FINISHED - 2014 09 04 - WS61 - Policies and Practices to Enable the Internet of Things - Room 7

FINISHED COPY

NINTH ANNUAL MEETING OF THE INTERNET GOVERNANCE FORUM 2014

ISTANBUL, TURKEY

CONNECTING CONTINENTS FOR ENHANCED

MULTI-STAKEHOLDER INTERNET GOVERNANCE"

WS61

POLICIES AND PRACTICES TO ENABLE THE INTERNET OF THINGS

04 SEPTEMBER 2014

9:00 A.M.

* * * * *

This is the output of the realtime captioning taken during the IGF Istanbul, Turkey, meetings. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.

* * * * *

>> MODERATOR: Good morning, it's 9:00. It's really early for many of us, I think. So we'll probably have a lot of people walking in during the session, at least I hope so, if they can actually find the room, which all of you do did, which is not bad. I hope we are getting remote participation. I'm guessing it probably will be from Asia because at least they are well awake in the day. Europe it is still 8:00, and you shouldn't threaten people before their first cup of coffee. And the U.S. well, if they are still a wake, they have probably been to a party. So how much they can add to the debate, we will see.

Anyway, this event focuses on Policies and Practices to Enable the Internet of Things, which I think is the ‑‑ by the way, could we have the slides up of the first presentation, please?

It will be the next big thing. At the OECD, we have been working on the Internet of Things now for a couple of years, and we see several areas where Governments can play a role to enable the Internet of Things, not necessarily first to regulate it, but to make it possible.

We did a couple of quick calculations just to see whether those predictions of 25 billion devices by 2025 or 2030, would be realistic. Our quick calculations showed that an average family with two teenagers in the OECD, in 2012, had 10 Internet connected devices already. There will likely be 25 in 2017 and 50 by 2022. When you take those numbers and you extrapolate and you allow basically not everybody who doesn't have broadband doesn't have any Internet of Things yet, you still end up with 1.7 billion devices today and in 10 years from now, we would be at about 14 billion devices, just in the homes in the OECD.

Now it's a guess, we don't know what the future will hold but all of a sudden that idea of 25 or 40 billion connected devices by 2025 by Ericsson doesn't seem so bad. It's more than you think, because it's a new trend. And you see an IP address, unfortunately not IPv6, but on all the displays on the side it has a different IP address. So each device is connected. And you don't know how many there are in the tram themselves.

There is a number of building blocks, and in the end it will lead to autonomous machines. We will combine the Cloud, a whited-out remote control, but I think it will be one of the areas we will see development in as well where we will see more and more remote control. Then we will see many autonomous machines and it will change the way we work and live.

The traffic load is a nice example. London, since a short time now has self‑learning autonomous traffic lights that are coordinated in groups and act as a whole cluster and that learn, based on the traffic experiences of previous days. So, all of a sudden, your city becomes a part of an autonomous system, which guides traffic flows through the city based on availability.

Now one thing that we, at the OECD, think is essential that access to numbering resources is improved. And particularly, large‑scale users of the Internet of Things of GSM technology ‑‑ for example, car companies that you take, Toyota and Volkswagen ‑‑ they produce 10 million vehicles a year. So they roughly will have 150 million vehicles on the road all carrying SIM cards. Now imagine these guys having to change mobile operators. Anybody want to change 150 million SIM cards? It is just will not happen.

We can do this if Governments change regulations so that car companies could hold their own SIM cards. When we proposed this we were contacted by several car manufacturers around the world, Fortune 500 companies, et cetera. The Dutch Government has now liberalized their regulations. The German Government is looking into it. And the German car manufacturer can save about one euro per vehicle per month. So for the German car industry, this would be a two billion euro jackpot that they could use to better enable the Internet of Things. It will not just lead to bigger profits for them, but it will make them buy more data. It will make them do more things.

Now, there are a number of challenges that will be addressed by our speakers today, and I will leave the challenges on here for a while so you can have a look at them. We'll now introduce our speakers. We have asked our speakers to come up with recommendations for Governments because, if it's dark Governments present here and we need to enable things, it's best we get told what we should do.

So we have an excellent lineup here. We start off with Jari Arkko, current Head of the IETF. We will then move on to Pablo Marquez, the Head of the Columbian Regulator. After that Mr. Claudio Contini of Telecom Italia, the CEO of the unit that works on new innovation. Professor Lee, who was described to me when I met him by one of our Korean colleagues as the Father of the Korean Internet of Things. So that is a very nice title to have. And then, in the end Khairil, who won a SEED Award for his work on Public Sector Information and the Internet of Things in Malaysia to make the Malaysian Government more transparent and open. I think we can learn from him greatly. So, I would ask Jari to start. Later on the floor will be open to your questions and we will move on. Thank you.

>> J. ARKKO: Thank you for having me on this panel. This topic is dear to me. I have been working on it for a number of years, research and personal perspective. We'll have an opportunity to speak about it.

So first of all, this is obviously an incredibly useful development for many, many reasons. We really do want to see this happen, and it is happening, just to mention environmental and energy conservation benefits we can bring with this technology.

But there are always some challenges. Some of the challenges are technical and that is what we, in the standard space, and vendors, for instance, keep working on. One example of those challenges is power. We want to have devices that are able to operate for a long time on battery power, for instance and small devices. So that is technically challenges. We struggled with that, actually. But we are making progress.

There is also many commercial challenges, for instance those who work on Internet access businesses or provide Internet access and converting our systems that have been mainly designed for humans to use in various different ways. The human scale. So one entity to one human and also the other ‑‑ it's user interface that people have to use, trying to make that work for devices, when we are talking about millions or a single customers of this technology like a car manufacturer might buy millions of devices, that is a bit of a challenge.

We also had a challenge with the ecosystem, the business ecosystem in this space. I think we have gotten over that by now but it is important that we don't have just like point solutions, or we have this great technology from one company, but we have devices, we have networks. We have consulting services. We have the applications, the whole system rather than individual things. Now we are starting to be there.

There may also be challenges that relate to Internet Governance or challenges where we who work on those topics, would like to be informed about those challenges and making sure that those are actually being addressed. Many of these things are such that they should be worked together by multiple stakeholders, obviously the standardization technical communities, the vendors, and the Internet Governance experts and regulators.

So the first item I wanted to bring up as a challenge is entering sufficient address and identifying spaces. And this is basically not to artificially constrain the growth of this market or growth of this application. The numbers are big. We are talking about at least tens of billions in the next couple of years or even beyond that, the current IOT scenario I'm talking with at my day job with Ericsson, are in the order of half a trillion or even more. So eventually we'll get to very, very large numbers.

And essential, there is enough growth potential in these technologies, for instance, large‑scale deployment of IOT devices, would probably benefit greatly from IPv6 and address larger number of devices and you don't have to go through the technology requirements for going through NADS and it would save power in battery-powered devices.

The other thing I want to mention is standards, and we have some progress there, but also some work remains. Standards usually enable the creation of competitive markets and provide customer choice. Many of yesterday's Smart building or industry applications, for instance, were based on non‑IP technology. It was for a particular purpose and very difficult to reuse and networks for other purposes. With IP, it is much easier to use the same network for multiple persons or use the same data for multiple applications. It really enables innovations and competition and you can buy the same low price gear for even advanced applications because everything is supported by the same network.

Even on IP‑based designs, it is important to answer this modulatory that you can choose different components. Typically the systems consist of devices and some network, perhaps Cloud‑based systems. And as an example of sensors that sends information somewhere, I would like to be able to change where it sends the information that goes to my Cloud or that other Cloud, instead of the one that was sitting there and has many benefits.

The third challenge is privacy and security. That is an obvious thing. One small example of where this is important is really ‑‑ the previous examples, so if I can change where my data goes and I'm a little bit more in control of my data and can ensure that I put it in a place that is safe, that would be a good thing.

The fourth one is something that I came up during this week because we were discussing quite a lot about in this conference, about how do we engage the developing nations to make sure that everyone, every person around the world has access to them? That is a very, very important aspect, but it department really stop there. I think it would be very important to think about how do we deploy these other things, the Internet of Things technology in the Developing Nations? Not just for humans. I can see a lot of benefits for say, environmental technology or environmental applications or agriculture applications. And I think we need to consider that and not just talk about 7 billion people we are trying to reach, because we need to go further.

So I have a recommendation, which first of all, is not a specific thing about a specific aspect of the technology or governance. It's just when we talk about Internet Governance in general, we should not focus on how the Internet is today and how do we use it? We do the browsing and we want other people to be able to do that as well. Think about the future, about the future applications that we can actually most easily affect today. And we have to take, for instance, developing nations and Internet of Things technology into account. So let's try to do that.

And I also want to say that while I want to bring these things up in the Internet Governance context. It doesn't mean that I'm necessarily calling for lots of regulation in this space from Governments. They already have quite a lot of regulation that it is just applicable in this area as well. I think it's useful for all of us to understand some of these challenges and what they mean and together I think we can form a consensus of ah, okay we really need to make sure that we have ability of those car companies, as I mentioned, to deploy those millions of devices that we have. The numbering space that is needed to address the last number of devices needed ‑‑ the large number of devices needed. So with that, thank you.

>> MODERATOR: Thank you, that was nicely on time.

>> C. CONTINI: Thank you for the invitation to be in this workshop. Basically, my main point in this presentation which will be is very short. We must not forget as well as the previous panelist just said that in the end Internet of Things is also about people. And when I say that, it is basically because as policymakers and regulators, we want to enable the use of Internet of Things in a way that improves the consumers and people's welfare, and not just some of the critics mentioned, that productiveness or efficiencies of certain businesses. In Columbia we are currently working ‑‑ is there a way to ‑‑ sorry.

We are currently seeing several phenomena. The first is how are we using or what is the regular use that we are looking in the market? So, first public trepidation is being transformed by machine‑to‑machine communications. So the bars that you see right at the top corner is the -- which is the public transportation system that currently works in Bogota. It has been connected to truncated networks to the centere of (Indiscernible), and it has improved a lot. Its efficiency as public transportation system reduced a lot much in the communications, the time to transportation of people. Mobile operators are also offering several sets of services to companies such as this one that we see that they measured, and how in certain industries this is very important because this reduced or improved a lot, the cost savings.

And also car manufacturers are now using much Internet communications in order to facilitate people's communications with their own cars, communications with the car manufacturer and they provide services for people such as me, that sometimes we leave the keys inside the car so we just make a phone call or send a text message and they open the car for you.

So there is several uses that they are using right now and this one that is not in this ‑‑ that is very, very useful and it has recently been used in the coffee industry. The coffee industry is using much communications in order to improve the coffee‑growing process by letting the coffee growers know what are the levels of coffee that they should be collecting day by day. And that way, not depleting all the coffee resources and not wasting coffee in the process.

So, this is what we are seeing right now. As regulators, we want to enable the Internet of Things in several ways. First, we want to improve trust of people in the use of the Internet of Things. This is because we know that there are a lot of challenges regarding privacy. However, we also want to set regulations that make competition in the market much more transparent.

I'm saying this because most of the services that we just saw have been challenged. They are regularly being provided by a third party not operators. Operators have, unfortunately, imposed barriers to third parties who want to provide service to machine‑to‑machine communications.

So we are producing a set of regulations that will prevent margin squeezes from operators that sometimes will happen and they will at some point, artificially block the growth of the Internet of Things that we just don't want to destroy.

And in addition, we want to set a set of regulations that allow a larger access to normal resources. Larger access for normal resources not only for operators but also third parties and it would definitely improve the Internet of Things and will definitely make companies that are not regularly related to the network operations, will get into this market with new innovation that is will foster the welfare of people.

So this is based on the regulatory issues that we are handling. Regarding the policies the Governrment needs is promoting, there are just two very important projects that the Ministry of Telecommunications in Columbia is doing. The first is the project analytics that as we know machine‑to-machine communications use a lot of data. But in Columbia, we still don't have much data centers or data processors that make Big Data one of the businesses that will enhance its use of machine‑to‑machine communications. So we are working on that.

We are also working on a set of regulations that will remove the IT industry in the development of applications for the use of these public data and the access to data from the Governrment.

So, we think , and we are or want to produce much more talent in this industry that we also will allow us as a Government to promote the use of the Internet of Things. And based on those policies, what we've seen is there is a need of, not much more regulation, but policies that enable and this is their data over the last 2.5 years regarding how machine‑to‑machine communications have changed.

As you see in the green line, it shows that from this first term of 2012, to the last quarter of 2013, we have seen a huge increase in the use of machine‑to‑machine communications through SMS. And the SMSs for internal operation or content SMS, as you have seen on the person‑to‑person SMS, is going down. But operators are looking at a new source of revenue coming from the user machine and machine‑to‑machine communications SMSs.

So we are very happy that the use of machine‑to‑machine communications are increasing but we require to keep with the policies that will allow the Internet of Things to be about people and to improve the welfare of people and that is why we are developing all the policies in order to gain much more from the development of Internet of Things and machine‑to‑machine communications. That's basically it. Thank you to everyone that is here.

>> MODERATOR: Perfect, almost to the second. Mr. Contini?

>> C. CONTINI: Good morning, everybody. I have been asked to outline the major Government issues related to the successful development of the IT and to share Best Practices. What I can share with you is only, of course, only a point of view of a private company coming with a very specific competitive space, dealing with what we have to imagine as a set of disruptive technologies enabling the third platform called, the Combination of Cloud, Mobile and Social. One-third of the future business will be managed by 2020, mainly.

This biased point of view is relevant because IT should be right now mainly by product companies trying to establish clearly their own space and by companies trying to leverage these technologies to transform their own specific industries.

So, why the business point of view matters? Business leaders were right in the sense that the IOT represents massively disruptive technology. The Internet of Everything will generate 14 trillion in economic value or business opportunity over the next 10 years. Apple, Google and Microsoft and the like, are eager to establish their effective standards.

To a certain extent, this is inevitable and goes with the consolidation and the materialization of this opportunity. Still, IOT represents also a great opportunity to facilitate Smart living, helping us to go about challenges and making Europe, for example, more sustainable and inclusive economy. So we need the right directions to stimulate the development of the IOT in a way that best supports Europe growth and job objectives and contribute addressing social challenges while ensuring trust and security, including the respect of fundamental rights.

Now this application of services market alone could grow to 3.3 trillion by 2025. So it is retooling and communication infrastructure with the aim of better managing municipal energy, waste, traffic and so forth.

IOT therefore represents an opportunity for all of us to develop new jobs and new competitiveness such as network design, data analysis, data security and engineering.

Now, coming to regulation. Existing regulation has been shaped mainly in order to manage human communications. So is our infrastructure, the telecommunication infrastructure. We only recently have been moving from managing voice traffic to carrying videos. IOT a convergence of Cloud platforms, networks, data storage and managing and right now sometimes we go the throughput device, machine‑to‑machine communications. It is a major change. So we need a regulatory framework designed to support this huge incoming infrastructure with infrastructure, licenses and rules, procedures. The business models that we envision are different, so it must be the regulation.

Since IOT is going to have a huge impact on transforming non‑digital industries, we need to take care of their regulatory frameworks too. For example, let's consider the activity sector and the impact IOT having on mentoring and it could have in the development of this. Now energy regulators are not TLC regulators. So regulators and policymakers of ICT and Energy should cooperate with the power of the IOT.

There are fewer questions that arise and have been raised by the previous speakers. I would like to focus on data, privacy, identity standards from the private company point of view. We will start with data.

Who owns data? Who administers them? Who determines how data standards are set? How data is organised? How it is kept? Where it is kept? And who can see it and use it and for what purposes? Then there are not so subtle issue of who owns the derivative information about the data like the emergence patterns in data and the implications of those patterns. So basically, it is a complex issue but it is relevant to create another market.

Privacy. Are we sure that the existing automatic set of rules are well designed to address the incoming transformation? How regulations may cope with the changes in consumer behavior. With some customers willing to renounce privacy, maybe in exchange for a social return or for nothing. Without this, maybe very conservative about their own privacy. To what extent ethical motivations should win against freedom of individuals? And how to protect those less cultured?

Identity is the other side of the coin. There are currently seven initiatives and many in Europe, to give us digital identity as digital citizens. But we are already complex entities, each of us, made of ourselves plus several sensors and actuators exchanging information and doing things in the real world. Now, this sensors and actuators will belong to us, not always basically, as well as the action that is they will perform on our behalf.

So our digital identity must somehow include all these objects, links and relations, and regulations must evolve accordingly avoiding the existing geographical distortion and permutation.

Coming to standard definition. The real Internet of Things, meaning the way availability and the exchange of information among the different devices and sensors, know that to better serve an individual or an entity, private or public, we know that will happen sooner we expect because the lack of standards will prevent adoption on a broader scale. We can't have small cars, Smart city, and well-functioning well-connected systems if this part doesn't get it.

There are a few companies that would like to set de facto and provide standards. Simply needed in regional and local authorities implement policies granting or at least favoring interoperability among platforms and applications. IOT cannot remain, I think, a collection of different independent vertical applications and platforms. You know that while it has potential, the solution has to interact and to interoperate in order to make possible the delivering of a new and enhanced user experience and in order to help companies increase quality of life for individuals.

We cannot forget that there are major differences in the economy and regulatory policies in different regions. For example, in U.S. there are sort of four major telecommunication operators. More than 100 in Europe. Ethics towards privacy is different in each of the world's region, and in European Union it is different in each state. And this is the case for identity too.

The issue of telecommunication against LTTE players is well known. -- The supply side of DOT, and it is the greatest and often implies mobility and depending on the application may be largely sovereign national. So how can we ensure a level of computing field that will allow private companies to compete on interfaces? Which are the clear rules that will regulate and to what extent the new markets and everybody IOT? And who will charge of forging them?

Companies invest in infrastructure only if there is a clear and predictable economic return. They need to foresee a relevant market ahead, significant economies of scale and some sort of sustainable competitive value. Particularly in Europe, the possible answer or at least a direction will be to the realization of a single digital market at least for the IOT, in order to make a stronger use of the best European asset, a single market stretching over a whole continent with 500 million potential consumers.

While the European market already offers a lot of benefits to Europeans, this is not yet true when it comes to digital products and services and is not going to be true with regards to IOT for what we can see so far.

Europe today, does not have one but 28 digital markets regulated mainly nationally. We continue to have in Europe, 28 national TeleCom regulators, 28 national privacy authorities, 28 private protection laws for the Internet. I think it's a complex environment.

So the Internet is global and the IOT too. Europe believes they can create regulations 28 times for digital products and services as well. So, I think that what we need is more Europe in TeleCom regulation in the application in competition law and privacy matters. Only in this way we will be in the condition to face the regulatory, that helps existing Internet giants and marginalizing all other companies

Europe has to be big on big issues in the future. The digital single market is a big issue. The key to unlock the door to our European future of innovation, job growth and corporate competitiveness. IOT is really a strong business enabler. But our private companies, all private companies, must be given a stable, clear and not fermented variable regulatory framework specifically designed to unleash the IOT's potential.

Minus 2 minutes. I'm sorry.

>> MODERATOR: Excellent. Professor Lee.

>> J. LEE: Good morning. I am going to talk about some policies that have been set up in Korea about the IOT and also I'll mention about enabling technologies about the IOT services that needs some standardization and the platform and the global collaboration.

In order to talk about the Governrment, the Korean Government, the Master Plan, I need to talk about some background for building policies in IOT and Korea. I think you have ‑‑ I think some of you have already mentioned the number of devices connected might be 26 billion to many companies like IBM, HP or Cisco. They have the 4Cs is the expansion of the number of the devices connected.

And the Korean Government, the IOT, is the key technology and Smart service for improving in three areas, one is the public administration and for improving the industry product and another is individual or quality of improving the quality of life in the individual quality of life.

So, I will show you some of the slides that many of you have already seen in many conferences, the U.S. National Academy of Engineering, the 4Cs, the grand challenges for the 21st Centuries and thus the sustainability of the resources and sustainability of the environment and also about health and security. And they identified 14 areas.

Another -- Smart services we can find in many areas, Smart planning, Smart cities, transport, living health. So the reason the Korean Government identified IOT as a key technology is the ‑‑ for the applications, the first thing is to find the signal, the situation of the current status that surround us, and then we want to convert that signal into the value and into insight so that some actions could be performed for the life or quality of life or for improving the production, improvement, and the public safety and like that.

And so, we know that in order to have some value of Social Service, the IOT is the basic technology service and along with that, we need some Big Data in Cloud platforms all together. So, we start with the IOT. So, and also so IOT has enough potential as a new growth engine to stand as the global market for the Korea with some top class ICT structures and manufacturing capacities.

So, we think the IOT provides -- an IOT Big Data and Cloud to provide these Smart services. And another one is nowadays, the Korean Government, looks for the creative economy of Korea by promoting more small- and medium‑sized companies. We think that IOT technology and IOT services is quite suitable for the small- and medium‑sized companies.

So last May the Korean Government set up a Master Plan for building the IOT to lead the hyperconnected revolution. And they selected the IOT as one of the four basic technologies. So, this is about something that was going on in Korea about IOT and for the practice, IOT practices, from 2000, we have started about the RFID and U.S. project that is about the IT convergence project in many industries.

Based on that, in the last year and this year, the Governrment performed another project we called it Vitamin Project. Vitamins that we can have is convergence project from the agriculture and bio and clean environment and such. So, in 2013, we let the four leading Vitamin Projects, for the AFO. AFO and Smart farm, Smart farm fishes and Safer Drug and Asian Museum and something like a Smart forecast for disease or ICT.

So, in many areas from the individual quality of life to the public safety. And next year, we are going to perform some projects based on the three areas. One is a small project and mid-science project, and larger-size project. And usually the small project, based on the DIOI and how to make practical services. And mid‑sized project is like some Government that the public administration, like safety, and in Korea we will have some 2018, we have a Winter Olympics in Korea. So maybe some areas we can apply this IOT applications. And for the large project, we can apply some Smart agriculture and health and Smart city.

This is one example of the ‑‑ I have picture before I came to here. In this whole is a very well organized for the public systems. So, when you visit Seoul, not try to rent a car, but to use the bus or train, you can see many informations about the public bus information. And it shows some expected bus arriving time in the left, the picture shows some bus numbers and how many minutes I have to wait and in the box of the yellow it shows what kind of buses will arrive soon. And also in the right side of the picture that you can see is some weather information too. So it provides the bus information and weather and pollution information around me.

So this is the basis on the location sensing and the arriving sensing. So the bus has the Wi‑Fi system and GPS system and the information goes to the Cloud servers to provide this kind of information.

And to provide this kind of IOT services, we need some of the ‑‑ we need some technology that enables this kind of IOT services. I think in order to have this one for the individual of things, you have the things that should be communicated like Amtram communications, or sometimes the things communicate with the ‑‑ through the wireless network. And maybe, at home, we may have us the server through while access neutral at home.

And through this wireless access we need to access the applications through some of the platforms. So, the elements likes things and wireless access, we have so many ISPs and service to reach to the Clouds and Big Data or social network, we need some platforms that placed together among the elements of the Servers.

So these are the enabling technologies and the issues among those are the ‑‑ for example, if think like no issues, we need a very small-sized platform, and as someone already mentioned, about naming and addressing and how can we get the energy from the outside? The energy harvesting? Those are some key issues to be successful IOT services. And we need us some configuration and the sustainability and for the access, can we see the current existing Legacy ITCPI to provide this kind of services? Maybe we can apply like software-defined network to reconfigure and to flexibly configure the IOT network service. For example, like the register services, sometimes we need abrupt resources for those kinds of registered services. So we need dynamic traffic access neutral. And also, we need to have us some platform that connects with the Cloud and the Social Neutral.

And so -- and time is up in three minutes. And maybe for the frequencies, maybe the spectrums, we tend to use this kind of those for the accessing the things or the wireless neutral and something. So I think those are already the ‑‑ many standard groups are talking about this kind of protocols for the communications.

So recommendations as you see in the elements of the IOT-enabling services, we need various kinds of elements that should be standardized. So we need some standardization, global standardization for neutral and the platforms for the Cloud or the Big Data, and we need some industry standard harmonization group of the user convenience. For example, for the Smart home, in our home, we may have various kinds of Smart or the home electronic devices from various companies. We have a very valuable experience of the home services in the last maybe 10 or 20 years ago, and at a time, I think we have failed because of the ‑‑ we cannot reach to the standard harmonization of the home electronic devices. So we need especially for IOT area, we need some industry standard harmonization group for user convenience.

Another thing is about the service mentioned about this service sustainability. We have experience in Korea starting with the RFID demonstration programs. 10 years ago we have many projects being performed in many areas. After 10 years, if you go places that shows Best Practices of the RFID, some of them are not working anymore because of the power battery failures or some node failures or some sensor failures. So we need service assessment ability to provide the trust to the users of the IOT services. So we need to develop technology for the service of sustainability. And also, IOT service is not a local service.

Yesterday Rudolph and I talk about the order, the vehicle. Maybe I can import some car from the German or France, to Korea, and the IOT services in that car should work in our country. So, we need a global collaboration. And sometimes from country to country, they may have different privacy rules. So, for the IOT services we think we need to think about that. Sorry for spending too much time.

>> MODERATOR: That is excellent. We are still within the projected time that we had when we started planning for this, so I'm really thankful to all of the speakers for staying so nicely on time so that we even have time to expand. I think this has been a fascinating discussion so far. The only one left is a Khairil Yusof from Malaysia who won the SEED Alliance Award and has been doing excellent work in Malaysia. So can we go on now to Khairil Yusof.

>> K. YUSOF: I'm happy that everybody else hasn't picked up coffee as well because I'm going to grab it from you. But my background is actually, I'm really happy to hear my fellow panelists cover a lot of the points as regulators since you have addressed a lot of the needs of what we, the consumers are building.

So in my case, I need to build civic applications that the public wants. Or to be able to make the data available that either the Private Sector, Government Sector or just Civil Society like me, can build applications on. And it seems that the fellow panelists have addressed most of these points, which is good.

When it comes to the Internet of Things, I usually separate them into two types of devices. One, consumer devices or consumers of data. And this is the most prevalent use right now. When I'm talking about consumers of data, it means like for example, your mobile phone. When you want to have maps, it is consuming data to generate to show where you are. Weather, for example, it is a consumer device. It is grabbing data from somewhere to be able to show what the weather is.

On the other side of the Internet of Things, also devices which are providing data. These are sensors, devices that provide data such as sensors. So, usually when we work in data, on the Big Data side, a lot of the fellow panelists showed for example, like traffic systems. Those are the kinds of data we need in order to build applications. For example geolocation data, traffic data, and crime statistics is a good example for when large data, such as crime not being available, can hinder innovation. And recently, Malaysia, we had a product that did really well in terms of having ‑‑ it's called wear-apy and they have a wearable device that quickly sends an alert out through a mobile device to report immediately to the police and emergency services that somebody is in trouble.

So, one of the things that they don't have is they don't have statistics on crime. And one of the things that we saw in the U.S. was that with the crime statistics, certain cities are able to map out, for example, which areas are safe and unsafe and at specific times. So instead of just being a device, for example, that only warns you after you have already been in trouble, if you actually have large data like crime data, you could actually be warned that this specific time, you're in an area of downtown late at night when there is no more office workers and the crime rate has gone up. So those are the kind of examples where Big Data can help do things in ways that you don't even imagine.

But quite often our projects, the problems we face is actually Small Data. And what I mean by Small Data is that specific small amounts, maybe 10,000 or 20,000 records, or even standards, that you need to have to be able to build applications that are not or that are not actually available to you. And I think for a lot of Government agencies, identifying these stumbling blocks are actually a good thing to do so ‑‑ because they are easy.

It could be something specific ‑‑ for example, if you want to build an Internet of Things to measure electricity. The standards on how to read the meters, for example, in Malaysia, they invented digital meters. What is the standard to read that? If you cannot access that standard, it will be difficult to build your device. So those are the kind of data that is needed. But you don't have and you can't do it and you can't build these things. The other ones that are also low‑hanging fruit are things like administrative data.

For example, we were trying to build applications to fix local traffic issues, and actually the biggest problems we had was data on jurisdiction. So if you have a road, one side of the road might be from one local Council and the other side of the road could be another local Council. So if you don't have the simple data, you would have all these problems mapped out but no way to build an application to report the problems to the specific administrative body. So these are kind of Small Data that we can have.

On the other side, in terms of provider devices, these are quite simple. Several examples have already been given, for example, a good thing about now is that with an Internet of Things, most of these devices are basically small computers. They are easy to programme. You're using standard Internet protocols. And they are down to probably about $20‑$50 now for a cell block board where you don't even need embedded knowledge, that it computing knowledge to programme these things.

Some examples of this being done that could be done for example in terms of Government, we had water shortages in Malaysia, but the reservoir readings were done once a week, often too late to warn the public about when their levels are being low. A simple device like this to actually share data on reservoir levels could be used by a lot of different local councils and local Governments to plan ahead.

And recently, we had a request from a Google policy representative saying that had we build, for example, disaster flood management. Again, these are simple. Not costly devices. All you need to do is especially in Southeast Asia where the Internet is being applied really rapidly, so we don't have issues of rural, not too big issues of rural areas without Internet access.

So, basic little devices that can measure for example, the water levels of rivers, are things that are easily implemented by Government and they provided on the Internet as standard data. There will be lots of different applications in terms of planning for disaster management.

So, having said that, here are the problems that we face and our recommendations. When we approach Government agencies in terms of these ideas and opening it up, a lot of Government agencies are happy. They want to do it because that is their job to serve the people. But often in Developing Countries like Malaysia, we don't have policies and guidelines for these agencies to follow. So it is really important that the key agencies that are the regulators, and policymakers for other Government agencies, have these guidelines so that the other agencies can implement Best Practices really easily. So it's not about unwillingness but not being able to have guidelines to easily implement it.

The other problem that was also raised recently is fragmentation and competition. In this new space, a lot of different players, both Private Sector and Public Sector, competing agencies sometimes within public sector, are all trying to build all acquiring data and not sharing the data.

So a good example for this is that for about three years in Malaysia, Google was ready to have navigation like turn by turn navigation but couldn't do it because of the deliverance of legal problems of the data on the street maps. There is probably 6 or 7 players if I recall, each having different portions of the country. So you have to negotiate with like 5 or 6 different providers to be able to build one application.

So, I think this is a balancing act that regulators have to do between competition in which you want to ensure competition that people will try to get and acquire data or data sources. While at the same time, try to avoid a feel where you have fragmentation and actually reduces innovation because people are not able to do it without a legal leverage.

And finally, this is more from a development agency. So my final point is that for a lot of Developing Countries, they try to rush into things when something like Internet of Things comes up and says, look, we will need training programs now so that we can build human capacity. I have been in this area for over eight years and I hope that these mistakes are not repeated again.

Instead of focusing on specific, for example, training programs for specific vendors, that educational institutions should continue to provide education on the basics. You should be able to programme in any embedded devices rather than vendor neutral. Because in this rush in the Internet of Things, specific vendors will come in with their specific solutions and say, do this training. So, it is important to ensure that on the education side that things stay open just as they are in the rest of the Internet of Things space. Thank you.

>> MODERATOR: Thank you. This has been absolutely great. I have been tweeting quite a bit of what is being said here and we are also getting some questions fired at Twitter.

Now, one of the messages that we get in here is that well, the Internet of Things is not really new anymore. It is there already. And we are seeing, whether it is Developing Countries or Developed Countries, we are seeing everything being rolled up.

So the main things that I hear with regard to Government policies, mostly about removing the roadblocks. It's not that there are specific things that the Governrment should regulate before it could happen, it's more about removing the roadblocks that are there. Incompatible privacy regulations is a problem for Europe. Access to Government data where there isn't a regulation that makes this possible in Malaysia, is a good example, the numbering policy that Columbia mentioned.

Are there any regulations you think are necessary that Governments would need to impose on those who offer Internet of Things applications? For example, in the area of security, should we make some requirements on companies to have a particular standard of security, especially when devices are in the field for 15‑30 days ‑‑ years. Sorry. 15‑30 years.

Speakers, what do you say? Jari?

>> J. ARKKO: I think several of us brought up the question of standards and Governments and regulations may have a role there in terms of advocating that as an example, everything that Governments or the public sector acquires in terms of for its own use, that that is built in a way that enables them to share data and to change parts when needed. I think that is one key area where probably some new work is useful.

>> MODERATOR: Any other comments? Were there any questions from the remote participation? No? Okay. It seems that Europe hasn't woken up yet, and Asia. They may be doing something else, but we did have a question from Mike Nelson via Twitter that I will look up now. Mike was here in the room but probably needed to go somewhere else and didn't want to get hurt so Twitter is great for that. He says, my question on IOT to the Policy Panel, what can we learn from the slow growth and fragmentation of their own networking market from 1990 until now? And in addition, do we have the unlicensed spectrum we need for Global Internet of Things applications?

Who can I give the floor on that? Jaiyong Lee, maybe?

>> J. LEE: What is that again?

>> (Off mic)

>> J. LEE: I think I already mentioned that in my presentation. We have experience of somewhat failure in automating our home. We are providing this on Smart services for the network. For example, in Korea, two big companies, they have their own platforms for this Smartphone network. But as for me, I have in my home, I'm not the only one company user. I have many devices, electronic devices. So, when some company uses like access to some Smart box to connect all the Smart home electronics, that kind of platform or standard should be collaborated with others so that the users provided for the common services.

So I mentioned as a recommendation so we need like some associations for the industries for home network to provide the successful Smartphone services, not the old days of the experiencing the old days of the home network service.

And another question was about the ‑‑ do we need some unlicensed spectrum for the IOT services? I think we may need some more on unlicensed spectrum for the uses of the IOT services, rather than licensed spectrums, because many applications use, like at home or in the buildings. We use some unlicensed spectrums. So, we may need some unlicensed spectrums in IOT services, I think.

>> J. ARKKO: I think competition is generally good and it is better when we have multiple different types of technologies available, unlicensed and licensed and competing approaches. One observation I would make from the last 10 years or so is that we have had some number of attempts to do like IOT specific technologies. And so my sense of it has been they struck oil a little bit in taking off, whereas now what seems to be happening is that those people who have learned how to build wireless LAN or cellular systems that reads the right PAR levels and can be build in the right way for the Internet of Things market and this general purpose network is so attractive because, why would I buy anything else than a wireless LAN‑based thing for my home because I already have the wireless LAN access point so if I needed to buy something else, I'd have to get the new infrastructure there. So there is a lot of interested in using existing things and existing technologies, unlicensed or licensed.

>> MODERATOR: And if the other speakers want to respond to this? I assume we have questions from the room. The lady in the back with the microphone?

>> AUDIENCE MEMBER: I have a question. Is it on, the microphone? This is Rita from Open Data, Hong Kong. I would like to make a general comment about the IOT discussion. I think at the moment, it is really completely dominated by engineering and ICT companies.

So, there is such a striking lack of really good ideas for applications, and I think that it is because of the lack of user or citizen involvement from the early stage. I want to see more of the Telecom companies, Utility companies to join up with citizens to ask them whether they want these services and how they want these services and also have a broad discussion on data ownership from a very early beginning.

Because, what are the options? Are there any options? If I don't want the Smart services, I have not really seen a really Smart service, and these constant examples on having some kind of automated message when your fridge is empty, are really quite boring and not really that striking.

So I haven't seen really Smart examples of really good IOT ideas. And I think that is because the lack of involvement of citizens. Thanks.

>> AUDIENCE MEMBER: I am from India and I have a comment on the need for regulations of a slightly different kind. We see that IOT given devices all over the place and we can have devices we wear and possibly inside our bodies as well.

Now, the privacy and data is one aspect ever what comes out of these devices, but I come from the Open Source background, and I also see the need for these devices which are either not very well‑known to us or in places we cannot access easily as well. Because this is a hardware and software combination. Not just software. And it's not very easy to look into as well.

So what are the safeguards and precautions that one can have when we use the software? Especially when you're talking about the latter three billion people who are not tech savvy, who are not or who will end up using some of other things as well? So just a comment that we may need additional safeguards, not just for data, emanating from these devices, but also the software inside the devices. Thank you.

>> MODERATOR: Thank you. Who on the panel wants to go into these two points?

>> C. CONTINI: I will address the question. IOT is somehow different from previous technology breakthrough because it has a very huge impact on other industries. Many of you may have read that engineers from car manufacturers do not know anything about the 200 devices that a computer has in every car. So they are not at all able to manage the issues that may arise by misuse of cyberattacks on these cars.

So, the point that I like to make is that we badly need to support the knowledge transfer to companies coming from other businesses leveraging on digital innovation. It is true that IOT is mainly driven by ICT companies. This is way bad. And it is not true that in the future, we will see only a B to C business model. But you're going to see from the ICT point of view, A to B to C model. We have to take into the equation companies coming from non‑digital industries, that they are maybe ‑‑ maybe a strong enabler or maybe a strong provider of bad news to all of us as consumers.

>> K. YUSOF: This is to address the issue about citizen involvement. I think it is from having talked to a lot of the private sector as well as people trying to build applications. One of the things about Internet of Things is reducing the accessibility, or reducing the barriers to development, because it is extremely -- most people who can programme for the Internet, can actually start working on devices and it is actually better for the device makers to make, or like as I explained, if you have wireless device to make the best wireless device, and then for the people to build this application, well it is not that difficult then to just build applications on top using standard Internet protocols.

So the barrier is not so much in terms of engagement from industry to people. I would say that the barriers which have been raised are things like regulations, standards and so on, that are blocking these people from innovating in this space. That is my answer.

>> P. MARQUEZ: So just to kind of reply to the questions that were raised, first regarding how other participants in the market can use or better use this technology in order to produce more innovations that are helpful for increasing consumer welfare. First, what we are doing with regulations is to make the playing field for everyone in the market is the same, and that will definitely drive innovation in different ways that we have not seen before. And the fact that other companies or other manufacturers of different kind of services in different markets than the markets ever telecommunications are involved in these technologies and have no barriers to entry to the market, will definitely improve the use of machine‑to‑machine communications and the Internet of Things in order to increase the consumer welfare in Developing Countries, I think in every country, basically, the quality of possibilities is just incredible to increase the welfare of people.

And then second point, and I think it is regarding the problem of privacy and the use of certain devices on certain applications in order to allow people to get certain information that will be good for example, their health, yes, there is a lot of privacy concerns. And regulators -- what regulators have to do is to promote a lot of transparency with consumers regarding what is or who owns the information? What is the purpose of the information that is being used? And what are the limits of the use of that information?

As long as consumers have or are being given the information that is right regarding what is the uses of this information, basically, on the rights they have with this information, which is basically the most important, then trust in the use of devices such as wearables or any other devices or any other application that enables the Internet of Things. That will conserve the trust we need in order to make in market much more transparent.

>> MODERATOR: Thank you. We will take another three questions, first from the gentleman there and then Martin and then the lady.

>> AUDIENCE MEMBER: Robert Pepper, Cisco. So, three quick points. First on regulation. Some regulators have opened up proceedings to look at Internet of Things and asking what do we need to regulate? Offcom has taken to proceed consultation that takes the opposite, in fact, they have entitled their proceeding, "Promoting Investment and Innovation in the Internet of Things." So, they are taking a glass-half-full approach and are not assuming that there needs to be more regulation, but they are asking questions about what is the regulatory framework. So I would urge everybody to take a look at the Offcom consultation, because it is a very interesting approach.

Second, standards. Jari is the Chair of the IETF. So a lot of these issues -- and there is assumption that this is only ICT‑driven. Not true. In fact, the IETF meeting in Toronto several weeks ago, there were people from BMW, ZEMENS, Ford Motor, other large industrial companies that are there because they are working within the IETF on these types of standards. So I would frankly urge that, frankly, this is I think the place to be looking at ‑‑ it doesn't have to be a single standard. We are talking about interoperability and we are talking about if there are questions about security. There are work groups looking at security.

So I think that this -- the IETF has proven over the years much more effective than the traditional standard bodies coming up with standards in the Internet Protocol world. Remember ISDN took 17 years and then when they finished the standard, nobody wanted it. And they still said, ISDN stood for, I still don't know. That is not a very effective approach. So again, an ad for the great work that you and the ITF does, Jari.

Third, devices and devices and spectrum. What we are seeing as the world of machine‑to‑machine and Internet of Things and ultimately the Internet of Everything once you do the analytics grows, we are seeing a very wide diverse, heterogenous group of devices. Some of those devices will have no compute power. Others will have a lot of compute power. Some are going to have to communicate over very short distances, like the Proteus pill you swallow that does one thing and one thing only and this is a very concrete example of consumer benefit, which is, one of the problems that older people have is they forget to take their medications. And this actually results in having to go to hospital. All the Proteus pill does is say, hello, I'm here, when you digest it.

And it talks to a patch you attach to your stomach and that talks to your Smartphone or Wi‑Fi router or whatever. Right? As a result of that, if it doesn't call home, your health provider, whether a nurse, doctor or granddaughter, can say, grandma, did you take your pill? This is sitting lives at very, very low cost. And avoiding very high cost trips to the emergency room. But that pill only has to communicate over several inches.

On the other hand, if you're looking at traffic monitoring, it may have to communicate ‑‑ and that is very narrow band. It's bursty. It chirps. There are other device that will be broadband and continuous over long distances. So we have a very heterogeneous group of devices. Some are going to be short and some long distance in terms of communicating. Some are going to be broadband and some are narrowband and some will be bursty and some continuous, and therefore we need a heterogeneous basket of spectrum to meet the specific needs of this heterogeneous collection of diverse devices. One size won't fit all.

And this is where, Jari, as you point out, unlicensed, especially over the short distances actually is very, very effective. And so I think we need to think about it in a different way and that is where I would again urge people to look at the Offcom consultation.

>> MODERATOR: Thank you.

>> AUDIENCE MEMBER: Thank you, Robert. Thank you, Rudolph. Like Vint Cerf said yesterday, Internet is not one thing. It is a net of networks. Internet of Things is not different. It's part of that. It's just a reminder to us how things are changing.

And I think from that perspective, there is a very good place here at the Internet Governance Forum to be discussing global levels with multiple stakeholders. This network is not going to happen by one stakeholder alone. This needs cooperation. So therefore, the realization is we want two things.

One is to get all the benefits that it promises, that we need in this world, to stay sustainable a little bit longer. At the same time, we don't want to end up in a world that is really watching us like limiting us in our freedoms. And how much we like and are willing to accept in a global setting, is not what I can think of as a Dutchman. It's not what can you think of as a Chinese or American. We need to create some space in which to benefit from this without ending in this dead alley.

So one of the mechanisms the Internet Governance forum has is the Dynamic Coalition for this. We will meet at room I1. Room 1 or workshop room 3 or 1. Whatever. The first room when you get down. Intent is to come together with ideas of what actions should be taken on global governance level. You are very much invited to that. Very much appreciate the introductions.

Many of us will have ‑‑ we heard many of these things before, let's get it clear and let's make sure that we can move forward with this.

>> MODERATOR: And then we do a reaction from the panel.

>> AUDIENCE MEMBER: Thank you very much. This a great panel. This is the -- from IRP. I want to go back to the security question, because I don't think it was really answered at all and the fact that only one person boldly tried to answer it, tells me that it hasn't been really ‑‑ maybe it's been talked about but not really addressed. And the reason why I'm saying is it also realities to privacy. It's not about just Governments talking about how the data is being used but also this Internet of Things, as much as promising as they are, it is a huge security risk. It's the weakest link in the technology ecosystem. And trust is not going to be established until that security issue has been addressed.

I'm sure you guys all have security teams behind you. But I would like to know a little bit more about what is being done about this because when hackers are hacking, IOT is the easiest thing to hack. I do not wear anything accept my cell phone, which is also a security risk, because of that. Thank you.

>> MODERATOR: So we are getting close to the end so we like to ask all panelists to give a reaction to the last three and then I'm sorry, we are up for time. Please, Pablo, I saw you angling.

>> P. MARQUEZ: Thank you very much. The last couple of questions were very, very interesting and the first one, to Mr. Pepper. When we speak about regulation, basically it is not necessarily to impose more regulations but to remove regulations.

And what we have seen in the Internet of Things in communications is the opposite. Is there is too many regulation that is give a leverage to operators in order to squeeze and do all sorts of practices that they do not allow other market participants to get into these ‑‑ developed new applications for the Internet of Things.

So basically, what we are doing in Columbia is the opposite. We are trying to remove regulations in order to open more the market or participation market. And one of those includes the allowance of numbering to third parties. Not just to operators. So, that means that you don't need a license as an operator in order to start using for example, SIM cards, in certain devices that you want to provide to the market. Those are in consultation that we are just starting to proceed with.

And regarding the issue of security, of course there is a lot of risks on everything that reacquires Internet and the data on the transfer of data and personal data. I don't know if you know the example of the first ‑‑ the first device that was used for the hart that was connected to BlueTooth, if I'm not wrong, was Dick Cheney's. And I think they removed the BlueTooth because of course there was a risk.

But every single technology has a risk. Not only ICTs and in the development of cybersecurity, it is improving so much and the OCD has done a very interesting job in determining several recommendations regarding cybersecurity, that I think is not an issue that we -- or that regulators, Governments and even private parties have just not got. It is running next to the use of telecommunications and the issue of privacy as well is very important.

I'm a very sophisticated user and I'm connected to everything. I have like several phones and my cell phone sends text message to my wife every time I ride home telling her I'm home. So, that's very useful just in case. And it depends ‑‑

(Laughs)

This is Columbia as well. So that is important.

(Laughs)

But there are a lot of very good uses to technology. It's not a matter of being afraid of the use of the data and who is using the data. It's just a matter of knowing what rights you have over my data and of course there are risks as in every single technology that you use. But, sometimes the benefits are way over the costs of the risks of using ICTs.

>> MODERATOR: panelists who want to make a statement, we are on time now so it short but we would like to get your opinions please.

>> K. YUSOF: This is going to be short. Security is just so huge. I mean, if you go out to the macro scale, will you go through surveillance and if you go into microscale, it is like the BlueTooth on the pacer.

So, it's more of a question rather than a statement because as has been shared, a lot of security groups like analyzing independently devices. Those independently monitoring what kind of information coming out from Internet devices. So, more of the question here is that there is a demand for it and there is people doing this, but how do we ensure that this security research is enough of it is being done? And I don't know the answer to this supply and demand side of this need.

>> J. ARKKO: So I also wanted to address the security question on this. It is really important and it is to say that we all take it very, very seriously and working hard on that around the Dutch organisations and policy organisations.

There is really no one security for IOT just like there is not one for the Internet. It's multiple different problems so say some public service facility that produces information like what the weather is like around the country or where the traffic jams. There you are very interested in availability and no one can tamper with the information or permit access to it.

I read research last week about security in traffic lights and it was very depressing, really, default passwords all over the place and it is horrible. And that probably explains why I always get in traffic jams because somebody probably hacked it and is given priority.

So that is a different case. A user who wants to use some device and place the data that is coming from the device somewhere, you want to limit the access to information to others like random bystanders, and you can do that with encrypted technologies. We also want to have a facility that maybe you want to switch the place where you send the information. I don't like this provider in that other country anymore. I want to switch to something else or my own server or ‑‑ that is very important.

A third class of things is -- or fourth, is tracking, technical level there are some identifiers at the lower parts of the stack that can be used to identify you. You walk around with whatever the things you have and those identifiers may be used to track you. That is a bad thing. Some technologies don't have that issue and the rest are working on resolving it. So many different questions and those are all being worked on. But it say really hard problem too.

>> J. LEE: Mentioning about the security, I think how can we implement some security in all of the technology, for the IOT services? Sometimes as someone mentioned, the thing how do you not the security to that dummy things? So I think for the security issues, we need to attack many of the levels from the device to the services.

So, I think the total solution for that is about the IOT service management system. Think about our current mobile or ISPs. They provide the ‑‑ every ISP has a centere that handles all of the sustainability of the service and also some security of the services and also their devices and the basic stage and things like that.

So I think in order to provide the IOT services that should be sustainable and the reliable and to be trusted, I think for example, at home, we may need some of the home management system that hinders the security and also the ‑‑ handles the security and sustainability at the same time.

For example, let's assume to save energy in this room, maybe we still have some sepsors here, but sometimes the sensors maybe out of battery or something is out of the order. Then, how can we trust this service if some sensor is out of order? Who will change the sensors? So we need the management system for the reliable secure services for the IOT services. So, that is the one thing that we can attack for the security ‑‑ secure services.

>> C. CONTINI: Being an ISP, I can tell you that the security issue is not going to be solved once and for all. It will be a long journal they goes along with the commercial development of IOT solutions. So what I expect is that both the security actions and the learning curve of the supply side will develop along with the success and the evolution or the macro evolution or the different IOT solutions.

The pace of development of IOT solutions will go or will be strictly correlated with the development of security and trust building of trust, among the solutions.

>> MODERATOR: Thank you. That brings us to the end of this session. I want to thank our co‑organisers of this session. The Korean Government, the Columbian TeleCom regulator and TeleCom Italia, who have helped organise this and bring this together and come up with a great programme. I want to thank you all for your participation and your attention. I want to thank the speakers for their great insights.

Just as a last small promotion the OECD is holding a Open Forum this afternoon on Internet Governance and the economic policies that are necessary for that. So you're all very much invited to come to our Open Forum, and in general, keep in touch with us because in the coming half year, we will be publishing a lot on the Internet of Things. Thank you.

(Applause)

* * * * *