Towards an ethical approach for IoT

Report on Workhop on the Internet of Things during EuroDIG 2015, 5 June 2015

This workshop was made possible by the European Commission, DG CNECT, through its funding of the FP7 project Smart-Action. About 20 people participated. The following people identified themselves explicitly: Roumania Atanassova (Ruvex); Maarten Botterman (GNKS Consult); Chris Buckridge (RIPE NCC); Olivier Crepin-Leblond, Mahmoed Daneshmand (Stevens Institute of Technology); Anriette Esterhuysen (APC); Nastos Evgeniosm(Secretariat General of Information and Communication, Greek Government), Kenneth Fricklas (CableLabs); Laura Hutchinson (Nominet); Karen McCabe (IEEE), Konstantin Petkov (ICB), Megan Richards (European Commission); Fernando Chaves Salamanca (Fraunhofer IOSB); Mirena Taskova (Schoenherr); Ivanic Zoran (CPI Fundacion) and Vania Zvanova (Higher School of Telecommunications and Post, Bulgaria). Individual speakers are not identified in this short report, with the exception of the moderator, Maarten Botterman (GNKS,Smart-Action).

The Internet of Things has become much more visible over last year, being placed on top of the technology hype cycle by Gartner, with the recognition of clear global penetration, and expectation of continued high growth over the years to come.

Maarten Botterman introduced the current thinking (download his presentation as pdf) which is based on:

  1. Recognition of the necessity for development and use of IoT and the data that result from IoT systems;
  2. Recognition that currently the drive for innovation and deployment is mainly market driven, which has led to examples of information that can be related to persons being collected, stored and shared, mostly without consideration of personal privacy protection;
  3. The conclusion that we need to come to an “ethical charter” for moving forward, or at least a clear understanding on how legal, cultural and personal requirements can be addressed by IoT instruments, environments and services;
  4. Asked for feedback and input on this with the objective to come to a best practice paper presenting the argument for ethical IoT and illustrated with examples of real life practice.

With an increasingly “connected” environment many data can be connected to specific individuals, so the time has come to consider what data are needed for applications, what data IoT sensors are using, and how these data are stored and shared.

The plea is to develop a positive way forward in which considerations of data minimization, data anonymisation, transparency on data collection, storage, usage and sharing, accountability of those responsible at the different stages of the life cycle of the data, and choice for individual persons, where possible, are taken into account.

This requires actions by all stakeholders. Industry will need to take its responsibility by adhering to ethical standards regarding use of data, citizens and consumers (and NGO’s) need to explore the balance needs between public interest and personal choice, and governments need to (continue to) protect the public interest – yet in a way that innovation and initiative are not unnecessary hindered (hence requiring monitoring of IoT development and application, and reviewing relevant legislation for their applicability in an increasingly connected environment).

A specific suggestion made for further exploration is to move towards “open data” in IoT environments – and if not all data in specific environments are to be shared, than at least the data structures, meta data, and procedures with regards to storage, how long specific data are kept in a specific format, how anonymization is taking place (if any), and how data are shared with third parties, so people can be aware.

A specific concern is that IoT may set us up to become too dependent on “connected environments”: what if the connection falls away? This issue, as well as the security issue (security aspects such as <1> identification; <2> data access; <3> new endpoints of attack (connected actuators); and <4> possibly harmful and/or illegal actions by autonomous IoT enabled systems, are to be addressed with high priority, too.

Last aspect brought up is that IoT should serve the world, and not just the affluent few. How can we ensure that affordable, effective and ethically sound IoT applications will be available wherever needed, around the world? It was generally agreed that examples of good practice would be important to illustrate good ways forward.

Please feel free to download the introductory presentation here as pdf.