[Read more session reports and live updates from the 13th Internet Governance Forum]
Security and privacy of connected devices is a shared responsibility, so there is a need to ensure that as many stakeholders as possible are part of the discussion while finding the best solutions that are market led.
Moderated by Ms Avri Doria, Principal Researcher, Technicalities, the session focused on a call for commitment and global good practice in Internet of Things (IoT).
To start off the session, Mr Maarten Botterman, Director, Global Networked Knowledge Society (GNKS) Consult BV, noted that technology is not bad, but how it is used may make its consequences good or bad. He added that connected devices are now a necessity, and IoT should be seen as another aspect of the Internet. He called for an IoT environment that can be trusted and ended by saying ‘we create the world of tomorrow with the choices and actions of today’.
Highlighting ISOC's IoT campaign, Mr Frederic Donck, Regional Bureau Director for Europe, Internet Society (ISOC), expressed that he was impressed that the number of connected devices was around 20 billion, which he called dumb and not smart devices, connected to the Internet. He noted that 59% of IoT devices failed to explain to customers how their personal information is collected, used and disclosed. He proposed that there is a need for a set of principles that manufacturers can follow when developing IoT devices.
Mr Eddan Katz, Project Lead on Digital Protocol Networks, World Economic Forum (WEF), talked about the Industrial Internet of Things: Safety and Security Protocol. He added that the cyber-physical environment is different and a decentralised interconnectedness is a key factor. He hoped that the cybersecurity best practices that were developed as part of the protocol would be taken up by the insurance industry.
Mr Taylor Bentley, Policy Advisor for Innovation, Science and Economic Development (ISED) Canada, mentioned that their story goes back to 2016 with the Mirai botnet. He noted that the Canadian government had entered a partnership with ISOC, Canadian Internet Registration Authority (CIRA), a law clinic at the University of Ottawa, and Canadian Network for the Advancement of Research, Industry and Education (CANARIE), to create a Canadian process on enhancing IoT security.
Ms Claudia Selli, European Union Affairs Director, AT&T, mentioned that AT&T is looking to create business solutions and state/local solutions to provide business enterprise users with a global and seamless experience because they are connected to their clients wherever they are. She informed participants that AT&T had 48 million devices connected to the Internet by the third quarter of 2018 and are connecting even more devices, including cars. She noted that governments are struggling with how to tackle privacy and security, which are main challenges of IoT, though there is a new kind of regulation like the recent example in Europe.
Mr Gregory Meunier, Representative, Europol, looked at IoT from a victim and consumer protection perspective. He noted that law enforcement officers around the world are busy with investigating cases of attacks, giving an example of recent assistance to the Dutch and United Kingdom governments to take down a website providing services. Meunier encouraged the promotion of the lifecycle of security, adding that all connected objects should be regularly updated, otherwise they will be obsolete by default.
Ms Melinda Clem, Vice President for Strategy, Afilias, mentioned that Afilias had benefited tremendously from IoT and has categorised it in five buckets: security, interoperability, privacy, trust, and accessibility. She mentioned that the focus at Afilias was to co-operate with civil society and the public sector. Clem mentioned that Internet advances are faster than governments can keep up with. Raising awareness of the existing proven technologies and standards, like the Domain Name System (DNS) and DNS Security Extensions (DNSSEC), can be leveraged.
All the panellists agreed that it is important to have all voices represented in the IoT discussion.
By Sarah Kiden