On the internet, no-one knows you’re a fridge

Remember all those years ago (about 20 in fact) when there was that cartoon in the New Yorker “no one knows you’re a dog“? I got so sick of seeing that cartoon lazily reproduced by anyone who wanted to make a point about identity in the virtual world and the relationship between virtual and mundane identities, which to my mind remains poorly understood (even by me) and in desperate need of exploration. Well, on Twitter a couple of days ago I laughed out loud when someone posted the updated version: on the Internet, no one knows you’re a fridge. Maybe I’ll steal it to use for my talk at the University of Surrey Centre for the Digital Economy “ID for the Internet things” workshop this afternoon. You’ll remember that ID for the Internet of Things (with the hashtag #IDIoT) was one of Consult Hyperion’s “live five” transaction technology trends for 2015. At the start of the year, when we were talking to clients about what to keep an eye on this year, we said that the thingternet (as I prefer to call it) lacked security infrastructure and that this would be a natural focus for activity. As it turned out, this was correct.

ARM’s acquisition of Dutch company Offspark shows how chip vendors intend to integrate more security features in their software and hardware to help keep the Internet of Things safe. There are a few things vendors have to get right for IoT to take off on a larger scale, and security is one of them.

[From ARM acqusition highlights quest to embed IoT security | PCWorld]

Of course, ARM wasn’t the only chip company looking to evolve IoT security. While they announced they would add their trusted execution environment “Trustzone” to their newest designs, others were doing the same, which is of course good news for those of us concerned about security on the thingternet. 

Intel is going down the same route with features such as Enhanced Privacy ID, which Intel made available for other chip makers to implement in December.

[From ARM acqusition highlights quest to embed IoT security | PCWorld]

You can have security without privacy, as they say, but you can’t have privacy without security. Anyway, the fridge thing caught my eye because I happened to be reading the Economist Intelligence Unit’s recent report on “The Economics of Digital Identity“, in which Stephen Bonner, former head of Information Risk Management of Barclays, makes the important observation that while most of the focus today is on individuals and their personal data, increasingly digital identity will need to be closely tied to the use and ownership of smart products. Since I’d read Jerry Kaplan’s “Humans Need Not Apply” on my last plane ride, I’d been thinking about the issue of personhood (including the ability to own assets) for synthetic intelligence, I’d been thinking about issues around reputation management (and management of reputation in the context of punishing synthetic intellects). And then I saw a tweet from my former colleague and ethical thinker, Vic:

So. Should what Jerry Kaplan calls “forged labourers” need digital identities through legal personhood, or are they the property (in some way I can’t think through, because I’m not a lawyer) of governments, companies, individuals with an identity that is derived from their owner? I rather think that they will have to have some kind of digital identity and my reasoning is that interactions in the virtual world are interactions between virtual identities and in my specific worldview, virtual identities need underlying digital identities. Whether the underlying digital identities of robots need to be bound to real-world legal entities, as in the case of digital identities as we understand them today, is a different issue so let’s put it to one side for the time being. Let’s for a moment focus on security.

When my fridge negotiates with Waitrose to buy some more milk, what is really happening is that the virtual identity of my fridge is interacting with the virtual identity of Waitrose. That seems perfectly reasonable to me, and working out ways for the these virtual identities to transact is going to be part of the business strategy for a fair few of our clients over the next couple of years. The virtual identity of the fridge may have a number of attributes associated with its identifier, such as a credit limit for a delivery address or whatever, but the one attribute that it will not have is “IS_A_PERSON”. As I have claimed many times before, this might well turn out to be the most valuable attribute of all. More on this soon.

#IDIoT is a serious business

The Gartner hype cycle is jolly bullish on autonomous vehicles, which I’m really looking forward to. According to Jerry Kaplan’s fascinating “Humans need not apply”, switching to autonomous vehicles in the US will save thousands of lives and billions of dollars every year. Personally, I couldn’t care less if I never drive a car for myself ever again, and I hope that Woking will become an autonomous vehicle only zone as soon as possible. Sadly, this won’t be for a while.

While autonomous vehicles are still embryonic, this movement still represents a significant advancement, with all major automotive companies putting autonomous vehicles on their near-term roadmaps.

[From Gartner’s 2015 Hype Cycle for Emerging Technologies Identifies the Computing Innovations That Organizations Should Monitor]

Gartner are even more bullish on what they call autonomous field vehicles (which I think means drones, combine harvesters and such like) and predict that these will be around in 2-5 years time, just like enterprise 3D printing and cryptocurrency exchanges. I couldn’t help but notice, though, that their very same hype cycle puts digital security at least 5-10 years out. So they are forecasting that there will be vehicles running around for some years before we are able to secure them, 3D printers inside organisations printing things for years before we are able to protect them and people trading money years before we can stop hackers from looting them. Actually, I agree with Gartner’s prediction, as it’s entirely congruent with my own #IDIoT line of thinking, which is that our developments in connection technologies are accelerating past our developments in disconnection technologies. And if you don’t care what I think about it, you probably do care what Vint Cerf thinks about it.

“Sometimes I’m terrified by it,” he said in a news briefing Monday at the Heidelberg Laureate Forum in Germany. “It’s a combination of appliances and software, and I’m always nervous about software — software has bugs.”

[From Vint Cerf: ‘Sometimes I’m terrified’ by the IoT | ITworld]

We’re busy going round connecting vehicles, equipment and money to the internet with having any sort of strategy in place for disconnecting them, which is much more difficult (doors are easy, locks are hard, basically). And with chips that we don’t even understand being built into everyday devices, the complexity of managing security is escalating daily. Look at the recently-launched “21” idea.

Its core business plan it turns out will be embedding ASIC bitcoin mining chips into everyday devices like USB battery chargers, routers, printers, gaming consoles, set-top boxes and — the piece de resistance — chipsets to be used by internet of things devices.

[From Meet the company that wants to put a bitcoin miner in your toaster | FT Alphaville]

Really? Chips in everything? What could possibly go wrong? Oh wait, it already has. There’s something missing here: an identity layer. Hardly a new idea and I’m not the only person going on about it.

Everyone and everything will have an identity… We can’t scale a world that we can’t talk to, can’t control and can’t secure. Everything, including your toaster, you fridge and your car, will have an identity.

[From Facing the new Big Bang: The IoT’s identity onslaught — Tech News and Analysis]

Yet nothing much is getting done, despite that fact that we already have plenty of case studies as to how bad the situation is already. Never mind smart fridges that give away your personal details or televisions that spy on you there are issues about the maintenance and upkeep of things in the field that create an identity management environment utterly different to anything are used to dealing with in the worlds of OIX, Mobile Connect, SAML and so on. 

Did you buy a smart TV or set-top box or tablet any time before January 2013? Do you watch YouTube on it, perhaps through an app? Bad news: Google has shut down the feed that pushed content into the app.

[From You buy the TV, Google ‘upgrades’ its software and then YouTube doesn’t work … | Technology | The Guardian]

It’s issues like this that make me want to focus on identity in the internet of things (or #IDIoT, as I call it) in the near term, so I was really flattered to be asked along by the good people at ForgeRock to talk about this at their London Identity Summit tomorrow. Really looking forward to exploring some of these ideas and getting feedback from people who know what they’re talking about. What’s more, Consult Hyperion and the Surrey Centre for the Digital Economy (CoDE) will be delivering a highly interactive workshop session designed specifically for the University of Surrey’s 5G Innovation Centre SME Technology Pioneer Members on 30th November 2015. This will include “business lab sessions” interleaved with presentations and discussion. We’ll be putting forward the #IDIoT structure to explore identity, privacy and security issues using our ‘3 Rs’ of Recognition, Relationship and Reputation. The event will be an opportunity to establish contacts with companies interested in the IoT space, as well as connecting with the broader University community and a select group of large enterprises so I’m really looking forward to it and, as you might imagine, you’ll read all about it here!

The bastard child of the blockchain and the internet of things: the identiverse

Dgwb blog white border

The relationship between the blockchain and the internet of things may turn out to be especially rich because the blockchain means that the virtual world can be constrained to be like the physical world.

Flatwood, ironware and cheap tin trays (and definitely not ivory and apes and peacocks)

Dgwb blog white border

Identity fraud isn’t only about people. It’s also about things. And there are some pretty big things out there (e.g., oil tankers) that are lying about their identity.


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.