Posts Tagged ‘Internet of Things’

DRM for Things – Managing rights and permissions for IOT

November 24, 2015 Leave a comment

Given the proliferation of interconnected ‘Things’ on the Internet (aka IoT), it was only a matter of time before the pressing need for robust, pervasive governance became imperative. How can we manage the rights and permissions needed to do stuff with and / or by things? The following are some thoughts, based on a previous foray into the topic, and building on my earlier book on the related world of Digital Rights Management (aka DRM).

Does anyone remember DRM – that much maligned tool of real / perceived oppression, (somewhat ineptly deployed by a napsterized music industry)? It has all but disappeared from the spotlight of public opinion as the content industry continues to evolve and embrace the complex digital realities of today. But what has that got to do with the IoT, and what triggered the thought in the first place, you might ask…

Well, I recently had opportunity to chat with friend and mentor, Andy Mulholland (ex global CTO at Capgemini), and as usual, I got a slight headache just trying to get a grip on some of the more esoteric concepts about the future of digital technology. Naturally we touched on the future of IoT, and how some current thinking may be missing the point entirely, for example:

What is the future of IoT?

Contrary to simplistic scenarios, often demonstrated with connected sensors and actuators, IoT ultimately enables the creation and realisation of a true digital services economy. This is based on 3 key aspects of: ‘Things’, ‘Events’ and ‘Connectivity’ which will work together to deliver value via autonomous agents, systems and interactions. The real players, when it comes to IoT, actually belong outside the traditional world of IT. They include organisations in industries such as manufacturing, automotive, logistics etc., and when combined with the novel uses that people conceive for connected things, the traditional IT industry is and will continue to play catch up in this fast evolving and dynamic space.

What are key components of the IoT enabled digital services?

An autonomous or semi-autonomous IoT enabled digital service will include: an event hub (consisting of graph database and complex event processing capability) in the context of ‘fog computing‘ architectures (aka cloud edge computing) – as I said, this is headache territory (read Andy’s latest post if you dare). Together, event handling and fog computing can be used to create and deliver contextually meaningful value / services for end users. The Common Industrial Protocol (CIP) and API engines will also play key roles in the deployment of autonomous services between things and / or people. Finally, businesses looking to compete in this game need to start focusing on identifying / creating / offering such resulting services to their customers.

Why is Graph Database an important piece of the puzzle? 

Graph databases provide a way to store relationships in an unstructured manner, and IoT enabled services will need five separate stores for scaled up IoT environments, as follows:

  1. Device Info – e.g. type, form and function, data (provided/consumed), owner etc.
  2. Customer/Users – e.g. Relationship of device to the user / customer
  3. Location – e.g. Where is device located (also relative to other things / points of reference)
  4. Network – e.g. network type, protocols, bandwidth, transport, data rate, connectivity constraints etc.
  5. Permission – e.g. who can do: what, when, where, how and with whom/what, and under what circumstances (in connection with the above 4 four graphs) – According to Andy, “it is the combination of all five sets of graph details that matter – think of it as a sort of combination lock!”

So how does this relate to the notion of “DRM for Things”? 

Well, it is ultimately all about trust, as observed in another previous post. There must be real trust in: things (components and devices), agents, events, interactions and connections that make up an IoT enabled autonomous service (and its ecosystem). Secondly, the trust model and enforcement mechanisms must themselves be well implemented and trustworthy, or else the whole thing could disintegrate much like the aforementioned music industry attempts at DRM. Also, there are some key similarities in the surrounding contexts of both DRM and IoT:

  • The development and introduction of DRM took place during a period of Internet enabled disruptive change for the content industry (i.e. with file sharing tools such as: Napster, Pirate Bay and Cyberlockers). This bears startling resemblance to the current era of Internet enabled disruptive change, albeit for the IT industry (i.e. via IoT, Blockchain, AI and Social, Mobile, Big Data, Cloud etc.)
  • The power of DRM exists in the ability to control / manage access to content in the wild, i.e. outside of a security perimeter or business boundary. The ‘Things’ in IoT exist as everyday objects, typically with low computing overheads / footprints, which can be even more wide ranging than mere digital content.
  • Central to DRM is the need for irrefutable identity and clear relationships between: device, user (intent), payload (content) and their respective permissions. This is very much similar to autonomous IoT enabled services which must rely on the 5 graphs mentioned previously.

Although I would not propose using current DRM tools to govern autonomous IoT enabled services (that would be akin to using yesterday’s technology to solve the problems of today / tomorrow), however because it requires similar deperimeterised and distributed trust / control models there is scope for a more up-to-date DRM-like mechanism or extension that can deliver this capability. Fortunately, the most likely option may already exist in the form of Blockchain and its applications. As Ahluwalia, IBM’s CTO for Cloud, so eloquently put it: “Blockchain provides a scalable, trustworthy, highly distributed, redundant and peer-to-peer verification process for processing, coordinating device interactions and sharing access to assets in an IoT network.” Enough said.

In light of the above, it is perhaps easier to glimpse how an additional Blockchain component, for irrefutable trust and ID management, might provide equivalent DRM-like governance for IoT, and I see this as a natural evolution of DRM (or whatever you want to call it) for both ‘things’ and content. However, any such development would do well to take on board lessons learnt from the original Content DRM implementations, and to understand that it is not cool to treat people as things.

Governing the Internet of Things.

February 28, 2015 Leave a comment
In light of increasing coverage about the so called “Internet of Things” (IoT), it is not surprising that sovereign governments are paying attention and introducing initiatives to try understand and take advantage of / benefit from the immense promise of the IoT. Despite the hype, it is probably too early to worry about how to govern such a potential game changer, or is it?

According to Gartner’s Hype Cycle for Emerging Technologies, the Internet of Things is hovering at the peak of inflated expectations, with a horizon of some 5 – 10 years before reaching the “plateau of productivity” as an established technology, so still fairly early days as yet, it would seem. However, that is not sufficient reason to avoid discussing governance options and implications for what is arguably the most significant technology development since the dawn of the Internet itself. To this end, I attended a recent keynote seminar on policy and technology priorities for IoT (see agenda here), and below are some of the key points I took away from the event:

1. No trillion IoT devices anytime soon –  According to Ovum’s Chief Analyst the popular vision of ‘a Trillion IoT devices’ will not appear overnight, for the simple reason that it is difficult, and will take some time, to deploy all those devices in all manner of places that they need to be.

2. What data avalanche? – Although a lot of data will be generated by the IoT, it shouldn’t come as a surprise that the proportion of meaningful information will depend on the cost to generate, store and extract useful information from the petabytes of noise – there is a lot of scope for data compression. For example, the vast majority of data from say environment sensing IoT devices will likely be highly repetitive and suitable for optimisation.

3. Regulatory implications – OFCOM, the UK’s Data regulator, identified the four themes as most relevant for the future development of  IoT, i.e.: 1. Data privacy (including authorisation schemes); 2. Network security & resilience (suitable for low end devices); 3. Spectrum (e.g. opening up 700Mhz band and other high / low frequency bands for IoT); and 4. Numbering & Addressing (need to ensure there is enough numbers & addresses in the future for IoT).

4. Standards and interoperability – these remain key to a workable, global Internet of Everything (IoE) particularly because of need for data availability, interoperability (at device and data level), and support for dynamic networks and business models.

5. Legal implications – again the key concern is data privacy. According to Philip James (Law Firm Partner at Sheridans), in describing the chatter between IoT devices: “hyper-connected collection and usage of data is a bit like passive smoking – not everyone is aware of it”.

In context of the above observations, it may be easy to ignore the elephant in the room, i.e. how to manage unintended consequences from something as intangible as the future promise of IoT? What will happen if and when the IoT becomes semi-autonomous and self reliant, or is that science fiction?

Well, I wouldn’t be so sure, because it all boils down to trust: trust between devices; trust in data integrity; and trust in underlying networks and connectivity. However, this is not something the Internet of today can provide easily, therefore some interesting ideas have started percolating around scalable trust and integrity. For example, Gurvinder Ahluwalia (IBM’s CTO for IoT and Cloud Computing) described a scenario using hitherto disruptive and notorious technologies (i.e. Blockchain and BitTorrent, of Bitcoin and Pirate Bay fame respectively), to create a self trusting environment for what he calls “democratic devices”.

The implications are astounding and much closer to the science fiction I mentioned previously. However, it is real enough when you consider that it requires a scalable, trustworthy, distributed system to verify, coordinate, and share access to the ‘Things’ on the IoT, and that key components and prototypes of such a system already exist today. This, in my opinion, is why sovereign governments are sitting up and taking notice, as should all private individuals around the world.

Internet of Things = Internet of Trust

September 18, 2014 Leave a comment
That was one of several key observation from yesterday’s event at the BCS Chartered institute of IT. Others include a warning about Internet of fake Things as well as the critical role that you, the user, must play in order to ensure Things don’t get out of hand, so to speak. Read on to find out more…


The sold out event started with an overview of Cisco’s initiatives and activities around the Internet of Things (IoT), which were vividly described by Sarah Eccleston, (IoT Director at Cisco). Covering everything from cows to ice cream, health monitoring to supermarket supply chain optimisation, she painted a picture of a future with IoT which is already starting to happen right now.
This was followed by a note of caution from Martin Lee, (Cisco threat intelligence), who warned that ungoverned, exponential growth of IoT devices and services could lead, among other things, to an “Internet of Fake Things”. According to him, now is the time to steer IoT development toward a safe and stable direction for the benefit of all.

Antonis Patrikios, (Director at FieldFisher), spoke about the legal aspects of IoT and privacy, as well as the need to ensure that IoT works for the benefit of people. He described IoT as the “Internet of Trust” because that is what will be needed to enhance user experience and address key legal challenges such as user privacy and the fact that “IoT is global, but the law is not”.

Finally, the University College London (UCL) provided a glimpse of real IoT projects developed by UCL post graduate students using Microsoft technology. They described realistic usage scenarios and demonstrated the ability to organise groups of Things, controlled via a “Captain” device, to support multiple uses of the same Things (or groups thereof). E.g. the same Captain device in a hospital room full of Things could service the use cases of multiple stakeholders, including the: doctor, patient, family members, building security and hospital administrators.

In the end, all speakers seemed to agree that the combination of IoT and Big Data will be THE game changer in the next wave of computing. There was a certain buzz in the air, as attendees and speakers discussed the possibilities and challenges posed by IoT. One show of hands survey indicated that attendees thought the Internet of Things was at least as significant as, if not more so than, the advent of the original Internet. It was also felt that user education, (e.g. by the IoT service providers, “Thing makers” and their collaborators), would be key to the success and acceptance of IoT by the general public – people are genuinely concerned about their privacy, personal safety and security.

To conclude, IoT is an exciting yet scary proposition, which is set to fundamentally influence the way we interact with information and the world around us. I hope we can get it right.