The Internet of Things (IoT) is the collection of internet-connected devices that receive or send information, even without a human directing what they do. The nearly 5 billion already-interconnected things include the Apple Watch, bank ATMs, remote weather stations, traffic cameras, street security cameras, home security systems, baby monitors, parking meters, pipeline flow monitors, factory-floor sensors and agricultural equipment control systems.
IoT connected medical implants, automobiles, kitchen appliances and drones are in the early adoption or trial phase, but they may graduate to widespread deployment and total 50 billion things by 2020. For businesses, the IoT will cut maintenance costs by up to 25%, slash unplanned outages in half and extend the lives of machines by years. McKinsey estimates IoT will have an aggregate economic impact of between $4 and $11 trillion per year, becoming a massive factor in commerce and consumer benefits.
The wide variance in McKinsey’s estimated impact reflects some challenges facing IoT equipment makers, network providers, and the privacy and security arrangements for the community as a whole.
An Internet-like network called Sigfox was built in San Francisco and several European cities. It carries 12-byte packets of data, well suited to the tiny demands of some IoT devices such as FitBits, and far cheaper to operate than routing IoT traffic across 4G wireless networks. While Sigfox is a step in the right direction, it plans for just 9 additional US cities by 2016, so there is a lot of territory left to cover and room for other innovators.
Some IoT devices may operate better using different bandwidth or different latency than is available on either Sigfox or 4G. In turn, network attributes may lead device makers to build extra buffer storage into the devices. We should expect a lot of new adaptation and designs in the next decade and consequently regulators should not impose “network neutrality” industrial policy on the Internet — requiring one size to fit all. An IoT device can require different service levels than a laptop’s browser, or than a Netflix TV binger. Unfortunately, the FCC is confused by that. Internet evolution calls for regulators who have a better sense of economics, technology, and humility.
IoT devices will undoubtedly include sensors in public areas that detect shoppers or automobiles passing by, perhaps even snapping pictures of the faces passing by. When personal identities are derived from those faces or from payment transactions, we will confront the public policy question of what limits to apply to use of that personally identifiable information. Even before IoT, that question has not been satisfactorily answered and the issue demands expedited handling before major investments are made and IoT systems proliferate.
What security standards should be applied to the devices is a separate issue. How robustly hack-proof must they be? After an attack or failure, what protocol should they follow to recover their functionality? Intel and the National Science Foundation gave funding to research “security and privacy-aware cyber-physical systems,” notably for self-driving automobiles, medical devices, and home appliances.
Interoperability is an essential element for IoT devices and software to work successfully, but it can also be the pathway for transmitting attacks. These issues have relevance for the devices’ owner and for others who may be harmed by IoT security failures. While cheapness may be desirable for a quick rollout, damages to third-parties could be an existential threat for the IoT network.