report: ieee experts in technology and policy (etap)
TRANSCRIPT
Copyright © 2016 IEEE. 2
ContentsContents.............................................................................................................................................2ExecutiveSummary............................................................................................................................3Introduction:IEEEInternetInitiativeandIEEEETAPForumSeries....................................................4WashingtonIEEEETAPForumInvitedSpeakers................................................................................5Keynote—Technology:DesigningPrivacyIntoInternetProtocols.................................................5Keynote—Policy:AchievingaSecureandResilientCyberEcosystem:AWayAhead....................7PanelDiscussion:IEEEEnd-to-EndTrustandSecurityfortheInternetofThingsWorkshop.........8PanelDiscussion:Privacy,Security,andInnovationChallengesinDifferentAspectsofIoT........10
DiscussionsandNextSteps..............................................................................................................13Conclusion........................................................................................................................................16AppendixI:Program.........................................................................................................................17AppendixII:Participants..................................................................................................................21AppendixIII:Rapid-FireBrainstorming............................................................................................23AppendixIV:Top10Issues...............................................................................................................26AppendixV:CombinedIssuesList,Washington/TelAviv/SanJoseIEEEETAPForums....................27
Copyright © 2016 IEEE. 3
ExecutiveSummaryTheIEEEExpertsinTechnologyandPolicy(ETAP)ForumonInternetGovernance,Cybersecurity,andPrivacyinWashington,D.C.,on5February2016wasthethirdinaseriesofregionalmeetingsorganizedbytheIEEEInternetInitiativewiththeintentofcreatingaplatformconnectingtechnologydevelopersandpolicymakersinauniquelymeaningfulway.Morethan50diversestakeholdersfromaroundtheworld—governmentandindustryrepresentatives,legalpractitioners,andacademics—gatheredatTheGeorgeWashingtonUniversityfortheone-dayevent.Inadditiontohearingkeynotepresentationsandpaneldiscussionsonchallengesandopportunitiesintechnologyandpolicy,participantsidentifiednearly40specificconcernsduringarapid-firesessionandthennarrowedtheirfocustofourofthoseissuesformorein-depthbreakoutconversationsaboutpossiblenextstepsineach:
• Datalocalization,• Educationandethics,• End-to-endsecurity/privacybydesignand• Technology-policydevelopmentprocess.
TheforumconcludedwithachallengetocontinuethediscussionsatupcomingETAPForumsscheduledfor4March2016inDelhi,India,and17May2016inBeijing,China.
Copyright © 2016 IEEE. 4
Introduction:IEEEInternetInitiativeandIEEEETAPForumSeriesInternetgrowthhasdeliveredtremendousinnovation,economicgrowth,andsocietalgoodglobally.ItsfuturebenefittohumanityisevenmorepromisingasmoreandmoreInternet-enableddevicesnetworkwitheachother.ThisInternetofThings(IoT)opensexcitingopportunitiesfornewservices,improvedproductivityandefficiency,real-timedecision-making,andinnovativeuserexperiences.Butwithmorenetworkedobjectscapableofsensingandcommunicating,newissuesarearisingintheareasofcybersecurity,privacy,andInternetgovernanceinmarketsaroundtheglobe.Fluidlyresolvingsuchissuesinanincreasinglyinterconnectedworldofmachines,services,andpeopleiscriticaltosupportingsustainabledevelopment,ongoingeconomicgrowth,andpublicsafetyandsecurity.Newtechnologypolicychallengesareemerging,andnewapproacheswillberequired.Collaborationacrosstraditionalprofessional,technological,andgeographicbarriersisneededtomeetthesechallenges.OngoingInternetinnovation,sustainability,andmarketgrowtharedependentoninformedInternetpolicy.Equally,Internetpolicydependsonsoundtechnicalguidance.TheIEEEInternetInitiativefacilitatesadialoguebetweenthetwohistoricallydisparateworldsoftechnologyandpolicy.TheIEEEInternetInitiativeconnectsthetechnicalcommunitytoglobalpolicymakingforInternetgovernance,cybersecurity,andprivacyinordertoinformdebateanddecisions,tohelpensuretrustworthytechnologysolutionsandbestpractices,andtosuccessfullyaddressthenewtechnologypolicychallenges.Theinitiativeprovidesaneutralenvironmentforcollaborationamongengineers,scientists,industryleadersandothersengagedinanarrayoftechnology,policy,andindustrydomainsaroundtheworld—tothecollectivebenefitofallstakeholders.TheIEEEInternetInitiativehelpsimprovethestateofknowledgeabouttechnologyanditsimplicationsandimpactonInternetgovernanceissues,anditraisesawarenessofpublicpolicyissuesandprocessesintheglobaltechnicalcommunity.TheIEEEETAPForumonInternetGovernance,Cybersecurity,andPrivacyisanimportantplaceforthedialoguebetweentechnologyandpolicyexperts.UndertheIEEEInternetInitiative'spurview,theIEEEETAPForumseriesservesasaplatformconnectingtechnologydevelopersandpolicymakersinauniquelymeaningfulway.BeginningwiththeMay2015ForuminSanJose,California,intheUnitedStates,andfollowedbyaforuminTelAviv,Israel,thegatheringshaveinvigoratedtheglobalconversationaboutthereal-worldissuesbeingconfrontedindifferentregionsinpublicpolicyandtechnologyforcybersecurity,privacy,andmulti-stakeholderInternetgovernance.
Copyright © 2016 IEEE. 5
WashingtonIEEEETAPForumInvitedSpeakersTheIEEEETAPForuminWashingtonopenedwithatechnology-orientedkeynotepresentationbyJuanCarlosZuniga,principalengineeratInterDigitalLabs,andapolicy-orientedkeynotepresentationfromThomasRuoff,directorofinnovationforthechieftechnologyofficerwiththeU.S.DepartmentofHomelandSecurity.Next,twopaneldiscussionsaddressedregionalissuesanddevelopmentsrelatedtoInternetgovernance,cybersecurity,andprivacy.ThedaybeforethisIEEEETAPForum,theIEEEEnd-to-EndTrustandSecurityfortheInternetofThingsWorkshopwasconducted.ThefirstpanelistsofthisIEEEETAPForumsharedinsightsfromthatworkshop:
• MarkCatherwiththeUniversityofMarylandBaltimoreCounty,whospokeonIoTpolicyandstandards;
• FlorenceHudsonwithInternet2,whospokeonIoTscenariosandusecases;
• RichardBennett,anindependentconsultanttopolicy-makers,whospokeonaccesscontrolandidentitymanagementintheIoT,and
• RobertMartinwithMITREandSusanHyonParkerwithCarnegieMellonOpenLearning,
whospokeonIoTarchitecturalframeworks.Thesecondpaneldiscussionconcentratedonprivacy,security,andinnovationchallengesinvariousaspectsoftheIoTandpresentedobservationsfrombothverticalandhorizontalperspectives:
• GlennFinkwithPacificNorthwestNationalLaboratory,whospokeontheuseofIoTinprecisionagriculture;
• CarlLandwehrwithTheGeorgeWashingtonUniversity,whospokeonIoTandhealth;
• SaifurRahmanwiththeVirginiaTechAdvancedResearchInstitute,whospokeonIoTandsmartcities;
• WilliamWhytewithSecurityInnovation,whospokeonIoTandtransportation,and
• EkaterinaRudinawithKasperskyLab,whospokeoncommonapproachesindifferent
domains.
Keynote—Technology:DesigningPrivacyIntoInternetProtocolsInhistechnology-focusedkeynotepresentation,“DesigningPrivacyIntoInternetProtocols,”JuanCarlosZunigawithInterDigitalLabsaddressedtheurgencyoftheissuesfacedbytheprofessionalsgatheredattheIEEEETAPForum.HepositedthatpeoplemaynotbeabletoeffectivelyoptoutoftheIoTinthefutureandthatinterconnectionofdevicesishappeningsoquicklythat“it’sgoingtobeveryhardtostopanythingthatwedowrong.”hesaid.“Sowebetterdoitrightthefirsttime.”
Copyright © 2016 IEEE. 6
PrivacyintheIoTAge
Mr.Zunigahighlightedtheprivacyworkinthreestandards-developmentorganizations(SDOs)fortheInternet:IEEE,theInternetEngineeringTaskForce(IETF),andW3C.IntheprivacyworkoftheIEEE802®LAN/MANStandardsCommittee,IETF,andW3C,effortshavebeennarrowlyfocusedonindividuals,limitedtowhatcanbeaddressedinprotocoldesign(vs.deploymentandoperation),andhaveassumedastrictlytechnicalscope(withoutreferencetomarket-to-marketpolitical/policydifferences,particularlegalframeworks,ormotivationforattacks).AmongtheprivacythreatsthatMr.Zunigahasconfrontedinhisworkareidentification,correlation,secondaryuse,disclosure,exclusion,surveillance,storeddatacompromise,intrusion,andmisattribution.“Identificationisoneoftheclearoneswe’vebeentracking,”hesaid.“Trackingmobiledevicesofby-passersisaveryeasyjob,evenifdevicesarenotconnectedtoanynetwork.”Correlation—profilingauserbycombiningmultiplepersonallyidentifiable(PI)attributes—isanotherincreasinglysignificantthreatwiththegrowthoftheIoT.ThevarietyofPIattributesisexplodingintheIoTwithsensoryandcommunicationscapabilitiesbeingaddedtosomanynewdevices.Whatbehaviorsaboutuserscouldbecorrelated(andsecuritythreatsintroduced)if,forexample,aparticularlightbulbwithanInternetProtocol(IP)addressisturnedoffeverytimeababygoestosleeporifalightbulbisturnedoneverytimesomeoneinthehometakesashower?AsaresultofthenewchallengesintroducedbyIoTproliferation,Mr.Zunigasaidthatcertain“PrivacybyDesign(PbD)”principlesarebeingembracedinprotocoldevelopment,suchas:
• Thatproactive/preventive,notreactive/remedial,isthepreferredapproach;
• Thatmaximumprivacymustbethedefaultsettingsofnewtechnologies(sotheonusisnotonnoviceuserstoturnonprotection);
• Thatprivacyisembeddedintodesign;
• Thattheremustbefulllifecycle,end-to-endprotectionofPIinformationfrompointsof
datagenerationtoterminationandeachpointinbetween,and
• ThatasfewPIattributesshouldbecollectedaspossible.
Q&A
AmongthequestionsfromtheaudienceafterMr.Zuniga’spresentationwasoneaboutwhethertheprivacyquestionsbeingaddressedintheIEEE802,IETF,and3WCenvironmentsweremedium-specific.Mr.Zunigaconfirmedthat,inthesamewaythatthreatsareprevalentirrespectiveofthemedium,soistheprivacyworkthatisunderwaywithintheSDOs.Hewasalsoaskedaboutthepurelytechnicalapproachtoaddressingprivacyconcerns.Mr.Zunigadiscussedinstancesinwhichactivitywaslegalinsomemarketsandillegalinothers.Plus,hesaid,“unfortunately,rightnow,it’sveryeasytotrackusers—youdon’tneedhugeinfrastructuretodoa
Copyright © 2016 IEEE. 7
bunchofbadthingsintheworld.”Totheendofprotectingasmanypeopleaspossible,hesaid,effortshavebeenfocusedoninstanceswhere,fromaprivacyandsecuritystandpoint,thereisnodifferenceintechnicalrequirementsofasolution,regardlessofthemotivationofanattack.
Keynote—Policy:AchievingaSecureandResilientCyberEcosystem:AWayAheadInthesecond,policy-orientedkeynote,“AchievingaSecureandResilientCyberEcosystem:AWayAhead,”ThomasRuoffwiththeU.S.DepartmentofHomelandSecuritysaid,“Thebadguysaregettingbetter,andwhatIthinkisimportanttounderstandisthattheattacksaregettingmoresophisticatedataratethatisoutpacingourabilitytocounterthem.”“Ifwethinkwecan‘man’ourwaysoutoftheproblem,thenwe’rekiddingourselves.That’sapolicydecisionthatthegovernmenthasmade—you’renotgoingtogetenoughfolks;youneverwill,”hesaid.“Andourabilitytodetectandrespondistooslow,soweintheDepartmentofHomelandSecuritydonotbelievewecandetectourwayoutofproblem.It’snotgoingtohappen.Why?Becausethedetectionmethodsalwayslag.”Consequently,theDepartmentofHomelandSecurityisworkingtowardasecureandresilientcyberecosystem.Mr.Ruoffwalkedtheaudiencethroughtheinterrelatedchallenges,proposedsolutions,andmechanismsenablingeffectiveandefficientriskmitigationtowardachievingsuchanecosystem:
• Forthechallengeofdisparatesecuritytoolsfailingtoprovideanintegratedtoolset,hesaid,theproposedsolutionisinteroperability.Acommondatamodel;dataandtransportstandards;openapplicationprogramminginterfaces(APIs),frameworksandcontrolplanes;andrapidintegrationacquisitionareviewedasthemechanismsforachievinginteroperability.
• Forthechallengeofadversariesinnovatingatafasterratethandefenders,hesaid,the
proposedsolutionisautomation.Acommondatamodel,orchestration,andsharedCoursesofAction(COAs)arethenecessarymechanismstoachieveautomation.
• Forthechallengeoflimitedautomatedauthentication,hesaid,theproposedsolutionis
trust.Securityarchitecture,authenticationinfrastructure,andestablishedpartnershipsaretheneededmechanismstoachievetrust.
• Forthechallengeofsecurityanalystshavingincompleteknowledgeandsituational
awarenessoftheirenterpriseandoverallecosystemsecurityhealth,hesaid,theproposedsolutionisinformationsharing.Acommondatamodel,informationsharing,andauthenticationinfrastructurearethenecessarymechanisms.
• Andforthechallengethatthecommunicationsinfrastructurecouldbeattacked,the
solutionisassuredcommunications,withresilientcommunications,priorityservices,andinterconnectedinfrastructuresviewedasthenecessarymechanisms,hesaid.
Copyright © 2016 IEEE. 8
Toward‘EASE’
Mr.RuoffsaidthattheDepartmentofHomelandSecurityenvisionsan“EnterpriseAutomatedSecurityEnvironment(EASE),”information-sharinginfrastructure,and“cyberweathermap”asinter-relatedcomponentsofasecureandresilientcyberecosystem.TheDepartmentofHomelandSecurity’saccomplishmentstodateinachievingasecureandresilientcyberecosystem,hesaid,aredevelopingarequestforinformation(RFI)foramessagingbus,athoughtleadersroundtable,workshop,COAWorkingGroup,andafocusgrouponthemessagefabric.“Wewanttounderstandthelocalstateoftheart…wehavehadthoughtleadership,sowecalledinthesmartfolksfromalloftheacademicandvendorcommunitiesandasked,‘Wheredoyouthinkweshouldgo?’”Mr.Ruoffsaid.“WeinDepartmentofHomelandSecuritydonotbelievethatweshouldbetellingthepathordefiningthepath.Wethinkweshouldbeleadingfrombehind,facilitatingthediscussion.Why?Becausewearehumbleenoughtounderstandthatwearenotassmartasotherpeopleinthecommunity,butweareinapositionwherefacilitationwillleadtosuccess.”
Q&A
AmongthequestionsfromtheaudiencefollowingMr.Ruoff’skeynotewashowstandardsdevelopmentcanbeinformedbytheDHSneeds,andheencouragedattendanceatthedepartment’speriodiccommunity-dayforums.Oneattendeequestionedthegovernment’scommitmenttoinformationsharingandwhetherthatnotiondemandedaculturechange.Mr.Ruoffsaid,“Thepresidentfeltexactlythesameway,soaboutsixmonthsagohesentoutapresidentialdirectivetellingtheDepartmentofHomelandSecuritythattheyhavetotakeautomatedinformationsharingseriously.”Hesaidsubstantialinvestmentisbeingplacedininformation-sharingsystemsprogrammatics.Anotherquestionaddressedthepossibilityofmonitoringsystemsbeingusedformalwareattacksonthecyberecosystemarchitecture.Mr.Ruoffacknowledgedthisissueof“givingtheadversarythekeystothekingdom—iftheygetinsidetheorchestrator,theywin”—andhesaidcreatinganapproachtoprohibitsuchanattackisthefocusofdevelopmentactivitynow.
PanelDiscussion:IssuesHighlightedatthe4February16IEEEEnd-to-EndTrustandSecurityfortheInternetofThingsWorkshop
ThedaybeforetheIEEEETAPForum,industrytechnologistsgatheredforaworkshoponthedevelopmentofanopenarchitecturalIoTframeworkattheinvitationofIEEE,Internet2,andtheNationalScienceFoundation(NSF).Presentationsweregivenaddressing“TIPPSS"elementsinrelationtoIoT:trust,identity,privacy,protection,security,andsafety.AttheIEEEETAPForumon5February,participantsofferedsummariesoffourpresentationtracksfromthe4FebruaryIEEEEnd-to-EndTrustandSecurityfortheIoTWorkshop.
PolicyandStandards
MarkCatherwiththeUniversityofMarylandBaltimoreCountyreportedthatabout10peopleparticipatedinthepolicyandstandardstrack.Hesaidonetopicofconversationwasthe
Copyright © 2016 IEEE. 9
importanceofconsumertrustinrealizingIoTpotentialgrowth,forecastedat“50to200billiondevicesby2020or2025dependingonwhatresearchyoulookat.”TheIoTgrowthforecastssuggestameshedwebofthingstobesecuredandmaintained,includingdevices,Mr.Cathersaid,“madebyanyonefromhobbyists,tosmallcompaniesintheirbasements,tohuge,multinationalcompanies.”Notonlydoesthisidentifytheneedforflexiblestandardsthatarerelevantforverydifferentmanufacturers;participantsnotedthatthisdiversityrendersstandardseducationasignificantchallenge.AnotherchallengewithregardtostandardsdevelopmentfortheIoTwillbethatthesecurityofdeviceswillhavetobethoughtofintermsoftheirsystem-levelcontext—alightbulbinabedroomandalightbulbinasurgeryroomwillhavevaryingneedsofencryption,authentication,privacy,security,etc.Mr.Cathersaidtheparticipantsdiscussedtheneedforworkinthepolicyandstandardsenvironmentstodovetail,aswellasacapabilitytopushregulatoryandstandardsinformationouttoIoTdevelopersmorerapidlygiventhefasterpaceoftechnologicalchange.
ScenariosandUseCases
FlorenceHudsonwithInternet2discussedactivitiesinthescenariosandusecasesgroup,whichshesaidinvolvedabout30people.Participantstalkedabouthowandwheretechnologyandpolicyblendandtheimportanceofcreatingacommonlysharedlanguagebetweenthetwoworldsandidentifyingindividualswhocanconnectdeeplyonbothsides.Shesaidthatsomeparticipantsfeelthegapbetweenpolicyandtechnologyisactuallygrowing.Ms.HudsonsaidparticipantsinthescenariosandusecasesgroupdiscussedtheneedfordutyandresponsibilitiesforTIPPSSamongdevelopersandthecrucialroleofengineeringethicsintheexpandingIoTeconomy.OrganizationsfromwithintheverticalmarketsofIoTdevelopmentwillhavecriticaldomain-specificviewsintosuchefforts.Asanexample,sherelatedquestionssurroundingdefenseindepthinrelationtousageofconnectedinsulinpumpsinaneHealth,distributed-carescenario:Howcanitbeensuredthattheindividualcheckingthedatafromsuchapumpistherighthealthcareprovider?Howfrequentlyistheindividual’scertificationchecked?“Oneofthechallengesisthatpeople/citizensassumesomebodyisworryingaboutthisforthem,andthatwouldbeus,”Ms.Hudsonsaid.“Wehavetogofromworryingaboutitandbeingthoughtleaderstobeing‘do’leaders.Wereallyhavetorisetotheoccasion.”
AccessControlandIdentityManagement
RichardBennett,aconsultant,reportedonthediscussionsoftheaccesscontrolandidentitymanagementgroupatthe4FebruaryIEEEEnd-to-EndTrustandSecurityfortheIoTWorkshop.Topicsdiscussedincludedprivatebiometricverification,establishingconnectivityintheIoT,virtualorganizations,and“IoTSecurity:ANightmareinProgress.”Hesaidthatthegeneralsenseofthegroupwasthat,whileaccesscontrolsandauthenticationarenotsolvedproblems,themechanismsthatcurrentlyexistareadequateforaddressingtheseproblems.However,Mr.Bennettsaid,“thereisclearlyagapbetweenavailabletechnologiesandthestuffpeopleareusing.”Persistentidentifiers,thegroupdiscussed,presentanissueinthattheycanbecorrelatedwith
Copyright © 2016 IEEE. 10
activities,leadingtodiscoveryofthingsaboutthatuserandpotentiallycreateanopportunitytobreakintothesystem.Mr.BennettsaidthegroupaffirmedtheimportanceofstandardsinthespaceanddiscussedthenecessityofnewwaysofthinkingabouttheissuesofaccesscontrolandidentitymanagementthatareintroducedintheIoT.Forexample,therewillbeinterconnecteddevicesthatdonothaveusernamesandpasswords,therewillbeaneedtoidentifythatthecorrectsoftwareiscontrollingasystem,andtherewillbeautonomousdevicesthatfunctionmuchlikepeoplebutcannotbeauthenticatedinthesamewaysashumanusersare.
ArchitecturalFramework
RobertMartinwithMITREandSusanHyonParkerwithCarnegieMellonOpenLearningpresentedonthearchitecturalframeworkbreakout,inwhich25to30peopleparticipated.“Weneedtomakesurewedon’tfallpreytocallingthisend-to-endsecurity,whenreallywewanttotalkaboutend-to-endsecurityandsafety,”Mr.Martinsaid.“It’sreallynotanetworkissue.Don’ttakeanetwork-securityapproachtothis,becauseit’sreallyeachelement,eachnode,thesoftwareonthosenodes…Ifweonlycometothisastheintegrityofthenetwork,wewillfailgloriously.FortheIoT,safetyneedstobeconsideredalongwithprivacy,theperformanceissues,reliability,resilience,and,ofcourse,thesecurityofthesesystems.”Ms.HyonParkeraddedthatthisledthegrouptodiscusstheneedforamoreholistic,rigoroussystemsapproachforIoTsystemswithintegratedhardwareandsoftwarerulesandguidelines.Theoverallprofessionalismofthesoftwareworkforcewasapointofemphasisinthediscussion.Whileeveryotherengineeringtradehasestablishedlicensingandcertificationlandscapes,thegroupdiscussed,thosearenotasprevalentinthesoftwarearena.Withoutstandardizedbestpracticesandadocumentedunderstandingofsoftwaredevelopers’qualifications,howcansystemreliability,security,andsafetyintheeventoffailureormaliciousactivitybeassured?ThegroupdiscussedtheirperceptionofagenerallackofrespectforhowtransformationalIoTislikelytobeinpoliciesacrossindustries.Effectivepolicydefinitionwilldemandthatinterestgroupsconsiderawholenewsetofregulatorycriteriaasitrelatestovariousindustrysituations.
PanelDiscussion:Privacy,Security,andInnovationChallengesinDifferentAspectsofIoT
ThesecondpaneldiscussionofferedaperspectiveonthechallengesbeingconfrontedinIoTimplementationfromfourverticalmarketswheredeploymentisintensifying—healthcare,smartcities,transportation,andprecisionagriculture—aswellasthehorizontalperspectiveofcommonapproachesacrossdomains.
Healthcare
CarlLandwehrwithTheGeorgeWashingtonUniversitynotedthattheissuesaroundprivacy,security,andinnovationinhealthcarearegenerallywellrecognized.Agreatdealcanbelearnedaboutpatientsandcarestrategiesbypoolinghealthrecords,buthowcanthatinformation,whichisclearlyprivateandsensitive,beeffectivelyprotected?“SpeakingfortheU.S.legalenvironment,ingeneralthatinformationisprotectedifit’sinaregularmedicalhealthcaresystem,butit’snot
Copyright © 2016 IEEE. 11
protectedinacommercialenvironment,”Mr.Landwehrsaid.“So,policyisgoingtohavetodealwiththefactthatwehaveatremendousamountofinnovationgoingonatthesensorendofthings.”HealthcareintheIoTpresentsuniquechallenges.Forexample,genomicdatastorageandusepresentsitsowncomplexsetofissuesthatmustbeaddressed,hesaid.Hackabilityofmedicaldevicesisawell-knownproblem.Mr.Landwehrsaidthereareeffortstomovetowarda“medical-devicesecuritycode,”alongthelinesofbuildingcodesthatgovernmentsadoptandgivelegalforce.Moreintegrationwillbeneededacrossthemedicalindustry,hesaid,intermsofinteroperabilitystandards,protocols,andauthenticationtechniquesinthenextdecades.Also,innovationinpersonalizedmedicine,suchaspotentiallynetworksthatinterconnectwithhumans’biologicsystems,willintroducechallenges.
SmartCities
SaifurRahmanwiththeVirginiaTechAdvancedResearchInstitutediscussedthepromiseofsmartcitiestoaddressurbanchallengesinareassuchaspollution,energyefficiency,security,parking,traffic,andtransportationbyutilizingadvancedtechnologiesindatagatheringandcommunications.Acomplexarrayofsmartelementsundergirdssmartcities—energy,transportation,healthcare,e-governance,publicsecurity,etc.—“andtheseallhaveinterconnectionsandvulnerabilitiestoexploit.”Smartbuildingsareoneoftheimportantpiecesofsmartcities,hesaid.VirginiaTech,hesaid,hasbeenparticularlyengagedininnovationaroundsmartbuildings,whichconnectabuilding-automationsystemwithsystemsforbuildingoperations(suchasheatingandairconditioning,lighting,watersupply,sensornetwork,andfireemergency)forsignificantefficiencies.VirginiaTechprovidesalivinglaboratoryfordevelopmentandrefinementofitsBuildingEnergyManagementOpenSourceSoftware(BEMOSS)solutionthatisengineeredtoimprovesensingandcontrolofequipmentinsmall-andmedium-sizedcommercialbuildings.Mr.Rahmansaid,“Wefocusonplug-and-playdevices,becausethat’swherethevulnerabilitiescomein,”andthenexperimentwithstrategiesforeliminatingormitigatingissues.
Transportation
WilliamWhytewithSecurityInnovationdiscussedresearchandinnovationinconnectedvehicles.Hesaidithasbeenestimatedthat,oftheroughly6millioncrashesthatoccurintheUnitedStatesannually,4.5millioncouldbeeliminatedwithIEEE802.11™“Wi-Fi®”-basedcapabilitiesformonitoringandcommunications.Hesaidheexpectsfutureregulatorymandatestoaddressinclusionofsuchtechnologyinautomobilesthatwould,forexample,broadcast10times/secondavehicle’slocation.Marketacceptancewillbeakeyissuetoensurethatthebenefitsenvisionedwiththesafety-of-lifesystemareactuallyrealized.Ifauserturnsoffthetechnologybecauseofprivacyconcerns,forexample,overallcrashavoidancewillbemuchlesseffectivebecausedevicesinallthecarspotentiallyinvolvedinacollisionmustbeenabledinorderforthesystembenefittoberealized.“Ifyoudecreasepenetrationrateby1percent,youdecreasetheeffectivenessby2percentwhenyou’reupnearfulldeployment,”Mr.Whytesaid.“So,makingthisasystemthatpeoplearecomfortablehavingintheircarsisvitaltotheoverallsystemsuccess.”
Copyright © 2016 IEEE. 12
Mr.Whytediscussedlessonslearnedfromrecenthacksofconnectedvehiclesandissueswiththeremediationstepsthatmanufacturerstook.Healsotalkedaboutsupportinglegacytechnologiesinconnectedvehicles,giventhatpeopleoftenkeepandoperateindividualautomobilesformanyyears.
PrecisionAgriculture
GlennFinkwithPacificNorthwestNationalLaboratorydiscussedsecurityandprivacyin“theInternetofcows—andthebroaderareaofprecisionagriculture,”whichhearguedmightbetheoldestIoTapplication.“Ourinterestincowsisactuallyasastand-inforhumans,”hesaid.“Youcanreallyinstrumentcows.Theyaremoving,livingcreatures,andtheyreacttotechnology.”Leveragingcontinuousmonitoringforindividualizedcareandtracking,earlydiseasewarning,farm-to-forkprovenance,etc.PrecisionagricultureisavaluableusecasewithregardtothegreaterIoTbecause,hesaid,“wecanlearnalotfromcowsinwaysthatyoudon’thavetoworryaboutprivacyissueswithhumans—thecowsdon’tworrysomuchaboutprivacy.”IoTcapabilitiesinprecisionagricultureeffectivelymakevisiblethingsthatwerenotvisiblebefore.Forexample,feedingcanbemonitoredperanimal.Earlydetectionofinfectionsbyleveragingvocalizationtrackingandanalyticscanhelpstopdiseasespread.Deathratescanbemonitoredperfarmtoidentifyproblemfacilities.Insuchways,precisionagricultureadvancesanimalwelfareandproduction,Dr.Finksaid.Furthermore,betterunderstandingofhowanimalsliveandworkalsooffersimportantinsightsintohowtheIoTmightbeusedtobenefithumanityaswell.
CommonApproachesinDifferentDomains
EkaterinaRudinawithKasperskyLabdiscussedthegenerallackofreadinessforIoTproliferation.“Theenvironmentisstilldangerous,”shesaid.“…ActuallyInternetofThingsisnotreadytoInternet,andcyber-securityisnotreadytogetcyber.”Shedescribedarecent“capture-the-flag”competition,inwhichparticipantsfromvariousspecializationswerechallengedtobreakintoascalemodelofanelectricalsubstation.Withinonlyafewhours,third-partyspecialistsseizedcontroloverthemodelsubstation’sprocessesandcreatedatotalblackout.Whentheywereinterviewedaftertheircompetitionthewinnerssaidthesecurityfunctionalityinthemodelwascircalate1990s.Ms.Rudinadescribedthepromiseofa“new-foundsecondwind”ofestablishedtechnologies:.“Actually,wedonothavetoinventsomenewprinciplesornewarchitectures,”shesaid.“Wehavealotofarchitecturalsolutionsproposedmanyyearsago,andnowwecanusethemforcontemporarytechnologies.Well-knownsecurityprinciplesandpracticesmaybeapplied…Wehavenowalotofachievementsincomputersecuritytheoryandalotofachievementsinthetechnologyareas,andwejustneedtojointheseachievementstoprovideuswithamoresecureandreliableInternetofThingsthatiscoming.”
Copyright © 2016 IEEE. 13
DiscussionsandNextStepsJaredBielbyoftheInternationalCenterforInformationEthicsreviewedthepreviousIEEEETAPForumevents(18May2015inSanJose,California,USA,http://sites.ieee.org/etap-sanjose/forum-report/,and10August2015inTelAviv,Israel,http://sites.ieee.org/etap-israel1/report/).Next,theWashingtonmeetingdistilledtheindividualissuesthatparticipantsvoicedinarapid-firebrainstormingsession(seeAppendixIII)intoalistof10clustersofissues(seeAppendixIV).IEEEETAPForumco-moderatorClintAndrewswithRutgersUniversityledparticipantsinvotingonthe10issuesanddiscerningfourhigh-priorityareasofconcernforfurtherdiscussion:
• Technology-policydevelopmentprocess• End-to-endsecurity/privacybydesign• Datalocalization• Education
Theresultsofthediscussionsinthebreakoutsessionarepresentedbelow.
Technology-PolicyDevelopmentProcess
MaryLynneNielsenwithIEEEpresentedtheconversationaroundtechnology-policydevelopmentprocess.Shesaidthegroupdiscussedanumberofleversimpactingthepolicylandscapetoday,includingoperationalbestpractices,guidelines,andinteroperabilitystandards;educationaltoolsforbothlawmakersandregulators;andthecallstoactionsflowingoutofcontributionsfrominformedindividualsandorganizations.Thegroupthenoutlinedavarietyofpotentialnextpossibleactions:
• Progressivelymaturingtheglobal-scalediscussionsbyidentifyingnuggetsofconversation,exploringthoseareas,andbuildingcommunitiesaroundthem;
• Creatingtipsandtoolsand/orhostingeventstoalleviatetensionacrosstechnologicaland
regulatorycommunitiesofdifferentjurisdictions;
• IdentifyingfundamentalpolicyprinciplesthatarebeingcalledintoquestionbytheproliferationoftheIoT(forexample,istherighttoconsent—to“optin”or“optout”—evenfeasibleintheincreasinglyconnectedworld?);
• Facilitatingnational,aswellasinternational,conversationstoaddresscontextualized
standardsneeds,and
• ReviewingexistingstandardsforgapsandIoTneeds.
End-to-endSecurity/PrivacyByDesign
AlanChachichwiththeU.S.DepartmentofTransportationrecappedthediscussiononend-to-endsecurityandprivacybydesign.Agreeingthatprofit,cost,andfeatureslikeconveniencecurrentlyarehigherprioritiesinInternetdevelopmentthansecurityandprivacyprotection,thegroupconsideredthequestionofwhatcanbedonetochangeincentives.Withoutchangingthatbalance,therewillnotbeasecureIoT,Mr.Chachichsaid,andaninsecureIoTmayhavegrave
Copyright © 2016 IEEE. 14
consequencesforhumanity.Thegroupcreatedamulti-dimensionalframeworkpicturetovisualizetheproblembeingconfrontedandtalkedabouthowIEEEcaninfluenceprogress--wherearethe"hotspots"whereIEEEcanmakeadifferencetoincreasesecurityandprivacy?Mr.ChachichsaidthatthegroupdeterminedthattherearetwoareaswhereIEEEmightexerciseinfluence:designandpolicy.HesaidthegrouplookedatplaceswheretheIEEEtechnologyactivitiesandlobbyingcapacitymightoverlap—forexample,thepotentialroleoffinancialandcriminalpenaltiesarounddataownershippolicy.Hesaidthegroupagreedthat,insteadofimposinglaws,economicincentivesareprobablybetterforallstakeholdersandultimatelymoreusefulinachievingdesiredresults.Asfornextsteps,Mr.ChachichsaidthegroupsuggestedthatIEEEcouldstrivetocreatealayeredmodel,suchastheOpenSystemsInterconnection(OSI)networkmodel,toguidepolicy.Aftersurfacingalltheimportantdesignandpolicyfactorsthatcouldadvanceend-to-endsecurityandprivacybydesign,IEEEcouldthenidentifythosewhereitcouldhavethemostimpactandcreateaplanofaction.
DataLocalization
MichaelNelsonwithCloudFlaresummarizedthebreakoutsessionondatalocalization.Participantsdiscusseddifferencesintheinternationallandscapeontheissue.Forexample,insomecases,countriesmightwanttokeepdataclosebecauseofreasonshavingtodowithenforcingprivacyprotections,extendingorlimitinglaw-enforcementaccess,andprotectingnationalindustries.Thegroupalsodiscussedtheargumentsandcounter-argumentsarounddatalocalization(e.g.,isdistributeddatalessprotected,aresmallercountrieslessprotected,andisitadvantageoustoreducethesizeoftargetsforcyberterrorists?).Potentialnextstepsproposedbythegroupincludeddevelopingcasestudies(housemonitoring,medicaldevicesthattravelwithusers,efficientrouting,etc.);gatheringeconomicanalysisandperformingtechnicalanalysis;exploringcertificationfordatapracticesandwhere,forexample,IEEEmightbeabletodevelopadequacychecklistsforeducatinggovernments;andsurveyingwherepolicyisbeingwrittenandinwhatareasthatadditionaleducationisnecessary.
EducationandEthics
EmilyNicholswithInternet2reportedthattheeducationandethicsbreakoutsessionfocusedonfourpossiblenextsteps:developingcontentandprogramsforeducationandethicsaroundIoT,identifyingpartnerchannelsforcreationanddistributionofcontent,determiningperformanceindicators,andassigninganimplementationowner.ThegroupsuggestedIEEEastheownerofprogramsforeducationandethicsaroundIoTbecauseoftheorganization’sprovenrangeofservicesinthespaceandtechnologicalandglobalscope.
Copyright © 2016 IEEE. 15
ContentcouldaddressengineeringethicsandtheTIPPSSattributes;reflectmultiplegenerationalviewpointsonprivacy,sharing,andtrust;andincorporatemeaningfuliconographyand/orbeembeddedingamingenvironmentstocreativelydemonstrateconcepts.Ms.Nicholsalsodetailedalistofpossiblepartnerchannelsthatthegroupenvisioned,including
• Diversityandindustryorganizations,• Communityorganizations,• Schools,• Teacherunions,• Philanthropicorganizations,• Libraries,• Do-it-yourself/makercommunities,• Industrypartners,and• Professionaltradeassociationsandcertificationorganizations.
Copyright © 2016 IEEE. 16
ConclusionInadditiontothesuggestednextstepsfromthebreakoutsessionsindatalocalization,educationandethics,end-to-endsecurity/privacybydesign,andtechnologypolicydevelopmentprocess,thisIEEEETAPForumconcludedwithco-moderatorandIEEEInternetInitiativeChairOlegLogvinov’schallengetoparticipantstocontinuetheconversationintheweeksahead.Heaskedparticipantstoelaborateontheissuestheyvoicedduringtherapid-firebrainstormingearlierinthedayintoone-ortwo-paragraphexplanationsthatwouldmorebroadlyoutlineconcernsandpotentialactions.Mr.Logvinovsuggestedthattheexplanationsmightsparkanevenmorewide-rangingglobalconversationandcross-pollinationofideasonprivacy,cybersecurity,andInternetgovernance,leadingintothenextregionalIEEEETAPForumgatherings,whicharescheduledfor4March2016inDelhi,India,and17May2016inBeijing,China.“Eliminatingthegapbetweentechnologyandpolicyentirelyprobablywillnotbepossibleforsometime,”Mr.Logvinovsaid.“But,atleast,ifwecanstartclosingthatgap,wewillhavemadeaverypositiveandveryimportantstepforward.”
JointheConversation
TheIEEEInternetInitiativeworkstoinformdebatesanddecisionsinprivacy,cybersecurity,andInternetgovernanceandtohelpensuretrustworthytechnologysolutionsandbestpractices.Withtechnologypolicychallengesemergingincybersecurity,privacy,andInternetgovernancearoundtheworld,theIEEEInternetInitiativeconnectsengineers,scientists,industryleaders,andothersengagedinanarrayoftechnologyandindustrydomainsgloballywithpolicyexpertsinaneutralenvironment,forthecollectivebenefitofallstakeholders.TherearemanywaystoengagethroughtheIEEEInternetInitiative.Pleasevisithttp://internetinitiative.ieee.orgoremailinternetinitiative@ieee.orgformoreinformation.
Copyright © 2016 IEEE. 17
AppendixI:ProgramTheIEEEExpertsinTechnologyandPolicy(ETAP)ForuminWashington,D.C.,USA,on5February2016wasthethirdinaseriesofregionalmeetingstoadvanceaglobal-scalediscussionabouttoppublic-policyissuesincybersecurity,privacy,andmulti-stakeholderInternetgovernance.Morethan50diversestakeholdersfromaroundtheworld—governmentandindustryrepresentatives,legalpractitioners,andacademics—gatheredatTheGeorgeWashingtonUniversityfortheone-dayeventorganizedbytheIEEEInternetInitiative.Location:MarvinCenteratTheGeorgeWashingtonUniversityModerators:OlegLogvinovandClintAndrewsOlegLogvinovAftergraduatingfromtheTechnicalUniversityofUkraine(KPI)withtheequivalentofaMaster’sdegreeinelectricalengineering,OlegLogvinovworkedasaseniorresearcherattheR&DLaboratoryoftheUkraineDepartmentofEnergyattheKPI.Duringthelast25yearsMr.Logvinovhasheldvariousseniortechnicalandexecutivemanagementpositionsinthetelecommunicationsandsemiconductorindustry.HecurrentlyservesontheIEEEIoTInitiativeSteeringCommitteeandisthepastmemberoftheIEEEStandardsAssociation(IEEE-SA)StandardsBoardandtheIEEE-SACorporateAdvisoryGroup.InJanuaryof2015Mr.LogvinovwasappointedasthechairofIEEEInternetInitiative.TheIEEEInternetInitiativeconnectsengineers,scientists,industryleaders,andothersengagedinanarrayoftechnologyandindustrydomainsgloballywithpolicyexpertstohelpimprovetheunderstandingoftechnologyanditsimplicationsandimpactonInternetgovernanceissues.Inaddition,theInitiativefocusesonraisingawarenessofpublicpolicyissuesandprocessesintheglobaltechnicalcommunity.Mr.LogvinovalsoactivelyparticipatesinseveralIEEEstandardsdevelopmentworkinggroupswiththefocusontheIoTandcommunicationstechnologies.Mr.LogvinovisthechairoftheIEEEP2413™InternetofThings(IoT)ArchitectureWorkingGroup.HehelpedfoundtheHomePlugPowerlineAllianceandisthepastPresidentandCTOoftheAlliance.Mr.Logvinovhas24patentstohiscreditandhasbeenaninvitedspeakeronmultipleoccasions.ClintAndrewsClintAndrewsisaprofessorintheBlousteinSchoolofPlanningandPublicPolicyatRutgersUniversityandwaspreviouslydirectoroftheUrbanPlanningprogram.Hisexpertiseisinthesubstanceandprocessesofenergyandenvironmentalplanningandpolicy.HewaseducatedatBrownandMITasanengineerandplanner.HeisamemberoftheAmericanInstituteofCertifiedPlanners,aLEEDAccreditedProfessional,andalicensedProfessionalEngineer.Previousexperienceincludesworkingintheprivatesectoronenergyissues,helpingtolaunchanenergypolicyprojectatMIT,andhelpingtofoundasciencepolicyprogramatPrinceton.AndrewscurrentlyservesontheBoardofGovernorsoftheAmericanCollegiateSchoolsofPlanning,isapastmemberoftheBoardofDirectorsoftheIEEEandtheInternationalSocietyforIndustrialEcology,andawinneroftheIEEE’s3rdMillenniumMedal.HisbooksincludeIndustrialEcologyandGlobalChange,RegulatingRegionalPowerSystems,andHumbleAnalysis:ThePracticeof
Copyright © 2016 IEEE. 18
JointFactFinding.StartTime EndTime Program
8:15am 9:00am Networkandcontinentalbreakfast
9:00am 9:15am Introductions
OlegLogvinov
9:15am 9:35am KeynotePresentation—TechnicalDesigningPrivacyintoInternetProtocolsJuanCarlosZunigaJuanCarlosZunigaisaPrincipalEngineeratInterDigital,whereheleadsthestandardizationactivitiesonvirtualization(NFV/SDN),denseandheterogeneouswirelessnetworks(cellular,Wi-Fi,IoT),contentmanagement,andInternetprivacy.Hehasheldleadershiprolesandcontributedindifferentstandardsfora,suchasIEEE802,IETF,ETSI,and3GPP.Heisco-chairoftheIETFInternetAreaworkinggroupandex-chairoftheIEEE802ExecutiveCommitteePrivacyRecommendationstudygroup.Previously,heworkedwithHarrisCanada,NortelNetworksUK,andKb/TelMexico.JuanCarlosreceivedhisengineeringdegreefromtheUNAM,Mexico,andhisMScfromtheImperialCollegeLondon,UK.HehasseveralpublicationsandhasbeenguesteditorfortheIEEECommunicationsMagazine.JuanCarlosisinventorofover50grantedpatents.
9:35am 9:55am KeynotePresentation—PolicyAchievingaSecureandResilientCyberEcosystem:AWayAheadThomasRuoffDirectorofInnovationfortheChiefTechnologyOfficerwiththeU.S.DepartmentofHomelandSecurity
Copyright © 2016 IEEE. 19
StartTime EndTime Program
10:00am 10:55am PanelOverviewofissueshighlightedattheIEEEEnd-to-EndTrustandSecurityfortheInternetofThingsWorkshopOlegLogvinov(moderator)MarkCatherFlorenceHudsonRichardBennettRobertMartinSusanHyonParker
10:55am 11:05am Break
11:05am 12:00pm PanelPrivacy,security,andinnovationchallengesindifferentaspectsofIoTOlegLogvinov(moderator)CarlLandwehrWilliamWhyteSaifurRahmanGlennFinkEkaterinaRudina
12:00pm 12:30pm Rapid-fireround-upofkeyissuesfromallparticipantsClintAndrews
12:30pm 1:15pm Lunch
Copyright © 2016 IEEE. 20
StartTime EndTime Program
1:15pm 1:45pm ReviewandcomparisonofpreviousETAPForumoutputsanddiscoveries•ETAPSanJose2015•ETAPTelAviv2015JaredBielbyJaredBielbyreceivedadoublemaster'sdegreefromtheUniversityofAlberta,Canada,ininformationscienceanddigitalhumanitieswithathesisrouteinthefieldofinformationethics.HeworksasanindependentconsultantininformationethicsandInternetgovernance.Hecurrentlyservesasco-chairfortheInternationalCenterforInformationEthicsandeditorfortheInternationalReviewofInformationEthics.HeismoderatorandcontentwriterfortheIEEECollabratecInternetTechnologyPolicyForumandisfounderandeditor-in-chiefofTheFreelanceNetizen.Hisresearchandwritinglooksattheinterdisciplinaryconnectionsbetweeninformationandcommunicationtechnologies(ICTs)andinformationethics,digitalcitizenship,andculture.Bielbyhaswrittenandspokeninternationallyonsubjectsofinformationethics,Internetgovernance,andglobalcitizenshipinadigitalera.
1:45pm 2:00pm SynthesizeandrefineselectionofhighestpriorityissuesClintAndrews
2:00pm 2:50pm BreakoutSessionDelvedeeperintohighestpriorityissues
2:50pm 3:00pm Break
3:00pm 3:30pm Report-outsfrombreakoutteamsVolunteerbreakoutleads
3:30pm 4:00pm Nextsteps,actionplanandwrapupClintAndrews
Copyright © 2016 IEEE. 21
AppendixII:Participants
OlegLogvinov,Chair,IEEEInternetInitiative;Chair,IEEEP2413InternetofThings(IoT)ArchitectureWorkingGroup
ClintonAndrews,RutgersUniversity
EdAractingi,MarshallUniversity
RichardBennett,Consultant
JaredBielby,InternationalCenterforInformationEthics
MarkCather,UniversityofMarylandBaltimoreCounty
AlanChachich,U.S.DepartmentofTransportation
SrikanthChandrasekaran,IEEEIndia
MiwakoDoi,NationalInstituteofInformationandCommunicationsTechnology
GlennFink,PacificNorthwestNationalLaboratory
RobGingell,ResilientNetworkSystems
ChrisHrivnak
PeizhaoHu,RIT
FlorenceHudson,Internet2
SusanHyonParker,CarnegieMellonOpenLearning
ChrisJannuzzi,IEEE
WalterKawula,HahnLoeserParksLLP
CarmenKocinski,self
SemenKort,KasperskyLab
CarlLandwehr,TheGeorgeWashingtonUniversity
MargaretLoper
RandolphMarchany,VirginiaTech-VPIT/ITSO
RobertMartin,MITRE
SatyajayantMisra,NewMexicoStateUniversity
MartinMurillo,UniversityofNotreDame
JohnMurray,SRIInternational
EricNanceWoehler,Interprose
MichaelNelson,CloudFlare
NicoleNewmeyer,NationalSecurityAgency
EmilyNichols,Internet2
Copyright © 2016 IEEE. 22
MaryLynneNielsen,IEEE
KarenO'Donoghue,InternetSociety
SaifurRahman,VirginiaTech
RaghuramanRajanarayanan,AchronixSemiconductor
J.ScotRansbottom,VirginiaTech
SumitraReddy,WestVirginiaUniversity
RamanaReddy,WestVirginiaUniversity
EkaterinaRudina,KasperskyLab
ThomasRuoff,U.S.DepartmentofHomelandSecurity
AnnaSlomovic,Consultant
BrianStengel,UniversityofPittsburgh
RobertStien,InterDigital
KristeneUnsworth,DrexelUniversity
SteveWallaces,IndianaUniversity
PamelaWeedon,Interprose
JamesWendorf,IEEE
WilliamWhyte,SecurityInnovation
StephenWolff,Internet2
TingZhu,UMBC
ViacheslavZolotnikov,KasperskyLab
JuanCarlosZuniga,InterDigitalLabs
Copyright © 2016 IEEE. 23
AppendixIII:Rapid-FireBrainstormingParticipantsattheWashingtonIEEEETAPForumlistedtheirindividualprioritiesinarapid-firebrainstormingsession:
• Standardstoallowfortrustacrossproprietysystems
• Effectonprivacyandcivilrightsthroughalgorithms
• OuroverlappingpersonausingthesameIoTtool
• Buildingafoundationthatisflexibleandscalable
• Howtoteachstudentswhentheyarebuildingsystems
• Articulatingthepoliciesthatwillgovernthis
• RecognizinghumanautonomyinanIoTworld
• Authenticityofglobalstandardsorganizations
• HowtocommunicateIoTprioritiesforsecurityandprivacytodevelopersandindustrysothatcanbesharedwithclientsandcustomers
• Identitymanagementanditsrelationtosecurityandpolicyfromahumanperspective(neurologicalandinteractionwithsystems)
• Privacy-relatedpolicygapsthatcanbeclosedquickly:whatarethey?
• HowdoweprovidetechnicalneedsforaccountabilityinIoTdataflows?
• Howdoweeducatethepublicaboutthis,andwhatistheroleofengineersinthis?
• Educationandneedforpreparingfutureprofessionalsaboutprivacyandsecurity
• Aframeworkforinstillingethicsdevelopmentforcurrentandfuturegenerations
• Howdoweensureedgedevicesaretrustworthyandsecure?
• Howtoensureend-to-endsecurityfromdesigntofabricationacrossthesupplychainfor
devices?
• Howtoaddressthefinancial/costconcernstocreatetrustandsecurityinproducts?
• Needforinternationalcollaborationoncybervulnerabilitiesversustheimpactonprivacyconcernsandnationalconsiderations(e.g.,Fossenaragreement)
Copyright © 2016 IEEE. 24
• KeepTIPPSSinmind
• Analyticsbeingusedasaprivacyveilandalsoasatoolthatbreakstheprivacyveil
• Datalocalizationyetmovingdataacrossnationalborders:whichlegislationapplies?
• Howdowehandleahackthatalsoexposesacrime?
• Needguidelinesandstandardsonprivacybydesign
• HowdowebuildwaystoaddressthequestionsonIoTandprivacy/securityandcreateusableoutcomes?
• Internationaleconomyofdata:whendatabecomesthecurrencyofcorporationsandnations,howdoweconnectthesourcesofdatatothiseconomysotheymaybenefitfromit?
• Howdowefacilitatethedevelopmentofprivacy-preservingpoliciesforIoT?
• Allowingforinnovationthathasyettohappeninwhatwecreatethroughtoday’spolicies
• Techdriveslegalandpolicy,andtheneedtomaketechnologistsawareofthat
• Aforward-lookingroadmaprelatedtoUSConstitution’s4thamendmentsearchandseizureinanIoTworld
• Thefutureishereandwestilldon’tknowwhattodowithit:adjustingthegreattechnicalsolutionstothepracticalandevolvingneedsofthemarketandtheattendantpolicyneedsforsecuresolutions
• Needdescriptionsofpropertiesofdifferentdomainareastoseewherethesimilaritiesanddifferencesare
• Legacysystemsthatcan’texpandtoencompassIoTneeds,particularlycriticalsystems
• Howregionalpoliciesaffectglobaltrade
• HowdowebringdifferentpolicymakersindifferentregionstogethertodiscussIoTissues?
• Educationonethicsneedstohappeninthepublicschools(pre-college)toinculcatecertainprinciples
• IoTissuesrelatetoexistingproblemsinsensornetworks:whatcanbeexaminedthereandrepositioned?
• DatalocalizationisimportantforIoTandthefutureInternet
• Avoidunconscioustechnologicallock-inthroughdominantplayersand/orexistingcaselaw
Copyright © 2016 IEEE. 26
AppendixIV:Top10IssuesTheissuesvoicedduringtherapid-firebrainstormingsessionattheWashingtonIEEEETAPForumwereclusteredinto10topicsforconsiderationoftargetedbreakoutsessions:
• Education• Datalocalization• Identitymanagement• Technologypolicydevelopmentprocess• Autonomy• Accountability• Tradeoffadjudication• Solutionsroadmapcreation• Ethics• End-to-endsecurity/privacybydesign
Copyright © 2016 IEEE. 27
AppendixV:CombinedIssuesList,Washington/TelAviv/SanJoseIEEEETAPForums
Washington
• Datalocalization• Educationandethics• End-to-endsecurity/privacybydesign• Technology-policydevelopmentprocess
TelAviv
• Userassessmentoftrustworthinessofdevices,enterprises,andgovernments• Educatingusersaboutcharacteristicsofinformationsociety• Machine-readableprivacyagreementsandwhoenforcesthem?
SanJose
• Threatsandopportunitiesindataanalytics• Multi-stakeholderInternetgovernance• ProtectingInternettraffic,managingmeta-dataanalysis,andhowtoimplementboth
securityandprivacyatscale• FragmentationoftheInternetduetolocalpoliciesandhowtoavoidit• Algorithmicdecisionmakingthatexacerbatesexistingpowerbalancesandethicalconcerns• HowtobestengageIEEEasaplatformforcontributingtotheresolutionoftheseand
relatedissues