Internet of things

Have you ever used a digital camera that can send photos via wi-fi, or a smart watch that alerts you when you receive a new e-mail or message? How about home appliances – such as voice assistants – that connect to the Internet? Internet-connected devices are part of the ‘Internet of Things’ (IoT).

Due to the rapid growth of the IoT industry, today there is an even wider range of Internet-connected devices, including smart vehicles and fitness clothes that monitor our health, and even more unusual applications such as diaper monitors for children and digital breathalysers.

Rapid growth of IoT

The IoT is a network of physical objects or ‘things’ connected to the Internet through electronics, software, and sensors to exchange data with manufacturers, operators, or other connected devices. The most common sensors are radio frequency identifiers, universal product codes, and electronic product codes. Researchers are continuously exploring new modalities to connect IoT devices, such as light emitting diodes (LEDs). IoT devices use current Internet infrastructure, and not a separate or different Internet.

IoT devices generate enormous amounts of data and create new contexts in which data is used. The IoT has triggered a multitude of new policy issues: from standardisation and technical issues, to security and privacy protection.

Leveraging the opportunities of the IoT

The business sector is leading a number of major IoT initiatives. While companies such as Intel and Cisco continuously develop their portfolios of IoT services, telecom operators have started to deploy IoT-dedicated networks on a large scale to encourage the use of IoT. Moreover, companies from different sectors are working together on initiatives that are aimed at further developing the IoT. Examples include the Open Connectivity Foundation, which is working on achieving interoperability among IoT devices, and the LoRa Alliance, which is making contributions in the field of IoT standardisation.

Governments are also becoming more aware of the opportunities brought by the IoT, and are launching various types of initiatives to take advantage of this potential. In 2016, the EU launched the Horizon Work Programme: Internet of Things Large Scale Pilots, a funding programme aimed at encouraging the take up of the IoT in Europe. In the USA, the Department of Commerce issued a Green Paper on Fostering the Advancement of the Internet of Things. In China, the Chengdu Internet of Things Technology Institute funds research in various IoT-related areas. In 2019, the Brazilian government published a national IoT plan aimed at promoting the development and implementation of IoT in various fields in the country.

IoT, big data, and artificial intelligence

Ongoing developments in the field of automated systems, such as self-driving cars, smart agriculture, and medical robots, highlight the increasingly important interplay between the IoT, artificial intelligence (AI), and big data. AI, a field that is developing extremely fast, acts as the ‘thinking machine’ for IoT devices. These devices, in turn, generate significant amounts of data – sometimes labeled as big data. This data is analysed and used for the verification of the initial AI algorithms and for the identification of new cognitive patterns that could be integrated into new AI algorithms.

One of the most salient examples of this interplay can be found in smart cities: IoT sensors can collect data from transportation systems, water supply networks, and waste management facilities, and after analysis, this data can be used to improve the functioning of these systems.

Big data, AI, and IoT

While this interplay presents enormous business potential, it also brings new challenges in areas such as the labour market, health, education, safety and security, privacy, ethics, and accountability. For example, while AI systems can potentially lead to economic growth, they could also result in significant disruptions to the labour market.

Since AI systems involve computers taking decisions to some extent - replacing certain human processes - there are concerns related to ethics, fairness, justice, transparency, and accountability. The risk of discrimination and bias in decisions made by autonomous technologies is well-illustrated in the debate over Jigsaw’s Conversation AI tool. While it could potentially address problems related to misuse of the Internet public space, the software also raises a major ethical issue: How can machines determine what is and what is not appropriate language?

For an in-depth analysis of AI issues, and related initiatives by governments and the private sector, visit the dedicated space on the observatory.

Data-related issues

Being ‘connected’ to the Internet through so many devices on a daily basis - such as transportation, appliances, city infrastructure, and medical and healthcare devices - gives the term ‘connected’ a much broader meaning.

Every IoT device is able to transfer large amounts of data to both manufacturers and to other devices. Even if the size of a single piece of data can be quite small, the final sum is staggering due to the number of devices, estimated to reach between 20 and 100 billion by 2020. According to the International Data Corporation, the ‘digital universe’ will reach 44 zettabytes (trillion gigabytes) by 2020, and 10% of this amount would come from IoT devices.

Since IoT devices generate massive amounts of data, issues related to privacy and data protection have come to the forefront. Some IoT devices can collect and transmit personal data, raising concerns about how the devices themselves are protected, as well as about how the data they collect is processed and analysed. While information transmitted by an IoT device might not cause privacy issues, when sets of data collected from multiple devices are put together, processed, and analysed, it may lead to sensitive information being disclosed and users de-anonymised.

Consumers are quite aware of the issues. A 2019 study among consumers in Australia, Canada, France, Japan, UK and the USA found that 75% of people are distrustful of the way data is shared. Security concerns are considered serious enough to deter almost a third (28%) of people who do not own smart devices from buying one. This affects the trust consumers have in IoT.

Security-related issues

IoT devices are increasingly used as tools in large-scale cyber-attacks, bringing the security of such devices into sharper focus.

In the midst of ongoing debates regarding the responsibility of the private sector, companies have launched a number of initiatives to strengthen their security measures. For instance, the IoT Cybersecurity Alliance - jointly established by AT&T, IBM, Nokia, Palo Alto Networks, Symantec, and Trustsonic - help customers address IoT cybersecurity challenges, demystify IoT security, and share best practices.

Standard-setting organisations such as the International Standards Organisation (ISO), the European Telecommunications Standards Institute (ETSI), and the US National Institute of Standards and Technology (NIST) are also looking into developing IoT security standards. Even civil society organisations such as Mozilla are making an effort: every year, Mozilla publishes its buyer’s guide of safe Internet-connected products.

Despite such initiatives, there have been calls for government intervention, with security experts arguing that the private sector is not sufficiently motivated to appropriately address IoT security concerns, and that regulations and public policies are needed to cover issues related to security standards, interoperability, and software update requirements.

In recent years, governments did take steps towards regulation. For instance, the UK government published a voluntary code of practice that includes 13 outcome-focused guidelines for manufacturers and developers of IoT devices. At the federal level in the USA, NIST published various guides that deal with different aspects of IoT (such as IoT for small business, IoT for the energy sector, and IoT for organisations). At the state level, two states - Oregon and California - have already legislated IoT security laws that will go into effect in 2020. In Finland, a public-private partnership between the National Cyber Security Centre Finland (NCSC-FI) and a group of private companies - including Cozify Oy, DNA Plc, and Polar Electro Oy - led to the creation of a cybersecurity label for IoT products. Even more measures are expected from governments around the world.