Considerations for ethical standards in IoT

I stumbled upon an article today from a lawyer about the amount of data that Smart TVs are collecting and the consequences it may have on privacy rights. The article (link at the bottom of the post) is from Michael Price who works on a program “which seeks to ensure that our government respects human rights and fundamental freedoms in conducting the fight against terrorism” according to their own word. It points out the staggering amount of data the TV tracks. This includes your conversations, even though you may not be watching TV, face recognition, browsing behaviors, etc, etc.. He raises good points. What is the right balance between needed data to provide better service and privacy? How should we behave in the new world “monitored” world of IoT? How ethical do we want to be?

Let’s start off by saying that I am a big supporter of relevant and targeted advertising. People complain sometimes that google tracks everything to serve you ads and all. But honestly, I don’t mind. The more relevant the better. If the ads presented drive me to better choices, better buys, or an overall better experience I’m all for it. That also means that too many ads is not good. Relevance is temporal and visual as well. I’m a believer that companies using your behavioral informations, searches, history, and any other information well,  will win versus those that go rogue.

That said, I also believe that as we collectively build IoT solutions, we need to act responsibly and with high ethical standards. Responsibly because we have to realize that by adding sensors everywhere and tracking everything we are opening the door to potential hacks, security intrusions and breach in our users privacy. The law cannot do it all for us, it is our own standards and ethic that will transform the world.

When we build products in the IoT space we should always keep in mind certain guidelines:

transparencyTransparency to the users: Having a 40 pages ToS all written in legal terms is not being transparent. It’s needed to have it, but do provide a quick summary or an overview of what you are tracking and why. Example: “We do analyze what movies you are watching in order to make better recommendation of other movies you may like,. This analysis is done by complex algorithms and models, not humans. We don’t spy on what you watch!”. Of course, not everything needs to be in those summaries, but the big ticket items.

log-dataAbility to turn off individual tracking: In the article, Michael describe how you can turn the tracking features but you loose all smart features of the TV. This is not being respectful of your users. You need to allow users to turn off tracking features as granularly as possible without falling into excess. The best way to do this is to let the user know the consequences of turning each one off. Example: “You can turn off the analysis of the movies you watch, but then the recommended movies list will be based on other people’s taste and will not be relevant to you.”

broken-linksGive the ability to delete past identifiable tracking data: When you go in your favorite browser, you have the ability to erase cookies and cache data from the browser. That doesn’t remove all the data google has on you on their server but the principle is the same. Users should have the ability (should I say the right?) to ask you to remove their data. The counter argument I have heard about that is that sometime logs are aggregated, anonymized, etc. and it may not be practical to allow this. I would says that what matters is the ability to delete the link between an individual user (or household) and the data that is important. Deleting the data could be deleting any data that allows this links to happen. This way, the user’s privacy is respected but the value to the company in terms of big data analytics and ability to improve their overall business is also preserved.

Secure DataDouble down on security: Yes, you can be the most ethical business on earth and be very proud of how you handle the privacy of your users, etc.. but you can be hacked, and your users’ data may be exposed. Take security seriously. Very seriously. Do it for your users, not only for yourself.

Ethics2-150x150Make it part of your company culture: Ethics in IoT should be part of the company culture. Nurture it, make it a value for your employee, talk about it. It will pay in the long run. Trust should be your #1 value.

I would like to propose a pledge that companies could make that will say that they follow those guidelines. I hope I am not the only one to make it, IoT should be for a better world, not Robocop..

As promised here is the article I stumbled upon: http://www.brennancenter.org/analysis/im-terrified-my-new-tv-why-im-scared-turn-thing

The Silo Challenge With The Internet Of Things (IoT)

An endless stream of new smart and connected things hit the market every day and a big challenge becomes more and more obvious: silos are forming where things should in fact be connected.

Take a smart home: Nest of Lyric thermostat. Smart CO2 and smoke detectors (maybe from Nest too), smart locks from lockitron, smart fridge from Samsung, smart lights from SmartThings, a scale from Withings, smart TV, and on and on.. not including your fitbit, your smart watch, your phones and tablets, your Sonos. They all talk to some server on the Internet. They are all part of the Internet of Things (or at least the premises of it) but talk about connectivity: They can’t even talk to each other!

What if you smart window shades could close when the thermostat says it’s too hot in the house? what if the fridge could tell you a little reminder to not snack when your scale is a bit high (arrg.. I shouldn’t have taken that extra cheese)? What if all locks or even doors could open when a high level of CO2 is detected to ventilate? What if your Sonos could sound an alarm when a fire is detected?

From a user experience, you shouldn’t have to open 15 differents apps to access your information, you should be able to have a view of your home, a view of your health, composed of every elements and piece of data from all the devices you have or interact with.

Silos are the doom of IoT. If they don’t come down, the dream will not be fulfilled.

This is exactly what the AllSeen alliance is trying to solve and I believe it is one of the most interesting challenge in IoT today. We could break it down into a few pieces:

Device discovery standards: Enable devices to be discovered, broadcast their capabilities and interact with other in standard ways. Obviously taking into account all the security and privacy concerns that go along with those scenarios. In this world, a device could say I have an On/Off status, I have a temperature, I have an alarm with 10 levels of importance, and other parameters. It wouldn’t matter what the device is, those could apply to hundreds of different devices.

Protocol translation: I don’t believe we will have 1 protocol to rule them all. You will have devices speaking MQTT, some XMPP, some CoAP, some DDS, some proprietary protocols. Inside those the data format may even be different. Translating those protocol to something standard either through JSON, XML or RESTFul APIs is going to be key.

Thing beyond the devices: Not only devices will need to talk to each other but applications as well. Getting the weather, talking to my bank, looking at my Strava bike rides, getting my medical information from my doctor. The source of data is not only devices but everything you interact with.

big-data

I feel that the data silo challenge is fascinating but has the most fantastic outcome you can imagine: Personalization to the individual level. When systems will be able to make sense of all that data, when system will start to correlate the data using machine learning models in order to find patterns or find similar people, when you can start to predict. That’s when IoT will have a true meaning in our lives.

Open Source will be critical to the Internet of Things (IoT)

Opensource.svg

I am personally a fan of Open Source. The second company I was running with some good friends back in France in 2006 (www.iniflux.com) was all about it. We were playing with email servers, firewalls, file servers and everything you could think of on Open Source. We even created an appliance that was doing ISP redundancy for less than $1000 that would compete with $15K load balancers that were on the market thanks to Open Source software. Heck, most of the Internet today is run on Open Source. Apache has roughly 50% of all web servers out there, Mysql is all over the place and has 65,000 downloads a day!! Even open standards like HTTP are core to what the Internet is.

Netcraft (link here) published a study showing that Apache and Nginx make for roughly 60% of web servers out there.

But now, with the Internet of Things, it is going to need it more than ever. And here is why:

– The volumes we are talking about are unprecedented and every company out there will have a need to connect some things to other things. With that amount of companies, comes the same amount of specific use cases and needs which can lead to a more optimized customization to fulfill them.

– The diversity of standards (if any) and protocols would require a single vendor to put way too many resources to maintain them all. This is a community’s work. Lots of people need to contribute in order to be able to evolve standards, improve them, adapt them for everyone’s benefit. Cisco is saying 50 Billions devices by 2020, some say more like 20 Billions, but anyway.. it’s huge!

– Respect for privacy, security, control, scale and customization are the major benefits of Open Source and are making this a primary choice for companies. with so many connected device, being 100% sure that things are done securely, and can be fixed quickly when an issue arise is essential.

– Perennity is important.. If you are an industrial company with equipments that have a turnover of 15 or 20 years, you cannot afford to depend on a specific vendor to be there for that long. I work with many startups and they exit after a few years and most often disappear. With Open Source in hand, companies can be certain that they are in control of their destiny and will have something they can count on for years to come.

Of course Open Source has its downside in terms of skill set required and some bundles HW/SW optimization that may not exists, and this is why I am also a big fan of companies like Cloudera who propose support, training, and supporting tools to reduce complexity of management and maintenance of the underlying Open Source stack. Even large companies like HP are leveraging Open Source under their Helion umbrella (HP Helio). I find those models particularly interesting in fact as they combine the best of both worlds.

Here are some resources to look into:

The Eclipse Paho project: http://www.eclipse.org/paho/

A bit on MQTT: http://mqtt.org/

Some message brokers: http://mosquitto.org/  and http://activemq.apache.org/