
We’ve had the vision, we’ve had the quirky demos and there are now all sorts of smart devices emerging on the market ranging from the brilliant innovative down to the baffling “just because you could doesn’t mean you should have” (smart salt cellar – really!?!).
The race to network and connect everything is accelerating – smart cars, fitbits, home heating systems, retail logistics supply chains and an awful lot of these devices process a lot of data about how we live and to some extent control our lives.
Whilst most key area areas of infrastructure and society are generally tightly regulated by government – the “internet of things” is frankly the wild west. Over the last few weeks there have been a number of really interesting articles that indicate that regulation is struggling to catch up with all that vision.
What’s striking is how many organisations are wading in to issue advice, draft plans and it all feels a bit of a panic.
I’ve started collating some of those that I found most interesting (and why), so in no particular order – I recommend spending a coffee break catching up with a few of these:
- On Sunday (6th August 2017) – “Government sets out tougher guidelines to protect smart cars from hackers”. The British government issued new guidelines on Sunday requiring manufacturers of internet-connected vehicles to put in place tougher cyber protections to ensure they are better shielded against hackers. With every tech and automotive company jumping on the ADAS/Autonomous theme this shifts the responsibility a little more towards the manufacturers. The government regulation itself is here and worth perusing if you are involved in smart car technology.
- On 1st August 2017 – Lawmakers in the U.S. Senate today introduced a bill that would set baseline security standards for the government’s purchase and use of a broad range of Internet-connected devices, including computers, routers and security cameras. This is a good link as it links to the draft bill, which is itself an interesting read. The wording hints at the struggles of legislation in this area!
- On 17th July 2017 – The FBI issued a public service announcement “Consumer Notice: Internet-Connected Toys Could Present Privacy and Contact Concerns for Children”. This is interesting as it’s basically a collection of advice for parents on how to safe guard their kids from dodgy connected toys and what bad things could happen. Toys are usually heavily regulated for safety and this information shows the yawning gap in IoT security. It includes advice such as “Research if your toys can receive firmware and/or software updates and security patches”…. I’m not convinced that the majority of those buying such things in Walmart/Argos have a clue what “firmware” even is.
All these recent stories feed into a much bigger one and there are a few particularly insightful reads out there I’ve found particularly fun! I highly recommend:
- COMMISSION STAFF WORKING DOCUMENT Advancing the Internet of Things in Europe Accompanying the document COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS Digitising European Industry Reaping the full benefits of a Digital Single Market. Published back in April 2016 – it lays out the European Commission’s stance on all things smart, connected and IoT, with an emphasis on legislative gaps. The very structure of the document reveals a lot in a way only EU bureaucrats could!
- In Europe and for any company operating in Europe; The introduction of GDPR (General Data Protection Regulation) next year will be huge! HUGE! It shifts the onus for personal data security firmly onto enterprises. A good place to get started is the UK Government GDPR Site. Whilst primarily talked about for protecting “traditional” personal data e.g. your medical records, email addresses in a sales database etc. The implications for IoT and anyone trying to develop/sell a connected device are vast. All those smart home sensors (when you come home), where your car is traveling, that fitbit, alone are personal data and put together almost the keys to your life!
As regulation comes in it will evolve and so many points are so vague today, that I expect we’ll see a flurry of test cases in courts, with many points and future regulation settled by precedent. Already the fines arising from the smart “adult toy” case (this link is safe to click) have had implications for the healthcare industry in particular as the data compromised involved body temperature.
The data the IoT collects around us is mind-blowing and cropping up in the legal system on other fronts; already we’ve seen a guy prosecuted for murdering his wife. It was the fitbit that pointed the finger!
P.S. There are some super commentators out there, making what should be a turgid subject really interesting. At the moment I’m more interested in how the heck this Internet of Things thing is going to be regulated and policed than the things being connected (especially the smart salt cellar 😉). One of my favourite bloggers/tweeters is Jon Baines in the UK, his commentary is super and available, here!