Notes on disruptive qualities of IOT re security.

Currently we can discern two main blocks of thought on IoT. The first is a reactive framework of ideas and thought that sees IoT as a layer of digital connectivity on top of existing infrastructure and things. This position sees IoT as a manageable set of convergent developments on infrastructure, services, applications and governance tools. It is assumed that, as in the transition from mainframe to Internet some business will fail and new ones will emerge, this will happen within the current governance, currency end business models. The second is a proactive framework of ideas and thought that sees IoT as a severely disruptive convergence that is unmanageable with current tools, as it will change the notion of what data and what noise is from the supply chain on to sharing mission critical services like energy through social networks. In this draft we will focus on this framework.

proactive qualities of IoT:
1. ontology: entities
2. radical transparency: full traceability (Alex Bassi:) currencies and business model
3. energy: memory used for status checks and updates
4. seamless: flow between the gateways

1. ontology: entities
In the reactive framework we are used to dealing with three groups of actors:
citizens/end users
These all are characterized by certain qualities, ‘1’ for citizens, ‘2’ for industry, and ‘3’ for governance. In our current Models and Architectures we necessarily build from and with these actors an mind.
In the proactive vision the data flow of IoT will engender entities consisting of different qualities taken from the former three groups. There will thus be no more ‘users’ who need to secure ‘privacy’ as the concept of privacy has to be distributed over the qualities of the new actor. So where we are used to setting up models with entities:
E 111 (end users/citizens)
E 222 (industry)
E 333 (governance/government)
In this conceptual space we have build notions of privacy, security, assets, risks and threats; culminating into a model of relational behavior , financial foundations and business models. In IoT these relational situations with and for these new entities:
E 123, 132 etc
E 231, 213 etc
E 312, 321m etc
will be rethought. The actors who will be open to this, will have the advantage.
What kind of a model can be build with these new actors? Or to rephrase the question: What kind of order is imposed by these actors as the most viable and efficient What does privacy look like as privacies and security as securities? What new forms of ‘value’ will be created? Will there be one currency standard derived from the gold standard and scarcity as a driver of material goods? Why should IOT look like our current world?

2. radical transparency: full traceability
IoT favors leasing over buying, as smart objects can be upgraded in functionality and power without replacing the entire object, services will be spread out over different suppliers (think of the battery in the electric car, 40% of the cost of the car), sharing cars, power tools, even housing has become a real quality of the FB generation, and full traceability (term by Alex Bassi) of IoT implies accountability in all transactional moments. These developments are in favor of sharing versus ownership. Points of Sale and Points of Transaction will be eliminated as there is a full coverage of contextual evidence that a person is wearing a shirt or jacket (Bassi). Current notions of security are basically doing legacy of systems that can not discriminate between the contextual dependency an timing dependent factors of what is ‘important’ personal data and when data makes ‘sense’ in a real daily event. As such there is a deep tendency to secure every node and every ‘piece’ of data, on the off chance that is could become a personal identifier. Apart from the fact that in IoT this might bring a lot of sound information on health, opportunities and potential learning moment (after all, the world is a school with proper notions of validation and forms of quality), both these opportunities and the risks are in plain sight.
Full traceability implies that data is shared over several layers and between different providers, as such IoT will further expose inefficiencies in decision making systems, both in the corporate world as in the governmental layers of today: national states, EU and supra national organizations. These inefficiencies will further erode the weak legal and moral claims of these current actors to claim up to 40 and 50 % of individual actors in taxes.

3. energy: memory
Energy efficiency, friendliness and energy harvesting are broadly see n as prerequisites for IoT. Currently – in the legacy – a significant amount of valuable energy is spend for systems to check and re check status and updates on every single potential node in the system, or a large number of super nodes. Is there a better way to use this energy?

4. seamless: between the gateways
We want to ensure a seamless flow between these gateways:
➢ Gateway to the Body Area Network: ambient hearing aide, glasses, t-shirts…
➢ Gateway to the Local Area Network: smart meter/portal
➢ Gateway to the Wide Area Network: car
➢ Gateway to the Very Wide Area Network: smart city services

If we do not act then the security community will ensure a situation of many intranets of things and private networks that will only benefit the ‘bad’ legacy of IP, copyright and patents of the corporate actors and the nation state, military and intelligence actors that by default have to overstate risks and threats as their very way of living is dependent on legacy. We will then have neither an open data backbone that parses realistic threats (580.000 suicides, 420.000 traffic and under 500 terrorism deaths in 10 years in EU) to real individuals who decide where to invest in ‘taxes’ in applications and services to counter these threats with positive measures, nor the functionality of the levels of accountability that can be scripted into the privacies and securities that are qualities of the new entities that will become actors in IoT.