In IoT We Trust: Technology, Interoperability, Security, Privacy & Usability in the Hyper-Connected World

I have written this blog at the request of was published by the European Commission:

Technology changes the world at a fast pace. Internet, digital services and cloud computing are and the living proof at a massive scale. Internet of Things technologies accelerates this process even more by hyper-connecting people, organisations and data with billions of objects.

What does the user think of all this? How are customers, users, and other stakeholders in the value chain of these vast and highly complex ecosystems going to understand, trust and use IoT products and services in a durable, trustworthy, productive, civilised and pleasant way in our society?

Trust is always one of the main challenges with any new technology and any change. Regarding IoT, customers and users will need time to adapt and to learn what the benefits are, and how to trade-off usability versus risk to a fair level. The maturity level of adequate trustworthiness will differ per IoT device, service, application and per type of use.

Think of the difference of impact between, for instance, smart wearables in sports, and smart health in hospitals. We all perceive a different trust level, right?. What about smart grids and industry 4.0 connected to critical infrastructure versus smart meters at home? Again, some issues are more important than others. Such as security and safety, or usability and personal data protection. How about smart resident services in a city versus smart augmented-reality city for tourists? Or think of smart autonomous valet parking versus high speed autonomous vehicles on the highway. Who makes the decision of your welfare and life, when a crash is imminent? How do the other vehicles react? And who developed those algorithms? What does M2M mean to you?

For each application in each field you will identify different risk profiles, usability expectations and trust levels. You can even have numerous different trust levels on one single device; just look at your mobile device and think about it. Developing and using multi-purpose devices triggers the necessity to understand the contextuality of trust.

Components of trustworthiness are security, data management, (personal) data protection as well as the way vendors, providers, customers, users and the related community will act and react in real-time. Another prerequisite of building contextual trust is taking care of customers and users with insufficient knowledge. For instance, insufficient knowledge has been established by EuroStat to be the number 1 reason for businesses not to procure paid cloud services. The IoT industry should try to avoid that the same barriers arise in the various maturing IoT markets.

I see this as one of the main roles of Alliance for Internet of Things Innovation (AIOTI). Several initiatives are ongoing in the Working Groups of the AIOTI to deep dive into these issues.

For example, recently, the AIOTI Working Groups 3 (WG3: Standardisation) and 4 (WG4: Policy) joined forces and brain power again in an AIOTI Workshop on Security and Privacy, hosted by ETSI and co-organised by the Commission, NXP and Arthur’s Legal. In this workshop the attendees, including the Commission, ENISA and other public and private sector stakeholders deep-dived into two essential components to build, strengthen and keep trust of citizens, consumers, businesses and other organisations in their connected and hyper-connected day-to-day commercial and private life.

We explored and debated in both plenary as well as expert breakout sessions whether and to what extent a minimum level of basic requirements can be identified and formulated for security and privacy in IoT that can be taken into account while thinking about a certain evidence-based trust label linked to IoT products and services (which Commission's initiative ‘Trusted IoT Label’), while remaining open to innovation and competiveness.

Think about data control, privacy-by-default, privacy-by-design, security in IoT hardware, components, interfaces, communications and applications, and data-centric security.  Quite a few potential minimum requirements have been identified in this quest towards trustworthy IoT. We will report on this shortly.

Later this year, at the Digital Assembly 2016 we will assemble forces and brain power again, then to deep-dive into ePrivacy in IoT, where the above topics and trustworthiness of IoT will be part of the dialogue for sure.

I am convinced that initiatives such as these as well as the numerous other initiatives AIOTI has already started and plans to start the coming period, help build and foster the uptake of an useable, solid, trustworthy and fruitful digital economy and society.

One last thought for now: the best things in life are not things, so let’s aim to combine IoT with the internet of humanity (including digital inclusion) to get to the internet of human prosperity. I am keen, honoured and excited to be able to help out, and hope you will help and support the journey towards a trustworthy hyper-connected world. You are already hyper-connected so better start today!

Let's keep in touch via social media: LinkedIn and Twitter.

I have written this blog at the request of was published by the European Commission:

Balancing Security & Usability

The Tricky Balance between Security & Usability

There is an inherent conflict of interest between the ease of use on the one hand and security on the other.

If one makes use very open and easy, the security will be low. If the security is high, the usability will be low. And let’s not even start on connectivity and interoperability, as those concepts may look mostly impossible.

It is not realistic to expect that one can achieve maximum usability and maximum security at the same time. In basically all ecosystems, whether a product, service, building, city or community, whether physical or virtual/online, there will be a trade-off between security and usability.


Example 1: Drones. It is not hard to hack a drone and watch the video streams it is broadcasting, as those feeds are – by design – meant to be easily accessible. Most feeds are totally open and unencrypted, even many military drones. This, as those drones try to make overhead video available to as many frontline soldiers as possible, also those who may not have all the security protocols available but desperately needs the feeds. It is a classic security-convenience tradeoff, as ever since drones are flying those are hacked by either side. This happened with US drones flying over Iraq, Israeli drones flying over Gaza, and so on.

Example 2: Email/Chat. Having to type in a password, proof you are not a bot by visually deciphering a visual, and then type the code you received on your mobile phone because of two-factor authentication, just to access your email or chat obviously results in higher degree of security but an extremely low degree of usability.

Example 3: Castle Moat: Although it looks quite secure, especially with exposed grounds around the high-walled castle, there are very limited ways to get in, or out. Furthermore, there is a total lack of connectivity between the castle and the surroundings. The same goes for building walls.


Open & User-Friendly Prevails, where possible

Shutting down a community or fully securing a building is not the answer, even though in some cases it may be necessary for a short while to get on one's feet again. Whether in the physical world or digital environment. In any case, the balance between security and usability is dynamic, with the prevailing goal to try to keep it as open and user-friendly as possible. The goal is to maximally minimize the possibility of threat scenarios and maximize the accessibility of usage scenarios. It will be on a case to case and time to time basis, but there are of course good principles to use and nurture.

A usable product, service, building, city and community will be one that minimizes errors, disasters and attacks, while secure products, services, buildings, cities and communities will aim at ensuring that undesirable actions are prevented or mitigated.

Dynamic Balance

This balance may be one of the most relevant and important questions of our times, both in our online and physical communities.

The hyperconnectivity that users are pursuing, demanding and provided with, both in cities and communities anywhere in the world growing fast, and cloud computing and internet of things that truly connect humans, physical objects with global digital infrastructure and services will surely mean that this balance will be even more dynamic and will need to be continuously monitored and managed.

And remember: security + usability = durable user experience and trust.


Get HyperConnected

Welcome to Arthur's Blog!

This is the leading place where the right brain (alpha, creativity, growth) and left brain (beta, structure, control) finally meet. In real life. And real life in the 21st century obviously means the interesting and exciting combination and integration of both the physical and virtual, digital world.

Get HyperConnected too, enlighten yourself for today & the future, challenge yourself & the status quo, and spread the word!