In 1991, a couple of researchers at the University of Cambridge Computer Lab set out to solve the problem of making fruitless quests through the building to a shared coffee pot in the Lab's Trojan Room. Using a video camera, a frame grabbing card, and a Motorola 68000 series-based computer running VME, they created a networked sensor that could show the current state of the pot. First configured as an X-Windows application, the Trojan Coffee Pot server was converted to HTTP in 1993, becoming one of the early stars of the Internet. It was soon joined by other networked sensors, including a number of hot tubs.
Today, millions of devices expose what they see, hear, and otherwise sense to the Internet. And thanks to cheap embedded systems, they don't need an old VME or Windows box to do it. Billions of other devices that defy the usual definition of "computer" are communicating over networks, almost entirely with other machines. These "Internet of Things" (IoT) devices send telemetry to and receive instructions from software both nearby and on far-flung servers. Software and sensors are controlling more of what once was done by humans, often more efficiently, conveniently, and cheaply.
This practice is changing how we interact with the physical world. We talk to our televisions and they listen, thanks to embedded sensors and voice processing chips that can tap into the cloud for corrections. We drive down the road and sensors gather data from our cell phones to measure the flow of traffic. Our cars have mobile apps to unlock them. Health devices send data back to doctors, and wristwatches let us send our pulse to someone else. The digital has become physical.
It has been only eight years since the smartphone emerged, introducing the new age of always-on mobile connectivity, and networked devices now already outnumber the people on the planet. By some estimates, within the next five years, the number of devices connected to the Internet will outnumber the people on the planet by over seven to one—50 billion machines, ranging from networked sensors to industrial robots.
Inexpensive computing power, cheap or free connectivity, and the relative ease with which new software and chips are making connecting will make it possible for governments, companies, and even individuals to collect detailed data from IoT devices and automate them in some way. It will be the things' Internet; we'll just be living in it.
But given the state of IoT today, that might be a bumpy tenancy if certain issues aren't ironed out now. Security, privacy, and reliability concerns are the main barriers to a sudden arrival of some singularity where we all live as happy cogs in an IoT machine world. So how will the human social order take to a world of persistent networked everything?
That is similar to the questions many privacy advocates are asking about IoT. At a Federal Trade Commission workshop on IoT technology in 2013, participants raised concerns about the impact of "direct collection of sensitive personal information..".
Privacy becomes an even bigger issue with wearable devices. As Fjord's Curtis noted, "Wearables are worn publicly to express our sense of fashion and style, but at the same time, they can display extremely personal data. With these new devices, we may find ourselves 'wearing' some of the most personal aspects of ourselves: our conversations, relationships, and even our health. Unlike our smartphones, which we can conceal in the privacy of our pockets, wearables may ironically be the most intimate and public devices yet. When designing for this paradox, it’s important to keep in mind this precarious tipping point between public and personal."
Some of those issues can be addressed through design. Curtis identified Apple as doing a good job of protecting privacy in two design choices: by using the pulse sensor to detect when the watch has been taken off (and requiring a passcode to unlock it) and by having the display turn off when the watch is facing away from the owner.
"All of these devices, they're not just independent widgets," said Raytheon's Daly. "They're all collecting lots and lots of data on what we're doing." Even if the data is on something seemingly benign, like data from a fitness and health monitoring device, there's potential for its misuse. The same data that measures how many steps you've taken each day and how far you've gone could be used to track your activity for divining knowledge about "who you are, where you go, and how you move," Daly noted.
In some cases, that could be a good thing: data from a health tracker could, for example, theoretically let responders to an earthquake know that someone is alive and moving under a collapsed building. But collected over time, the data poses a significant privacy risk. "Personal information could leak, which may not be a concern if it’s just the number of steps walked but could be embarrassing or compromising if it’s personal medical data," Curtis said. And third parties could inadvertently expose that kind of data if there aren't proper controls. "Many people will have no issue with their health data being shared with a doctor," Curtis explained. "But the same people may hesitate before sharing data with an insurance company."
Daly added that the vast amount of data transmitted by IoT devices and stored locally raises the question of how long data collected from their users "should be allowed to live in the world, and how you get rid of it" when that appropriate life is over.
Part of the problem could be addressed by reducing what gets collected in the first place. While not all IoT devices can be equipped like the ones Airbus is installing in its factory, the systems that collect the data could perform pre-processing to gather only the analytically valuable data for storage.
Reducing the data flow might not seem like a major issue for the industrial flavor of IoT since it doesn't touch the broader Internet much. It's more an "Internet of things" in lower case, connecting factory local networks and other industrial systems together over private wide-area networks. That's in part because of security and in part because of the reliability requirements for industrial applications.
"The bar for [Internet] reliability is going to have to go up for industrial IoT," said Kris Alexander, chief strategist at Akamai. "It just has to work. I'm going to have four hours of downtime a year? That won’t cut it." But if companies are going to start including IoT technology in products at any scale, the Internet will have to play a role in order for it to be affordable.
This need for low latency and high speed within the industrial IoT space is driving the adoption of new networking standards. These systems, based existing Ethernet and IP-based networking technology, may soon find their way far beyond the factory floor. Time Sensitive Networking (TSN), a time synchronized networking standard overseen by the Institute of Electrical and Electronics Engineers (IEEE) and the AVnu Alliance, can easily accommodate many IoT applications as we saw in lab tests at GE. In addition to IoT applications in industry, TSN is being looked at for use in automobiles. "There's a strong desire for TSN to be used in the automotive space because companies want to use IP-based controls for automobiles," said Starkloff.
But even in the somewhat friendly confines of the "industrial Internet," bandwidth isn't free. Collecting telemetry data from IoT devices for deep analytics at any sort of scale requires doing a lot of processing at the edge to cut down information to a more manageable and usable form, according to Starkloff. When that telemetry is coming from millions of consumer-grade devices over the Internet, the need to cut down on what is collected becomes just as much about maintaining reliability as protecting privacy.
One route might be a sort of reverse content delivery network, where a provider performs a forward-positioned processing of data with a MapReduce function or other big data processing scheme before passing the data back to the analytics system behind the IoT application. That's something Akamai already does internally, and the company is examining how to turn it into a service for IoT applications. "Today we have REST APIs, which we use to retrieve data for business units," said Alexander. The distributed data collection network at Akamai currently collects 1.2 exabytes of data per year. "We're exploring ways we could have third parties use the system to pull in data," he said.
If data is only being collected for a few thousand devices, Alexander explained, "you'd probably be better off with your own service and Amazon Web Services," but a service like the one Akamai currently uses internally could support data feeds from hundreds of thousands devices. "We're already talking to automotive companies interested in using our network to collect data," he noted.
The same goes the other way: how do you get software updates out to millions of embedded devices on the Internet? Akamai has already done this in the automobile industry, distributing software updates to 40 million vehicles last year, according to Alexander.
There are other emerging technologies that could make IoT connections more reliable, especially for mobile devices. The coming 5G cellular broadband standard is seeking to reduce latency across mobile networks to below a millisecond. The ultimate IoT devices, autonomous vehicles, absolutely need low-latency, reliable data networks in order to operate reliably.
No matter what G the wireless broadband network that connects IoT devices is, it's still an IP-based network. And as security researchers demonstrated when they were able to use Sprint's wireless network to gain access to a Jeep Cherokee's "connected car" systems and then its control network, being on mobile networks doesn't erase the biggest fear concerning IoT: security. It may be the most persistent problem that IoT faces because of the potential effect that an attack on IoT systems could have in the physical world.