Cybertelecom Federal Internet Law & Policy An Educational Project

Internet of Things / Everything

• Definition
• Elements of IoT
  • Devices
  • Communications Infrastructure
  • Data
• Issues
  • Privacy
  • Security
  • Standards
• Government Activity

Definition

The Internet of Things is the Internet. 

The consternation in defining IoT is premised on a false assumption that IoT is something new and distinct.  It is this new…. thing…. that somehow involves Fitbits and tractors that know how to plow fields and toys that spy on us.  IoT constitutes an evolution of the Internet, just like the Internet has evolved for the last four decades.  IoT is the Internet, only we have evolved from general purpose computers that require users interfacing with them, to specialized computers that have limited user interfaces that are embedded, ubiquitous, and prolific.  Otherwise, everything is the same.

Consider the home.  Twenty years ago there may have been a dial-up connection with a desktop computer shared among multiple users.  Now there is a broadband always-on connection shared among many specialized devices that require little human interaction in order to monitor, measure, and automatically process. 

Understanding IoT as an evolution, not a difference, helps to understand the policy implications of IoT.  We do not need a new IoT policy; we need to understand how IoT constitutes an evolution in current policy precedent.

NSTAC Report to the President on the Internet of Things,” at 1 (Nov. 19, 2014) ("The IoT is the latest development in the decades-old revolution in communications, networking, processing power, miniaturization, and application innovation and has radically altered communications, networks, and sensors. . . Just as modern communications have fundamentally altered national security and emergency preparedness (NS/EP), the IoT has had a similar transformative impact.") 

For example, if IoT is the Internet, then IoT communications are Internet communications.  The considerations of spectrum and business data services are the same for IoT communications as Internet communications.  The difference is the evolution in terms of scale, ubiquity, and embeddedness.  The household went from one devices to 50 devices all trying use congested unlicensed spectrum.  The outside went to a place without Internet access to devices in our pockets, in our cars, and on our tractors. 

With ubiquitious embedding of microcomputers, CISCO's suggestion is that it should be called the Internet of Everything. Cisco, Internet of Everything (IoE): Value at Stake in the IoE Economy, at 8 (2013)

Definitions from Literature

• "The term “Internet of Things” (IoT) denotes a trend where a large number of embedded devices employ communication services offered by the Internet protocols. Many of these devices, often called “smart objects,’’ are not directly operated by humans, but exist as components in buildings or vehicles, or are spread out in the environment." RFC 7452, “Architectural Considerations in Smart Object Networking” (March 2015)
• IEEE Communications Magazine: "The Internet of Things (IoT) is a framework in which all things have a representation and a presence in the Internet. More specifically, the Internet of Things aims at offering new applications and services bridging the physical and virtual worlds, in which Machine-to-Machine (M2M) communications represents the baseline communication that enables the interactions between Things and applications in the cloud."
  • IEEE IoT Initiative: Towards a definition of the Internet of Things (IoT), SEE Chapter 5 for IEEE IoT definition.
• OASIS: “System where the Internet is connected to the physical world via ubiquitous sensors.” OASIS describes the ubiquity of sensors as existing in “every mobile, every auto, every door, every room, every part, on every parts list, every sensor in every device in every bed, chair or bracelet in every home, office, building or hospital room in every city and village on Earth.”
• W3C: “The Web of Things includes sensors and actuators, physical objects and locations, and even people. The Web of Things is essentially about the role of Web technologies to facilitate the development of applications and services for things and their virtual representation. Some relevant Web technologies include HTTP for accessing RESTful services, and for naming objects as a basis for linked data and rich descriptions, and JavaScript APIs for virtual objects acting as proxies for real-world objects.”
• ISOC 5 2015 ("The term Internet of Things generally refers to scenarios where network connectivity and computing capability extends to objects, sensors and everyday items not normally considered computers, allowing these devices to generate, exchange and consume data with minimal human intervention. ")]
• European Research Cluster on IoT (IERC): “A dynamic global network infrastructure with selfconfiguring capabilities based on standard and interoperable communication protocols where physical and virtual “things” have identities, physical attributes, and virtual personalities and use intelligent interfaces, and are seamlessly integrated into the information network.”
• “Although there is no single definition for the Internet of Things, competing visions agree that it relates to the integration of the physical world with the virtual world – with any object having the potential to be connected to the Internet via short-range wireless technologies, such as radio frequency identification (RFID), near field communication (NFC), or wireless sensor networks (WSNs). This merging of the physical and virtual worlds is intended to increase instrumentation, tracking, and measurement of both natural and social processes.” “Algorithmic Discrimination: Big Data Analytics and the Future of the Internet”, Jenifer Winter. In: The Future Internet: Alternative Visions. Jenifer Winter and Ryota Ono, eds. Springer, December 2015. p. 127.
• “Industrial Internet of Things (IOT) is a distributed network of smart sensors that enables precise control and monitoring of complex processes over arbitrary distances.” “Ensuring trust and security in the industrial IoT”, Bernardo A. Huberman. Ubiquity: An ACM Publication, January 2016, p. 1.
• “The concept of Internet of Things (IOT) … is that every object in the Internet infrastructure is interconnected into a global dynamic expanding network.” “An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment”, Mohammad Sabzinejad Farasha, et.al. Ad Hoc Networks 36(1), January 2016. p. Abstract
• “In what’s called the Internet of Things, sensors and actuators embedded in physical objects—from roadways to pacemakers—are linked through wired and wireless networks, often using the same Internet Protocol (IP) that connects the Internet.” “The Internet of things”, M. Chui, M. Löffler, and R. Roberts. McKinsey Quarterly, Sept. 23, 2015. As cited in: “Control Systems and the Internet of Things”, Tariq Samad. IEEE Control Systems Magazine, 36(1), February 2016. p. 14.
• “The main idea behind the IoT is to bridge the gap between the physical world of humans and the virtual world of electronics via smart objects. These smart objects allow the interactions between humans and their environment by providing, processing, and delivering any sort of information or command. Sensors and actuators will be integrated in buildings, vehicles, and common environments and can tell us about them, their state, or their surroundings.” “Using an Epidemiological Approach to Maximize Data Survival in the Internet of Things”, Abdallah Makhoul, et.al. ACM Transactions on Internet Technology, 16(1), February 2016. p. 5.
• “We must first define what we mean by ‘things.’ It could be very simple objects or complex objects. Things do not need to be connected directly to the public Internet, but they must be connectable via a network (which could be a LAN, PAN, body area network, etc.). The IoT is the network of physical objects that contain embedded technology to communicate and interact with the external environment. The IoT encompasses hardware (the ‘things’ themselves), embedded software (software running on, and enabling, the connected capabilities of the things), connectivity/communications services, and information services associated with the things (including services based on analysis of usage patterns and sensor or actuator data). An IoT solution is a product (or set of products) combined with a service either a one-to-one or a one-to-many relation. Meaning one service is combined with one (set of) product(s), or one service is combined with multiple (sets of) products.” “Internet of Things in Energy Efficiency”, Francois Jammes. Ubiquity: An ACM Publication, February 2016, p. 2
• “At the very high level of abstraction, the Internet of Things (IoT) can be modeled as the hyper-scale, hyper-complex cyber-physical system.” “On resilience of IoT systems: the internet of things”. Kemal A. Delic. Ubiquity: An ACM Publication, February 2016, pp. 1.
• “The Internet of Things (IoT) paradigm is based on intelligent and selfconfiguring nodes (things) interconnected in a dynamic and global network infrastructure.” “Integration of Cloud Computing and Internet of Things: A Survey”, Alessio Botta, et.al. Future Generation Computer Systems, Vol. 56, March 2016, p. 2.
• “The Internet of Things (IoT)…connecting everyday objects to the Internet and facilitating machine-to-human and machine-to-machine communication with the physical world.” “When things matter: A survey on data-centric internet of things”, Yongrui Qin, et.al. Journal of Network and Computer Applications, Vol. 64, April 2016. p. Abstract
• 3.2.2 Internet of things (IoT): A global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies.
  • Note 1—Through the exploitation of identification, data capture, processing and communication capabilities, the IoT makes full use of things to o er services to all kinds of applications, whilst ensuring that security and privacy requirements are fulfilled.
  • Note 2—From a broader perspective, the IoT can be perceived as a vision with technological and societal implications.
  • “Overview of the Internet of Things.” ITU, June 15, 2012.
• USG
  • IOT " is used to describe networks of objects that are not themselves computers but that have embedded components that connect to the Internet." CRS 2015 at 1.
  • "This green paper will continue to use the term Internet of Things as an umbrella term to reference the technological development in which a greatly increasing number of devices are connected to one another and/or to the Internet." NTIA Green Paper 2016 at 7.
  • NSTAC Report to the President on the Internet of Things,” November 19, 2014 ("The IoT is a decentralized network of objects, applications, and services that can sense, log, interpret, communicate, process, and act on a variety of information or control devices in the physical world. However, the IoT differs from previous technological advances because it has surpassed the confines of computer networks and is connecting directly to the physical world. ")
  • GAO 2016 at 79 ("The definition of the Internet of Things (IoT) varies but generally can be defined as the universe of objects that can gather or transmit data, across networks such as the Internet. FN The Internet consists of a network of computers that typically exchange data, such as text and pictures found on websites. According to experts, whether computers and smartphones are considered part of the IoT depends on factors such as whether these are used in isolation for word processing or taking pictures (not considered part of the IoT) or used to gather and transmit data, e.g., used to collect satellite data to control a smart vehicle (considered part of the IoT).")
  • Strategic Principles for Securing the Internet of Things, DHS n. 1 Nov. 2016 ("the term IoT refers to the connection of systems and devices with primarily physical purposes (e.g. sensing, heating/cooling, lighting, motor actuation, transportation) to information networks (including the Internet) via interoperable protocols, often built into embedded systems")
• Internet of Everything
  • Cisco, “The Internet of Everything,” 2013 .
  • Dorothy Shamonsky, “Internet of Things vs. Internet of Everything: Does the Distinction Matter to User Experience Designers?,” ICS Insight Blog, July 13, 2015, http://www.ics.com/blog/internet-things-vs-internet-everything-doesdistinction-matter-user-experience-designers
• Origins
  • "The term “Internet of Things” (IoT) was first used in 1999 by British technology pioneer Kevin Ashton to describe a system in which objects in the physical world could be connected to the Internet by sensors.12 Ashton coined the term to illustrate the power of connecting Radio-Frequency Identification (RFID) tags13 used in corporate supply chains to the Internet in order to count and track goods without the need for human intervention. " [ISOC 12 2015]
  • Kevin Ashton, “That ‘Internet of Things’ Thing, in the real world things matter more than ideas,” RFID Journal, June 22, 2009 ("I could be wrong, but I'm fairly sure the phrase "Internet of Things" started life as the title of a presentation I made at Procter & Gamble (P&G) in 1999.").

Elements to Internet of Things [NIST 800-183 p. 2] [5G Americas Comments to NTIA 2016 at 7] [AT&T Comments to NTIA 2016 at 10]

• Devices
• Communications Infrastructure
• Application Service / External Utility
  • algorithms for automated decision-making
• Data

Mobile Ecosystem. Source: DHS Mobile Security Report 2017 at 9 (believed public domain)

Devices / Applications / Sensors Examples

• Characteristics (generally, but not required)
  • Computer characteristics
    • Special purpose computers
      • Distinguish between general purpose computers with user interfaces that require user interaction in order to process - from special purpose computers that have limited user interfaces, engage in automated process, are ubiquitious, embedded, and prolific.
      • Compare smartphones which are general purpose computers but in other respects meet the criteria of an IoT devices
    • Limited user interface
      • Interface limited by scope of special purpose
      • 2015 FTC Internet of Things Report at 5 (stating that “the ‘things’ in IoT generally do not include desktop or laptop computers and their close analogs, such as smartphones and tablets, although these devices are often employed to control or communicate with other ‘things.’”) (note that limited user interface in order to provide FIPPS compliant notice was a primary concern of FTC - those devices that could provide such an interface, such as a smartphone, were defined out of FTC's definition - with no explanation - and FTC proceeded to use smartphones in a number of its IoT examples through out its report.
    • Function
      • Collect Data Aware Technologies ("capable of sensing their environment... aware technologies do not require explicit user interaction to obtain such data.") Data collection: monitoring, measuring L Jean Camp et al Comments to NTIA 2016 at 2
      • Automated processing / decision making / Actuating
        • Active Technologies ("can respond to events... Active technologies do not require specific decisions on the part of user to act.") L Jean Camp et al Comments to NTIA 2016 at 2
        • examples: thermostat that adjusts temperature; car which automatically brakes; fire supression systems
      • Adaptive technologies ("can change with the individual, learning new patterns to generate reminders and alerts and thereby reducing the number of false positivies.") L Jean Camp et al Comments to NTIA 2016 at 2
    • Networked
      • Eric Wenger, The First Law of IoT: Things that Can Be Connected, Will Be Connected, Cisco Blog (Feb. 25, 2016)
      • Jeffery Vos, Network of Things, NIST SP 800-183 (July 2016)
      • Can be always connected
    • Can be always on
      • Active mode
      • Sleep mode
    • Interfaces may include
      • Keyboard / touch screen
      • Wireless
      • SIM Card
      • SD Card
      • Biometrics
      • Power Cable
      • Sensors / camera
  • Physical characteristics
    • Miniturized
    • Embedded
      • NSTAC Report to the President on the Internet of Things,” November 19, 2014 ("the IoT differs from previous technological advances because it has surpassed the confines of computer networks and is connecting directly to the physical world."). NSTAC's perspective as concern over security risks presented by IoT and therefore focused on IoT being embedded in well everything.
      • IOT " is used to describe networks of objects that are not themselves computers but that have embedded components that connect to the Internet." CRS 2015 at 1.
    • Ubiquitous / prolific (scale)
• Device Ecosystem
  • Hardware vendor (includes camera, microphone, GPS, other sensors)
  • Firmware
  • Operating System
    • Apple, Android, Linux
  • DHS Strategic Principles at 6 (" Many IoT devices use Linux operating systems, but may not use the most up-to-date operating system. ")
  • Application Sofeware vendor (software may be aquired by hardware vendor from third party including open source)
  • Device embeddor (for example, vehicle manufacturer that embeds device in cars)
  • Application Service Provider who may authorize / authenticate device (for example, fitness websites that interface with specific fitness devices but not others)
    • Note that the application software on the device may be provided by one vendor and the online service provider may be another vendor. For example, Garmin sells fitness GPS devices. These devices can interface with online athlete performance services such as STRAVA in order to track and analyze performance.
• Statistics
  • CISCO Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2016-2021 (Feb. 7, 2017)
    • Mobile Devices: 2016 | 2021; Smartphones 38% | 43%; M2M 10% | 29%; Tablets: 2% | 3%; Phablets 7% | 10%; Nonsmartphones 41% | 13%; PCs 2% | 2%.
      • Basically all of these devices could be considered IoT devices
    • M2M connections: 2016: 0.8B; 2017: 1.1B; 2018: 1.5B; 2019: 2.0B; 2020: 2.6B; 2021: 3.3Bp 16
    • Wearables: 2016: 325M (3.3% embedded cellular connectivity); 2017: 453M; 2018: 593M; 2019: 722M; 2020: 835M; 2021: 929M (7.4% embedded cellular connectivity) (" Wearable devices, as the name suggests, are devices that can be worn on a person and have the capability to connect and communicate to the network either directly through embedded cellular connectivity or through another device (primarily a smartphone) using Wi-Fi, Bluetooth, or another technology. ")
  • Machine to Machine (M2M) Market Global Forecast & Analysis, Markets and Markets,
    
  • Ericsson Mobility Report on the Pulse of the Networked Society (June 2016) p. 10 2015 | 2021 Cellular IoT: 0.4B | 1.5B; Non cellular IoT: 4.2 | 14.2; PC/Tablet/Laptop: 1.7 | 1.8; Mobile Phones 7.1 | 8.6; Fixed Phones 1.3 | 1.4
    • IoT devices (excluding mobile phones) dominates the network. Of IoT devices, most are non cellular (meaning unlicensed or USB network connectivity)
  • IoT platforms: enabling the Internet of Things, March 2016 IHS
  • Sheetal Kumbhar, Smart Home Automation & Monitoring Devices to Exceed 770m by 2021, IoTNOW (Feb. 21, 2017) ("A new report from Juniper Research forecasted that smart home automation and monitoring devices will grow to over 770 million globally by 2021, representing an eleven-fold rise from just 68 million estimated in 2016.")
  • “IoT platforms: Enabling the Internet of Things,” IHS TECHNOLOGY, at 5 (Mar. 2016) (IoT Installed Base in billions - 2015: 15.41; 2016: 17.68; 2017: 20.35; 2018: 23.14; 2019: 26.66; 2020: 30.73; 2021: 35.82; 2022: 42.62; 2023: 51.11; 2024: 62.12; 2025: 75.44)
  • Juniper Research, "'Internet of Things' Connected Devices to Almost Triple to over 38 Billion Units by 2020," press release, July 28, 2015.
  • Pew Research Internet Project, “Device Ownership over Time,” January 2014
  • Gartner, Inc., “Gartner Says 4.9 Billion Connected ‘Things’ Will Be in Use in 2015” (press release, November 11, 2014)
  • Leon Spencer, “Internet of Things Market to Hit $7.1 Trillion by 2020: IDC,” June 5, 2014.
  • Deloitte, The Internet of Things Ecosystem: Unlocking the Business Value of Connected Devices (2014)
• Wearables
  • Health, fitness
    • Fitbit, In-Depth Analysis of Your Sleep,
    • Leena Rao, Sexual Activity Tracked By Fitbit Shows Up In Google Search Results, TechCrunch (July 3, 2011)
    • PRIVACY RIGHTS CLEARINGHOUSE, MOBILE HEALTH AND FITNESS APPLICATIONS AND INFORMATION PRIVACY (July 2013)
  • exercise tracking, Wearable Fitness
  • Insulin pumps, blood pressure, Heart Monitor
  • Smartphones
    • "While fixed and mobile computing devices such as desktop computers, smartphones, and tablets are generally not considered to be IoT objects, smartphones in particular have features such as motion and position sensors that blur the distinctions.3 Some smartphone applications, for example, enable them to be used in fitness tracking and other health monitoring." CRS 2015 at 1
    • GAO Report 2016 at 79 n. 1 & n. 2 ("According to experts, whether computers and smartphones are considered part of the IoT depends on factors such as whether these are used in isolation for word processing or taking pictures (not considered part of the IoT) or used to gather and transmit data, e.g., used to collect satellite data to control a smart vehicle (considered part of the IoT)." "Theoretically, any object can be integrated into the IoT with inexpensive electronic components, such as sensors, and network access. Several do-it-yourself guides detail how to convert common items into IoT-capable objects.")
    • 2015 FTC Internet of Things Report at 5 (stating that “the ‘things’ in IoT generally do not include desktop or laptop computers and their close analogs, such as smartphones and tablets, although these devices are often employed to control or communicate with other ‘things.’”) (note that limited user interface in order to provide FIPPS compliant notice was a primary concern of FTC - those devices that could provide such an interface, such as a smartphone, were defined out of FTC's definition - with no explanation - and FTC proceeded to use smartphones in a number of its IoT examples through out its report.
    • Y. Michaevsky and D. Bone. Gyrophone: Recognizing Speech from Gyroscope Signals. 23rd USENIX Security Symposium. August 20-22, 2014.
  • Smartwatches
  • Smartglasses
  • Smartclothing
  • VR Headsets
• Vehicles
  • Automobiles (cars, trucks)
    • Communicating with govt
      • Emergency / Accident Communications
      • Traffic management
        • Pu Wang, et al. “Understanding Road Usage Patterns in Urban Areas,” Nature Scientific Reports 2, Article No: 1001 (2012)
      • Toll Roads
      • Parking meters (LPWA)
      • License plate readers
    • Communicating with individuals
      • Car theft / location
      • Car sharing (Uber, Lyft, Car2Go, Zipcar)
      • Smart parking (monitoring where available parking is)
      • Fleet management
        • Public transportation status information
    • Communicate with other vehicles and infrastructure V2V / V2I
      • Self Driving autonomous vehicles
      • lane sensors; vehicle sensors
      • Navigation GPS
      • Infrastructure conditions
      • Dept of Transportation Proceedings
    • McKinsey & Company, What’s Driving the Connected Car (Sept. 2014)
    • Press Release, Gartner, Gartner Says By 2020, a Quarter Billion Connected Vehicles Will Enable New In-Vehicle Services and Automated Driving Capabilities (Jan. 26, 2015)
    • Andy Greenberg, Hackers Remotely Kill a Jeep on the Highway—With Me in It, Wired (Jul. 21, 2015)
    • Andy Greenberg, “Hackers Cut a Corvette’s Brakes Via A Common Car Gadget,” WIRED (August 11, 2015)
  • Drones
    • Surveillance
    • Disaster and emergency response
    • Delivery
    • CRS Report R44192, Unmanned Aircraft Systems (UAS): Commercial Outlook for a New Industry, by Bill Canis.
• Smart Homes / Appliances
  • Home appliances and devices such as thermostats or sound systems
    • Amazon Echo
    • This is the dishwasher with an unsecured web server we deserve, ZDNET March 26, 2017 ("Over the weekend, CVE-2017-7240 appeared from Jens Regel of Schneider & Wulf, who said he found a directory traversal vulnerability on a Miele Professional PG 8528 appliance. "The corresponding embeded webserver 'PST10 WebServer' typically listens to port 80 and is prone to a directory traversal attack, therefore an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks," Regel said.")
    • Justin Yu, This Quirky smart coffee maker refills its own beans from Amazon’s Dash Replenishment Service, CNet (Apr. 1, 2015) (data: how much coffee you drink)
    • Nest, Learn how Auto-Away works on the Nest Thermostat.(thermostat that knows your patterns for when you are home or away)
    • LG Press Release, LG Internet Refrigerator is at The Heart of The Digital Home Network (Jan. 14, 2002) (Archive) ("LG Electronics continues to introduce its line of Internet appliances including the Web-enabled refrigerator, microwave oven and washer, after a successful debut at the Kitchen/Bath Industry Show in April 2001. \"These products bring to reality LG\'s vision of a new class of \'smart\' appliances that have the ability to communicate with each other through LG\'s Living Network System. The Living Network System utilizes the Internet refrigerator as the \"residential gateway\" to the home -- allowing appliances to interact via a digital home network,\" said Simon Kang, President, LG Electronics, U.S.A., Inc. \"As we refine this technology, we envision everything in the house to be tied together through the refrigerator since it\'s the only appliance on 24 hours a day.\" ")
  • Home alarm systems and monitors (cameras)
    • Baby monitors
      • Dan Goodin, 9 Baby Monitors wide open to hacks that expose users' most private moments, ars technica (9/2/15)
    • Cameras
      • Press Release, Marketer of Internet-Connected Home Security Video Cameras Settles FTC Charges It Failed to Protect Consumers’ Privacy, Federal Trade Commission (Sept. 4, 2013).
  • lighting, ovens, refrigerators, fire and flood monitors
  • Entertainment: Televisions, sound systems, gaming systems, photo displays
    • Hannah Kuchler, The Internet of Things: Home is Where the hackers are, Financial Times (March 10, 2017) ("Confidential documents published by WikiLeaks this week purport to show that the Central Intelligence Agency created its own 21st century telescreen by hacking into smart TVs.")
    • Dan Graziano, How to Make Sure Your Vizio Smart TV isn’t Spying on You, CNET Feb. 7, 2017
    • Associated Press, Will the Internet listen to your private conversations? (July 29, 2015)
    • John Ribeiro, Smart TV eavesdropping furor prompts Senator to quiz Samsung, LG on privacy, PC World (Feb. 12, 2015)
    • Samsung, Samsung Smart TVs Do Not Monitor Living Room Conversations (Feb. 10, 2015)
    • Erica Fink & Laurie Segall, Your TV might be watching you, CNN MONEY (Aug. 1, 2013)
  • Toys
    • Senator Seeks Answers From Toy Maker Following 'CloudPets' Teddy Bear Breach, Senate Commerce Committee, March 7, 2017
    • An IoT Teddy Bear Leaked Missions of Parents and Child Voice Recordings, Wired March 5, 2017
    • Joson Thomas, How Barbie Brought Attention to Securing the Internet of Things, Big Think
    • Samuel Gibbs, Hackers can hijack WiFi Hello Barbie to spy on your kids, The Guardian Nov. 26, 2015
• Health
  • Kim Zetter, It’s Insanely Easy to Hack Hospital Equipment, Wired (Apr. 25, 2014)
  • Dimitrov, D. V. (2016). Medical Internet of Things and Big Data in Healthcare. Healthcare Informatics Research, 22(3), 156–163. http://doi.org/10.4258/hir.2016.22.3.156;
  • G Schreier, The Internet of Things for Personalized Heath, Studies in Health Technology and Informatics, p. 22-31, Volume 200, pHealth 2014.
  • RFC Draft NIST SP 1800-8, Securing Wireless Infusion Pumps in Healthcare Delivery Organizations 5/16/17
• Smart Grid
  • Smart Meters
  • Kim Zetter, Maker Of Smart-Grid Control Software Hacked, Wired (Sep. 26, 2012)
  • Janice Tsai , California Council on Science and Technololgy , Privacy and the Smart Grid: A Policymaking Case Study , TPRC 2010
  • CRS Report R42338, Smart Meter Data: Privacy and Cybersecurity, by Brandon J. Murrill, Edward C. Liu, and Richard M. Thompson II
• Smart Cities
  • Facilities managment (monitoring facility usage, lighting, temperature)
  • The Future of IoT in Cities, Responsive Communities, Harvard Law School, Berkman Klein Center (April 10, 2017)
  • AT&T Launches Smart Cities Framework with New Strategic Alliances, Spotlight Cities, and Integrated Vertical Solutions,” Press Release dated Jan. 5, 2016.
• eGovernment
  • Voting Machines
  • Automated DMV license machines
  • Garbage cans that signal when full
  • Public Safety
    • Smart dust (RFID chips) that monitor forests for fires
• Industrial Internet
  • Robot assembly lines SCADA
  • Inventory
  • Security / Access control
  • Kylie J. Wakefield, How The Internet Of Things Is Transforming Manufacturing, Forbes (July 1, 2014)
  • Agriculture
    • Tractors operating off of GPS to automatically work fields
    • Sensors re moisture and watering
    • Herd tracking
      • Tove B. Danovich, “Internet-Connected Sheep and the New Roaming Wireless,” The Atlantic, February 9, 2015
      • David Evans, “Introducing the Wireless Cow,” The Agenda, July 2015,
• Sensor nets
  • Noise Monitors
  • Pollution monitors
• Early Examples of Internet Devices
  • “The Internet Toaster.” Living Internet, 7 Jan. 2000. (online in 1990); Internet of Things History, Postscapes
  • “The “Only” Coke Machine on the Internet.” Carnegie Mellon University Computer Science Department ; Craig Everhart, Interesting Uses of the Internet, Email (June 11, 1990)
  • Stafford-Fraser, Quentin. “The Trojan Room Coffee Pot.”

Communications Infrastructure

• Topology
  • Local Network
    • Unlicensed: WiFi; Bluetooth; Near Field
      • "Connectivity Framework [TAC IOT WG June 2014 at 12]
        • "Thing to Thing (vehicle sensors, actuators, etc) (LAN / PAN)
        • "Thing to Proxy (e.g., gateway, hubs, hubs with vehicles) (LAN/PAN)
          • "IoT adds significant load to existing services, such as WIFI and BT
          • "Traffic upstream from proxies shares allocations and adds significant load to existing services used to link WiFi, etc., to core Internet"
      • Threat: rogue WiFi APs [FCC TAC Wireless Security WG 2012 at 3]
      • Concern:
        • Long Life Safe Harbor: IoT Devices and M2M devices should operate in unlicensed space where possible but unlicensed spectrum is becoming congested.
          • TAC IoT WG Position Statement Dec. 2014 [Word]: "Many classes of IoT devices are expected to have a long life, an 8 year or greater life expectancy. To avoid spectrum support issues over this long period, it is recommended that, such devices and the network to support them, utilize unlicensed operations where practical."
          • TAC IOT WG June 2014 at 13: IoT Dilemma: Significant fraction of 'things' will have 10+ yr lifetime; want to encourage rapid adoption of ongoing advances in spectral efficiency and security protocols; Potential 'Best Practice'; Long lived things use short range Thing-to-Proxy links that are amendable to very high level of spatial reuse; Proxy upstream links are periodically upgraded to take advantage of new technologies."
        • Unlicensed Spectrum Demands Congestion
          • Increase number of IoT devices connecting to the local network via unlicensed spectrum. See Statistics.
          • TAC IoT WG Position Statement Dec. 2014 at 8 [Word]: Unlicensed band best practices recommendations
          • TAC IOT WG June 2014 at 14: "Thing-to-Thing and Thing-to-Proxy spectrum requirements can be met, provided: • The FCC continues to increase the availability of LAN/PAN range spectrum on a timely basis • Industry continues to adopt spectrally efficient technologies that support limited range deployments with very high levels of spatial reuse"
          • [FCC TAC M2M WG 2012 at 97] FCC TAC M2M WG Dec. 2012 Final Report at 98
            • Situation
              • The 2.4 Ghz unlicensed band is over crowded and even 5 Ghz is experiencing noise interferrance.
              • New standards abandon this spectrum, e.g. 802.11ac/ad do not operate on 2.4 Ghz.
              • 60 Ghz is too short and 1.2-3.1 Ghz is just right for mobile
            • Complications
              • When new spectrum is opened for unlicensed devices, it eventually becomes crowed.
              • Radar Interference Avoidance Schemes such as DFS for Wi-Fi on 5 GHz had mixed results: it avoids interference but was not always enforced/implemented.
            • Recommendation
              • Allow spectrum sharing with Commercial and Military Radar systems operating at frequencies from 1.2 – 1.4 Ghz and 2.7- 3.1 Ghz.
              • Creating special rules for M2M creates a bias against other unlicensed uses.
              • Require interference avoidance AND geo-location database registration. (higher cost)
              • Coordinate with the EU’s effort to prevent competing recommendations.
      • Do I Need Wi-Fi to Use the Nest Learning Thermostat?, NEST SUPPORT (last visited May 10, 2016)
      • Matt Hamblen, Wi-Fi for the Internet of Things Gets a Name: ‘Wi-Fi HaLow’, COMPUTERWORLD (Jan. 4, 2016)
    • USB
    • Ethernet
  • Access Network [NTIA Green Paper 16]
    • Mobile (licensed)
      • "Connectivity Framework [TAC IOT WG June 2014 at 12]
        • "Thing to Internet (e.g., direct connection to 4G networks, WISPs, TVWs, etc) IoT adds load to 4G / TVWS services and poses challenges wrt long lived things"
      • 5G Wireless
        • DBSD Services Limited, Gamma Acquisition L.L.C., and Manifest Wireless L.L.C.’s Consolidated Interim Construction Notification for AWS-4 and Lower 700 MHz E Block Licenses ("Pursuant to 27.14(k) of the Commission’s rules, DBSD Services Limited (“DBSD”), Gamma Acquisition L.L.C. (“Gamma”), and Manifest Wireless L.L.C. (“Manifest”), all of which are indirect, wholly-owned subsidiaries of DISH Network Corporation (together, “DISH,” the “company” or “we/us”), file this consolidated Interim Construction Notification (“Interim Notification”) for DISH’s spectrum licenses in the AWS-4 Band and Lower 700 MHz E Block (the “Spectrum Licenses”).1 As explained below, DISH plans to efficiently deploy a nextgeneration 5G-capable network, focused on supporting the Internet of Things (“IoT”), and anticipates meeting the applicable final FCC construction milestones for the Spectrum Licenses by March 2020. ")
          • Dan Meyer, Dish raises $1B as it looks to build NB-IoT network by 2020, RCR Wireless News March 13, 2017 ("Dish earlier this month filed documents with the FCC noting plans to meet build-out requirements for its AWS-4 and 700 MHz E-Block licenses through the deployment of a “5G” network in support of internet of things services")
          • Alexander Hellemans, Why IoT Needs 5G, IEEE Spectrum (May 20, 2015),
          • Dan Kurschner, The Cisco 5G White Paper Series, Cisco Blog (May 9, 2016),
        • Standardization
          • “Standardization of NB-IOT Completed,” 3GPP (Jun. 22, 2016)
          • LPWAN - Low Power WAN
      • 4G LTE
        • Cars, Surveillance
        • Stephen Lawson, LTE Can Compete with Upstart IoT Networks, Verizon Says, COMPUTERWORLD, Oct. 29, 2015, (“Many legacy IoT devices, also called M2M (machine-to-machine), use 2G or 3G networks now. Carriers want to phase those out in the coming years to shift their frequencies over to newer networks.”)
        • Sue Marek, Making LTE Lighter, Cheaper (and Slower) for the Internet of Things, FIERCEWIRELESS, Mar. 2, 2015,
      • 3G/ 2G
        • 2G-M2M, T-Mobile Internet of Things
      • Paul Barbagallo, As ‘Internet of Things’ Evolves, FCC’s Spectrum Strategy Will Be Put to the Test, BNA: Telecommunications Law Resource Center (Nov. 19, 2014),
    • Concerns
      • Increase in devices attached to edge networks creates greater demand for spectrum (unlicensed and licensed) for edge network use.
        • TAC IOT WG June 2014
          • at 14: "Demand on upstream links from Proxies to Internet will grow significantly. This demand can be met, provided: • The FCC continues to encourage the rapid adoption of innovations in spectral efficiency • There is a persistent and predictable roll-out of small cell technology (4G, TVWS, etc.) • Most high throughput IoT traffic (e.g., video streams) is off-loaded “close” to the thing/proxy"
          • at 15 "Strawman Recommendations: No unique allocations of spectrum to IoT are required [with the possible exception of short-range unlicensed spectrum that is subject to very high spatial reuse] • The FCC should periodically and systematically refresh its analysis and plans to address spectrum demands associated with IoT to ensure there is: – Sufficient short-range spectrum to meet growth in PAN/LAN requirements arising from IoT – Sufficient capacity upstream from IoT Proxies to accommodate increased demand associated with IoT This analysis should take account of significant technical innovations and the resultant plans should be sufficiently concrete and timely as to guide industry planning related to IoT. • Long-lived things should use short range unlicensed spectrum whenever a safe harbor from wireless technology evolution is required • To stimulate IoT growth, the FCC should focus on the availability of unlicensed spectrum suitable to a range of PAN/LAN services (including, but not limited to IoT)"
          • at 17 "FCC should focus its security efforts on limiting misuse of spectrum (e.g., malware or faulty workmanship that continuously transmits or transmits too much power)."
        • TAC recommends sunsetting 2G networks migrating to 3G / 4G networks. [FCC TAC M2M WG 2012 at 97, 103 "FCC recommended window of time supporting legacy 2G infrastructure with migration guidance to LTE with IPv6 addressing. The desired result being to return spectrum while upgrading infrastructure, eliminating legacy."]
        • [FCC TAC Receivers and Spectrum WG 2012 at 115
        • FCC TAC Receivers and Spectrum WG Dec. 2012 Final Report at 28 ("Charter: The Receivers and Spectrum Work Group will tackle the issue of the role of receivers in ensuring efficient use of the spectrum and how to avoid potential obstacles to making spectrum available for new services")
    • Threats:
      • rogue base stations [FCC TAC Wireless Security WG 2012 at 3]
      • Loss of Service [FCC TAC Wireless Security WG 2012 at 3]
      • SS7 vulnerabilities
      • Network Management / non standard implimentations that interfer with device performance
      • Recommendations
        • Sunset legacy vulnerable systems such s 2G [FCC TAC Wireless Security WG 2012 at 7]
    • Wireline (fiber, DSL, Cable)
  • Regional / Backbone Network
    • Fiber
    • Satellite
      • Echostar Comments to NTIA at 1 (March 13, 2017) ("While terrestrial fiber and wireless networks are critical to the success of IoT, satellite plays an important, complementary role. Satellite services have unique and necessary characteristics: Global broadband coverage; Economical for rural connectivity; Important supplement to urban services; Resilient for public safety services")
      • James Atkinson, Inmarsat and Actility team up for global LoRaWAN IoT network, Wireless Magazine, (Feb. 13, 2017)
      • Comments of Inmarsat to NTIA at 2 (March 13, 2017) ("Inmarsat and Actility announced the launch of the first global IoT network to allow customers to bring to market IoT solutions tailored for their business needs anywhere in the world. The solution leverages Inmarsat’s global connectivity as backhaul connectivity Actility’s LoRaWAN low power wide area network (“LPWAN”) technology to provide an end-to-end solution for customers anywhere in the world without the need for pre-existing network infrastructure")
      • Press Release, Vodafone, Vodafone signs roaming agreement with Inmarsat for Internet of Things communications, (Oct. 20, 2016); Vodafone, Vodafone IoT satellite service
        • Vodafone Comments at App. A (June 6, 2016)(connectivity for shipping)
  • Other
    • GPS
• Traffic
  • Connection of devices to each other
  • Connection to application service provider
    • Connection to cloud services
  • Connection between end users
    • Home owner who wants to access home cameras to monitor home
    • Parents who upload new pictures to grandparents internet picture frame.
• Capacity
  • IoT devices may impose different capacity demands (its not all broadband).
    • " higher, mid, and lower bands are important for IoT development." 5G Americas Comments to NTIA 2016 at 6.
• Narrowband
  • Individual devices generally may generate narrowband traffic
    • Example sensornets such as seismic sensors
    • [AT&T comments to NTIA 2016 at 13, 16 (MNO IoT network traffic "is very low bandwidth and delay-tolerant traffic.")
  • "The IoT will also require networks of industrial narrowband, low-power Machine-Type Communications (MTC) with lower capacity requirements" 5G Americas Comments to NTIA 2016 at 5.
• Mid range
• Broadband
  • Aggregation of multiple devices may impose broadband demands
  • Video devices (roku box, security video, remote cameras, telemedicine)
    • CISCO Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2016-2021 (Feb. 7, 2017) p. 22 Video as a percent of mobile traffic 2016 | 2021: File Sharing 2% | 2%; Audio: 8% | 5%; Web/Data/VoIP 30% | 14%; Video 60% | 78%
      • Video dominates network traffic - non video IoT traffic will be a small portion of traffic and potentially will be narrowband
  • CISCO Comments to NTIA 2016 at 17 (“the average M2M module will create almost 7 times the amount of traffic by 2018 at 514MB [per month]. Coupled with the expansion in the number of devices, the traffic will be 22 times greater in 2018 than 2013”)
  • Virtual Reality
• Latency
  • Some devices demand low latency, always on connections
    • Examples: smart cars, manufacturing
  • Some devices tolerate latency and do not require always-on connections (for example, RFID tags, smart meters)
    • "the “things” do not need to be constantly connected" ACM Comments to NTIA at 3 (2016) (" may not use standard Internet protocols at the system edge")
• Mobility
  • Some devices are mobile and need the ability roam within a network or between networks
  • Some devices are fixed
• Reliability / Resiliency
• Protocol
  • Internet
  • Other Network
    • Jeffrey Voas, Network of 'Things', NIST Special Publication 800-183 (July 2016) [NIST 800-183]
    • ACM Comments to NTIA at 3 (2016)
• Network Neutrality
  • Permissionless Innovation
  • Virtuous Cycle
  • Transparency
  • Standards
  • News
    • Could net neutrality stand in the way of traffic safety? Tech Policy Daily, American Enterprise Institute (June 2, 2016),
• Digital Divide (lack of Internet access deprives communities of benefits of IoT) [NTIA Green Paper 20]
• Business Models
• Customer of communications service may be the IoT service provider who bundles the communications service in with the purchase of the IoT device. [AT&T Comments to NTIA 2016 at 14]
• Examples: smarts cars, smart meters
• Geographic Coverage [AT&T Commments to NTIA 2016 at 14]
• Traditional communications: where the people are
• IoT communications: where the devices / sensors are
• Security
• IP Address Exhaustion
  • The rise in the number of devices will place stresses on the legacy IPv4 address space.
    • NTIA Green Paper 2017 at 19 (IPv4 "provided us with nearly 4.3 billion IP addresses. This number, however, is far less than what the ever-expanding network – and IoT – will demand. As one commenter noted, IPv4 is an “outdated version of the Internet Protocol” which “severely restricts the number of devices that can be connected to the Internet.”")
    • Chris Poulin, The Importance of IPv6 and the Internet of Things, SecurityIntelligence (Dec. 23, 2014) ("IoT’s appetite for addresses will overcome IPv4’s ability to sate it.")
    • Dave Evans, Cisco Internet Bus. Solutions Grp., The Internet Of Things: How The Next Evolution Of The Internet Is Changing Everything 3 (2011) ("The world ran out of IPv4 addresses in February 2010. While no real impact has been seen by the general public, this situation has the potential to slow IoT’s progress since the potentially billions of new sensors will require unique IP addresses.")
    • CRS Report 2015 at 11
    • FCC TAC M2M WG 2012 at 100 "As IPv4 approaches depletion, the M2M ecosystem will be looking for a solution for a new addressing schemes for the millions of additional devices scheduled to hit the market. "
  • IPv6 dramatically expands the address space
  • NAT recycle private addresses but breaks end to end connectivity. NAT residential routers may be configured with /24 address blocks providing 256 addresses that can be assigned to devices in the home.
    • Residential routers may have a setting that allows owners to control the number of addresses available
  • FCC TAC M2M WG 2012 at 100 Recommendation: noting issue of embedded legacy IPv4 devices, "Develop an IPv6 migration path for the near, medium, and long term to meet requirements for M2M fixed and mobile applications "
  • National Broadband Plan 2010, Sec. 3.2 Devices ("the Internet of Things... will require more IP addresses")
• Proceedings
• Federal Motor Vehicle Safety Standards: Vehicle-to-Vehicle (V2V) Communications, Advance Notice of Proposed Rulemaking, 79 Fed. Reg. 49,270 (August 20, 2014) ("This document initiates rulemaking that would propose to create a new Federal Motor Vehicle Safety Standard (FMVSS), FMVSS No. 150, to require vehicle-to-vehicle (V2V) communication capability for light vehicles (passenger cars and light truck vehicles (LTVs)) and to create minimum performance requirements for V2V devices and messages. The agency believes that requiring V2V communication capability in new light vehicles would facilitate the development and introduction of a number of advanced vehicle safety applications. Some crash warning V2V applications, like Intersection Movement Assist (IMA) and Left Turn Assist (LTA), rely on V2V-based messages to obtain information to detect and then warn drivers of possible safety risks in situations where other technologies have less capability. Both of those applications address intersection crashes, which are among the most deadly crashes that U.S. drivers currently face. NHTSA believes that V2V capability will not develop absent regulation, because there would not be any immediate safety benefits for consumers who are early adopters of V2V. V2V begins to provide safety benefits only if a significant number of vehicles in the fleet are equipped with it and if there is a means to ensure secure and reliable communication between vehicles. NHTSA believes that no single manufacturer would have the incentive to build vehicles able to ‘‘talk’’ to other vehicles, if there are no other vehicles to talk to—leading to likely market failure without the creation of a mandate to induce collective action. )
  • See report ‘‘Vehicle-to-Vehicle Communications: Readiness of V2V Technology for Application,’’

Data

• Data collection
  • Example: sports and fitness trackers; health monitors; Geolocation information
    • Privacy complaint for fitness wristband makers, BBC Nov 3, 2016 This revealed that users of the wristbands had little access to the information gathered about them, who saw it and how it was used.
    • Curt Woodward and Hiawatha Bray, A company sent anti-abortion ads by phone. Massachusetts wasn’t having it. Boston Globe April 4, 2017 ("In this case, Copley Advertising used a technique known as “geofencing” that aims messages at cellphone users inside a certain geographic area. Those ads specifically targeted young women at or near reproductive health clinics, Healey said.")"
  • How information may be used: health, insurance, hiring decisions
  • Mobile Data
    • Yves-Alexandre de Montjoye1, César A. Hidalgo1, Michel Verleysen, Vincent D. Blondel, Unique in the Crowd: The privacy bounds of human mobility, Scientific Reports 3, March 25, 2013- Unique in the Crowd, MIT
    • David Choffnes Northeastern University ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic
    • Narseo Vallina-Rodriguez IMDEA Networks/International Computer Science Institute Illuminating the Third Party Mobile Ecosystem with the Lumen Privacy Monitor
    • Sebastian Zimmeck School of Computer Science, Carnegie Mellon University Automated Analysis of Privacy Requirements for Mobile Apps
    • Primal Wijesekera University of British Columbia, Canada; University of California, Berkeley The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences
  • Profiling and Tracking
    • See Geolocation information
    • Devices named by user with user's name (Bluetooth device naming). Scan environment for bluetooth devices and gathers information. Aleksandra Korolova University of Southern California Cross-App Tracking Via Nearby Bluetooth Devices
    • IOT devices that commonly communicate with each other are probably owned by same individual
    • Traffic patterns and traffic destinations can reveal to an ISP (and Wifi monitoring) a great deal about what the device is and individual characteristics. See Noah Apthorpe Dillon Reisman Center for Information and Technology Policy, Princeton University A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic
      • Encrypted traffic going through ISP should not be readable by the ISP - but the mere traffic patterns can reveal a great deal of information
      • Presence of a blood pressure device would, for example, indicate a blood pressure problem, even though there is no access to actual blood pressure data
    • Maria Rerecich Consumer Reports Evaluating Products and Services for Privacy, Security and Data Practices
    • Alethea Lange Center for Democracy & Technology A User-Centered Perspective on Algorithmic Personalization
  • Children
    • NTIA Green Paper at 26 ("For example, as Common Sense Kids Action pointed out, a recent data breach involving a toy manufacturer exposed names, dates of birth, password recovery questions and answers, genders, pictures of parents and children, audio recordings of children, and chat logs between parents and children.")
    • Luke Cooper, Millions of Private Messages Between Parents and Kids Hacked in Cloud Pets Security Breach, HuffPo (Feb. 28, 2017)
    • Chante Owens, Stranger hacks family's baby monitor and talks to child at night SF Globe (May 7, 2016)
  • Voice Automation, Wiretap, Eavesdropping, Interception
    • See 4th Amendment / Electronic Communications Privacy Act
    • “Samsung Smart TV’s Voice Recognition Creates Privacy Concerns.” CBS This Morning. CBS News, February 10, 2015.
    • December 14, 2016 New Senate Report Raises Concerns Over Privacy Risk Associated With Smart Toys Senate Commerce Comm ("Smart toys, which can interact with a child by connecting to the internet, can become a target for hackers and identity thieves looking to steal a parent or child’s personal information often stored by the toymaker.")
    • Malicious activation of microphone, camera and other sensors
    • Rogue cellular base stations and WiFi access points - man-in-the-middle attacks
• Data Aggregation
  • "Anonymized" where personal identities can be uncovered
  • Used to inform public policy decision making
    • Where data is methodologically flawed
      • Example: Using STRAVA cycling data to reflect where cyclists use infrastructure. This is methodologically flawed as the sample is self selective. STRAVA users tend towards affluent white male users, where, for example, Latino working class may be large users of cycling in order to get to work (see Arlington, Va).
• Data Storage
  • See Security, Privacy
  • Extra territorial storage and complaince with international privacy law
• Data Transmission
  • See Communications Infrastructure
  • See Data Interception
  • Encryption
    • Nick Feamster, Who Will Secure the Internet of Things?, Freedom to Tinker (Jan. 19, 2016), (noting several Internet of Things devices transmitting video, ZIP codes, and other sensitive data without encryption);
  • Cross Border Transmission
    • See EU Privacy
• Access to / Security of Data
  • See privacy
  • Information Storage
    • Encryption
      • CISCO Comments to NTIA at 9 March 13, 2017 ("most IoT devices built with Internet connectivity should be capable of handling standard Internet cryptography. Second, crypto-security is essentially all or nothing—a device is going to be either capable of running widely accepted encryption suites or it is not")
      • David McGrew, Cisco, Low Power Wireless Scenarios and Techniques for Saving Bandwidth without Sacrificing Security, April 1, 2016
      • [L Jean Camp et al Comments to NTIA 2016 at 4 ("it is unlikely that emerging lattice-based cryptographic standards that seek to provide 'post-quantum' computing security can be implemented in a light switch.")]
      • Lorenzo Franceschi-Bicchierai, Nest thermostat Leaked Zip Codes Over the Internet, Vice: Motherboard (Jan. 20, 2016), (“Some smart devices have such li le computing power that they couldn’t perform the necessary encryption processes even if their creators wanted them to . . . .”)
    • NTIA Green Paper at 30
  • Law Enforcement Access to Data
    • Third Party Doctrine
    • Stored Communications Act
      • Data stored extra-territorial
      • Fitbit contradicts husband's story of wife's murder - police BBC April 25 2017
• Integrity of Data
  • Data compromised, modified or manipulated [DHS Mobile Security Report 2017 at 18]
  • risk: automated decision making based on compromised data can lead to bad actuation

Privacy

• Authentication of Users
  • Spoofing
    • Spoofing data
• See FCC Broadband Privacy Proceeding.
• Privacy Policies
• Privacy by design
  • Data minimization (collect only the data that you need)
    • Less data means smaller target
    • Less data = less chance data will be used in ways not intended
  • FIPPS
    • Notice
      • Disclosure of data collected, how data used, how data shared
      • Notice and Choice where interfaces may not permit it?
• Privacy Impact on Consumer Behavior
  • Acquity Group, The Internet of Things: The Future of Consumer Adoption, at 6 (2014),
  • Jan Lauren Boyles et al., Privacy and Data Management on Mobile Devices, Pew Research Internet & American Life Project (Sept. 5, 2012),
  • Altimeter Group, Consumer Perceptions of Privacy in The Internet of Things (2015)
• References
  • Bradbury, Danny. “How Can Privacy Survive in the Era of the Internet of Things?” The Guardian, April 7, 2015, sec. Technology.
  • FTC Staff Report, Internet of Things: Privacy and Security in a Connected World (January 2015),

Security

• Threats
  • Growth of devices
    • TAC IoT WG Presentation June 2014 at 16 ("Growth of IOT will greatly increase the attack surface.")
  • Access
    • to device
    • to data
      • In transmission
      • In storage
  • Control of device
    • Malicious behavior
      • Spoofing
      • Theft of Service (See Cloning Mobile Phones; Blue Box Cases)
      • Ransomware
      • Corrupting data
    • DOS
  • Loss of Device [FCC TAC Wireless Security WG 2012 at 3]
  • Network
    • Intercepting, Eavesdropping
    • Theft or disabling of device
    • Network based attack against device
      • Compromising network providers equipment in order to attack end user equipment
        • See also Man-in-the-Middle attack
• Security of Device
  • Confidentiality, Integrity, Accessibility CIA
• "Authorized" and Unauthorized
  • Access to device
    • Authentication
    • Surveillance
      • John Leyden, We Found a Hidden Backdoor in Chinese Internet of Things Devices - Researchers, The Register March 2, 2017, ("The vulnerable firmware is present in almost all dbltek GSM-to-VoIP devices, a range of equipment mostly used by small to medium size businesses, it claims. Trustwave researchers claimed they had found hundreds of at-risk devices on the internet.")
    • Government Surveillance :: 4th Amendment :: ECPA :: CFAA
  • Control of systems or information
    • Hacking control of cars
      • Greenberg, Andy. “Hackers Remotely Kill a Jeep on the Highway—With Me in It.” WIRED, July 21, 2015.
    • Hacking control of medical devices
    • Hacking control of home appliances
      • Hackers Make the First-Ever Ransomware for Smart Thermostats, Motherboard Aug 7, 2016 “One day, your thermostat will get hacked by some cybercriminal hundreds of miles away who will lock it with malware and demand a ransom to get it back to normal, leaving you literally in the cold until you pay up a few hundred dollars.”
    • Other
      • Andy Greenberg, Hackers Can Disable a Sniper Rifle—Or Change Its Target WIRED (July 29, 2015)
      • FBI Public Service Announcement: Internet of Things Poses Opportunities for Cyber Crime (Sept. 10, 2015)
      • Lily Hay Newman, Pretty Much Every Smart Home Device You Can Think of Has Been Hacked, Slate (Dec. 30, 2014).
• Software
  • People building IoT are not security engineers trained in security
  • Patching
    • Updates of software may be difficult
    • Vendor may have a shorter life cycle than device
    • BITAG 2016 at 4 ("Some IoT devices ship “from the factory” with software that either is outdated or becomes outdated over time. Other IoT devices may ship with more current software, but vulnerabilities may be discovered in the future. Vulnerabilities that are discovered throughout a device’s lifespan may make a device less secure over time unless it has a mechanism to subsequently update its software.")
    • NTIA Green Paper at 28
    • Sarthak Grover & Nick Feamster, The Internet of Unpatched Things, Privacy Con 2016 Presentation Slides
    • Communications Security, Reliability, and Interoperability Council (CSRIC), Working Group 21: Cyber
      Security Best Practices Final Report at 35 (2011) (discussing patching).
    • Embedded / Legacy devices / Orphaned Devices
      • Embedded devices with extended life cycles
        • Automobiles with 11 year expected life cycles

        CISCO Comments to NTIA at 2 March 13, 2017 ("This underscores the increasing importance of utilizing the network as both a sensor and a tool to manage risk from: a) devices that cannot effectively protect themselves in a dynamic threat environment; and b) from devices becoming weapons in an attack on other devices or systems. ")

      • Given embedded base of IoT devices, retrofitting security and privacy will be difficult. ACM Comments to NTIA on IoT at 5 (2016)
      • Microsoft Comments to NTIA at 1 (March 13, 2017) ("Microsoft believes that software and device upgrades can often enable better protections than patching old products that simply should be taken offline. In addition, encouraging the continued use of older devices may create insecurities and other unintended problems, particularly as the network supporting those devices evolves based on newer technologies.")
      • Microsoft Comments to NTIA at 5 (March 13, 2017) ("Microsoft is also concerned by Commerce’s statement contemplating use of a consortium-type body to manage software updates and/or the underlying source code to handle orphaned devices. 20 Inserting a new third-party between the technology provider and its users would create a new attack vector and may just make it more difficult and less efficient to produce good patches. Patching can be a complex process for organizations even when they are working with their own code. Moreover, technology companies are unlikely to embrace a model in which their code is handed over to a third party; source code is a signficant corporate asset")
      • Vulnerability becomes embedded and then replicated in 1000s of devices
      • Green Paper 2017 at 29 ("Devices that consumers continue to use to connect to the Internet should be updated and protected even if device manufacturers discontinue them.")
      • Meghan Neal, The Heartbleed Bug Will Lurk in the Internet of Things for Decades Vice (Apr. 11, 2014)
• Technical limitations/ Issues
  • Computationally weak hardware
  • Minimal OS
  • Limited Memory
    • [L Jean Camp et al Comments to NTIA 2016 at 4 ("many devices will not support memory architectures in which memory segments can be marked as non-executing")
  • Vulnerability to DOS and Stacksmashing attacks
  • NTIA Green Paper at 29
• DDOS :: Bots
• Security by Design
• NTIA Green Paper at 27
• DHS Strategic Principles at 5
• Access Control
  • Passwords, Biometrics
• Network Service Provider
  • Network Management
    • Encrypt communication (data) [DHS Mobile Report 2017 at ii]
      • Migitigate Interception, Eavesdropping
    • Maintain security of provider's devices (routers, smart phones, network equipment)
      • Maintain and support device OS
      • Correct SS7 Network Vulnerability exploited for 2-factor authentication
    • Customer's devices
      • ISP authorizing attachment only of certified devices, filtering malicious traffic
      • FCC TAC Wireless Security WG 2012 at 8 (Application certification (whitelisting))
    • Filter malicious traffic
      • Lily Hay Newman, Internet Providers Could Be the Key to Securing all the IoT Devices Already Out There, WIRED 10.27.16
      • Carol Wilson, Will ISPs Step Up to the IoT Challenge, Light Reading Sept. 2, 2016, (L3 CSO Dale Drew "believes broadband network operators themselves need to step up and take more responsibility for monitoring the traffic on their networks and proactively working to block or filter that which follows the patterns of botnets or other forms of cyber attacks or data breaches.")
      • Look for suspicious traffic patters, traffic being sent to unknown servers or traffic being sent to blacklisted IP addresses [DHS Mobile Security Report 2017 at 39]
      • FCC TAC Wireless Security WG 2012 at 8
        • Network-based and device-based malware detection and isolation
        • Device management, including controlled remote wipe
        • App Store application removal process
        • Server host based security filtering
        • Mobile ecosystem alignment on mobile malware security best practices
          • Threats, tools, operating procedures
          • Joint policy/procedure for handling malware outbreaks
          • Frequent interaction and timely updates
      • See DOS Tools
      • See 47 USC 230(c) Liability Protection for Filtering Traffic
  • End Users
    • Gateway to / from end users
      • See also Open Internet, Reasonable Network Management
      • See also 47 CFR 68.108 Incidence of Harm
    • Provide end users with user-friendly router interface that facilitates firewall ability to block specific devices and destinations, and authorize devices to interact only with expected destinations
    • Provide end user security information
      • FCC TAC Wireless Security WG Dec. 2012 Final Report at 11
        • "FCC/CTIA/CEA jointly initiate a high profile education campaign to raise public awareness of mobile security/privacy threats and drive broad adoption of specific user-actionable safeguards"
        • "Recommendation: series of FCC-sponsored workshops on advanced security for Wi-Fi hotspot deployments"
    • Notify when devices are compromised
      • Lily Hay Newman, Internet Providers Could Be the Key to Securing all the IoT Devices Already Out There, WIRED 10.27.16
    • Disable accounts that are harming the network or participating in botnet DOS attacks. 47 CFR 68.108 Incidence of Harm
  • References
    • Tristan O'Gorman, IoT Security, Who is Stepping Up?, Security Intelligence Jan. 4, 2017, ("As internet service providers (ISPs) own the network and IoT solutions require connectivity, ISPs play a prominent role in IoT security.")
    • Alan Zeichick, ISP Opportunity: Protect the Internet of Things in the Home, Network World Jun. 23, 2015, ("Consumer ISPs have a unique role to play in sanitizing and protecting the home from rogue attempts to subvert IoT devices.")
• Certification of Devices Attached to Network
  • See Device Certification
  • Online Trust Alliance, “Coalition Releases Connected Device Requirements,” (January 5, 2017).
  • GSMA loT Security Self-Assessment; GSMA loT Security Guidelines
  • Europe to Push New Security Rules Amid IoT Mess, Krebs on Security, Oct. 8, 2016 (The Commission would encourage companies to come up with a labeling system for internet-connected devices that are approved and secure,”)
  • USG
    • See Letter from Ch Tom Wheener to Sen. Mark Warner (suggesting an NPRM that "could examine changes to the FCC's equipment certification process to protect networks from IoT device security riskes") []
• End User as System Operator of complex network
  • NCTA Comments to NTIA at 18 March 13, 2017 (" the growing problem of overall manageability of IoT devices for end-users")
• Incentives
  • Liability for security flaws - generally vendor is not liable
    • Who would / should the liability be placed on (tort liability is generally placed on the party best able to act in order to mitigate the risk)?
• No user interface providing security information
• Disconnect devices when connectivity is unnecessary. DHS Strategic Principles at 12
• Govt Activity / Proceedings
  • NIST
    • NIST, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure System, NIST Special Pub. 800-160 (Nov. 2016).
    • NIST, Framework for Improving Critical Infrastructure Cybersecurity (2014),
      
  • U.S. Dept. of Homeland Security, Strategic Principles for Securing the Internet of Things (IoT), Version 1.0 (Nov. 15, 2016), .
  • NIST, Framework for Improving Critical Infrastructure Cybersecurity (2014),
  • FCC
    • Spectrum Frontiers Report & Order, 31 FCC Rcd at 8106, para. 265 ("In its July 2016 Spectrum Frontiers Report and Order, the Commission reiterated its view that communications providers are generally in the best position to evaluate and address security risks to network operations. Toward this end, the Commission adopted a rule requiring Upper Microwave Flexible Use Service licensees to submit general statements of their network security plans. The statements are designed to encourage licensees to consider security in their new 5G networks. The statements will also keep the Commission informed of ongoing progress in 5G cybersecurity)
    • CSRIC IV, Working Group 4, Cybersecurity Risk Management and Best Practices, Final Report (2015)
    • Technical Advisory Council (FCC TAC), Cybersecurity Working Group, Technical Considerations White Paper (2015)
  • FTC Report on Internet of Things Urges Companies to Adopt Best Practices to Address Consumer Privacy and Security Risks (Jan. 27, 2015) (proposing privacy and cybersecurity best practices associated with IoT);
  • U.S. Dept. of Health and Human Services, Radio Frequency Wireless Technology in Medical Devices: Guidance for Industry and Food and Drug Administration Staff (Aug. 14, 2013) (guidance to the industry on considerations for the safe and effective development and use of RF technology in medical devices)
• References
  • The average IoT device is compromised after being online for 6 minutes, ip pro Portal Sept 2016
• Industry Efforts
  • 3GPP
    • 3GPP SA3 Working Group (V2X communications, Vehicle to X)
• Intellectual Property
• Copyright
  • Who owns the created data?
  • DMCA Circumvention prohibitions that blocks research into IoT
• Standards
  • DHS Mobile Security Report 2017 at 12
• Statistics
  • Cisco
    • Cisco, VNI Complete Forecast Highlights Tool (2016)
    • “Cisco Visual Networking Index: Forecast and Methodology, 2014-2019.” Cisco, May 27, 2015. Internet traffic generated by non-PC devices: 2014: 40% - 2019: 70%. Machine to Machine” connections (including in industrial, home, healthcare, automotive, and other IoT verticals) 2014: 24% - 2019: 43%
    • Cisco projects more than 24B Internet–connected objects by 2019. “Cloud and Mobile Network Traffic Forecast - Visual Networking Index (VNI).” Cisco, 2015.
    • [NTIA Green Paper 4 ("Cisco estimates that, between the years of 2015 and 2020, the number of connected devices in the United States will nearly double from 2.3 billion to 4.1 billion; globally connected devices will increase from 16 billion to 26 billion over the same period. ")]
  • Morgan Stanley projects 75B networked devices by 2020. Danova, Tony. “Morgan Stanley: 75 Billion Devices Will Be Connected To The Internet Of Things By 2020.” Business Insider, October 2, 2013.
  • Huawei projects 100B IoT connections by 2025. “Global Connectivity Index.” Huawei Technologies Co., Ltd., 2015. Web. 6 Sept. 2015.
  • McKinsey Global Institute
    • McKinsey Global Institute, Unlocking the Potential of the Internet of Things (June 2015).
    • projects a financial impact of IoT on the global economy as $3.9 to $11.1 trillion by 2025. Manyika, James, Michael Chui, Peter Bisson, Jonathan Woetzel, Richard Dobbs, Jacques Bughin, and Dan Aharon. “The Internet of Things: Mapping the Value Beyond the Hype.” McKinsey Global Institute, June 2015.
    • [NTIA Green Paper 4 (" McKinsey Global Institute has projected that, by 2025, the overall impact of these devices on the global economy will be between $4 trillion and $11 trillion.5")]

Government Activity

• Department of Commerce
  • NTIA
  • Potential Policy Considerations for the Internet of Things
    • Notice of Extension of Comment Period on Fostering the Advancement of the Internet of ThingsFeb. 22, 2017
    • Request for Comments on the Benefits, Challenges, and Potential Roles for the Government in Fostering the Advancement of the Internet of Things Jan. 12, 2017
    • Green Paper: Fostering the Advancement of the Internet of ThingsJan. 12, 2017
    • Date:  April 05, 2016 Docket Number: 160331306-6306-01 Notice and Request for Comments on the Benefits, Challenges, and Potential Roles for the Government in Fostering the Advancement of the Internet of Things81 Fed. Reg. 19956
  • Increasing the Potential of IoT through Security and Transparency NTIA Blog Aug 2, 2016
  • New Insights into the Emerging Internet of Things June 15, 2016 NTIA ("The latest computer and Internet use data collected for NTIA shows that the number of Americans using IoT devices is still small. But we are seeing an interesting snapshot of early adopters. These new insights into how Americans are utilizing IoT are drawn from data collected in July 2015 as part of our Computer and Internet Use Supplement to the Census Bureau’s Current Population Survey. As we previously noted in April, few Americans—just 1 percent—reported using a wearable, Internet-connected device, such as a fitness band or watch, as of July 2015. While the market for this type of device is clearly in its early stages, we found notable differences between early adopters of wearable technology and the population as a whole (see Figure 1). Unsurprisingly, wearable device users exhibited many characteristics associated with higher levels of computer and Internet use. Wearable device users tended to have higher education and family income levels compared with all Americans, and they were more likely to live in metropolitan areas.")
• NIST
  • Jeffrey Voas, Network of 'Things', NIST Special Publication 800-183 (July 2016) [NIST 800-183]
  • J. Voas, Network of Things, PPT
  • Jeffrey Voas, Larry Feldman, Gregory White, Demystifying the Internet of Things, Sept. 16, 2016
  • NIST Interagency Report 8144, Assessing Threats to Mobile Devices & Infrastructure: The Mobile Threat Catalogue Sept. 2016 []
  • NIST Special Publication (SP)1800-4, Mobile Device Security: Cloud & Hybrid Builds
  • NIST SP 800-48, Bluetooth Security 2002 (.pdf : 2,294,825 bytes)
  • See also
    • NIST, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure System, NIST Special Pub. 800-160 (Nov. 2016)
• NSF
  • Internet of Things
• Federal Trade Commission
• See also Wireless Security
• FTC Announces Internet of Things Challenge to Combat Security Vulnerabilities in Home Devices Jan. 4, 2017
  • FTC Announces Winner of its Internet of Things Home Device Security Contest 
• Press Release, D-Link case alleges inadequate Internet of Things security practices Jan. 5 2017
• FTC Staff, “Internet of Things: Privacy and Security in a Connected World” (Federal Trade Commission, January 2015) ("The Internet of Things (“IoT”) refers to the ability of everyday objects to connect to the Internet and to send and receive data. It includes, for example, Internet-connected cameras that allow you to post pictures online with a single click; home automation systems that turn on your front porch light when you leave work; and bracelets that share with your friends how far you have biked or run during the day.")
• Federal Trade Commission (FTC). 2013. “Android Flashlight App Developer Settles FTC Charges it Deceived Customers.” Press Release. Washington, D.C.: Federal Trade Commission, December 5
• Workshop The Internet of Things: Privacy and Security in a Connected World November 19, 2013
  • Press Release, FTC, FTC Seeks Input on Privacy and Security Implications of the Internet of Things (Apr. 17, 2013).
• DHS
  • See also Wireless Security
  • Securing the Internet of Things, DHS,
  • Strategic Principles for Securing the Internet of Things
  • “NSTAC Report to the President on the Internet of Things,” November 19, 2014
• NSA
  • The Internet of Things, The Next Wave, NSA (2016)
• Dept of State
  • The Internet of Things: Challenges and Opportunities, DipNote Blog, US Dept of State, Nov. 2, 2016
• Department of Defense
  • DoD Policy Recommendations for the Internet of Things, December 2016,
• Dept. of Transportation
  • See Devices :: Vehicles :: Automobiles
  • The Internet of Things
  • Department of Transportation, National Highway Traffic Safety Administration, Fed Reg V2V NPRM 2016 ("This document proposes to establish a new Federal Motor Vehicle Safety Standard (FMVSS), No. 150, to mandate vehicle-to-vehicle (V2V) communications for new light vehicles and to standardize the message and format of V2V transmissions. This will create an information environment in which vehicle and device manufacturers can create and implement applications to improve safety, mobility, and the environment. ")
  • Federal Automated Vehicle Policy webpage
  • Federal Automated Vehicle Policy, US Dept. of Transportation, NHTSA Sept. 2016
• Congress
  • Hearings
    • House Commerce Hearing: Disrupter Series: Update on IOT Opportunities and Challenges June 13 2017
    • House Commerce Hearing: Understanding the Role of Connected Devices in Recent Cyber Attacks Nov. 16, 2016
    • House Commerce Hearing: How the Internet of Things (IoT) Can Bring U.S. Transportation and Infrastructure into the 21st Century June 28, 2016
    • House Judiciary Committee Hearing: Internet of Things, July 29, 2015
    • Senate Committee on Commerce, Science, and Transportation, The Connected World: Examining the Internet of Things, 2015.
    • House Committee on Energy and Commerce, The Internet of Things: Exploring the Next Technology Frontier March 24, 2015
  • Legislation
    • HR 1324 “Securing the Internet of Things Act of 2017” 115th Congress ("To amend the Communications Act of 1934 to provide for the establishment of cybersecurity standards for certain radio frequency equipment.")
      • Harper Neidig, House Dems Push FCC to Adopt Stronger Cybersecurity Measures, The Hill March 2, 2017, ("The three bills being pushed by the minority members of the House Energy and Commerce Committee would require the FCC to adopt rules to protect communications networks, set up an interagency panel to handle cybersecurity investigations and require Internet of Things devices to have certified cybersecurity standards.")
    • S. 88 Developing Innovation and Growing the Internet of Things Act or the DIGIT Act 115th Congress / HR 686
      • This bill requires the Department of Commerce to convene a working group of federal stakeholders to provide recommendations and a report to Congress regarding the growing number of connected and interconnected devices known as the Internet of Things (IoT). The bill establishes a steering committee to be composed of stakeholders outside the federal government to advise the working group.

        The Federal Communications Commission must: (1) seek public comment on the IoT's spectrum needs, regulatory barriers, and growth with licensed and unlicensed spectrum; and (2) submit a summary of those comments to Congress.

      • S. 2607 Developing Innovation and Growing the Internet of Things Act or the DIGIT Act 114th Congress
      • The bill requires the Department of Commerce to convene a working group of federal stakeholders to provide recommendations and a report to Congress regarding the IoT.
      • Federal Communications Commission must: (1) seek public comment on the IoT's spectrum needs, regulatory barriers, and growth with licensed and unlicensed spectrum; and (2) submit a summary of those comments to Congress.
    • S. Res. 110- A resolution expressing the sense of the Senate about a strategy for the Internet of Things to promote economic growth and consumer empowerment.- 114th Congress ("the United States should develop a strategy to incentivize the development of the Internet of Things in a way that maximizes the promise connected technologies hold to empower consumers, foster future economic growth, and improve our collective social well-being;")
      • Senate Passes “The Internet of Things” Resolution, Sen. Deb Fischer (Mar. 24, 2015) ("This evening, the United States Senate unanimously approved a bipartisan resolution calling for the Internet of Things to promote economic growth and greater consumer empowerment.")
  • Eric A. Fischer, The Internet of Things: Frequently Asked Questions, CRS-7-5700 (Oct. 13, 2015)
  • The Honorable Suzan DelBene, “U.S. Reps. DelBene and Issa Announce Creation of the Congressional Internet of Things Caucus” (Press Release, January 13, 2015)
  • “Latta and Welch Launch Bipartisan Internet of Things Working Group” May 24, 2016.
• GAO
  • Data and Analytics Innovation: Emerging Opportunities and Challenges, GAO-16-659SP, Sept. 2016
• FCC
  • See FCC Cybersecurity; FCC Wireless security; CSRIC; WiFi Security
  • Letter from FCC Chairman Tom Wheeler to Sen. Mark Warner (Dec. 2, 2016) (suggesting an NPRM that "could examine changes to the FCC's equipment certification process to protect networks from IoT device security riskes") ~
    • See also 2010 FCC Inquiry into Certification Program for Communications Service Providers.
    • Brendan Bordelon, Wheeler Floats FCC Cybersecurity Certification for IoT Devices, Morning Consult Dec. 5, 2016 ("Wheeler proposed an FCC-mandated cybersecurity certification process for “Internet of Things” devices. The proposal would also require consumer cybersecurity labels for IoT devices and associated services.")
    • FCC Response to IoT Concerns Offers Foundation for Trump Administration to Build Upon, Sen Mark Warner (Dec. 5, 2016) ("“The FCC chairman confirms that internet service providers already have the authority – if not the responsibility – to protect their networks by blocking malicious and harmful traffic. I also am pleased to learn the FCC also has been discussing improved tools, including setting security standards for IoT devices, to better protect consumers as well as the broader Internet.”")
    • Letter from Sen. Mark Warner to FCC Chairman Tom Wheeler (Oct. 25, 2016) ("Under the Federal Communications Commission's Open Internet rules, ISPs cannot prohibit the attachment of 'non-harmful devices' to their networks. It seems entirely reasonable to conclude under the present circumstances, however, that devices with certain insecure attributes could be deemed harmful to the 'network' - whether the ISP's own network or the networks to which it is connected. While remaining vigilant to ensure that such prohibitions do not serve as a pretext for anticompetitive or exclusionary behavior, I would encourage regulators to provide greater clarity to internet service providers in this area.") ~
  • Sen. Mark Warner Probes Friday's Crippling Cyber Attack, Sen Mark Warner (Oct. 25, 2016) ("The text of Sen. Warner’s letter to the Federal Communications Commission (FCC) follows and can be found here. Similar inquiries were also sent to the Federal Trade Commission (FTC) and the Department of Homeland Security’s National Cybersecurity & Communications Integration Center (NCCIC)")
  • National Broadband Plan 2010, Sec. 3.2 Devices
    • "Devices already are starting to communicate with each other, keeping humans out of the loop. Increasing machineto-machine (M2M) interaction will occur over the network, particularly for mobile broadband. A pioneering example of machine-to-machine communication for consumer use is General Motors’ OnStar, an M2M system for automobiles in which an onboard sensor automatically notifies OnStar’s network if there is an accident or system failure.23 M2M communications are used in many industries, often to collect information from sensors deployed remotely. For example, devices tracking the heart rate or blood-sugar level of patients with chronic conditions can transmit the information to a monitoring station that will trigger an alarm for a nurse or doctor where an abnormal pattern is detected. Networked sensors in a power plant can collect and transmit data on how generators are operating, to allow analysis by sophisticated predictive methods that will diagnose potential faults and schedule preventive maintenance automatically
    • The emergence and adoption of new technologies such as radiofrequency identification and networked micro-electromechanical sensors, among others, will give rise to the “Internet of Things.” Billions of objects will be able to carry and exchange information with humans and with other objects, becoming more useful and versatile. For example, the Internet of Things will likely create whole new classes of devices that connect to broadband, and has the potential to generate fundamentally different requirements on the fixed and mobile networks: they will require more IP addresses, will create new traffic patterns possibly demanding changes in Internet routing algorithms, and potentially drive demand for more spectrum for wireless communications"
  • Technology Advisory Committees
    • See also CSRIC
    • DAC Recommendations on Internet of Things Dec. 8, 2016 ~
    • Technology Advisory Council
      • Technical Considerations White Paper: Applying Security to Consumer IoT Devices [Acrobat] 2015 ~
      • December 4, 2014 TAC Meeting
        • FCC-TAC IOT Working group position statements [Word] ~
        • FCC-TAC IOT Working group forecast data [Excel]
        • FCC-TAC IOT Working group standards [Excel]
        • FCC-TAC IOT Working group taxonomy [Excel]
      • Presentations FCC Technological Advisory Council June 2014
        • Internet of Things WG
        • Spectrum and Receiver Performance
      • Working Group Position Statements Dec. 4, 2014 (end of life, safe harbor, privacy, coexistence) ~
        • Internet of Things (IoT) Statement: [Acrobat] Sept. 23, 2014
      • Presentations, Technology Advisory Council (Dec. 10, 2012)
        • Wireless Security and Privacy WG (Final Report to TAC)
        • M2M WG at 88: "Top 3 Recommendations
          • Create an M2M Service Registration Database
          • Add an M2M CoE in the FCC's Wireless Bureau
          • Certification Lite for M2M Devices"
      • Presentations, Technology Advisory Council (Sept. 24, 2012)
        • Wireless Security & Privacy Working Group (charter: "Examine security and privacy vulnerabilities of air interfaces used by commercial wireless networks, as well as the broader wireless ecosystem, assess how they are currently being addressed, and recommend what role, if any, the FCC should play")
        • M2M WG (deck page 94)
• FBI
  • Risks of Internet of Things Devices Oct. 15, 2015
• International
  • ITU
    • The Internet of Things, ITU Internet Reports 2005
  • European Commission
    • Advancing the Internet of Things in Europe, European Commission Staff Report, April 19, 2016

References

• ACM, Ubiquity Symposium on "The Internet of Things (IoT)" (2016)
• Janna Anderson and Lee Rainie, “The Internet of Things Will Thrive by 2025,” Pew Research Center, May 14, 2014
• BEREC Report on “Enabling the Internet of Things” 2016
• Daniel Castro and Jordan Misra, “The Internet of Things,” Center for Data Innovation (November 2013)
• CISCO
  • Cisco, “The Internet of Everything,” 2013
  • DAVE EVANS, CISCO INTERNET BUS. SOLUTIONS GRP., THE INTERNET OF THINGS: HOW THE NEXT EVOLUTION OF THE INTERNET IS CHANGING EVERYTHING 3 (2011)
• Tove B. Danovich, “Internet-Connected Sheep and the New Roaming Wireless,” The Atlantic, February 9, 2015
• Second European Alliance for Innovation (EAI) International Conference on IoT in Urban Space, May 24-25, 2016, Tokyo, Japan (held In-cooperation with ACM SIGAPP, SIGCHI and SIGSPATIAL),
• Nick Feamster, Who Will Secure the Internet of Things?, Freedom to Tinker (Jan. 19, 2016)
• Forbes, How the Internet of Things is Transforming Manufacturing, (2014),
• Gartner, Inc., “Gartner Says the Internet of Things Installed Base Will Grow to 26 Billion Units By 2020” December 12, 2013,
• Goldman Sachs Global Investment Research, “Our Thinking—What Is the Internet of Things?,” Goldman Sachs, September 2014
• Goodman, Ellen P. (Rapporteur). 2015. “The Atomic Age of Data: Policies for the Internet of Things.” Report of the 29th Annual Aspen Institute Conference on Communications Policy. The Aspen Institute, Washington, DC. Accessed Nov 16, 2015. .
• Hewlett Packard Enterprise, Internet of things research study (2015),
• "IEEE End to End Trust and Security Workshop for the Internet of Things," Washington, D.C., February 4, 2016
• Simona Jankowski et al., “The Internet of Things: Making Sense of the Next Mega-Trend” (Goldman Sachs Global Investment Research, September 3, 2014)
• Denise Lund et al., “Worldwide and Regional Internet of Things (IoT) 2014–2020 Forecast: A Virtuous Circle of Proven Value and Demand,” May 2014
• James Manyika et al., “The Internet of Things: Mapping the Value Beyond the Hype” (McKinsey Global Institute, June 2015)
• James Manyika et al, Unlocking the Potential of the Internet of Things, McKinsey & Co. (June 2015),
• McKinsey
  • James Manyika, Michael Chui, Peter Bisson, Jonathan Woetzel, Richard Dobbs, Jacques Bughin, and Dan Aharon, "Unlocking the Potential of the Internet of Things," McKinsey Global Institute, June 2015
• Roberto Minerva, Abyi Biru, and Domenico Rotondi, “Towards a Definition of the Internet of Things (IoT)” (IEEE Internet Initiative, May 27, 2015).
• Open Group Internet of Things Global Standards Initiative (IoT GSI).
• Ponemon, Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data (2015).
• Karen Rose, Scott Eldridge, Lyman Chapin, The Internet of Things: An Overview, Internet Society (Oct. 2015) [ISOC 2015]
• Dorothy Shamonsky, “Internet of Things vs. Internet of Everything: Does the Distinction Matter to User Experience Designers?,” ICS Insight Blog, July 13, 2015
• Symantec
  • Dick O’Brien, The Internet of Things: New Threats Emerge in a Connected World, SYMANTEC (Jan. 21, 2014)
  • Paul Thomas, Despite the News, Your Refrigerator is Not Yet Sending Spam, SYMANTEC (Jan. 23, 2014)
• Telecommunications Industry Association White Paper, Realizing the Potential of the Internet of Things: Recommendations to Policy Makers, (2015).
• Adam Thierer
  • Thierer, Adam, and Andrea Castillo. “Projecting the Growth and Economic Impact of The Internet of Things.” George Mason University, Mercatus Center, June 15, 2015.
  • “The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation” (Mercatus Center (George Mason University), November 19, 2014
• TRUSTe. 2014. ”Internet of Things Industry Brings Data Explosion, but Growth Could be Impacted by Consumer Privacy Concerns.” TRUSTe Blog, May 29. Accessed May 27, 2015. .
• Verizon, “State of the Market: The Internet of Things 2015,” February 20, 2015. 

News

• Ihab Tarazi, The IoT is the Next Massive Disruptive Wave, The Equinix Blog 2/27/17
• Dan Wallach, Pragmatic Advice for buying "Internet of Things" Devices, Freedom to Tinker March 8, 2017
• IEEE: Internet of Things, Vint Cerf (Dec. 15, 2015)
• Postscapes, “A Brief History of the Internet of Things,” 2015
• Kelly Jackson Higgins, Hiring Hackers To Secure The Internet Of Things, Dark Reading (Dec. 11, 2014),