The US Federal Trade Commission (FTC) snagged the attention of tech news headlines last month when it released a staff report on the agency's thoughts and recommendations regarding the future of the Internet of Things (IoT), and more specifically, the future of regulating the IoT.
The nearly 70-page report, "Internet of Things: Privacy and Security in a Connected World," is largely a summary and analysis of the discussions that took place at an IoT workshop that the FTC hosted on November 19, 2013 (granting some insight into the federal government's slothful nature), as well as several public comments submitted to the FTC since then on issues impacting the notion of IoT regulatory frameworks.
Certainly, as the FTC acknowledged, for all its benefits, IoT presents a panoply of security, privacy and even safety dangers. Hijacking devices for use in a "Botnet of Things." Penetrating "smart" systems to access and infer sensitive data. Even hacking connected "things," such as a medical device or a car, to injure or kill a user. The stakes for the present and future are high, the FTC has duly noted. (See A Killer App.)
When it comes to data privacy, sometimes the business itself is the FTC's bad guy. The FTC's report identifies the danger of companies making inferences about their customers based upon the data that their smart devices gather and create. Sometimes these inferences can result in highly sensitive data even if the original pieces of data collected were not "sensitive" in and of themselves. (Examples like Uber's tracking of and reporting on its customers' one-night stands come to mind.) On top of concerns about customer notice and choice, these inferences mean more sensitive data could fall into the hands of hackers.
Consequently, in addition to new generalized data privacy laws, the FTC is demanding that companies that use IoT engage in "voluntary self-regulatory efforts" to ensure the privacy of their customers' data. More explicitly, the FTC's report urges companies to minimize the customer data they collect (both in terms of amount and sensitivity), de-identify customer data, and store customer data no longer than necessary.
IoT and NFV
The answer to these problems related to IoT may lie in more technology. Consider, particularly, the New IP centerpiece that is network functions virtualization (NFV) and its power to seamlessly automate processes through maximizing efficiency.
NFV allows for vast virtual datacenters -- much more powerful than many "actual" datacenters -- for quickly storing and analyzing even the biggest of big data. With the help of NFV, the IoT enterprise can quickly gather, process and de-identify customer data. It can also extract and store those data bits, analyses, and inferences that are actionable, and immediately discard the rest. On top of that, it can continue to dispose of data rapidly as the remainder gets used and set aside according to preset rules.
In addition to satisfying regulators by helping to keep the enterprise out of a bad FTC situation for holding onto customer data longer than necessary, this model falls in line with the proposals and predictions made by New IP pundits. GE executive Joe Salvo, seeing the enterprise world at the beginning of what he calls "the Systems Age," urges CIOs and tech executives to treat data as an infinite commodity -- that is, to simply "throw it out," and focus on building up the systems necessary to instantly access and process the data. (See Infinite Data & the Systems Age.)
Moreover, heightened industry focus on strong authentication standards for M2M communications will further enhance the security of IoT-originated data and protect customer privacy. Indeed, the FTC report specifically cites proposals from IoT-standards body oneM2M as particularly exemplary of what the FTC is looking for.
These are, of course, but a few basic examples. As New IP innovations further penetrate into the enterprise, so too will innovations for protecting customer data while keeping innovation-stifling regulations at bay. The latter is most important because, as Light Reading's Founder and CEO Steve Saunders pointed out at The New IP event in San Jose last week, government intervention is one of the top risks for the New IP. (See New IP: Bigger, Better.)
— Joe Stanganelli,
Freelance Contributor, special to The New IP