report: ieee experts in technology and policy (etap)

Copyright © 2016 IEEE. 1

Version: 14 April 2016


ContentsContents.............................................................................................................................................2ExecutiveSummary............................................................................................................................3Introduction:IEEEInternetInitiativeandIEEEETAPForumSeries....................................................4WashingtonIEEEETAPForumInvitedSpeakers................................................................................5Keynote—Technology:DesigningPrivacyIntoInternetProtocols.................................................5Keynote—Policy:AchievingaSecureandResilientCyberEcosystem:AWayAhead....................7PanelDiscussion:IEEEEnd-to-EndTrustandSecurityfortheInternetofThingsWorkshop.........8PanelDiscussion:Privacy,Security,andInnovationChallengesinDifferentAspectsofIoT........10

DiscussionsandNextSteps..............................................................................................................13Conclusion........................................................................................................................................16AppendixI:Program.........................................................................................................................17AppendixII:Participants..................................................................................................................21AppendixIII:Rapid-FireBrainstorming............................................................................................23AppendixIV:Top10Issues...............................................................................................................26AppendixV:CombinedIssuesList,Washington/TelAviv/SanJoseIEEEETAPForums....................27


ExecutiveSummaryTheIEEEExpertsinTechnologyandPolicy(ETAP)ForumonInternetGovernance,Cybersecurity,andPrivacyinWashington,D.C.,on5February2016wasthethirdinaseriesofregionalmeetingsorganizedbytheIEEEInternetInitiativewiththeintentofcreatingaplatformconnectingtechnologydevelopersandpolicymakersinauniquelymeaningfulway.Morethan50diversestakeholdersfromaroundtheworld—governmentandindustryrepresentatives,legalpractitioners,andacademics—gatheredatTheGeorgeWashingtonUniversityfortheone-dayevent.Inadditiontohearingkeynotepresentationsandpaneldiscussionsonchallengesandopportunitiesintechnologyandpolicy,participantsidentifiednearly40specificconcernsduringarapid-firesessionandthennarrowedtheirfocustofourofthoseissuesformorein-depthbreakoutconversationsaboutpossiblenextstepsineach:

• Datalocalization,• Educationandethics,• End-to-endsecurity/privacybydesignand• Technology-policydevelopmentprocess.

TheforumconcludedwithachallengetocontinuethediscussionsatupcomingETAPForumsscheduledfor4March2016inDelhi,India,and17May2016inBeijing,China.


Introduction:IEEEInternetInitiativeandIEEEETAPForumSeriesInternetgrowthhasdeliveredtremendousinnovation,economicgrowth,andsocietalgoodglobally.ItsfuturebenefittohumanityisevenmorepromisingasmoreandmoreInternet-enableddevicesnetworkwitheachother.ThisInternetofThings(IoT)opensexcitingopportunitiesfornewservices,improvedproductivityandefficiency,real-timedecision-making,andinnovativeuserexperiences.Butwithmorenetworkedobjectscapableofsensingandcommunicating,newissuesarearisingintheareasofcybersecurity,privacy,andInternetgovernanceinmarketsaroundtheglobe.Fluidlyresolvingsuchissuesinanincreasinglyinterconnectedworldofmachines,services,andpeopleiscriticaltosupportingsustainabledevelopment,ongoingeconomicgrowth,andpublicsafetyandsecurity.Newtechnologypolicychallengesareemerging,andnewapproacheswillberequired.Collaborationacrosstraditionalprofessional,technological,andgeographicbarriersisneededtomeetthesechallenges.OngoingInternetinnovation,sustainability,andmarketgrowtharedependentoninformedInternetpolicy.Equally,Internetpolicydependsonsoundtechnicalguidance.TheIEEEInternetInitiativefacilitatesadialoguebetweenthetwohistoricallydisparateworldsoftechnologyandpolicy.TheIEEEInternetInitiativeconnectsthetechnicalcommunitytoglobalpolicymakingforInternetgovernance,cybersecurity,andprivacyinordertoinformdebateanddecisions,tohelpensuretrustworthytechnologysolutionsandbestpractices,andtosuccessfullyaddressthenewtechnologypolicychallenges.Theinitiativeprovidesaneutralenvironmentforcollaborationamongengineers,scientists,industryleadersandothersengagedinanarrayoftechnology,policy,andindustrydomainsaroundtheworld—tothecollectivebenefitofallstakeholders.TheIEEEInternetInitiativehelpsimprovethestateofknowledgeabouttechnologyanditsimplicationsandimpactonInternetgovernanceissues,anditraisesawarenessofpublicpolicyissuesandprocessesintheglobaltechnicalcommunity.TheIEEEETAPForumonInternetGovernance,Cybersecurity,andPrivacyisanimportantplaceforthedialoguebetweentechnologyandpolicyexperts.UndertheIEEEInternetInitiative'spurview,theIEEEETAPForumseriesservesasaplatformconnectingtechnologydevelopersandpolicymakersinauniquelymeaningfulway.BeginningwiththeMay2015ForuminSanJose,California,intheUnitedStates,andfollowedbyaforuminTelAviv,Israel,thegatheringshaveinvigoratedtheglobalconversationaboutthereal-worldissuesbeingconfrontedindifferentregionsinpublicpolicyandtechnologyforcybersecurity,privacy,andmulti-stakeholderInternetgovernance.


WashingtonIEEEETAPForumInvitedSpeakersTheIEEEETAPForuminWashingtonopenedwithatechnology-orientedkeynotepresentationbyJuanCarlosZuniga,principalengineeratInterDigitalLabs,andapolicy-orientedkeynotepresentationfromThomasRuoff,directorofinnovationforthechieftechnologyofficerwiththeU.S.DepartmentofHomelandSecurity.Next,twopaneldiscussionsaddressedregionalissuesanddevelopmentsrelatedtoInternetgovernance,cybersecurity,andprivacy.ThedaybeforethisIEEEETAPForum,theIEEEEnd-to-EndTrustandSecurityfortheInternetofThingsWorkshopwasconducted.ThefirstpanelistsofthisIEEEETAPForumsharedinsightsfromthatworkshop:

• MarkCatherwiththeUniversityofMarylandBaltimoreCounty,whospokeonIoTpolicyandstandards;

• FlorenceHudsonwithInternet2,whospokeonIoTscenariosandusecases;

• RichardBennett,anindependentconsultanttopolicy-makers,whospokeonaccesscontrolandidentitymanagementintheIoT,and

• RobertMartinwithMITREandSusanHyonParkerwithCarnegieMellonOpenLearning,

whospokeonIoTarchitecturalframeworks.Thesecondpaneldiscussionconcentratedonprivacy,security,andinnovationchallengesinvariousaspectsoftheIoTandpresentedobservationsfrombothverticalandhorizontalperspectives:

• GlennFinkwithPacificNorthwestNationalLaboratory,whospokeontheuseofIoTinprecisionagriculture;

• CarlLandwehrwithTheGeorgeWashingtonUniversity,whospokeonIoTandhealth;

• SaifurRahmanwiththeVirginiaTechAdvancedResearchInstitute,whospokeonIoTandsmartcities;

• WilliamWhytewithSecurityInnovation,whospokeonIoTandtransportation,and

• EkaterinaRudinawithKasperskyLab,whospokeoncommonapproachesindifferent

domains.

Keynote—Technology:DesigningPrivacyIntoInternetProtocolsInhistechnology-focusedkeynotepresentation,“DesigningPrivacyIntoInternetProtocols,”JuanCarlosZunigawithInterDigitalLabsaddressedtheurgencyoftheissuesfacedbytheprofessionalsgatheredattheIEEEETAPForum.HepositedthatpeoplemaynotbeabletoeffectivelyoptoutoftheIoTinthefutureandthatinterconnectionofdevicesishappeningsoquicklythat“it’sgoingtobeveryhardtostopanythingthatwedowrong.”hesaid.“Sowebetterdoitrightthefirsttime.”


PrivacyintheIoTAge

Mr.Zunigahighlightedtheprivacyworkinthreestandards-developmentorganizations(SDOs)fortheInternet:IEEE,theInternetEngineeringTaskForce(IETF),andW3C.IntheprivacyworkoftheIEEE802®LAN/MANStandardsCommittee,IETF,andW3C,effortshavebeennarrowlyfocusedonindividuals,limitedtowhatcanbeaddressedinprotocoldesign(vs.deploymentandoperation),andhaveassumedastrictlytechnicalscope(withoutreferencetomarket-to-marketpolitical/policydifferences,particularlegalframeworks,ormotivationforattacks).AmongtheprivacythreatsthatMr.Zunigahasconfrontedinhisworkareidentification,correlation,secondaryuse,disclosure,exclusion,surveillance,storeddatacompromise,intrusion,andmisattribution.“Identificationisoneoftheclearoneswe’vebeentracking,”hesaid.“Trackingmobiledevicesofby-passersisaveryeasyjob,evenifdevicesarenotconnectedtoanynetwork.”Correlation—profilingauserbycombiningmultiplepersonallyidentifiable(PI)attributes—isanotherincreasinglysignificantthreatwiththegrowthoftheIoT.ThevarietyofPIattributesisexplodingintheIoTwithsensoryandcommunicationscapabilitiesbeingaddedtosomanynewdevices.Whatbehaviorsaboutuserscouldbecorrelated(andsecuritythreatsintroduced)if,forexample,aparticularlightbulbwithanInternetProtocol(IP)addressisturnedoffeverytimeababygoestosleeporifalightbulbisturnedoneverytimesomeoneinthehometakesashower?AsaresultofthenewchallengesintroducedbyIoTproliferation,Mr.Zunigasaidthatcertain“PrivacybyDesign(PbD)”principlesarebeingembracedinprotocoldevelopment,suchas:

• Thatproactive/preventive,notreactive/remedial,isthepreferredapproach;

• Thatmaximumprivacymustbethedefaultsettingsofnewtechnologies(sotheonusisnotonnoviceuserstoturnonprotection);

• Thatprivacyisembeddedintodesign;

• Thattheremustbefulllifecycle,end-to-endprotectionofPIinformationfrompointsof

datagenerationtoterminationandeachpointinbetween,and

• ThatasfewPIattributesshouldbecollectedaspossible.

Q&A

AmongthequestionsfromtheaudienceafterMr.Zuniga’spresentationwasoneaboutwhethertheprivacyquestionsbeingaddressedintheIEEE802,IETF,and3WCenvironmentsweremedium-specific.Mr.Zunigaconfirmedthat,inthesamewaythatthreatsareprevalentirrespectiveofthemedium,soistheprivacyworkthatisunderwaywithintheSDOs.Hewasalsoaskedaboutthepurelytechnicalapproachtoaddressingprivacyconcerns.Mr.Zunigadiscussedinstancesinwhichactivitywaslegalinsomemarketsandillegalinothers.Plus,hesaid,“unfortunately,rightnow,it’sveryeasytotrackusers—youdon’tneedhugeinfrastructuretodoa


bunchofbadthingsintheworld.”Totheendofprotectingasmanypeopleaspossible,hesaid,effortshavebeenfocusedoninstanceswhere,fromaprivacyandsecuritystandpoint,thereisnodifferenceintechnicalrequirementsofasolution,regardlessofthemotivationofanattack.

Keynote—Policy:AchievingaSecureandResilientCyberEcosystem:AWayAheadInthesecond,policy-orientedkeynote,“AchievingaSecureandResilientCyberEcosystem:AWayAhead,”ThomasRuoffwiththeU.S.DepartmentofHomelandSecuritysaid,“Thebadguysaregettingbetter,andwhatIthinkisimportanttounderstandisthattheattacksaregettingmoresophisticatedataratethatisoutpacingourabilitytocounterthem.”“Ifwethinkwecan‘man’ourwaysoutoftheproblem,thenwe’rekiddingourselves.That’sapolicydecisionthatthegovernmenthasmade—you’renotgoingtogetenoughfolks;youneverwill,”hesaid.“Andourabilitytodetectandrespondistooslow,soweintheDepartmentofHomelandSecuritydonotbelievewecandetectourwayoutofproblem.It’snotgoingtohappen.Why?Becausethedetectionmethodsalwayslag.”Consequently,theDepartmentofHomelandSecurityisworkingtowardasecureandresilientcyberecosystem.Mr.Ruoffwalkedtheaudiencethroughtheinterrelatedchallenges,proposedsolutions,andmechanismsenablingeffectiveandefficientriskmitigationtowardachievingsuchanecosystem:

• Forthechallengeofdisparatesecuritytoolsfailingtoprovideanintegratedtoolset,hesaid,theproposedsolutionisinteroperability.Acommondatamodel;dataandtransportstandards;openapplicationprogramminginterfaces(APIs),frameworksandcontrolplanes;andrapidintegrationacquisitionareviewedasthemechanismsforachievinginteroperability.

• Forthechallengeofadversariesinnovatingatafasterratethandefenders,hesaid,the

proposedsolutionisautomation.Acommondatamodel,orchestration,andsharedCoursesofAction(COAs)arethenecessarymechanismstoachieveautomation.

• Forthechallengeoflimitedautomatedauthentication,hesaid,theproposedsolutionis

trust.Securityarchitecture,authenticationinfrastructure,andestablishedpartnershipsaretheneededmechanismstoachievetrust.

• Forthechallengeofsecurityanalystshavingincompleteknowledgeandsituational

awarenessoftheirenterpriseandoverallecosystemsecurityhealth,hesaid,theproposedsolutionisinformationsharing.Acommondatamodel,informationsharing,andauthenticationinfrastructurearethenecessarymechanisms.

• Andforthechallengethatthecommunicationsinfrastructurecouldbeattacked,the

solutionisassuredcommunications,withresilientcommunications,priorityservices,andinterconnectedinfrastructuresviewedasthenecessarymechanisms,hesaid.


Toward‘EASE’

Mr.RuoffsaidthattheDepartmentofHomelandSecurityenvisionsan“EnterpriseAutomatedSecurityEnvironment(EASE),”information-sharinginfrastructure,and“cyberweathermap”asinter-relatedcomponentsofasecureandresilientcyberecosystem.TheDepartmentofHomelandSecurity’saccomplishmentstodateinachievingasecureandresilientcyberecosystem,hesaid,aredevelopingarequestforinformation(RFI)foramessagingbus,athoughtleadersroundtable,workshop,COAWorkingGroup,andafocusgrouponthemessagefabric.“Wewanttounderstandthelocalstateoftheart…wehavehadthoughtleadership,sowecalledinthesmartfolksfromalloftheacademicandvendorcommunitiesandasked,‘Wheredoyouthinkweshouldgo?’”Mr.Ruoffsaid.“WeinDepartmentofHomelandSecuritydonotbelievethatweshouldbetellingthepathordefiningthepath.Wethinkweshouldbeleadingfrombehind,facilitatingthediscussion.Why?Becausewearehumbleenoughtounderstandthatwearenotassmartasotherpeopleinthecommunity,butweareinapositionwherefacilitationwillleadtosuccess.”

Q&A

AmongthequestionsfromtheaudiencefollowingMr.Ruoff’skeynotewashowstandardsdevelopmentcanbeinformedbytheDHSneeds,andheencouragedattendanceatthedepartment’speriodiccommunity-dayforums.Oneattendeequestionedthegovernment’scommitmenttoinformationsharingandwhetherthatnotiondemandedaculturechange.Mr.Ruoffsaid,“Thepresidentfeltexactlythesameway,soaboutsixmonthsagohesentoutapresidentialdirectivetellingtheDepartmentofHomelandSecuritythattheyhavetotakeautomatedinformationsharingseriously.”Hesaidsubstantialinvestmentisbeingplacedininformation-sharingsystemsprogrammatics.Anotherquestionaddressedthepossibilityofmonitoringsystemsbeingusedformalwareattacksonthecyberecosystemarchitecture.Mr.Ruoffacknowledgedthisissueof“givingtheadversarythekeystothekingdom—iftheygetinsidetheorchestrator,theywin”—andhesaidcreatinganapproachtoprohibitsuchanattackisthefocusofdevelopmentactivitynow.

PanelDiscussion:IssuesHighlightedatthe4February16IEEEEnd-to-EndTrustandSecurityfortheInternetofThingsWorkshop

ThedaybeforetheIEEEETAPForum,industrytechnologistsgatheredforaworkshoponthedevelopmentofanopenarchitecturalIoTframeworkattheinvitationofIEEE,Internet2,andtheNationalScienceFoundation(NSF).Presentationsweregivenaddressing“TIPPSS"elementsinrelationtoIoT:trust,identity,privacy,protection,security,andsafety.AttheIEEEETAPForumon5February,participantsofferedsummariesoffourpresentationtracksfromthe4FebruaryIEEEEnd-to-EndTrustandSecurityfortheIoTWorkshop.

PolicyandStandards

MarkCatherwiththeUniversityofMarylandBaltimoreCountyreportedthatabout10peopleparticipatedinthepolicyandstandardstrack.Hesaidonetopicofconversationwasthe


importanceofconsumertrustinrealizingIoTpotentialgrowth,forecastedat“50to200billiondevicesby2020or2025dependingonwhatresearchyoulookat.”TheIoTgrowthforecastssuggestameshedwebofthingstobesecuredandmaintained,includingdevices,Mr.Cathersaid,“madebyanyonefromhobbyists,tosmallcompaniesintheirbasements,tohuge,multinationalcompanies.”Notonlydoesthisidentifytheneedforflexiblestandardsthatarerelevantforverydifferentmanufacturers;participantsnotedthatthisdiversityrendersstandardseducationasignificantchallenge.AnotherchallengewithregardtostandardsdevelopmentfortheIoTwillbethatthesecurityofdeviceswillhavetobethoughtofintermsoftheirsystem-levelcontext—alightbulbinabedroomandalightbulbinasurgeryroomwillhavevaryingneedsofencryption,authentication,privacy,security,etc.Mr.Cathersaidtheparticipantsdiscussedtheneedforworkinthepolicyandstandardsenvironmentstodovetail,aswellasacapabilitytopushregulatoryandstandardsinformationouttoIoTdevelopersmorerapidlygiventhefasterpaceoftechnologicalchange.

ScenariosandUseCases

FlorenceHudsonwithInternet2discussedactivitiesinthescenariosandusecasesgroup,whichshesaidinvolvedabout30people.Participantstalkedabouthowandwheretechnologyandpolicyblendandtheimportanceofcreatingacommonlysharedlanguagebetweenthetwoworldsandidentifyingindividualswhocanconnectdeeplyonbothsides.Shesaidthatsomeparticipantsfeelthegapbetweenpolicyandtechnologyisactuallygrowing.Ms.HudsonsaidparticipantsinthescenariosandusecasesgroupdiscussedtheneedfordutyandresponsibilitiesforTIPPSSamongdevelopersandthecrucialroleofengineeringethicsintheexpandingIoTeconomy.OrganizationsfromwithintheverticalmarketsofIoTdevelopmentwillhavecriticaldomain-specificviewsintosuchefforts.Asanexample,sherelatedquestionssurroundingdefenseindepthinrelationtousageofconnectedinsulinpumpsinaneHealth,distributed-carescenario:Howcanitbeensuredthattheindividualcheckingthedatafromsuchapumpistherighthealthcareprovider?Howfrequentlyistheindividual’scertificationchecked?“Oneofthechallengesisthatpeople/citizensassumesomebodyisworryingaboutthisforthem,andthatwouldbeus,”Ms.Hudsonsaid.“Wehavetogofromworryingaboutitandbeingthoughtleaderstobeing‘do’leaders.Wereallyhavetorisetotheoccasion.”

AccessControlandIdentityManagement

RichardBennett,aconsultant,reportedonthediscussionsoftheaccesscontrolandidentitymanagementgroupatthe4FebruaryIEEEEnd-to-EndTrustandSecurityfortheIoTWorkshop.Topicsdiscussedincludedprivatebiometricverification,establishingconnectivityintheIoT,virtualorganizations,and“IoTSecurity:ANightmareinProgress.”Hesaidthatthegeneralsenseofthegroupwasthat,whileaccesscontrolsandauthenticationarenotsolvedproblems,themechanismsthatcurrentlyexistareadequateforaddressingtheseproblems.However,Mr.Bennettsaid,“thereisclearlyagapbetweenavailabletechnologiesandthestuffpeopleareusing.”Persistentidentifiers,thegroupdiscussed,presentanissueinthattheycanbecorrelatedwith


activities,leadingtodiscoveryofthingsaboutthatuserandpotentiallycreateanopportunitytobreakintothesystem.Mr.BennettsaidthegroupaffirmedtheimportanceofstandardsinthespaceanddiscussedthenecessityofnewwaysofthinkingabouttheissuesofaccesscontrolandidentitymanagementthatareintroducedintheIoT.Forexample,therewillbeinterconnecteddevicesthatdonothaveusernamesandpasswords,therewillbeaneedtoidentifythatthecorrectsoftwareiscontrollingasystem,andtherewillbeautonomousdevicesthatfunctionmuchlikepeoplebutcannotbeauthenticatedinthesamewaysashumanusersare.

ArchitecturalFramework

RobertMartinwithMITREandSusanHyonParkerwithCarnegieMellonOpenLearningpresentedonthearchitecturalframeworkbreakout,inwhich25to30peopleparticipated.“Weneedtomakesurewedon’tfallpreytocallingthisend-to-endsecurity,whenreallywewanttotalkaboutend-to-endsecurityandsafety,”Mr.Martinsaid.“It’sreallynotanetworkissue.Don’ttakeanetwork-securityapproachtothis,becauseit’sreallyeachelement,eachnode,thesoftwareonthosenodes…Ifweonlycometothisastheintegrityofthenetwork,wewillfailgloriously.FortheIoT,safetyneedstobeconsideredalongwithprivacy,theperformanceissues,reliability,resilience,and,ofcourse,thesecurityofthesesystems.”Ms.HyonParkeraddedthatthisledthegrouptodiscusstheneedforamoreholistic,rigoroussystemsapproachforIoTsystemswithintegratedhardwareandsoftwarerulesandguidelines.Theoverallprofessionalismofthesoftwareworkforcewasapointofemphasisinthediscussion.Whileeveryotherengineeringtradehasestablishedlicensingandcertificationlandscapes,thegroupdiscussed,thosearenotasprevalentinthesoftwarearena.Withoutstandardizedbestpracticesandadocumentedunderstandingofsoftwaredevelopers’qualifications,howcansystemreliability,security,andsafetyintheeventoffailureormaliciousactivitybeassured?ThegroupdiscussedtheirperceptionofagenerallackofrespectforhowtransformationalIoTislikelytobeinpoliciesacrossindustries.Effectivepolicydefinitionwilldemandthatinterestgroupsconsiderawholenewsetofregulatorycriteriaasitrelatestovariousindustrysituations.

PanelDiscussion:Privacy,Security,andInnovationChallengesinDifferentAspectsofIoT

ThesecondpaneldiscussionofferedaperspectiveonthechallengesbeingconfrontedinIoTimplementationfromfourverticalmarketswheredeploymentisintensifying—healthcare,smartcities,transportation,andprecisionagriculture—aswellasthehorizontalperspectiveofcommonapproachesacrossdomains.

Healthcare

CarlLandwehrwithTheGeorgeWashingtonUniversitynotedthattheissuesaroundprivacy,security,andinnovationinhealthcarearegenerallywellrecognized.Agreatdealcanbelearnedaboutpatientsandcarestrategiesbypoolinghealthrecords,buthowcanthatinformation,whichisclearlyprivateandsensitive,beeffectivelyprotected?“SpeakingfortheU.S.legalenvironment,ingeneralthatinformationisprotectedifit’sinaregularmedicalhealthcaresystem,butit’snot


protectedinacommercialenvironment,”Mr.Landwehrsaid.“So,policyisgoingtohavetodealwiththefactthatwehaveatremendousamountofinnovationgoingonatthesensorendofthings.”HealthcareintheIoTpresentsuniquechallenges.Forexample,genomicdatastorageandusepresentsitsowncomplexsetofissuesthatmustbeaddressed,hesaid.Hackabilityofmedicaldevicesisawell-knownproblem.Mr.Landwehrsaidthereareeffortstomovetowarda“medical-devicesecuritycode,”alongthelinesofbuildingcodesthatgovernmentsadoptandgivelegalforce.Moreintegrationwillbeneededacrossthemedicalindustry,hesaid,intermsofinteroperabilitystandards,protocols,andauthenticationtechniquesinthenextdecades.Also,innovationinpersonalizedmedicine,suchaspotentiallynetworksthatinterconnectwithhumans’biologicsystems,willintroducechallenges.

SmartCities

SaifurRahmanwiththeVirginiaTechAdvancedResearchInstitutediscussedthepromiseofsmartcitiestoaddressurbanchallengesinareassuchaspollution,energyefficiency,security,parking,traffic,andtransportationbyutilizingadvancedtechnologiesindatagatheringandcommunications.Acomplexarrayofsmartelementsundergirdssmartcities—energy,transportation,healthcare,e-governance,publicsecurity,etc.—“andtheseallhaveinterconnectionsandvulnerabilitiestoexploit.”Smartbuildingsareoneoftheimportantpiecesofsmartcities,hesaid.VirginiaTech,hesaid,hasbeenparticularlyengagedininnovationaroundsmartbuildings,whichconnectabuilding-automationsystemwithsystemsforbuildingoperations(suchasheatingandairconditioning,lighting,watersupply,sensornetwork,andfireemergency)forsignificantefficiencies.VirginiaTechprovidesalivinglaboratoryfordevelopmentandrefinementofitsBuildingEnergyManagementOpenSourceSoftware(BEMOSS)solutionthatisengineeredtoimprovesensingandcontrolofequipmentinsmall-andmedium-sizedcommercialbuildings.Mr.Rahmansaid,“Wefocusonplug-and-playdevices,becausethat’swherethevulnerabilitiescomein,”andthenexperimentwithstrategiesforeliminatingormitigatingissues.

Transportation

WilliamWhytewithSecurityInnovationdiscussedresearchandinnovationinconnectedvehicles.Hesaidithasbeenestimatedthat,oftheroughly6millioncrashesthatoccurintheUnitedStatesannually,4.5millioncouldbeeliminatedwithIEEE802.11™“Wi-Fi®”-basedcapabilitiesformonitoringandcommunications.Hesaidheexpectsfutureregulatorymandatestoaddressinclusionofsuchtechnologyinautomobilesthatwould,forexample,broadcast10times/secondavehicle’slocation.Marketacceptancewillbeakeyissuetoensurethatthebenefitsenvisionedwiththesafety-of-lifesystemareactuallyrealized.Ifauserturnsoffthetechnologybecauseofprivacyconcerns,forexample,overallcrashavoidancewillbemuchlesseffectivebecausedevicesinallthecarspotentiallyinvolvedinacollisionmustbeenabledinorderforthesystembenefittoberealized.“Ifyoudecreasepenetrationrateby1percent,youdecreasetheeffectivenessby2percentwhenyou’reupnearfulldeployment,”Mr.Whytesaid.“So,makingthisasystemthatpeoplearecomfortablehavingintheircarsisvitaltotheoverallsystemsuccess.”


Mr.Whytediscussedlessonslearnedfromrecenthacksofconnectedvehiclesandissueswiththeremediationstepsthatmanufacturerstook.Healsotalkedaboutsupportinglegacytechnologiesinconnectedvehicles,giventhatpeopleoftenkeepandoperateindividualautomobilesformanyyears.

PrecisionAgriculture

GlennFinkwithPacificNorthwestNationalLaboratorydiscussedsecurityandprivacyin“theInternetofcows—andthebroaderareaofprecisionagriculture,”whichhearguedmightbetheoldestIoTapplication.“Ourinterestincowsisactuallyasastand-inforhumans,”hesaid.“Youcanreallyinstrumentcows.Theyaremoving,livingcreatures,andtheyreacttotechnology.”Leveragingcontinuousmonitoringforindividualizedcareandtracking,earlydiseasewarning,farm-to-forkprovenance,etc.PrecisionagricultureisavaluableusecasewithregardtothegreaterIoTbecause,hesaid,“wecanlearnalotfromcowsinwaysthatyoudon’thavetoworryaboutprivacyissueswithhumans—thecowsdon’tworrysomuchaboutprivacy.”IoTcapabilitiesinprecisionagricultureeffectivelymakevisiblethingsthatwerenotvisiblebefore.Forexample,feedingcanbemonitoredperanimal.Earlydetectionofinfectionsbyleveragingvocalizationtrackingandanalyticscanhelpstopdiseasespread.Deathratescanbemonitoredperfarmtoidentifyproblemfacilities.Insuchways,precisionagricultureadvancesanimalwelfareandproduction,Dr.Finksaid.Furthermore,betterunderstandingofhowanimalsliveandworkalsooffersimportantinsightsintohowtheIoTmightbeusedtobenefithumanityaswell.

CommonApproachesinDifferentDomains

EkaterinaRudinawithKasperskyLabdiscussedthegenerallackofreadinessforIoTproliferation.“Theenvironmentisstilldangerous,”shesaid.“…ActuallyInternetofThingsisnotreadytoInternet,andcyber-securityisnotreadytogetcyber.”Shedescribedarecent“capture-the-flag”competition,inwhichparticipantsfromvariousspecializationswerechallengedtobreakintoascalemodelofanelectricalsubstation.Withinonlyafewhours,third-partyspecialistsseizedcontroloverthemodelsubstation’sprocessesandcreatedatotalblackout.Whentheywereinterviewedaftertheircompetitionthewinnerssaidthesecurityfunctionalityinthemodelwascircalate1990s.Ms.Rudinadescribedthepromiseofa“new-foundsecondwind”ofestablishedtechnologies:.“Actually,wedonothavetoinventsomenewprinciplesornewarchitectures,”shesaid.“Wehavealotofarchitecturalsolutionsproposedmanyyearsago,andnowwecanusethemforcontemporarytechnologies.Well-knownsecurityprinciplesandpracticesmaybeapplied…Wehavenowalotofachievementsincomputersecuritytheoryandalotofachievementsinthetechnologyareas,andwejustneedtojointheseachievementstoprovideuswithamoresecureandreliableInternetofThingsthatiscoming.”


DiscussionsandNextStepsJaredBielbyoftheInternationalCenterforInformationEthicsreviewedthepreviousIEEEETAPForumevents(18May2015inSanJose,California,USA,http://sites.ieee.org/etap-sanjose/forum-report/,and10August2015inTelAviv,Israel,http://sites.ieee.org/etap-israel1/report/).Next,theWashingtonmeetingdistilledtheindividualissuesthatparticipantsvoicedinarapid-firebrainstormingsession(seeAppendixIII)intoalistof10clustersofissues(seeAppendixIV).IEEEETAPForumco-moderatorClintAndrewswithRutgersUniversityledparticipantsinvotingonthe10issuesanddiscerningfourhigh-priorityareasofconcernforfurtherdiscussion:

• Technology-policydevelopmentprocess• End-to-endsecurity/privacybydesign• Datalocalization• Education

Theresultsofthediscussionsinthebreakoutsessionarepresentedbelow.

Technology-PolicyDevelopmentProcess

MaryLynneNielsenwithIEEEpresentedtheconversationaroundtechnology-policydevelopmentprocess.Shesaidthegroupdiscussedanumberofleversimpactingthepolicylandscapetoday,includingoperationalbestpractices,guidelines,andinteroperabilitystandards;educationaltoolsforbothlawmakersandregulators;andthecallstoactionsflowingoutofcontributionsfrominformedindividualsandorganizations.Thegroupthenoutlinedavarietyofpotentialnextpossibleactions:

• Progressivelymaturingtheglobal-scalediscussionsbyidentifyingnuggetsofconversation,exploringthoseareas,andbuildingcommunitiesaroundthem;

• Creatingtipsandtoolsand/orhostingeventstoalleviatetensionacrosstechnologicaland

regulatorycommunitiesofdifferentjurisdictions;

• IdentifyingfundamentalpolicyprinciplesthatarebeingcalledintoquestionbytheproliferationoftheIoT(forexample,istherighttoconsent—to“optin”or“optout”—evenfeasibleintheincreasinglyconnectedworld?);

• Facilitatingnational,aswellasinternational,conversationstoaddresscontextualized

standardsneeds,and

• ReviewingexistingstandardsforgapsandIoTneeds.

End-to-endSecurity/PrivacyByDesign

AlanChachichwiththeU.S.DepartmentofTransportationrecappedthediscussiononend-to-endsecurityandprivacybydesign.Agreeingthatprofit,cost,andfeatureslikeconveniencecurrentlyarehigherprioritiesinInternetdevelopmentthansecurityandprivacyprotection,thegroupconsideredthequestionofwhatcanbedonetochangeincentives.Withoutchangingthatbalance,therewillnotbeasecureIoT,Mr.Chachichsaid,andaninsecureIoTmayhavegrave


consequencesforhumanity.Thegroupcreatedamulti-dimensionalframeworkpicturetovisualizetheproblembeingconfrontedandtalkedabouthowIEEEcaninfluenceprogress--wherearethe"hotspots"whereIEEEcanmakeadifferencetoincreasesecurityandprivacy?Mr.ChachichsaidthatthegroupdeterminedthattherearetwoareaswhereIEEEmightexerciseinfluence:designandpolicy.HesaidthegrouplookedatplaceswheretheIEEEtechnologyactivitiesandlobbyingcapacitymightoverlap—forexample,thepotentialroleoffinancialandcriminalpenaltiesarounddataownershippolicy.Hesaidthegroupagreedthat,insteadofimposinglaws,economicincentivesareprobablybetterforallstakeholdersandultimatelymoreusefulinachievingdesiredresults.Asfornextsteps,Mr.ChachichsaidthegroupsuggestedthatIEEEcouldstrivetocreatealayeredmodel,suchastheOpenSystemsInterconnection(OSI)networkmodel,toguidepolicy.Aftersurfacingalltheimportantdesignandpolicyfactorsthatcouldadvanceend-to-endsecurityandprivacybydesign,IEEEcouldthenidentifythosewhereitcouldhavethemostimpactandcreateaplanofaction.

DataLocalization

MichaelNelsonwithCloudFlaresummarizedthebreakoutsessionondatalocalization.Participantsdiscusseddifferencesintheinternationallandscapeontheissue.Forexample,insomecases,countriesmightwanttokeepdataclosebecauseofreasonshavingtodowithenforcingprivacyprotections,extendingorlimitinglaw-enforcementaccess,andprotectingnationalindustries.Thegroupalsodiscussedtheargumentsandcounter-argumentsarounddatalocalization(e.g.,isdistributeddatalessprotected,aresmallercountrieslessprotected,andisitadvantageoustoreducethesizeoftargetsforcyberterrorists?).Potentialnextstepsproposedbythegroupincludeddevelopingcasestudies(housemonitoring,medicaldevicesthattravelwithusers,efficientrouting,etc.);gatheringeconomicanalysisandperformingtechnicalanalysis;exploringcertificationfordatapracticesandwhere,forexample,IEEEmightbeabletodevelopadequacychecklistsforeducatinggovernments;andsurveyingwherepolicyisbeingwrittenandinwhatareasthatadditionaleducationisnecessary.

EducationandEthics

EmilyNicholswithInternet2reportedthattheeducationandethicsbreakoutsessionfocusedonfourpossiblenextsteps:developingcontentandprogramsforeducationandethicsaroundIoT,identifyingpartnerchannelsforcreationanddistributionofcontent,determiningperformanceindicators,andassigninganimplementationowner.ThegroupsuggestedIEEEastheownerofprogramsforeducationandethicsaroundIoTbecauseoftheorganization’sprovenrangeofservicesinthespaceandtechnologicalandglobalscope.


ContentcouldaddressengineeringethicsandtheTIPPSSattributes;reflectmultiplegenerationalviewpointsonprivacy,sharing,andtrust;andincorporatemeaningfuliconographyand/orbeembeddedingamingenvironmentstocreativelydemonstrateconcepts.Ms.Nicholsalsodetailedalistofpossiblepartnerchannelsthatthegroupenvisioned,including

• Diversityandindustryorganizations,• Communityorganizations,• Schools,• Teacherunions,• Philanthropicorganizations,• Libraries,• Do-it-yourself/makercommunities,• Industrypartners,and• Professionaltradeassociationsandcertificationorganizations.


ConclusionInadditiontothesuggestednextstepsfromthebreakoutsessionsindatalocalization,educationandethics,end-to-endsecurity/privacybydesign,andtechnologypolicydevelopmentprocess,thisIEEEETAPForumconcludedwithco-moderatorandIEEEInternetInitiativeChairOlegLogvinov’schallengetoparticipantstocontinuetheconversationintheweeksahead.Heaskedparticipantstoelaborateontheissuestheyvoicedduringtherapid-firebrainstormingearlierinthedayintoone-ortwo-paragraphexplanationsthatwouldmorebroadlyoutlineconcernsandpotentialactions.Mr.Logvinovsuggestedthattheexplanationsmightsparkanevenmorewide-rangingglobalconversationandcross-pollinationofideasonprivacy,cybersecurity,andInternetgovernance,leadingintothenextregionalIEEEETAPForumgatherings,whicharescheduledfor4March2016inDelhi,India,and17May2016inBeijing,China.“Eliminatingthegapbetweentechnologyandpolicyentirelyprobablywillnotbepossibleforsometime,”Mr.Logvinovsaid.“But,atleast,ifwecanstartclosingthatgap,wewillhavemadeaverypositiveandveryimportantstepforward.”

JointheConversation

TheIEEEInternetInitiativeworkstoinformdebatesanddecisionsinprivacy,cybersecurity,andInternetgovernanceandtohelpensuretrustworthytechnologysolutionsandbestpractices.Withtechnologypolicychallengesemergingincybersecurity,privacy,andInternetgovernancearoundtheworld,theIEEEInternetInitiativeconnectsengineers,scientists,industryleaders,andothersengagedinanarrayoftechnologyandindustrydomainsgloballywithpolicyexpertsinaneutralenvironment,forthecollectivebenefitofallstakeholders.TherearemanywaystoengagethroughtheIEEEInternetInitiative.Pleasevisithttp://internetinitiative.ieee.orgoremailinternetinitiative@ieee.orgformoreinformation.


AppendixI:ProgramTheIEEEExpertsinTechnologyandPolicy(ETAP)ForuminWashington,D.C.,USA,on5February2016wasthethirdinaseriesofregionalmeetingstoadvanceaglobal-scalediscussionabouttoppublic-policyissuesincybersecurity,privacy,andmulti-stakeholderInternetgovernance.Morethan50diversestakeholdersfromaroundtheworld—governmentandindustryrepresentatives,legalpractitioners,andacademics—gatheredatTheGeorgeWashingtonUniversityfortheone-dayeventorganizedbytheIEEEInternetInitiative.Location:MarvinCenteratTheGeorgeWashingtonUniversityModerators:OlegLogvinovandClintAndrewsOlegLogvinovAftergraduatingfromtheTechnicalUniversityofUkraine(KPI)withtheequivalentofaMaster’sdegreeinelectricalengineering,OlegLogvinovworkedasaseniorresearcherattheR&DLaboratoryoftheUkraineDepartmentofEnergyattheKPI.Duringthelast25yearsMr.Logvinovhasheldvariousseniortechnicalandexecutivemanagementpositionsinthetelecommunicationsandsemiconductorindustry.HecurrentlyservesontheIEEEIoTInitiativeSteeringCommitteeandisthepastmemberoftheIEEEStandardsAssociation(IEEE-SA)StandardsBoardandtheIEEE-SACorporateAdvisoryGroup.InJanuaryof2015Mr.LogvinovwasappointedasthechairofIEEEInternetInitiative.TheIEEEInternetInitiativeconnectsengineers,scientists,industryleaders,andothersengagedinanarrayoftechnologyandindustrydomainsgloballywithpolicyexpertstohelpimprovetheunderstandingoftechnologyanditsimplicationsandimpactonInternetgovernanceissues.Inaddition,theInitiativefocusesonraisingawarenessofpublicpolicyissuesandprocessesintheglobaltechnicalcommunity.Mr.LogvinovalsoactivelyparticipatesinseveralIEEEstandardsdevelopmentworkinggroupswiththefocusontheIoTandcommunicationstechnologies.Mr.LogvinovisthechairoftheIEEEP2413™InternetofThings(IoT)ArchitectureWorkingGroup.HehelpedfoundtheHomePlugPowerlineAllianceandisthepastPresidentandCTOoftheAlliance.Mr.Logvinovhas24patentstohiscreditandhasbeenaninvitedspeakeronmultipleoccasions.ClintAndrewsClintAndrewsisaprofessorintheBlousteinSchoolofPlanningandPublicPolicyatRutgersUniversityandwaspreviouslydirectoroftheUrbanPlanningprogram.Hisexpertiseisinthesubstanceandprocessesofenergyandenvironmentalplanningandpolicy.HewaseducatedatBrownandMITasanengineerandplanner.HeisamemberoftheAmericanInstituteofCertifiedPlanners,aLEEDAccreditedProfessional,andalicensedProfessionalEngineer.Previousexperienceincludesworkingintheprivatesectoronenergyissues,helpingtolaunchanenergypolicyprojectatMIT,andhelpingtofoundasciencepolicyprogramatPrinceton.AndrewscurrentlyservesontheBoardofGovernorsoftheAmericanCollegiateSchoolsofPlanning,isapastmemberoftheBoardofDirectorsoftheIEEEandtheInternationalSocietyforIndustrialEcology,andawinneroftheIEEE’s3rdMillenniumMedal.HisbooksincludeIndustrialEcologyandGlobalChange,RegulatingRegionalPowerSystems,andHumbleAnalysis:ThePracticeof


JointFactFinding.StartTime EndTime Program

8:15am 9:00am Networkandcontinentalbreakfast

9:00am 9:15am Introductions

OlegLogvinov

9:15am 9:35am KeynotePresentation—TechnicalDesigningPrivacyintoInternetProtocolsJuanCarlosZunigaJuanCarlosZunigaisaPrincipalEngineeratInterDigital,whereheleadsthestandardizationactivitiesonvirtualization(NFV/SDN),denseandheterogeneouswirelessnetworks(cellular,Wi-Fi,IoT),contentmanagement,andInternetprivacy.Hehasheldleadershiprolesandcontributedindifferentstandardsfora,suchasIEEE802,IETF,ETSI,and3GPP.Heisco-chairoftheIETFInternetAreaworkinggroupandex-chairoftheIEEE802ExecutiveCommitteePrivacyRecommendationstudygroup.Previously,heworkedwithHarrisCanada,NortelNetworksUK,andKb/TelMexico.JuanCarlosreceivedhisengineeringdegreefromtheUNAM,Mexico,andhisMScfromtheImperialCollegeLondon,UK.HehasseveralpublicationsandhasbeenguesteditorfortheIEEECommunicationsMagazine.JuanCarlosisinventorofover50grantedpatents.

9:35am 9:55am KeynotePresentation—PolicyAchievingaSecureandResilientCyberEcosystem:AWayAheadThomasRuoffDirectorofInnovationfortheChiefTechnologyOfficerwiththeU.S.DepartmentofHomelandSecurity


StartTime EndTime Program

10:00am 10:55am PanelOverviewofissueshighlightedattheIEEEEnd-to-EndTrustandSecurityfortheInternetofThingsWorkshopOlegLogvinov(moderator)MarkCatherFlorenceHudsonRichardBennettRobertMartinSusanHyonParker

10:55am 11:05am Break

11:05am 12:00pm PanelPrivacy,security,andinnovationchallengesindifferentaspectsofIoTOlegLogvinov(moderator)CarlLandwehrWilliamWhyteSaifurRahmanGlennFinkEkaterinaRudina

12:00pm 12:30pm Rapid-fireround-upofkeyissuesfromallparticipantsClintAndrews

12:30pm 1:15pm Lunch


StartTime EndTime Program

1:15pm 1:45pm ReviewandcomparisonofpreviousETAPForumoutputsanddiscoveries•ETAPSanJose2015•ETAPTelAviv2015JaredBielbyJaredBielbyreceivedadoublemaster'sdegreefromtheUniversityofAlberta,Canada,ininformationscienceanddigitalhumanitieswithathesisrouteinthefieldofinformationethics.HeworksasanindependentconsultantininformationethicsandInternetgovernance.Hecurrentlyservesasco-chairfortheInternationalCenterforInformationEthicsandeditorfortheInternationalReviewofInformationEthics.HeismoderatorandcontentwriterfortheIEEECollabratecInternetTechnologyPolicyForumandisfounderandeditor-in-chiefofTheFreelanceNetizen.Hisresearchandwritinglooksattheinterdisciplinaryconnectionsbetweeninformationandcommunicationtechnologies(ICTs)andinformationethics,digitalcitizenship,andculture.Bielbyhaswrittenandspokeninternationallyonsubjectsofinformationethics,Internetgovernance,andglobalcitizenshipinadigitalera.

1:45pm 2:00pm SynthesizeandrefineselectionofhighestpriorityissuesClintAndrews

2:00pm 2:50pm BreakoutSessionDelvedeeperintohighestpriorityissues

2:50pm 3:00pm Break

3:00pm 3:30pm Report-outsfrombreakoutteamsVolunteerbreakoutleads

3:30pm 4:00pm Nextsteps,actionplanandwrapupClintAndrews


AppendixII:Participants

OlegLogvinov,Chair,IEEEInternetInitiative;Chair,IEEEP2413InternetofThings(IoT)ArchitectureWorkingGroup

ClintonAndrews,RutgersUniversity

EdAractingi,MarshallUniversity

RichardBennett,Consultant

JaredBielby,InternationalCenterforInformationEthics

MarkCather,UniversityofMarylandBaltimoreCounty

AlanChachich,U.S.DepartmentofTransportation

SrikanthChandrasekaran,IEEEIndia

MiwakoDoi,NationalInstituteofInformationandCommunicationsTechnology

GlennFink,PacificNorthwestNationalLaboratory

RobGingell,ResilientNetworkSystems

ChrisHrivnak

PeizhaoHu,RIT

FlorenceHudson,Internet2

SusanHyonParker,CarnegieMellonOpenLearning

ChrisJannuzzi,IEEE

WalterKawula,HahnLoeserParksLLP

CarmenKocinski,self

SemenKort,KasperskyLab

CarlLandwehr,TheGeorgeWashingtonUniversity

MargaretLoper

RandolphMarchany,VirginiaTech-VPIT/ITSO

RobertMartin,MITRE

SatyajayantMisra,NewMexicoStateUniversity

MartinMurillo,UniversityofNotreDame

JohnMurray,SRIInternational

EricNanceWoehler,Interprose

MichaelNelson,CloudFlare

NicoleNewmeyer,NationalSecurityAgency

EmilyNichols,Internet2


MaryLynneNielsen,IEEE

KarenO'Donoghue,InternetSociety

SaifurRahman,VirginiaTech

RaghuramanRajanarayanan,AchronixSemiconductor

J.ScotRansbottom,VirginiaTech

SumitraReddy,WestVirginiaUniversity

RamanaReddy,WestVirginiaUniversity

EkaterinaRudina,KasperskyLab

ThomasRuoff,U.S.DepartmentofHomelandSecurity

AnnaSlomovic,Consultant

BrianStengel,UniversityofPittsburgh

RobertStien,InterDigital

KristeneUnsworth,DrexelUniversity

SteveWallaces,IndianaUniversity

PamelaWeedon,Interprose

JamesWendorf,IEEE

WilliamWhyte,SecurityInnovation

StephenWolff,Internet2

TingZhu,UMBC

ViacheslavZolotnikov,KasperskyLab

JuanCarlosZuniga,InterDigitalLabs


AppendixIII:Rapid-FireBrainstormingParticipantsattheWashingtonIEEEETAPForumlistedtheirindividualprioritiesinarapid-firebrainstormingsession:

• Standardstoallowfortrustacrossproprietysystems

• Effectonprivacyandcivilrightsthroughalgorithms

• OuroverlappingpersonausingthesameIoTtool

• Buildingafoundationthatisflexibleandscalable

• Howtoteachstudentswhentheyarebuildingsystems

• Articulatingthepoliciesthatwillgovernthis

• RecognizinghumanautonomyinanIoTworld

• Authenticityofglobalstandardsorganizations

• HowtocommunicateIoTprioritiesforsecurityandprivacytodevelopersandindustrysothatcanbesharedwithclientsandcustomers

• Identitymanagementanditsrelationtosecurityandpolicyfromahumanperspective(neurologicalandinteractionwithsystems)

• Privacy-relatedpolicygapsthatcanbeclosedquickly:whatarethey?

• HowdoweprovidetechnicalneedsforaccountabilityinIoTdataflows?

• Howdoweeducatethepublicaboutthis,andwhatistheroleofengineersinthis?

• Educationandneedforpreparingfutureprofessionalsaboutprivacyandsecurity

• Aframeworkforinstillingethicsdevelopmentforcurrentandfuturegenerations

• Howdoweensureedgedevicesaretrustworthyandsecure?

• Howtoensureend-to-endsecurityfromdesigntofabricationacrossthesupplychainfor

devices?

• Howtoaddressthefinancial/costconcernstocreatetrustandsecurityinproducts?

• Needforinternationalcollaborationoncybervulnerabilitiesversustheimpactonprivacyconcernsandnationalconsiderations(e.g.,Fossenaragreement)


• KeepTIPPSSinmind

• Analyticsbeingusedasaprivacyveilandalsoasatoolthatbreakstheprivacyveil

• Datalocalizationyetmovingdataacrossnationalborders:whichlegislationapplies?

• Howdowehandleahackthatalsoexposesacrime?

• Needguidelinesandstandardsonprivacybydesign

• HowdowebuildwaystoaddressthequestionsonIoTandprivacy/securityandcreateusableoutcomes?

• Internationaleconomyofdata:whendatabecomesthecurrencyofcorporationsandnations,howdoweconnectthesourcesofdatatothiseconomysotheymaybenefitfromit?

• Howdowefacilitatethedevelopmentofprivacy-preservingpoliciesforIoT?

• Allowingforinnovationthathasyettohappeninwhatwecreatethroughtoday’spolicies

• Techdriveslegalandpolicy,andtheneedtomaketechnologistsawareofthat

• Aforward-lookingroadmaprelatedtoUSConstitution’s4thamendmentsearchandseizureinanIoTworld

• Thefutureishereandwestilldon’tknowwhattodowithit:adjustingthegreattechnicalsolutionstothepracticalandevolvingneedsofthemarketandtheattendantpolicyneedsforsecuresolutions

• Needdescriptionsofpropertiesofdifferentdomainareastoseewherethesimilaritiesanddifferencesare

• Legacysystemsthatcan’texpandtoencompassIoTneeds,particularlycriticalsystems

• Howregionalpoliciesaffectglobaltrade

• HowdowebringdifferentpolicymakersindifferentregionstogethertodiscussIoTissues?

• Educationonethicsneedstohappeninthepublicschools(pre-college)toinculcatecertainprinciples

• IoTissuesrelatetoexistingproblemsinsensornetworks:whatcanbeexaminedthereandrepositioned?

• DatalocalizationisimportantforIoTandthefutureInternet

• Avoidunconscioustechnologicallock-inthroughdominantplayersand/orexistingcaselaw


AppendixIV:Top10IssuesTheissuesvoicedduringtherapid-firebrainstormingsessionattheWashingtonIEEEETAPForumwereclusteredinto10topicsforconsiderationoftargetedbreakoutsessions:

• Education• Datalocalization• Identitymanagement• Technologypolicydevelopmentprocess• Autonomy• Accountability• Tradeoffadjudication• Solutionsroadmapcreation• Ethics• End-to-endsecurity/privacybydesign


AppendixV:CombinedIssuesList,Washington/TelAviv/SanJoseIEEEETAPForums

Washington

• Datalocalization• Educationandethics• End-to-endsecurity/privacybydesign• Technology-policydevelopmentprocess

TelAviv

• Userassessmentoftrustworthinessofdevices,enterprises,andgovernments• Educatingusersaboutcharacteristicsofinformationsociety• Machine-readableprivacyagreementsandwhoenforcesthem?

SanJose

• Threatsandopportunitiesindataanalytics• Multi-stakeholderInternetgovernance• ProtectingInternettraffic,managingmeta-dataanalysis,andhowtoimplementboth

securityandprivacyatscale• FragmentationoftheInternetduetolocalpoliciesandhowtoavoidit• Algorithmicdecisionmakingthatexacerbatesexistingpowerbalancesandethicalconcerns• HowtobestengageIEEEasaplatformforcontributingtotheresolutionoftheseand

relatedissues

report: ieee experts in technology and policy (etap)

Documents