not substantiated. It is understood that the SIM card is considered by some (such as

the OECD) to be a form of competition barrier. However just as with the SIM card example removal

of such a barrier is considered to have little effect as there is a wide choice of other barriers to

replace it. The fundamental issue or root cause is not in most cases the technology but the

motivation for how the technology is used. RFID in Europe would prefer that the motivational root

cause is the focus of study and further consideration to avoid if at all possible a long chain of

initiatives focused upon technical issues.

What is meant by openly accessible, and freely and readily available? Openly available could be a

potential security flaw, allowing opportunities for open discovery, impersonation (real or virtual),

DNS and loss of control.

Does “openness” refer to the possibility of accessing to an Object (and their services) by other entities that have the required security access level?

The direct relation between: “universal openness” and competition is not clear. Some domains will

require “closed solutions” to facilitate security. Should Openness and Security be facing each other?

This is a loaded question which as a result is impossible to answer without accepting that open

identifiers are need for IoT interoperability. As it is not clear what is being referred to by “open

identifiers” it is a challenge to highlight that indeed there are other essential aspects to IoT

interoperability. RFID in Europe would request greater stakeholder input around IoT interoperability

dropping the inference that open identifiers are a prerequisite.

Uniqueness is more often than not a flawed concept and, especially when associated with identifiers.

If IoT is built upon unique identifiers (or worse one unique identifier) it will struggle and may

eventually fail, there is nothing more certain. Identifier allocation processes in no way guarantee

uniqueness. The most robust serialized identifier open environments providing the greatest degree

of uniqueness requires a diligent policing service which monitors demand, use and resolves conflicts.

Nevertheless IoT applications should not in any way rely upon unique identifiers. Such applications


of 26 10/07/2012

will through necessity quickly revert to Intranet or proprietary network solutions in order to establish

control and protections from duplicate identifiers or, cease to function.

Section 6 – Governance – part 1

Responding to this question is frustrated by offering “one” or “multiplicity” within the same

sentence. RFID in Europe would encourage greater research and broad stakeholder engagement in

identifying the merits and challenges to each approach, supporting an eventual decision if it is

necessary.

Again it is necessary to question firstly whether any IoT Governance model can truly be effective. If

there is some realistic chance of an effective IoT Governance then the question may turn toward

what influence can Governance have and over which technical and non-technical aspects of IoT

hardware? RFID in Europe would encourage further consideration of IoT Governance, a process to

which it would be delighted to be invited to participate.

It is unclear as to how environmental disruption and IoT Governance could be linked. Examples to

illustrate the measures a future IoT Governance could effectively make a contribution and to

identifying the potential threats and impacts would be helpful if not essential to being able to answer

this question.

Again it is necessary to question firstly whether any IoT Governance model can truly be effective. If

there is some realistic chance of an effective IoT Governance then the question may turn toward

what influence can Governance have and over which technical and non-technical aspects of IoT


of 26 10/07/2012

device deployment? RFID in Europe would encourage further consideration of IoT Governance, a

process to which it would be delighted to be invited to participate.

The statement may be partly true. What is important is perhaps to ask if they are covered adequately

for IoT applications? As stated earlier the Internet and IoT represent overlapping but also significantly

different elements which cannot be governed in entirely the same ways.

Section 6 – Governance – part 2

RFID in Europe agree that multi-stakeholder participation is required to ensure IoT success, this

equally applies to any future IoT Governance.

Firstly it is important to understand what the existing multi-stakeholder platforms are willing to

embark upon and whether they are singularly and collectively sufficiently able to meet the

requirements for IoT Governance. If these organizations are unwilling and/or unable then the

reasons for their positions should be referenced in assessing the risks of any alternative approaches.

Approaches need to match a number of criteria. The criteria may include the anticipated

effectiveness of the future IoT Governance, the type of threats, the degree of risk, the IoT application

types/catagories, the nature of the evolution of IoT development and deployment, etc.. RFID in


of 26 10/07/2012

Europe encourages some form of study and further dialogue in determining the initial approach.

Such actions should be repeated at suitable intervals into the future to make sure the approach

remains aligned with the requirements.













Section 7 – standards for meeting policy objectives

Global standards need only be developed where there is an identified need. There is already a wealth

of globally available standards and guidelines some of which have been implemented that could

serve the implementation of future IoT policy direction. New standards should be initiated with

caution as they may introduce additional complexity and possible create premature obsolescence of

some existing of IoT or IoT-‘like’ applications.


of 26 10/07/2012

IoT Governance may get involved in determining “a reference architecture for IoT standards” but

prior to that it would be recommended to address and clarify why a reference architecture for IoT

standards would be necessary? A reference architecture for IoT standards would seem to infer that

there would be a role to ensure standard organization harmonization of initiatives which would be

attribute to the IoT Governance organization(s). The question begs why does IoT need such an

architecture for standards when there are already established mechanisms to ensure such

harmonization e.g. “standstill” between ESOs.

RFID in Europe supports the notion that existing standardisation frameworks must be considered

when addressing needs for future IoT standards.


of 26 10/07/2012

APPENDIX A) – Internet/Intranet While Intranet will provide some potential advantages wider societal benefits and applications will

be possible by using the Internet platform.

1. How will policy objectives raised by the IoT Consultation with regards to privacy, security,

governance, etc. be reinforced by the Internet domain?

2. How will IoT deleted records in the IoT domain be also removed from the wider Internet,

given the challenges today for deletion of records on the Internet? If the Internet records

cannot be deleted with some success what will be the results on public trust and confidence

in IoT? What will be the value of efforts to provide such functions in the IoT environment?

3. If IoT devices and domain have optional or mandated security measures, some of which will

be essential for critical or sensitive IoT applications how will this be matched by Internet

security measures? How will all the security elements of an IoT application be visible, be

monitored and appropriate security measures invoked across the Internet

A challenge insufficiently represented within the IoT Consultation is the problem of IoT resilience, and the rapidly increasing reliance of societies around the world on the Internet not just for entertainment but for basic life support. It is hoped that governments are paying attention to the protection on nodes and links (especially the undersea ones which seem particularly vulnerable) but are they ensuring that the way companies set up their internet applications are not introducing systematic risk? This is not as so much of a concern for the Internet itself, but from the response of the field items in an M2M system. A lot of the issues of buffering, sub-optimising were worked out in the 1950's when systems theory started to develop , but RFID in Europe member experience suggests that this knowledge has been discarded. The problems which RBS/NatWest have had during June/July 2012 is a warning, as is the effect of the tanker drivers going on strike in the UK. They showed how fragile our society is because people have been stripping out buffers as being wasteful, but in fact they are needed if you want 99.9% reliability. So when it comes to governance it is reasonable to suggest that there is a need for National security agencies to be constantly stress testing critical IoT applications to make sure that systematic risk does not build up over time. The lessons learnt should be incorporated into academic or practical training for IT, or some similar or equivalent means of dissemination.


of 26 10/07/2012

APPENDIX B) – IoT Applications Smart Cities, environmental monitoring, disaster warning, perimeter security, utilities resource

(energy, water, etc.) management, intelligent transport, patient prescription instruction adherence,

clinical trials, assisted living, tracking of Alzheimer’s patient and probation criminal location tracking,

smart energy/grid, etc.. The breadth of potential IoT applications is vast.

1. Should all applications be treated the same?

2. What about IoT related technologies which do not use the Internet, should they also have

the same governance structures, guidelines and ethical standards applied? How will the

public be able to differentiate an IoT application from one that uses IoT resembling devices

but does not use the Internet? Where is the divide? And how will the public be able to

recognize it?

3. The RFID Recommendation placed emphasis upon public notification. Should the IoT

Consultation not be asking what role has public information campaigns, including

notification? If a European citizen is asked “Opt-in to IoT?” How would they know what IoT is

and which IoT and what potential impact upon them has opting-in or out?

4. The World is suffering an economic crisis which economists often explain as being due to a

number of factors including: Lack of global regulation of financial markets: Machine-2-

machine networked financial transactions based on predefined decision rules: A lack of

transparency ( (Castells, 2010) . Is IoT at risk of potentially creating the same chaos with

everything that is not financial instruments?

To produce a stable IoT we need less complexity but more diversity. Basically systems with diverse characteristics tend to be more stable than those with less diverse systems because you don't get the

'swings and roundabouts’ affect. Also there needs to be a clear understanding of the role of sub-optimisation in creating stability, which

is also a proxy for achieving maximum throughputs. If you try to run a system flat-out you often find

it becomes unstable, and you may get better throughput if you operate at 85% of theoretical capacity because the system stabilises. Sub-optimization means diligently setting the design targets to achieve

higher performance than is needed to ensure that the combination or elements can deliver upon the IoT application requirements.


of 26 10/07/2012

APPENDIX C) Terminology and Definitions: It is important to the generation of a collective position that the contributors to the development

have a shared understanding of what are the meanings of the most common and central terms to the

IoT Consultation. Absolute alignment to one view is not the objective as the emotive topics

addressed by the IoT Consultation are likely to highlight differing expectations.

What? Comment Additional Info.

Privacy Protection from intrusions into how we think.

(Personal) Data which is not misused.

Defence of our own territory, but this is difficult to address.

Privacy is the area of an individual's personal life that takes place in

a reserved space and should be kept confidential.

Maintain the anonymity of an individual during the collecting, storing and processing of personal data. Knowing who owns our personal data. Privacy in the digital world should be considered in the same way as privacy in the real world. In this sense we must consider “Contextual Privacy”: The permission to access personal data depends on the origin of the request, i.e. an object from the Government can request personal data that should be considered as private information but should be given, but probably that information should not be given to an object from a commercial site. How can privacy be warranted when relating anonymous data from different sources the identity or other personal details of an individual could be inferred?

First of all it is necessary to differentiate what privacy is and what to

guarantee the privacy means.

The privacy

Many definition of privacy exist. According to the most classic

definition of the Warren and Brandeis7, privacy is: the right to enjoy

life, - the right to be let alone; the right to the exercise of liberty Secures

Extensive civil privileges, and the term "property" has grown to comprise

every form of possession - intangible, as well as tangible. According to the

famous American linguist Noam Chomsky the concept of privacy “is

not a static concept but a dynamic concept that refers to changing the

barrier between what is public and what is private, and then tells us that

privacy is an interaction information between the rights of different parts

which then collide”. Moving the context in the IoT scenario is it

possible to mention the Cardoso “pragmatic definition” of privacy8:

7 Warren and Brandeis, “The Right to Privacy”, Harvard Law Review, Vol. IV December 15, 1890

http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html

8 Cardoso, R. S. (2007). Architecting Pervasive Computing Systems for Privacy : A Survey, 0-3.

http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html


of 26 10/07/2012


privacy is control over information disclosure, and then: a privacy-aware

system allows for conscious disclosure decisions. A privacy invasion occurs

when information regarding an entity is disclosed without its explicit

consent.

Among all these definitions a more general one seems should be:

“The right to choose which/how/when all the information belonging to

people, group or entity should be shared with other people, group or entity”.

This definition covers all the social aspect of the privacy concept: we

could start, for example, from the right to close the window of your

home to the right of an exclusive access to our Facebook account.

The definition doesn’t care about the reason of the need to

distribute or not those information, because this reason is private

too, paradoxically, this motivation may not exist.

In the field of informatics (ICT/IoT) the concept of privacy is

commonly associated with the protection of data: data may contain

personal information and, for some reason, people/group/entity

might want to hide them.

To ensure the privacy

Ensure privacy means to avoid the unauthorized access to personal

information and to take countermeasures in case of violation. So

guarantee the privacy means provides instruments and regulations.

In the field of informatics (ICT/IoT) to guarantee the privacy means provide adequate protection in relation to instrument used and potential risks. E.g., users should have the possibility to choose how/when/which their personal information should be exposed through adequate and easy to be used instruments.

Ability to decide to reveal personal details; individual choice.

Many descriptions.

Sociological effects. Privacy vs. convenience. Where there are benefits which outweigh risks of/or harm then privacy does not exist.

Privacy is the last consideration of consumers.

Privacy is the right to be left alone, either individually or as a group.

Privacy and data protection overlap but are very different.

The privacy choice of anyone acting alone or collectively should not undermine the rights to privacy of others.

Must align with Data Protection revisions under development now. All IoT users must comply, without exception in normal circumstances e.g. not at war, no public threat, etc..

What is the role of IoT Governance?


of 26 10/07/2012


IoT Governance

Association to ensure things do not go astray nor get out of control.

Avoid multiple owners who may compromise access and interoperability.

Defines someone who is responsible.

IoT Governance could be similar to Internet Governance. In this sense IoT Governance would include the development and application of shared principles, norms, rules, decision-making procedures, and programs that shape the evolution and use of the Internet of Things.

Ideally an IoT Governance should drive and promote the development and adoption of IoT standards. IoT Governance may be a commercial or public body and will probably work as the Internet authority actually do. An IoT Governance, working toward establishment and maintenance of an overall worldwide compliance, should orchestrate the standardization process. The standardization is the key for the future IoT full exploitation.

No comment!

An IoT Governance body is needed but which one?

Internet Governance bodies exist. What will an IoT Governance organization do more, or better? How would such a body collaborate with established Internet Governance organizations?

Internet Governance organizations were established long after the Internet. Is this the right time for IoT Governance? Should early adoption not come first to ensure market input from users?

Where should such a Governance body be based? Beijing or Seoul would be my best guess given their established commitment to IoT applications and technologies.

Security Measures to reduce the risk from intentional acts to do something “bad” through or with IoT. An examples being to harm someone or a group. Anything which is intentional and unlawful.

May include grey areas e.g. an intruder entering a property where the door has been left open either deliberately or accidentally.

Each object must be secure from design in terms of not responding to intruders and of having a predictable behaviour independently of normal or failure mode. The combination of several objects to perform a certain tasks or set of tasks must also be secure and predictable. In case of a failure in security who is responsible for it? Safety should also be considered.

Each object must be secure from design in terms of not responding to intruders and of having a predictable behaviour independently of normal or failure mode.

The security aims to guarantee procedures and instruments to protect illegal or offensive usage of private information. In the modern ICT environment it is impossible to totally guarantee this protection, for this reason is it necessary to understand that many


of 26 10/07/2012


security level exist, depending on complexity of both protected data and security instrument used. Furthermore, speaking about the IoT, people needs to acquire the idea of “enough secure to be used”, like today almost all people do with email, credit cards, mobile phone (accepting these services as sufficiently non-hazardous). Once made these premises, is it possible to say that a security feature effectively provides a certain protection level, but also provides an emotional feeling of confidence in the use or not of a technology.

Related to Governance. Identifying trusted parties.

Providing data sharing protection.

Secure data, processes, communication. Ability to increase the barriers to reduce the potential for unauthorized access. Providing data sharing protection.

Security sometimes translates to a word in some European languages which includes safety aspects.

We should consider that privacy & security by design extends to application effects of failure modes e.g. a sensor malfunction, simulation of virus attack upon the IoT control system, etc.

Must allow for the protection of data by users, application hosts, communications providers and national authorities and Government bodies (law/defence).

Must allow for changing risk environment and for different application requirements.

EC IoT Consultation – RFID in Europe Collective Response Consultation - final... · RFID in...

Documents

Transcript of EC IoT Consultation – RFID in Europe Collective Response Consultation - final... · RFID in...