The Internet of Things: Are We Ready for This Challenge?  

The Constitutive General Assembly of the Moroccan Federation of Internet Associations (MFIA) was held on the sidelines of ICANN55 in‪ ‎Marrakesh. The opening session was characterized by a scientific conference under the theme “The Internet of Things: Are we ready for this challenge?”, framed by international and national Internet experts, with the participation of more than 7 national associations concerned by Internet issues and a group of 50 engineers and activists interested in information technology. The debate was moderated by Mr Oussama Hamal Chairman of the Moroccan Federation of Internet Association who organized the event. The expert panel included:
 
  • Mr. Chris Griffiths (USA), Trusted Community Representative ICANN, Member of the Advisory Council Internet Society, Director and GM for New Products and Business Development at ‪#‎Nominet.
  • Mr. Hamza Ben Mehrez (Tunisia), Policy analyst lead at ‪‎IGMENA, Civil society advocate
  • Ms. Maritza Yesenia Aguero Minano (Peru), Lawyer and professor at University of the Pacific, Vice President of the Peruvian Internet Users Association.
  • Ms. Ounsa Roudies (Morocco), Vice president of ‪ISOC Morocco, Professor and researcher at the Mohammadia School of Engineers (‪#‎EMI).
     

Mr. Hamza Ben Mehrez began by mentioning that the general Internet consumer in the Arab world tends to associate his or her fundamental human rights with the offline world, which is becoming more technologically connected than ever before. The “Internet of Things” (IoT) is bringing together a very large number of devices, data, and computing power through the Internet, and it is bringing with it a large set of legal and human rights implications that end-users in the MENA region are not yet aware of.

The Internet at the moment usually has a human element at one or both ends of a communication. In the IoT, however, most communications will have sensors, actuators, databases, or cloud-based computing process at either end. One of the negative implications of the IoT is that the large-scale deployment of sensor networks will generate vast amounts of data, which can be moved via the Internet to be processed using the huge resources of cloud computing.

Mr. Ben Mehrez said we should care about this because the IoT affects everybody. Without careful consideration, end-users in the MENA region risk sacrificing security for convenience, without understanding the tradeoff. The intent for such devices in the future is to autonomously interact with other things. You’ll want to know more about what network communications you’re allowing in your car, home, or office. You need to be informed about the technology so you can take appropriate action if needed.

What impact could the IoT have on privacy? Mr. Ben Mehrez mentioned that there is a need for end-users in the Arab world to be aware of the consequences of introducing the IoT into our families and lives. With this, we allow machine-to-machine interactions on our behalf. That means the IoT world will have knowledge of your private actions.
 
What impact could the IoT have on security? Like privacy, security becomes a big issue. Say you have a cloud-connected wireless speaker. It’s also a device controller that’s the beginning of an IoT ecosystem in your home. The IoT then becomes a central control for all Internet-connected devices lights, switches, and appliances. Who controls the security functionality of your IoT systems?

Mr. Ben Mehrez added that right now, vendors aren’t thinking about security or the relationships between privacy, security, safety, and convenience, because consumers aren’t demanding this. Until vendors put security controls into IoT devices, your security could be compromised. These devices are going to be everywhere, and they have real security implications. In business and in government, the intersection of operations and security is a fundamental challenge. Currently, security and operations are separate, but the two functions are blurring together due to the convergence of millions of connected personal devices.

Mr. Ben Mehrez mentioned that we need “an Internet of humans, not an Internet of things.” This model cannot be fulfilled by a centralized and top-down mechanism for Internet governance; instead it should be determined by a decentralized form of governance that works to achieve greater protections for rights. An intergovernmental mechanism would also be inconsistent with the bottom-up multi-stakeholder approach to policymaking and the open architecture that are essential to an open and secure Internet.

Mr. Chris Griffiths mentioned that the value of using the IoT is a reflection of the current development of Internet technology and its need is fundamental. First, the cost and physical size of sensor technology have dropped such that they can be incorporated into most items. Second, widespread communications infrastructure is in place to allow these distributed components to coordinate. Third, once again, savvy innovators are showing the rest of us the possibilities from the data they collect. With these in place, the smoldering potential of IoT might be ready to catch fire.

He added that the IoT will provide a greater amount and a greater value of data, but questioned whether companies are ready to work with other firms to obtain value from this data. Few organizations are prepared to be hardware and software development companies, but that’s what the Internet of Things will enable. As products are built with embedded sensors, the component mix will increase in complexity. As a result, manufacturing systems and supply chains will become more elaborate. Software embedded in products will need to be updateable when the inevitable shortcomings are found.

If we believe data is valuable, then we need to be ready for people to want to take it from us. The IoT context intensifies the need for security requirements; sensors or software that allows control of the product makes attacks easier. We’ve already seen examples ranging from wind turbines that unauthorized users can control to ship data recorders that can be tampered with to Barbie dolls that allow attackers to overhear conversations. Poisoned data streams might be difficult to discern with the volume of data that IoT devices produce.

Many business processes continue to be “pull” oriented. Information is gathered, then analyzed, then decisions are made. This works when change is slow. But with the IoT transition, data will stream in constantly, defying routine reporting and normal working hours. Flooding data from IoT devices will give opportunities for quick reactions, but only if organizations can develop the capacity needed to take advantage of them. Few mainstream large companies are ready for this, much less small- to medium-sized companies.

Ms. Maritza Yesenia Aguero Minano mentioned that the IoT presents one of the most sweeping changes to business in the past 20 years. The IoT is a fundamental change to business that brings “unprecedented opportunities, along with new risks, to business and society.” The IoT will provide opportunities for operational efficiencies, particularly in making more effective use of equipment, as well as new business models such as those based on “outcomes” for products and services or pay-per-use.

Just as the IoT brings new business opportunities, it raises new legal issues, for example, who is responsible: the developer of navigational software, the car manufacturer that installed the navigational software, the mapmaker whose map potentially was incorrect, or the user? The IoT will also greatly increase the amount and value of data, but the ownership and legal protection for data remains very uncertain. Although some of the new legal issues raised by the IoT will be unique to certain industries, such as privacy in healthcare, a number of legal issues will be important across all IoT industries. They include privacy, cyber security, data use, and software licensing.

Many countries, including those in Latin America, have privacy laws that require prior consent for the collection, use, and sharing of personal information. However, it is not always clear how such consent would be obtained in many IoT situations, from connected cars to wearable devices. In the United States, there is no comprehensive data privacy regime governing the collection and sharing of personal information. However, the Federal Trade Commission has published guidance on the application of privacy principles to IoT. Privacy issues may arise in unexpected ways: In October 2015, a major equipment manufacturer described industrial equipment that will use a camera to identify the individual operator and configure the equipment for that operator. This type of personalization will raise privacy issues in an unexpected environment.

Ms. Ounsa Roudies gave a definition of Internet governance, which is the development and application of shared principles, norms, rules, decision-making procedures, and programs that shape the evolution and use of the internet and how the Internet was and is currently governed, some of the controversies that occurred along the way, and the ongoing debates about how the Internet should or should not be governed in the future.

The Moroccan chapter of the Internet Society is a non-governmental association and is part of the global Internet Society. It aims to be the local arm of ISOC, as well as relaying local concerns to the relevant Internet organizations. Every member of the chapter is also a member of the global Internet Society. MISOC was created in November 1994. The Internet Society is the international organization for global cooperation and coordination for the Internet and its networking technologies and applications. Its members reflect the breadth of the entire Internet community and consist of individuals, corporations, non-profit organizations, and government agencies.

Its principal purpose is to maintain and extend the development and availability of the Internet and its associated technologies and applications – both as an end in itself, and as a means of enabling organizations, professions, and individuals worldwide to more effectively collaborate, cooperate, and innovate in their respective fields and interests. Its specific goals and purposes include: development, maintenance, evolution, and dissemination of standards for the Internet and its networking technologies and applications.

There is a need from the wider Internet community in Morocco to contribute to the evolution of the Internet’s architecture; maintenance of and changes to effective administrative processes necessary for operation of the global Internet and Internets; education and research related to the Internet and networking; harmonization of actions and activities at the international level to facilitate the development and availability of the Internet; and collection and dissemination of information related to the Internet.

The Internet of Things will consist of a growth of Internet-enabled devices, and is about to fundamentally change how enterprises and consumers use Voice over IP (VoIP) telephony. Although VoIP technology is growing in popularity as an alternative to corporate phone systems and serves as the technology foundation for some cable companies’ telephone offerings, the IoT provides new platform opportunities.
 

Conversation summarized by Mr. Hamza Ben Mehrez
Policy Analyst Lead, IGMENA