Welcome to the United Nations | Department of Economic and Social Affairs

The following are the outputs of the real-time captioning taken during the Tenth Annual Meeting of the Internet Governance Forum (IGF) in João Pessoa, Brazil, from 10 to 13 November 2015. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 

***

>> MAARTEN BOTTERMAN:  So, good morning, everybody, if you don't have a headset, you will probably not be able to hear what's happening here.  You will be able to enjoy the music but not the talking. Welcome, everybody.  It's channel 1.

So welcome to the session.  The session is a session organized by the Dynamic Coalition of the Internet of Things.  This coalition has been working since 2008 where, amongst some of the people around the table were present. Wolfgang was one of the original initiators, and he is with us today as well.  The Coalition has been putting a document on the table which I hope you have heard, you have seen. This document is a first attempt to come to a concrete view on good practice, what is IoT good practice on a good level?

So the subtitle is How To Prevent Needing More Regulation in a way.  It is how can we organize IoT in such a way that we can move ahead benefiting from everything IoT has to offer, that it can grow to offer the world its promises in such a way that it helps in a responsible way.

The Internet good practice principle that we proposed as a kickoff for discussion that we foresee will take at least a year to get closer to what it actually means is that good practice aims at developing products and services taking ethical considerations into account at the outset of development, deployment and use phases of the lifecycle.

So to find a sustainable way ahead using IoT helping to create a free, secure and rights enabling environment and to stay close to the sustainable development goals.  It's about a future we want.  There are five basic ideas behind it that are in fact the need for a commitment to an ethical approach, taking into consider that IoT is really about people.

That it requires a meaningful transparency to users, and where possible user controlled data, that products that can be connected should come with a clear indication of what it actually entails, stakeholders to work together to insure consumers and citizens have choice, and last but not least, in order to establish a long‑term relevance it's key to establish a clear framework on transparency and accountability with respect to current legislation but also preempting changes in values and needs of citizens in such a way we can move ahead responsibly.

So we are very happy to have a number of people here in the room both thinking and talking about the subject for quite some while.  And to contribute to inform the discussion that ultimately should be a discussion of us all.  We have people remote present. We have people in the room.  Don't hesitate to bring in your point, but first I would like to introduce to you Wolfgang Kleinwaechter to tell a little bit more about the background of where we got today.  Wolfgang, can you take the floor?

>> WOLFGANG KLEINWAECHTER:  Thank you, Maarten, and good morning to everybody.  It's always good to remember a little bit of history because this dynamic coalition and the whole subject has meanwhile a history.  We see a wave of discussions on Internet of Things since one or two years.  It's really exploding now the debate, but it's not new.  So the first discussion around the Internet of Things emerged from the discussion about the ID chips in the year 2000, 2001, 2002.

And though the question was, okay, if we link objects to the Internet, what does this mean?  Is this a new Internet, or is this just on top of the existing DNS system, a new application, new services?  And in the year 2006, 7, 8, 9, there was different discussions moving into different directions, and I think it was this dynamic coalition and in particular Avri Doria that had to clarify that the Internet of Things if it comes to the issues of governance or regulation is nothing else than another service on top of the existing Internet like search engine or social networks or things like that.

And the question was then with regard to regulation, do we need a special mechanism, special regulation for Internet of Things like we have for the DNS.  Some people proposed to introduce something like an ICANN for the Internet of Things dealing with the ONS, Object Naming System or should we just use the existing mechanism and existing regulations to identify this specific new element and then to find arrangements, guidelines or whatever that are based on the existing mechanism and the existing regulations.

And I think this was the main work which was done here in the dynamic coalition in the last couple of years, and the second main contribution this dynamic coalition made to the debate is put the discussion in the multistakeholder context.  My observation from the general discussion of Internet of Things is that a lot of different things are setting in their silos and discussing the issue from their individual perspectives.

This is both with regard to the stakeholders, industry is sitting in their circles, the Governments are sitting in their circles, users are discussing it from their perspectives and the technical community has their own bodies dealing with this.  And there is two less stakeholder communication, but even worse, on the level of application, all of the different sectors do not communicate to each other.

We have huge debates on Smart cities, but these are people who are totally isolated from the Internet Governance debate.  We have a huge debate in Internet of Things in transportation and traffic, but these people are not linked to the Internet Governance debate and even not linked to other groups.  We have huge discussion on industry 4.0, which is mainly about the Internet of Things, and they have their own service for discussion.

So I think what is the challenge for the future is to pull the people not only out of their stakeholder silos, but also out of their sector silos and to organize a debate which is integrated both horizontally and vertically brings the stakeholders into debate which is base the on existing mechanisms, so the basic question do we he need new regulation.  The basing answer is no, but we have to double check existing legislation and identify where we have probably to bridge some elements and the final point is the so called ethical dimension, which is our discussion tomorrow morning.

Here, I think we can learn something from the debate on Human Rights in ICANN where we had a long discussion ‑‑ whether Human Rights is relevant for names and numbers.  And the answer is, yes, it is relevant, but ICANN is not a Human Rights organization but whatever ICANN does, it has to respect Human Rights, and I think this language to respect Human Rights which means decisions which are made on names and numbers should not violate existing Human Rights.

I think this is a good guideline also for the Internet of Things.  Whatever you introduce in new technologies, services and applications, you have to respect Human Rights.  You operate in an existing body of international Human Rights legislation, and you have no right to violate Human Rights.  I think this is also a new area for discussion which needs more clarification and so far the dynamic coalition was in the Internet Governance Forum is a wonderful place where you can have this discussion.  Thank you very much.

>> AVRI DORIA:  Thank you.  This is Avri Doria speaking.  I will be moderating the next part of the discussion.  We have a group of illustrious speakers, panelists who I will be coming to one at a time.  I wanted to bring us back to the five questions that we have sent to the panelists for their answers.  They are there, so, and I will read them out to get them into the record.

In order to develop the Internet of Things in a sustainable way, developers and deployers need to commit to an ethical approach taking into consideration that the IoT is really about people and how it affects people.

Two, good practice in IoT products, ecosystems and services requires meaningful transparency to users and user control of data produced by and associated with an application, insuring security and respect for privacy.

Three, products that can be connected to the Internet should come with a clear indication of what data gets collected, where the data is stored and what are the conditions, what the conditions for access are.

Four, stakeholders should work together to insure consumers, citizens have a choice when wanting to obtain current and popular services.

Five, in order to establish a long‑term relevance of IoT products and services, it will be key to establish a clear framework on transparency and accountability and preempting changes in values and needs of citizens.  I will introduce the five speakers.  I will ask five minutes be put on the timer for each.  We have asked each speaker to speak three maximum five minutes.  I'm going to use a technique that I learned from Dr. Senges in another section which is I will start walking closer to you as the time starts to expire until I am actually in your face.

So at this point, I would like to ask Carlos Afonso from CGI to begin the discussion.  Thank you.

>> CARLOS AFONSO:  I think I will spend less than five minutes.  Interesting that I got here and Max asked me what would be my relationship with the Internet of Things.  Considering that there are other speakers also have more or less evident relationship.  Well, as a Director of my small NGO, the NGO is also an Internet services provider.  And it is interesting that in the data center that it has its servers is the only organization that runs IPv4 and IPv6 simultaneously.  So it's interesting.  It's obviously a problem that we are interested in.

NCGIBR is the distributor of IP addresses is the domain name dot BR organization in Brazil, the NC and involved in the development of the Internet in the country.  So there is a very obvious relationship in my opinion.  However, I am not a specialist of Internet of sensors.  I am not a specialist in the underlying technology.  I would only say first of all that it is fascinating when we have, you know, a small provider which has today, say, 256 IPv6 addresses and it gets a minimum routable/48 IPv6, 1.2 septillion addresses and potentially can address anything in the world with that, even a small provider.  And those are that things connected to the Internet with IPv6, we will be with public addresses and not any longer the typical home networking which you connect to the Internet through a net or even a carrier grade net with the sharing a single public address.

And this brings a lot of consequences for privacy and for the configuration of these small devices, and the implications are obvious.  I think that the questions being asked from us are more or less the same that we started asking when the Cloud appears.  Now, we have all of our data in the Cloud or we are going to have all of our data in the Cloud, and in the Cloud the same questions regarding ethics, handling of information, protecting the information of users, and, you know, et cetera, et cetera are more or less the same as we are asking now from providers of, what, of connectivity to devices, providers of devices, and providers of devices software and so on.

The same questions which might be asked from Cloud providers, and in the past, from Internet service providers as well.  So we are, our big challenge, I think, and I'm finishing now, is that that we are on the verge of another big bang.  The first big bang was the Internet itself.  We are still seeing it expanding in ways that we still cannot clearly define and imagine, and now we have another one, which is the Internet of Things with septillion IPv6 addresses which are public address and we really don't know what these mean for humanity or the planet or whatever.  So we really have a big challenge in this dynamic coalition, a big challenge.  Thank you.

>> AVRI DORIA:  Thank you Carlos, and the next is Olga Cavalli a woman that comes with many distinguished hats.  Olga, please take the floor.

>> OLGA CAVALLI:  I cannot see the timer from here, so I trust your body language.  So I trust you.  So why am I here?  Thank you for the introduction.  My name is Olga Cavalli.  I'm here representing the Latin America Excellency Training Center for the ITU.  It's also the organizer for the School of Internet Governance Latin America.  We were interested in the development of standards from a Latin American point of view.

We developed a paper jointly with University of Buenos Aires, and it has a focus in how the standards of developed and which is the involvement and relevance for Developing Countries, especially for Latin America and the Caribbean countries in this process of the standard development.

So just for you to have in mind the ITU Study Group 20 and work is the development of standards that ref length Internet of Things technologies to address urban development challenges.  So I truly commend the work of the dynamic coalition for their work and documents produced and I would like to make some comments and Avri is still sitting, so that's fine, about the ethical approach.  And I like what Wolfgang said about isolation and respect so the ethical approach should be inclusive in the sense that knowledge and technology should be developed including interest and industries from Developing Countries.

We should not just be consumers in Developing Countries, but should be encouraged to produce knowledge, products and services locally so we enhance the knowledge of our own companies, also about the good practice related with where the data is stored.  That is something that it's important.  You know we have had some discussions, one or two years ago, especially around NETmundial, where the data is stored especially Latin America has big traffic going to the north.  So that information about where the information is stored, how is it managed, the local security and privacy regulations should be taken in consideration and respected, about the products that could be connected in the end, in the Internet that could come with a clear indication about the data that gets collected.  It should be important to consider the language barriers for many small or medium enterprises in Developing Countries, especially those who are not English speaking countries, the language can be a huge barrier.

So all of this information and manuals and codes should be available in several languages.  So good material and content should be developed in languages that are, enable people to really participate.  About number four ‑‑ Avri is still sitting, so that's good.  Stakeholders should work together to insure consumer citizens to have a choice when wanting to obtain current public services.  Well the challenge in Developing Countries is helping the ecosystem of the industry is to develop locally, to create knowledge and value added at the local level, at the local companies, especially, you know, Latin American countries run their economies mainly through small and medium enterprises and for a small or medium enterprises it's not so easy to participate in this global definition of standards.

And finally, the clear framework of transparency and accountability should have all of this considerations that I have mentioned.  Thank you very much.

>> AVRI DORIA:  Thank you Olga.  You did quite well.  And when I stand up, there is still two minutes within the three to five.  So you don't need to totally rush, but I do appreciate how you have responded.  So our next speaker is Megan Richards from the European Commission.

>> MEGAN RICHARDS:  First of all, it's a pleasure ting in a room that's not dark and cold, so I'm pleased to be here, also because it's Internet of Things and I was involved in this some years ago and over time.  And I should underline by saying this is no longer my area of expertise or specialty in the commission, so I'm representing the positions, of course, commission positions, but my colleagues are working on this in particular.

So I just wanted to say a few things to get to the discussion started.  One, you heard probably Vice President talk about the digital market strategy in Europe, this is something we are pushing hard on and try to improve the way the digital market works in Europe, and one aspect of that is, of course, making sure the Internet of Things, market and environment is also very good and positive.

And in that context, Commissioner Oettinger set up in March this year something called Alliance for Internet of Things Innovation, and it is a group of experts, about 30 from all different areas who are looking at a whole series of issues relating to the Internet of Things and in particular that group has a series of working parties and Working Groups.  I will just read them out to you so you can hear what they are.  One on research, another on innovation ecosystems, one on standardization, which is, of course, a very important area, policy issues relating to the Internet of Things, Smart living environment for aging well, Smart farming, food security, wearables, Smart cities, Smart mobility, Smart environment including Smart water management and Smart manufacturing.  So those are the working groups of this alliance which as I said has about 30 participants in it, but it's, of course, open to others.  And they are looking at a number of issues relating to the Internet of Things, particularly in in Europe, but, of course, they have a view to the rest of the world as well.  And they are looking in particular at issues relating to numbering, standards, spectrum, Net Neutrality, of course, and the influence and impact of those issues.

Ethics, of course, is something that they look at, but we have a whole series of different fora for looking at ethical issues relating not only to Internet of Things but also research, et cetera, and you don't want to hear me go into detail about that.  I wanted to add one other aspect about our research activities in the area of Internet of Things where we have under the Pan European and in fact global research program called Horizon 2020.  In the last call for proposals there are nine projects related to Internet of Things which will be starting in January 2016 with EU funding of $50 million including aspects relating to ethics impact on people, et cetera.

And in the work program for 2016‑2017, there is 100 million Euros allocated to research in these areas as well.  So that's the work that's going on in Europe.  They are very active.  They are very interested in working with other parts of the world.  I know they are very active groups in Latin America, in India, in China.  We have done also a lot of work on standardization with China, Korea, et cetera, and Japan.  I could list all of the countries in the whole world probably.

So I will stop there, so do I get one minute extra to bank for the future, because I was one minute less?

>> AVRI DORIA:  I have never thought of myself as much of a banker so I'm not sure.  Thank you very much for the timing.  Jari Arkko is our next speaker from the IETF and the floor is yours.  Thank you.

>> JARI ARKKO:  Thank you, Avri.  For the sake of not repeating previous discussion, I will recap a couple of things we have discussed in the past but we still need to continue to discuss.  So we have talked about the standards organizations have done work to standardize various protocols in this space, and that's great, however, at the application and data format layers we have far less interoperability than we should have so there is still much work to be done there.  Also we obviously need good answers with regard to security and privacy, and if we do not get this right, we are risking another Snowden moment or Snowden on steroids moment later.  So we have to get that right.  I do think that the latter is well covered in the principles, however, so no issues there as well as our work in the dynamic coalition is concerned but I wish we could say something more about the former, some aspects of user control that we talk about are about practical ability to store data in a different location, but that does require interoperability and standards.  So clearly something might be mentioned there.

I also want to bring up a new issue so that items 13 and 14 talk about transparency, about terms of use not only to what gets tracked and by whom and user control.  This is good, but I think it stops short of covering some challenges that we may actually be facing as well.  Always when you add ICT technology to an existing system you start by supporting the existing thing, and then later you realize we can actually change the whole thing, so it may be that the business model changes completely, and you optimize the system entirely in a different way later.

And I think this will also have with Internet of Things.  We talk about this as if it were gadgets.  It's not about gadgets.  It's about transforming the optics around us, something completely new, and the business models will also change in how people acquire these or use them.

In particular we will see a change in the concept of ownership.  Do you own the control software in your joint attracter or are you licensing it?  Can you modify your car (John Deere tractor), are you buying the service, physical object, both, what.  If the object consists physical parts and services that run on the network, under what conditions did you buy those things or good you buy those things and how long will they be available?  So I think the draft requires being clear on terms of use, but I think expanding what those terms of use actually has more depth than the draft currently explains so it mostly talks about data and tracking.

I think some of these other aspects may be interesting as well, for instance, ownership, control, composition of the thing that you know and service agreement.  Thank you.

>> AVRI DORIA:  Thank you.  Never even gave me a chance to stand up.  Thank you very much.  The next speaker is Max Senges from Google, Max, please.

>> MAX SENGES:  Good morning, and thanks for the invitation.  I work at Google research and I cover two fields, that is Internet policy research and Internet of Things research program, so this gives me actually the opportunity to bring the two together which is not the case in my daily work and despite some of you might think that Google has an Internet of Things of things Ferrari already parked and constructed, planned for the next ten years that is not the case.  I have to tell you we are in this just like everybody else, exploring and boot strapping.

So while I can speak, of course, for the research project and the work I am involved with, I cannot speak for Google and especially not alphabet which includes Nest and many different entities and it's almost like an IGF when we get together.  There are many different opinions so please take this disclaimer and I hope my considerations bring the Coalition forward in this early stage of discourse.

And in that context, while I really appreciate the idea to work on such a piece, I think it's a little bit early to present rough consensus to the main session.  I can simply say that at least for the private sectors, we cannot discuss something and then present it as rough consensus a couple of hours later.  So I hope you can take that into consideration when you present later.

So let me quickly share a couple of words and invite participation to the IoT expedition and open innovation program that we put together under the lead of Carnegie Mellon University.  Cornell University, University of Illinois and Stanford and in fact next Friday for the first time we bring in potential industry partners from around the ICT spectrum to join and really build a coalition that is set on openness principles and, you know, you will not be surprised when we first Vint Cerf, you brought the hourglass, the key piece that made it interoperable together with your colleagues many years ago.

Don't we need something like that uniting technology, a basis that brings us together for the Internet of Things, and this is how he became active in our work.  So systems and protocols and especially interoperability amongst these different pieces is one of the key goals, the expedition set its bill to develop something like a lamb stack for IoT, meaning we don't want to set the system, but at least a system in which you can have modules that be interchanged you can use all kinds of SQL databases in the lamb stack, but it's important that you have a standard you can deploy easily and to address the point of making the IoT applicable to developing and emerging countries.

The idea is really to allow that package to be an IoT in a box set up that you can bring to universities and hacker spaces around the world.  Having that said, we are just one year into the operations, so we invite everybody to come and speak to me and to the colleagues from the universities, but it is early stage.  So systems and protocols especially and schema to address and speak between the different things are one of the research and development areas.  Another one that I think has not been brought forward so far is we are talking about a lot of things and ensembles of things that don't have screens and key boards so the human computer interface aspect is a thing where you don't want to learn 10,000 different gestures to deal with these things in the ensemble.  So to think with a common language to deal with things is the second aspect.

And the third, or maybe the first if we wouldn't have stressed it already so much is privacy and security which really needs to be thought of in this case from the very beginning it's something that Vint and his colleagues did not have in mind when they set up the architecture for the Internet.  So identity management and privacy needs to be and is the chance, the opportunity to get it right for the whole ecosystem in the context of IoT.

An aspect that, again, has not been addressed so far is safety.  Now, the Internet of Things comes into the physical realm and our cars, our houses, all of that add a new component that is safety. Vint Cerf and Patrick Rine on IoT and safety as share the responsibility.  I hope to discuss that topic more with you in the future.

>> AVRI DORIA:  You would know that the person who taught me this walking toward system would be perfect.

>> MAARTEN BOTTERMAN:  Avri, just one thing, I am not reacting on any of that, but at one point I do want to react on.  It's not our idea to present rough consensus today to anybody.  I think we are the only dynamic coalition who aims at presenting rough consensus next year.  This is really a kickoff and a call for all to contribute like Max and the other speakers have been doing now to make sure we can come to some rough consensus by next year in Mexico assuming the wisdom of the United Nations in this series of IGF continues.

>> AVRI DORIA:  That's great and looks promising.  So at the moment you are saying we are all in the rough at the moment.  Right.  The next speaker is Joe Aldaheff from Oracle and international Chamber of Commerce so please, Joe.

>> JOE ALDAHEFF:  Thank you.  I kind of thing we should have the jaws music on for what Avri starts to approach you.  I wanted to highlight one thing that Wolfgang had said when he was starting which is the idea of I don't think we need new regulation but we may need to check and see whether current regulation is implemented in a way that addresses the concept.  So, perhaps, we are looking at implementation rather than drafting.

From a business point of view, I don't think there is really any objection as to the concepts we have here related to ethics, privacy and security.  They are logical extensions of the current conversation.  What we do have though is a challenge on how to make ethical values practically applicable.  Because ethical values are an abstract concept in many cases and how to make them practically applicable is the challenge.  And I think one possible fault in the current draft is we may be thinking of a specific application like a wearable where there is a consumer to sensor direct relationship.  We are not really thinking of the sensor that's in the treat who is actually collecting information as things go by, or capturing digital exhaust from a phone which is a very one to many kind of construct.

We need to rethink the principles in the terms of the application in their construct.  The other thing is a one too many or many too many process may not be susceptible to complete individual control or even to multiple individual control.  So we may have to figure out fairness models in those context because you may not be able to go to the level of the individual preference, especially in things like street sensors and things of that nature.  The similar problem that was pointed out with the notices and how you get information to people in that sense.

I think we also need to create a distinction because we are talking about IoT as if all IoT deals with personally identifiable information.  And in fact, there are large chunks of IoT that have no personally identifiable information.  Noah sensor that's identifying tidal patterns in water do not collect personal information.  The GE engine reporting back on oil consumption is not PII.  So we also want to make a clear decision that these practices are applicable where personally identifiable information is implicated, not in the others which could add overhead and constrain overhead and constrain innovation needlessly.

I think we have to look at the dangers of specifying technology as opposed to just using technology as an example.  So highlighting PKI without saying including PKI is problematic because five years from now PKI may not be the flavor of the day and we don't want to lock ourselves into a practice that is limited to a technology.  The other thing I think we have to think about is with all due respect to Jari Arkko I think we have to be careful not to make people into technologists.  The vast majority of people, I mean, my practice is put my father in that situation.  And the answer is this is information you should never give him.  It will confuse him.  It will make him impossible to understand these things.

So I think we need to make information useful to the audience that's receiving it because that actually is something that's useful, and where that information may not be understood, that's where we help use fairness models to supplement it.  Finally I think we need to make sure that disclosure and control are reasonable and useful both from an individual and a commercial perspective, and I think, you know, having a multistakeholder process on this is excellent because you have the ability to have all of the points of view factored in so you can figure out what is commercially practicable while still actually managing and maintaining fundamental rights related to privacy and issues related to security.

Finally, I was very happy to see good as opposed to best, and it might be good practices because we may have multiple frameworks because this may not be a one size fits all environment and it just has to have that the frameworks are consistent to the same set of principles, but how they then get articulated at the next level of detail may have to vary across uses and that's something we should probably consider how to address in the practice framework, which may be the set of the principles that is the binder, not going to the specific implementation scenarios.

And I'm just kind of seeing how close ‑‑ just kidding, but that's it for me on the comments, thank you.

>> AVRI DORIA:  Thank you.  I'm definitely appreciating the humor building around this pattern of behavior.  It's really quite something to think about.  Our next speaker is Sergio Paulo Gallindo from Brasscom and I invite you to take the floor, please.  Thank you.

>> SERGIO PAULO GALLINDO:  Thank you very much.  I'm very honored to participate in this panel.  Brasscom is an association of ICT companies the largest operating in Brazil.  I am going to address the accountability issue that was raised in the five topics at the beginning and it's a mixture of the discussions we are having in the ocean as well as my own thoughts.  So the Internet of Things is a new technological and business wave that promises to integrate individuals in the physical way into a digital and reactive reality through the Internet.

To achieve a promise massive amounts of data will be gathered by sensors, stored and processed by Cloud based infrastructure, using big data techniques to produce meaningful information for wide variety of purposes.  Specialized software or expert individuals should be able to affects the physical world or the biological world through actuators or several mechanisms.  For the purpose of my comments here I won't set ethics as some sort of soft law.  That is high level values or law principles not necessarily attached to any jurisdiction that should be observed as a minimum standard by all actors involved in the Internet of Things and should hopefully influence expected and desirable upcoming legislation in various countries.

So in as much as new technologies and business models are desirable, both from an economic point of view as well as for the sake of public welfare, protection of individual rights shall be promoted by companies and Governments.  Such balancing act, such balancing act evokes a notion of civil responsibility in law condition or law of torts in common law, accidents or damage, whether material or moral shall be avoided in the first place and compensated in case of occurrence.

A great deal of discussion is being undertaken in Brazil these days about protection of personal data, consent relative to processing of such data, and consent.  Well, being brief with such debate I believe that the consent is embedded with an underlying contractual relationship in which data is relinquished by its owner as a quid pro quo for a service of some sort or benefit of some sort.

In line to such understanding, consent is given for a purpose, and can be explicit or tacit or implied.  In the latter case, interpretation of implied consent purpose shall be very narrow given its context, it is context based.  The relationship between the data subject or the owner of the personal data and the data controller is a consumer to enterprise relationship.

Under Brazilian life the objective of product liability in common law system and the data controller shall respond for deviation of purpose in using the data as well as failure to protect the data in light of unauthorized leakages.  The data controller might contract other data processors.  Given the level of expertise of various companies it is conceivable that chains of subcontractors will emerge in collaboration to deliver IoT systems and applications.

Relationship through the chain of subcontractors is an enterprise based contractor one.  Hence, contractors shall respond in accordance with the terms and conditions under which they are contracted for as well as for the duty to protect the data.  A traditional subjective civil responsibility or the negligence status seems adequate principle for such relationships, however, such assessment might be argued in light of possible application of objective civil responsibility or strict liability standard relative to duty or protecting data.

Relative to IoT, one is questioning how such concepts can be applied over things, and the reality is they cannot.  A thing is not able to autonomously respond for any damage, however, IoT is a kind of system and application, most likely deliver the as a service.  Behind the collection of connected things there ought to be a company or interpreter responsible for it, and hence the responsible party.

What is new in Internet of Things is a possibility to interfere in the physical or biological world through actuators commanded by experts or even by commands automatically generated by software.  Under such circumstances emerges civil responsibility for damages caused by wrong actuations or emissions, that is when a particular needed expected action is not taken.

We shall welcome IoT given the enormous benefits it will bring and the potential for further economic development and growth.  It is thus recommended that companies take a preventive approach adopting principles such as privacy by design and safety by design.  Thank you.

>> AVRI DORIA:  Thank you very much, and our last speaker before we go to participants on the floor and on line, Sebastian Bellagamba from the Internet Society.

>> SEBASTIAN BELLAGAMBA:  Thank you Avri and thank you everyone.  I want to remove this because I get crazy.  I just had another presentation in this room and it was very disruptive.  Thank you very much for inviting me here, and I think really in the document that I like one thing about the approach that you are taking as a dynamic coalition, which is the ethical approach.  I mean, in many senses, because I like the way you present the ethical part, the world we like our children to live in, and that puts the user in the center of the discussion of the Internet of things and I think it's a good idea to have this approach.

In fact, we, I mean, believe so strongly in the potential of the Internet of Things that we believe that the IoT holds promise as a tool in achieving the United Nations Sustainable Development Goals and it's a very key part of that.  In order to unleash all of the potential of IoT, we identify some challenged that have to be worked in order to get it right.  I mean, in this I would like to point you out to a document which was released last month in this subject from the Internet Society and you can find it in InternetSociety.org/ioT.

Security has been already kind of addressed, but I think it's a matter of trust here.  One of the things that we identify as a big challenge for the Internet in the coming years is not only to get people on line, I mean, the rest of the world that is not online, but how we work with this under mining of trust that some privacy are bringing to the people that is already connected.

So we have to be secure that this kind of privacy and security issues are not an issue for IoT because we could be facing a Snowden on steroids and that's something that we are desperate to prevent.  So users need to trust that IoT devices and related data services or secure from vulnerabilities, especially as this technology becomes more pervasive and integrated into our daily lives.

And also, the interconnected nature of IoT devices means that every secured device connected on line potentially affects the security and resilience of the Internet global, and that's another thing that we have to consider.  In privacy, the Internet of Things is redefining the debate about privacy issues.  Implementations can change the way personal data is collected, analyzed, used and protected so something has to be done in this regard.

Interoperability and standards is another key challenge that we identify.  A fragmented environment of prop pry Terry implementations will inhibit values for users in the try, and I would like to stress that the use of genetic open and widely available standards as technical building blocks for IoT devices and services such as the Internet Protocol will support greater benefits ‑‑ I'm losing my voice.  I'm sorry.  Give me 30 seconds and I recover.  Thank you very much.  Appreciate it!

Which will put greater benefits for innovation and economic opportunity.  There is a lot of legal regulatory and rights issues that has to be considered.  Okay, there is some legal issues.  I lost my voice.  But I would like to finish with something that is very important, and the emerging economy in Developing Countries, as Olga pointed out I think this is vital for emerging economies.  This is a component that is quite important for developing regions that we need to respond to realize the potential benefits of IoTs.

The unique needs and challenges in implementation in less developed regions will need to be addressed including infrastructure readiness, market incentives, technical skill requirements and policy resources.  That's key for us.  The final one, we have to have a collaborative approach.  I mean, we cannot do it all by ourselves and in separate sigh lows as has been pointed out already.  I had a longer phrase on that, but that's the idea behind it.  Thank you.

>> AVRI DORIA:  Thank you very much.  I hope you regain your voice for the rest.  I want to thank all of the panelists for not only the contribution they brought to the discussion, but for actually sticking to the time limits we had because it was really important that we get the contributions from the other participants in the room.  And please notice I'm not using the word audience.  We are trying to move away from the word audience and think of the participants in the room, the participants on line.

So I wanted to start first with the participants on line and ask Sandra if there have been any.  Okay.  I would like to ask now if the clock could be set for two minutes, and that will apply both to comments that you all might have, and to any responses that may come from our panelists.  We have essentially 30 minutes left to go and I would like to get as many comments in as possible before we finish this.  So while I have been talking on, no one has come to a microphone or would someone prefer the microphone brought to them?  Because we can do it either way.

Coming to the microphone helps us know how many people still want to speak, but, so please, introduce yourself, give your name, and then present your comment or question.  Thank you.

>> YUSIF AMADU:  My name is Yusif Amadu from Ghana.  I have three questions.  Question one, how would the IoT challenge our lives, especially in Developing Countries?  The second question is what impact will it have on sustainability?  The last question is how safe is IoT?  Thank you.

>> AVRI DORIA:  I think we will collect a couple of questions.  Jot down the questions and I will come back and see which of the panelists wish to give a response.

>> SONIGITA EKPE:  My name is Sonigita Ekpe from Nigeria.  It's a question and contribution.  I'm trying to find out the choices between rights, access, quality of education because you are talking about having a whole lot of things to do with Internet of Things with unique identifiers.  Can we now use IPVCs to create global registry for both machines and human beings?

Thank you.

>> AVRI DORIA:  Thank you.  Since I see no one else at the line at the moment.  You can speak from there, yes, please.  If you happen to be in front of a microphone, you might as well use it.

>> AUDIENCE:  Thanks Avri, Peter Dengai, thrush, I would like to ask a technical question but got confusing answers.  I put this to Max and Jari Arkko what will be the intermediation between the IP addresses and devices?  Are we going to be seeing domain names used in the IoT?  Are we going to see it just machine to machine using IP address to other systems to that stack?  Or are we going to have a multiple system where some domain names are used and if we are using domain names, one assumes they will be largely human readable, I mean, machine readable ones rather than human readable ones.  How do you see that developing?

>> AVRI DORIA:  Inc. thank you, and I think we will start with the responses, and I saw a hand up from Jari Arkko, so please, Jari Arkko go first.

>> JARI ARKKO:  I don't think there is one size fits all answer on the question of the identifiers that came up in two of the questions, so obviously for technical reasons we need IP addresses and in some cases we need domain names, but the Internet of Things is far larger than addressing a host either through an address or domain name.  You will have databases of, you know, these things belong to these persons.

You will have various kinds of tabulation of information, and I think of the Internet of Things mostly in terms of that database and it's probably somewhere in the Cloud under your, I don't know, health application, it's under your health Cloud, perhaps, if it's some other application, it's somewhere else.  And underneath the machinery, we will somehow figure out what addresses or domain names to use, but I don't take it for granted that everything, you are not going to type your sensor's name on a browser.  So I think this is one level up at least.

>> AVRI DORIA:  Thank you.  Max, you wanted to answer some of the other questions or that one, perhaps?

>> MAX SENGES:  I think given the time limit, I'm going to leave it with Jari's answer which I thought was pretty good.  I wanted to address the first question we heard, how is it going to change our lives?  And I actually think to the organizers, that is really the usage question and the impact of society is the ethical dimension.  And to be honest, I'm not, as a philosopher, I really appreciate the ethical perspective, but I'm not sure it's 100% right the way it's framed in the document right now.

If I may point to some work, The Unfinished Revolution Human Centered Computers And What They Can Do For Us by Michael Dertouzos from M.I.T. was a great publication in 2001 that asks for a new technology design paradigm.  I think this is more what this is about and necessarily an ethical perspective.  Myself I love the concept of a humanistic conception of technology, and, again, that's on this subject, but the way it's framed right now, it seems to me that we want to talk about privacy and data ownership and that is, of course, something that will impact our lives, but there is other aspects that we want to bring into the document, openness especially in the sense that the colleague from Oracle brought forward that right to tinker if you can't open it, you don't own it, these kinds of themes where you make the technology accessible to people and really give them a right to work with it.

While I have still a couple of seconds, I wanted to address that I'm not 100% I agree with the colleague on the engine data versus water consumption data.  Both have data ownership questions.  One it's more, you know, a company owning the data in the first stage and it's easier to open it up and make it accessible as a public good, but, still, I think date to ownership needs to be addressed and my last comment will be on the request for a report by the privacy rapporteur which I think is way too early to ask for in the document right now.  Thank you.

>> AVRI DORIA:  Thank you.

>> Shall I address the question to the gentleman about Internet of Things is safe?

>> AVRI DORIA:  I did have Joe, Carlos, and, Olga, Joe and Carlos, but please, since you have already started speaking, please go ahead.

>> Thank you.  Sorry for that.

>> AVRI DORIA:  And then I will go back to the line.

>> So I don't think that any technology or service is completely safe, but in Internet of Things what we are going to have to deal with is with level of safety, right, levels of safety, different safety levels.  An application that just gathers data, let's say, from a vehicle and send that data for post processing relative to the quality or maintenance of the car is one level of commercial safety which has to be reasonable.

But what Internet of Things is bringing towards us is the possibility for actuation in the physical world.  So if in the same car the sensors send the information to a data center and that data center processes the way the car is being driven, and sends a command to try to avoid a crash that is imminent, or the algorithm is wrong, the crash may be precipitated and the driver will suffer the consequences.

So what we need to actually consider is that there will be different levels of safety to be imposed on the types of applications that will be coming up.  And that's the real value of the discussions about ethical principles because we have to differentiate from application to application the levels of commitments that the future providers will have to take with their consumers and they have to actually embed this from the inception of their designs to the delivery and operation of such applications.

So in short, is Internet of Things safe?  No.  But we have to strive to make it as safe as possible for the sake of us individuals.

>> AVRI DORIA:  Thank you.  I want to get back to the line, so Olga, Joe, Carlos and back to the line.  Thank you for your patience.

>> OLGA CAVALLI:  Thank you Avri, and congratulations to Max and you that developed this fantastic.  Can I copy it?  Should I pay copyright?  Can I use it?  Okay.  I think it's fantastic and I like it very much, thank you for that.  I would like to continue the comment made by my colleague, Sergio.  He mentioned some things I wanted to mention, the connection with the physical world.  In Latin America, we have huge cities with more than 10 million people gathering together every day for work and interacting.

I personally think that Internet of Things will make a major change in the traffic management and water and other goods in the city management.  So that will be substantive and an impact to the city since living in those big cities.  Also many of the Developing Countries trust the economies on the agriculture.  So that would be also an interesting area to see how the Internet of Things in order to control and empower that industry.  But as I said before, I think the value is how to develop the knowledge and empower the local cities, the local SMEs and communities of those Developing Countries so they can learn from and know how to do things on their own.  Thank you.

>> AVRI DORIA:  Thank you.  Joe, please.

>> JOE ALDAHEFF:  Thank you.  I will first, perhaps, do a couple of replies to Max's point.  I think the idea wasn't a question of ownership.  It was a question of don't apply the personal information restrictions where personal information doesn't exist.  And to Sergio I would suggest that cars already have antilock brakes which actually process information on board.  So we already have a learning curve here.  This is not a new topic, just a topic we have to consider.

I did want to answer the question that was raised about potential benefits to a developing country.  Here it's perhaps less about wearables and what I would call sensors as toys and more about the concept of perhaps how you might use a sensor in farming, because low cost sensors can tell you what the water flow is in the river near your farm.  You can put a sensor in the ground to better understand what the level of water table is, what the level of rainfall you have had is, you can tie that to remote systems which can be fed through a non‑Smart phone to tell you about what the weather patterns have been, what the possible crop benefits are, what the soil is.  And a number of countries have already started putting these in place to help farmers increase the yields to improve food safety and security, and also other sensors and other information that is blended because we can't think of sensors in a vacuum.  Sensors work with analytics and with other services, also allow them to know which markets are near them that may actually need the products they are growing to allow them to gain the economic benefit from their effort and industry.

So I think we have a lot of examples and I think we are in some ways only limited by our imagination because you can see this in the healthcare sector.  You can see this in terms of putting sensors on buses, so rural routes where the bus service is highly irregular, people can start to know when the bus is going to come by.  Things like that can be small things that can transform lives significantly.  So I think that's, perhaps, something that we might want to consider as an annex to the document to also help us flesh out our thinking.

>> AVRI DORIA:  Thank you.  If it's only limited to our imagination, I guess it's limitless and Carlos, please.

>> CARLOS AFONSO:  Thank you Avri.  I see here one of the excellent documents of European Parliament about the Internet of Things, and they do a summary of what are the forecasts regarding the growth both in terms of numbers of sensors, and on revenues, and they vary wildly just because we are at the starting of this big bang, as I said.

I wonder if there are estimates which might vary widely as well on bandwidth consumption.  We know that sensors usually use bits per second only and don't need to be connected all of the time, et cetera.  But I wonder if there are these estimates is the question.  The second thing I was curious, Joe mentioned that PKI is really a thing that should not be considered or something.  I would like to if you could take two or three minutes to elaborate more on that.

And finally, I see that our theme here is IoT going ethical.  And we are not even scratching the service of that theme here.  So we have ‑‑ this is a big challenge as well.  Thanks.

>> AVRI DORIA:  Thank you.  I'm going to preempt Joe going into PKI and he could correct me if I understood him wrong, but I think it was more a reference to listing specific technology and specific security mechanisms because in ten years, twenty years, thirty years we may have different security mechanisms and such as that, did I get that right?  Okay.  Thank you.  So thank you for your patience and please introduce yourself and comment and question, thank you.  You have got the same two minutes each.

>> AUDIENCE:  Thank you for that.  Good morning, my name is Mary Lynn Nielsen I am with the IEEE.  Two things I wanted to point out.  The first is we're in the IEEE right now working on architectural frameworks for the IoT.  If you haven't seen it or examined it in some of the standards questions you raised, I would strongly encourage you to look at that as well as frameworks for market architectures for buildings and home security.  There is a great deal of detail at the IEEE that I think you would benefit from in examining this question.  I encourage you to look at that or talk to me or come to our book about that.  The second thing I wanted to point out I found it interesting that out of all of the speakers only one of you mentioned identity management.

I think that is an enormous factor in the IoT and particularly in the ethical implications of the IoT and particularly not just identity management, but also persona management.  We are working on this in the IEEE in partner with the Pentara initiative, and think about for the fact that every device or tool you use, you are not one thing.  Right now, here at this event, I would imagine that all of us are at any moment switching from being a participant to being an employee of our company and organization and doing it seamlessly on one device.  In an IoT world, what recognizes persona?  How do we approach that?  What are the ethical implications of our varying persona on devices and how do we handle that?  I would love to discuss that further and hear thoughts.  Thank you.

>> AVRI DORIA:  Thank you.  Before going to the next up with in line, I wanted to make one comment before we get to the questions, which is if you notice that last line there that says sign up for the dynamic coalition on IoT, so you invited people to come talk to you, and I truly hope they do, however, I would invite you to join the dynamic coalition to make sure your ideas get in the right place over the next year.  The next person in line, introduce yourself, and then I will take a remote participant from Sandra.

>> ALAN GREENBURG:  Alan Greenburg, Chair of the large advisory committee in ICANN.  I'm a newbie on Internet of things I'm not a newbie on networking in general.  My question is not on the ethical basis but a more basic one.  Last night my phone in my hotel room said ready to connect as soon as network quality improves.

And even then it only knew how to connect when I gave it the Archean magical incantation that hotel requires.  I understand we are talking about the future and the future of the network will be much better and ubiquitous.  We can't make our telephone system work all of the time.  Why do we really believe that we are going to be able to do all of these things with ubiquitous functional networking that will be transparently useable by all of these little things?

>> AVRI DORIA:  Can question.  Thank you.  Sandra, you had a remote participation.

>> SANDRA HOFERICHTER:  Hello, Sandra Hoferichter speaking. I'm reading comment from Miguel Estrada.  He said I think the kind of safety on the IoT can be closely related to airplane software.  The thing here is not software, it is data storage.  His question is what can be done with this data?  Who owns the data?  For what purposes it can be used, et cetera?

>> AVRI DORIA:  Thank you.  We will take the two more questions, comments from the floor, and then I will go back to the panelists for responses.  So please introduce yourself.

>> ALESSANDRO ZELESCO:   Thank you.  My name is Alessandro Zelesco.  I'm from CloudStreet for Nokia, and my concerns about the Net Neutrality and the type of connection that it will be needed for Internet of Things, and the Net Neutrality is not synonymous at best.  And Internet of Things not going to work but quality of services and prioritized connections.  And I'm not only talking about remote healthcare or connected cars, but a lot of other new applications that are coming together with 5G networks.

And 5G networks will be by definition an application aware network.  That will give to any application the network services that it will need to work properly.  So the connections will have ting prioritized.  So how to deal with this issue face to face, the discussions about Net Neutrality here around, and that it cannot be as exceptions, so healthcare as an exception, exception for this, exception for that that we are hearing in some rooms here.  Thanks.

>> AVRI DORIA:  Thank you.  Very fine question.  And the last question before going back to the panel.

>> AUDIENCE:  This is John Grosam from Bangladesh.  I have two questions.  The first question to my mentor, Mr. Jari Arkko.  He already said that his challenge in business model during service is object.  So is there any present solution we are trying to mitigate this type of, mitigate this type of service and object.  And all of my previous speakers told me that the architecture is important.  Based on this I have one question, will IT actually work over Internet?  Will it have own dedicated wide area network.

Thank you.

>> AVRI DORIA:  First, I wanted to check.  Was there another remote participant?  No.  I have already seen a hand up from Maarten.  I have got ‑‑ I have got, yes.

>> MAARTEN BOTTERMAN:  Thank you.  In response to the question do we believe it will work Net Neutrality and also the last one, the separate networks, basically we are here because this is something that's happening as we speak.  It's something that happens because of business reasons, it's something that begins to happen also because societal reasons.  There is investments going on to make sure that this all works.

We are already aware that the traditional connections will not be able to connect everything as it used to be, and spectrum is an element of that how do we deal with that, but there is also new technologies that will help make these things work ranging from lower networks in certain areas even up to drone networks in the more disbursed networks or satellite networks.

So basically I think the answer is to be found in really thinking ahead of how we make these things work, and there is not a single way forward, but a whole patchwork and this is why we need to talk about it.

>> AVRI DORIA:  Thank you.  I want to just make sure I have got it right.  I have Max, Jari, Megan and Joe.  I want to note we have ten minutes left.  So if you all use the two minutes we will be close to being done.  So, please.

>> MAX SENGES:  So I first wanted to address the question that the remote participant asked about accountability and I think it's a great example for the need for multistakeholder solutions and shared responsibility that is dealt with on a case‑by‑case issue by issue.  I think what the colleague from Oracle brought up with fair practices is indeed what we need.  We cannot give all of this information out to the user.  It should be available for the computer club and expert communities, consumer organizations to look at, but what the user needs to see is something like washing labels or creative comments and aggregations that you can put together, et cetera.  So I think something like a Wikipedia style network that explains how things are used and is organized would be excellent in that space.

Often the question of Net Neutrality, well, I hope that it's not the end of Net Neutrality just because you have certain devices.  So I strongly encourage everybody to think about fail‑overs and make those IoT devices work.  The light switch should work whether you are on even or off line, otherwise we are going to be in a very strange world.

And on the question whether we need new networks, I think certainly it's good to allow experimentation in all areas, but colleagues of mine develop an open source project called The Physical Web which has a Bluetooth low energy beacon ping the URL for a bus stop, whatever it is.  So these use cases where you walk up to something and you just need to know when the bus comes, you certainly should not install a new app, et cetera.  We should build on the architecture that we already have and the Web is working.  It's a long time out there.  It's a great success.  So let's not reinvent the wheel and start with a new network and new technologies.  Thank you.

>> AVRI DORIA:  Jari, please.

>> JARI ARKKO:  I also wanted to comment on the question of these new networks and I think it's pure economics.  I mean, you have a general purpose service.  Everybody will be able to use their share.  Almost no application that we can think of would have the financial backing to implement their own networks worldwide.  So obviously we need one Internet and small set of access networks around the world and that's the direction that's happening.  What we are seeing actually is that while it's true that IoT is going to stress these networks, but the networks are evolving so if you look at 3GPP they are evolving their network to be able to deal with 10X, 100X more devices, you look at IEEE they are making their protocols capable of running more low power, so on, so forth.  So this is happening to everything essentially.

I believe in the use of the general purpose networks.  And the other question I wanted to briefly try and answer is the question about all of this.  You can't even get access in your home network and now you are telling me, well, all of these devices need Internet connectivity.  That's a really big issue actually.  But I do have some hope that that's being resolved.  We have efforts going around in various organizations to make automatic network loading process a little bit more reasonable or feasible so I think we are making progress.  Thank you.

>> AVRI DORIA:  Megan, I invite you to comment.

>> MEGAN RICHARDS:  Thank you very much.  I remind you I have a minute in the bank.  So just on the issues that Carlos raised on Net Neutrality, clearly spectrum is an area where we are going to have to look in a lot more detail at these issues and in Europe, this is something that is of particular importance.  And for the moment, of course, things are going well, but in the future, it's an area that has to be looked at in more detail.  So this is another area that this alliance of the Internet of Things on innovation is looking at.

And one area that I know of is that in the U.K., the regulator Ofcom has opened up they had 876 band and then 915 to 921 megahertz band for Internet of Things applications.  And, again, this is specifically European, of course.  Within Europe we look at these things in quite some detail, so this is something that's being looked at in quite some detail.

And then on net neutrality, of course, there are implications for the Internet of Things, and in Europe, we have new Net Neutrality legislation that will be coming into effect next year, early next year, and in that respect the Alliance for Internet of Things Innovation has just come out with a draft report of which a whole chapter relates to the implications for Net Neutrality and we have a whole series of regulators that are developing guidelines on that and they are looking at implications for Internet of Things.  So for the moment it's a draft.

But if you are interested, I will see if, and, well, when, if it's a draft, it's going to be finalized at some point, when the final version can be provided so those of you who are interested I still have my minute.

>> AVRI DORIA:  But you stopped.  I mean, I was just going to continue to get closer.  Please.

>> JOE ALDAHEFF:  I thought I would address the question on data ownership because there is a complex question and there is no single answer to the question of data ownership.  I think when you have a direct relationship with a device and it's a device that is carrying personally identifiable information, there is at a minimum concept of shared ownership of the data if not exclusive ownership of the data by the person.

There might be shared ownership because it could be that the service provider is also using the data for functions they are delivering to you so it might be a question of you both have rights to use data and the rights extend to certain things, and there the question is contractual simplification, because at the moment the terms related to that rationale between the parties is difficult to understand.  When you get to things like the jet engine turning data home, you want that data to be secured and you want that data to have a limited set of accessibility and since it doesn't capture personally identifiable information that makes sense.

The regulator may also want to see that data from a safety perspective to make sure the plane is not going to fall out of the sky so there may be other people who have interest in the data.  I want to caution us because too often we run to the Internet of Things and think we don't have an experience curve with this stuff and the answer we have tons of experience already with this stuff.  This is an evolution, not a revolution, and I think we need to calm down a little bit and apply the lessons we have learned.

>> AVRI DORIA:  Thank you.  It was left to me to sum up, but there is no time for me left to sum up other than to say thank you to the panelists.  You have given us an amazing amount to think about, and an amazing amount of work to do over the next year, so hopefully we will see you beyond the panel and in the dynamic coalition itself contributing.

Thank you to the participants on the floor.  Your comments were very helpful.  Hope to see you all on the dynamic coalition list.  Please check out the references, and especially check out that second bullet on the INTGovernmentForum.org CMS surveys.  Basically that takes this paper, it takes the questions, and it invites you to say how important any of these issues are and what you think about them.  So it's a question for more input.  Again, thank you.  Thank you for maintaining time, and everything.  You guys were perfect!

>> MAARTEN BOTTERMAN:  Thank you, Avri for wonderful moderation.

>> AVRI DORIA:  Thank you.

(Concluded at 1031).

 

***