This is now a legacy site and could be not up to date. Please move to the new IGF Website at https://www.intgovforum.org

You are here

IGF 2020 – Day 10 – WS325 Internet of Things: Trust, Trick or Threats?

The following are the outputs of the real-time captioning taken during the virtual Fifteenth Annual Meeting of the Internet Governance Forum (IGF), from 2 to 17 November 2020. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 

***

 

 

>> Welcome to everyone.  This is our little panel on IoT.  We have a very interesting proposal, proposition that maybe you were not seeing around much.  We'll talk about IoT in the home environment.  You may be asking yourself what's different about that.  You know, whenever I think about the IoT, the first thank that comes to mind are those Articles about the future of automatic cars, about degradation, all of that, that's in the headline, but it often should be reflected this is valuable, IoT, for the end user as well.  Valuable and a little bit dangerous.  That's exactly where the title of the panel comes from, Halloween is still around, we're in that wood, we'll talk about the different ways in which this technology can influence lives of people and from different angles.  We have people who are researching this, in the industry, we'll carry out several different discussions about it.

Just to frame things a little bit, I'm Mark Datysgeld.  I own a small consultancy in Brazil, Governance Primer, I work with clients in the Global South that want to participate in standard such as this one and helps set standards for technology.  I remember my first big contact with this subject was in 2016.  Some you have may remember, some of you may not, it is what's known today as the 2016Dyn cyber attack.  That was the first time that the subject really popped in my head.  It hit very hard, Dyn, which is ‑‑ it operates some of the worst DNS.  That was perpetuated by a botnet and that botnet, it was interesting, it made use of data driven home appliances like baby monitors, internal cameras, very simple day‑to‑day things that you wouldn't think as big threat factor, but since they had standard passwords, since they had those things that simply were default settings, didn't apply any particular security setting, they could be instrumentalized to attack a DNS provider which is pretty bad because that took offline a lot of websites such as GitHub, Amazon, Airbnb just off the internet due to the action of one botnet and all of it originating from the home environment.  It is a lot of printer, baby monitors just attacking this very key resource of the internet.  It was concerning to me.  I'm like, okay, this is a subject for the future.  I think this is exactly ‑‑ an example of what we see on the side of the threat.

I would like to talk to my panelists today, it is an honor to have you all here, a lot of good people from a variety of backgrounds.  I'll get started with Savyo.  Savyo Vinicius de Morais, he is a researcher who specializes in this produce lots of interesting outputs and he's involved in the ICANN community and developing solutions for working with that protocol.

What do you think are the origins of the problem, exactly how this goes if you could.

>> SAVYO VINICIUS DE MORAIS: Thank you very much, hello, everyone.

I think the root source of this type of problem starts with the designing of the device.  There is a lot of on the shelf IoT devices with some types of design flaw that can lead us to security problems such as authorizing the IoT levels which led us to this type of botnet infections and other situations that starts in a simple point that sometimes the manufacturer set as coded on the source board of IoT devices and the full user name and bass words and the user cans change it or the users with easy guessable passwords by the end users which enables the unauthorized access.  Not only be botnets are the problem of these access, some are with access protocol.  Also they can lead us to some kinds of physical harm.  If you think in cases like a telecommunication connected thermostat being controlled by a hacker organization, they can set fire to a house or someone controlling the autonomies device creating an accident.

Not only these problems, but going to the privacy issues, there are a lot of cases of IT devices communication and this enables that everyone can see that network and has a life data source of accessible information since if you can see that, you confirm that information and in times of data protection, GDPR, the initiatives, I think we should take a look on it so.

When I think of this exact problem, it can be solved by updating firmware, but it is also a problem because the manufacturer, the manufacturer cannot just update the firmware and the end users, they hey not update the firmware and in the case of automatic update points you have to pay attention on it because a hacker can create a false firmware and expose the vulnerability on the firmware update systems.  When we think about this, I think one of them, it was an important point, to prevent this type of fraud, it is focusing in on having regulation of the certification of the devices and another point of view, to remediate the ongoing threats and maybe focus on summarizing ‑‑ standardizing network solutions to prevent these type of attacks.

Thank you.

>> MARK DATYSGELD: That's very something, Savyo.  When you mention controlling a thermostat to attack a home, even a corporation, that's very interesting in the worst way possible.  We transcend just this digital layer and we start to talk about physical damage which is again something that I think is being overlooked.  It is really good to get the perspective.  I think somebody who would maybe talk about what's happening when it is in the person's home, when that threat factor is actually there, it is Martha, head of operations at Zlitch Technologies and is with the international bridge group in Ghana.  Martha, it would be really good to know from you what happens when that is in a person's home, what's going on there, how do we deal with that once it made it out of the facilitatory?  What's going on there.

>> MARTHA TEYE: Yeah.  Thank you, Mark.

Just as Savyo said, the designing is really sometimes ‑‑ most of the time, it is the root cause and privacy and security is among significant challenges of the Internet of Things now.  Such things like device updates, lack of sufficient, security protocols, user unawareness that people usually do not really know what to do when it comes to managing their devices, those are some challenges that the youth is facing.  Because the IoT introduces the connective concept where different people, different organizations, they can communicate with each other effortlessly, that poses so much of a challenge.  That poses so much risk especially on the grounds where people actually are using these devices, they have to go through the challenge of having to secure passwords as Savyo mentioned, but realize that many of the devices of the Internet of Things are designed for deployment on a massive scale. 

Because of this, the comprise of nearly identical appliances, similar characteristics, so this characteristics, amplified a magnitude of any vulnerability because anyone can connect at any point in time and similarly, many decisions have come up with guides for risk assessment, conduction, even within your homes, within your individual space that was conducted in the risk assessments to be sure of your exposing your information, exposing your privacy to.

Let's say when it comes to authentication, IoT faces various vulnerabilities and that remains one of the most significant issues in security in many applications.  What we usually see, it is limited to how it protects just basically one area, the denial of service attacks and the replay attacks.  Information security, it is one of the most significant, vulnerable areas in authentication of IoT devices.  Because now it is embraced in almost every phase of life, for instance, in every home people try as much as possible to keep up with IoT devices because that's the trend, to realize that this risk keeps increasing and if nothing is done, people would be subject to privacy to the general public because the manufacturers, they're finding ways to protect the system and I guess I'm also always trying to find ways to bypass them to be able to get access to information.

If we take, for instance, the contact lists, credit cards which we use, realize that these cards are capable of allowing card numbers and names, the details of the cards, they're entered in, in this case, no authentication is done, and it makes it possible for hackers to be able to purchase and goods by banks using the cardholders' identity without authenticating if that's the real user because you just have access to part of the information.  These are some of the bridges and the design issues we see usually in the use of the IoT devices especially homes and institutions where they're used.

>> MARK DATYSGELD: That's pretty interesting, Martha, when you say something like lack of efficiency protocols and so son, it just ‑‑ it gives me a little worry about how the protocols are, what is the standards.  I think you're not very happy with that, you're not exactly very confident, is that so?

>> MARTHA TEYE: Yeah.  So you always see, even though there are protocols, guiding the use of the IoT devices in terms of guiding people, going through the price procedures, securing data, we usually see that people are unaware of these protocols, especially and people who are supposed to make sure that their passwords are not exposed, people are to make sure that the systems are secured, they purchase the devices outside of the manufacturing and the scope within homes, there is unawareness, creating a huge problem which leads to these issues and attacks and stuff like that.

>> MARK DATYSGELD: I would say that's sounding concerning and I think that we may have somebody that may have something else to say about that.  We are discussing here the manufacturing, the problems that's actually in the home, and our panelist, the senior researcher of IoT in cyber physical systems of Erickson, Finland, and also works in AI distribution and the devices for IoT, he can say a little bit more about what's going on in terms of the protocols and how exactly you can get together what Savyo is saying, Martha is saying, Edgar, how do we move this forward?  What's going on?  What do you suggest?

>> EDGAR RAMOS: First of all, there is two sides of the same coin.

On one hand, for example, Martha was talking about, that this kind of credential, different data that's coming from the devices, which is kind of accessible and it could be attack, they have tried to solve this by centralization of data and this means many device manufacturers, they're having the same Cloud systems or they're having ‑‑ hiring Cloud systems from public Cloud where they actually start to collect a lot of data and they went credentials, everything.  It is kind of in the same place, and then they have a very big infrastructure, specializing, protecting certain types of assets, like, for example, credit.

On the other hand, the other side of the coin, it is that this model is scalable up to certain point.    the more devices that start to exist, the more difficult it will become to be able to centralize everything.  You have this data, so by now, there is data produced by all IoT devices and then the question is, who is consuming that?  That's also the problem with privacy.  If all my data is being collected in certain ‑‑ who knows wherever the data centers are, which are having the Cloud systems, so what regulatory framework is applied to my data?  Is it so that anyone from all countries that have an order from the law to access my data can do it, is it that I have some protections even for being a citizen of certain country, but not if I'm not, and so on.

Then there is another perspective to that, it is the end user agreement.  If I'm a use, I want to agree with another company, well, this is the data that you use, this other data, there is no way you can take it and do anything with it, what happens?  Today what happens normally, it is that you cannot use the product.  Basically up buy a product, it says please do you accept everything, yes or no, and then if you say no, okay, sorry, then you cannot use the product and that is the situation today.

Finally, who wants that data, if my device is on ‑‑ it is my car, I'm driving it, my data, why should that data be shared to somebody else if I don't allow it or ‑‑ and then, again, if I have ‑‑ if I have already signed off that in order to use my car I have to be okay with that.  It is all this, you know, intertwined policies and agreements, something that I as a consumer will be fine with.  Maybe not.

Then the control that we have over these kinds of things on central level, it is very little.

When I was talking about the other side of the coin, it is can we actually bring down and try to recover, because if I have my own car, my own refrigerator, my own thermostat, can I adjust it for that particular device certain type of policies of what type of data is produced and where does it go.  Basically, what we're trying to do now, one of the main reasons for centralization, it has been AI and trying to bring intelligence to this device that can crunch big numbers, data, bringing you back some value, but then some of this, it could be on the device them self or even in systems which could be in our whole houses.  We could have our small server that could be put into a router which is the one that we cast on certain control over it and it could be a gateway manager, a policy of what things can be brought outside, what things can I control in keeping my own ecosystem, my system in my house, and then also what things I want to have direct control and maybe some of them I can even provide some certain guidance, and then manage it in some way.

All this brings a lot of issues which is related to fragmentation.  How you could actually make possible that if all the devices are difference, all of the platforms are differences, should we just come out with certain way to being enable to implement this distributed system, taking into account the heterogeneity of hardwares and platforms.  Another problem is the monetization of the business model, nothing will happen if somebody doesn't make money out of it.  Unfortunately, that's the reality.  That's where the tri is playing a role, we're trying to look at solutions that brings up market incentives so we can be a part of solving this problem and at the same time that we're doing a service to society, we're also let's say having a profit out of it.  The profit is so that we can continue with our RND so that we can produce better solutions and then also everyone gets benefit and the user, the customer will be happy with those options.

I think that pretty much brings speculative of the problem, not only the problem of security, but what happens with the data and with the process.

>> MARK DATYSGELD: Thank you.  I think that sheds a lot of light on what we're trying to discuss, especially when you talk about the dreaded terms of service.  What actually are we agreeing to when we click that big button.  I see a lot of activity on the chat.  I would like to take this opportunity to introduce or our very valued supporters, we have Jaewon from the AP region, she was my next generation a few years ago and now she's starting in her right much bigger than me, thank you for being here, Jaewon, we have Liz from Brazil helping us here, keeping us honest and keeping us on time.  Thank you for being here.

I would like to ask from you guys if there is any specific question right now that we should be tackling, that you gather from the chat or should we move on to round 2 or should we ask our audience to maybe post on the QA part, what do you think.

>> JAEWON SON:  Maybe go to round 2.

>> MARK DATYSGELD: Have a list of intervention, everyone, so we can keep track of what's going on.  I would ask the audience if you have any pointed questions for our discussion, put it on the Q & A board.  We're good on time and we should be able to discuss them.

The second round, I would bring something a little more in, I would like to know how do we bring all of this together.  So we made this introduction, I think we know what problem we're trying to tackle here, and I would like to ask Savyo to bring this perspective from something that I know he's involved with, he's ‑‑ he has been involved with the idea of having studied this so Savyo, how do we tackle this from that particular angle?

>> SAVYO VINICIUS DE MORAIS: I'm following some executions on reinforcing IoT security in the network level.  I can say that they are doing a huge ‑‑ playing a role ‑‑ sorry, playing a huge role in re‑enforcement of IoT security in the network level.  There are operational Working Group and other groups and I would like to share here on a most important standard that was released by IGF related to IoT security and that is the RFC number 85.20 that is the manufacturer user description or just ‑‑ what's important for security, because I enabled the device, enabled the reduction of the capacity of the IoT was being attacked or being used as an attack method and causing it ‑‑ to find ways to the manufacturer of the device, should the network manager, what are the expected network communication tracking off of the IoT devices.

There are skills that are building of a new working group at IGF to work in other more standards for IoT security, proving standards like these and others and for example in ICANN, I have contact with some operators just like from Netherlands and Canada, and they're working on, for example, home gateways frameworks which implement this mitigating of the botnets which are effecting the systems stability.

Academia is working on it.  I can cite some great works from the University of Sydney, others in the Netherlands and Sydney, Australia.  And as a Master's candidate, I'm also working on it, developing a security complement for centralizing and it gives a second reliant point and the point of security in which you are not only relying into the manufacturer description of the usage of the device but the security operation set or security specialists can analyze, for example, the files and find possible backdoors created by the manufacturer or if a new vulnerability is discovered, that is a communication, to exploit this vulnerability and to have the manufacturer make a firmware update and we can ‑‑ the security team can bring this into the mass networks using description of these related malicious activities and then I hope that next year I'm going to ‑‑ I'm going to submit it as a drafting, this is an extension issue, it is IN issue and it is exposure, the analyzed activity.

>> MARK DATYSGELD: That sound good.  As someone that's been part of the youth movement, has been in the past and have comfortably moved into post youth, it is really good to see young people in the arena, it is good to know that you're managing to get the work started.  And on a personal note, it makes me happy to see that.  It is something that's very needed it ties perfectly with what Martha discussed with us on the preparation for this panel, it is exactly what goes on to terms ‑‑ in terms of ‑‑ some things have been deployed, some things have not, and there are many devices out there, there are many devices that are yet to be produced and there are standards and how do we title this together, what are good practices for us to make sure that this is not going very bad very fast.

>> MARTHA TEYE: Thank you.  It is not an implemented rule, they may be compliant, the policies, they're defined locally, what are some things that we can do to make sure that we're adhering to the Best Practices that conforms with all privacy and laws and so first of all, I would want to take your indication serious, something that may have been overlooked, we need to rely on up to date encryption protocols that would help us encrypt end‑to‑end so that even if hackers managed to get access to your network or the penetration to the network, they're able to get information out of that, crypto, it is only as strong as it is implemented, if it is poorly implemented, with all of the protocols, they're non‑vulnerable, they will be more vulnerable in the future inasmuch as we take authentication seriously we make sure that we rely on updated encryption protocols and it also comes down to how strong these protocols are made.  Also, I would like to mention that aside taking authentication seriously, we need to also make sure that we change default passwords and credentials.  Many times, we purchase these devices, we bring them home and then we still go with default passwords that are easily guessed by hackers or any other person.  This advice may seem like common sense but it is real people out there, just going ahead, using supply default pathways.  We need to configure and make sure we change the passwords because this is something that in the industry we see a lot and also we need to look at the data which we're providing to this or putting into the IoT devices and we understand how the devices interacts with the data provided and also to be able to utilize that, to identify and analyze the activities which may happen and it is okay along the way.

We can say that we need to track and manage the devices well so it is a very good point to start with.  When we understand what exactly a device is connected to and then what they do, we will be able to tell and be able to keep up with all of them, even manually.  I would track and make sure that the devices are not being intruded and going into attacks or any of these ‑‑ finally, I want to say that we need to consider using a risk‑driven strategy and we have these IoT devices that comes and we require some cybersecurity and I would recommend that we use this strategy to set off and place priority on certain critical assessments in the IoT infrastructure and we look at them and value them and prioritize them and secure them accordingly and then we'll stay safe also.

Yeah.

>> MARK DATYSGELD: Thank you.

You said a magic phrase which is critical on IoT structure.  When I hear that, I'm immediately brought back to my little word of internet governance and ICANN, a critical source and asset.

Moving forward, I think we need to think even more on how the devices are working, not only how the network is work, so you're adding a little extra complexity to something that's already complex, we have a lot of problems with routers and the default passwords and that exploitation, and it looks like it is not getting any easier, which is why we would like to call on Edgar to help a little bit more on what can be accomplished in the other groups and what different postures can be taken around the industry for us to see light at the end of the tunnel.

>> EDUARDO BARASAL MORALES: Sure.  I would like to also bring even additional aspects that are beyond networking.

In connecting with what Martha has been saying, additionally engines, for example, we think that they are end‑to‑end, that's the end of the problems and then everything would be secure and then we have to ‑‑ we have the two places so what's the task, this end‑to‑end connection, it means that you have a relationship between the two entities.  How do you work where trust cannot be ensured in the sense that if I'm a car, I'm driving, then I go to the next traffic light, how do I trust that traffic light?  I have never seen it before, I have never seen a traffic light there previously, how do I start to communicate with that.

This mechanism of trust that we use today, they're starting to be evolving to be becoming something more Ad Hoc, something that you actually have to handle with policies instead of handling with rules which the rules is like if I find traffic, traffic light 1.3.4, then I do B.  If it is not that, then I don't do anything because I don't trust it.  You can't apply that kind of model any more.  Another problem that we're having, it is problems of discovery, how do I know that that traffic light exists, where do I start to look for it, how I can find what it does, and then when I finally want to know what it does, how do I know what that is, how do I know that a traffic light, that it is actually showing me the colors to know that I have to go forward or maybe it is just seconds, in so many seconds the traffic light will be lasting or if it is having a sound, whatever, whatever is the service that this traffic light is behaving.  I need the models on top of what it is being given.  Then I have to understand this in the same way, how the traffic light understands it.  If the traffic light thinks that red is a color and it is defined with certain patterns, I have to understand red as the same traffic light.  All of this mean, it means that we need standards when using this, same for distributing, we're talking about the decentralization, we may need federation, we may need ways to connect systems that iOS are not connected and they need to have connectivity not only from the physical layer perspective but also on higher layer, how you actually access those services, is it a API, using calls, whatever type of things that we're given and then if you're talking about criticality, there is an issue about latency, capacity, so do I actually have what I need.  Do I want, then my car sends a packet to the network to ask do I need to brake in this moment, because there is something detected in the lighter in front of myself‑driven car, but I want the car to be the one that takes that decision, so I break now, I don't wait for the whole latency to send the packet to the processing, so it comes back, yes, please, break as soon as possible.

We have these issues that need to be solved and it requires joint effort, it is not only the device manufacturer, not the network provider, it is not the application developer, it is everyone that's in the chain.

Therefore, we need beyond standards that we're having in internet governance and in IEEE, we need consortiums based in a specific group of use cases, for example, the automotive is one good example but there are quite many other example, for example, the critical processes with robot, then we have also maybe the consumer devices, we'll also have their own consortiums and then not only that, we think to go a little bit more horizontal and identify the specific things which are effecting to everyone and seeing how we can give tools that everybody can reuse so that we have a better way to solve this kind of more particular problems which are what we call verticals.

>> MARK DATYSGELD: Thank you so much.

I think what you did, it was on a broader manner, how do we look at the way that the network interacts with the devices and who takes control, who takes decisions and I think this kind of puts us in a seamless way to some of the things that have been raised in the chat or with attendees, in particular I would like to bring a question brought here by professor that tells us about data ownership, so he has the data ownership over problems in our daily life, any alternative, this is something that I think we have discussed a lot in our preparation, exactly where is the data, who owns the data, if they were to control it and I do think that the panel has something to say about that.  I know for a fact that you do.  I would like you to make maybe 1, 2 minute interventions on the subject because I know we have something to say about it.

>> EDGAR RAMOS: Data is interesting, you think that data, it is Harmonic, you can transfer from one place to another.  But the things, you can copy, you can keep it, then money, you don't copy, and then you give it, you lost it, that's it.  Data, it is different.

That means that we need mechanisms that could in a way mimic with what we do with money, if you give the data to somebody and that person can use it, that institution can use it, cannot have the chance to copy itself.  So there's been research done based on electric knowledges to do this and try to address specifically that problem, how can we do that the data is not applicable, if you're not given permission to do that.  I think it is very interesting research, it is going in a direction that will bring us there, so that you can pinpoint what's the owner of certain owner.  How is this generated, what level is the generation established?  We have another thing that has to be considered and it depends on policy, regulations and maybe your own preference.

>> MARK DATYSGELD: I know Martha may have something to say about that.  Want to intervene a little bit?

>> MARTHA TEYE: Yeah.  I do.

Just to add on to what's been said so far, when it comes to data ownership, the owner of the data, whoever is providing that data should have an opportunity to request or refuse how data is transferred outside to any collection without user action.  As it stands now, the manufacturers, the companies, they have access to the data no matter what, and even if they're not going to have access to the data, some way, somehow, data is told either locally or even on Cloud, so there should be some form of strict policy or laws binding so that the people have the right to either refuse the transfer of the data and then we can say indirectly, individuals are also having ownership of data other than third parties having ownership of the data.

>> MARK DATYSGELD: This ties well with another question that we have had, is there a rule on connection or unconnection to full‑ data home, that ties directly with that, right?  Exactly how it works with the fact that there will be data flowing between the device and the manufacturer.

Before moving on to the next question, which is really interesting, I would like to ask, Savyo, anything in particular to add to this one?  Should we move to the next question.

Perfect.

Are there thoughts on legacy IoT that's been up for years since the last update was provided.

On the matter of legacy IoT, it is something that I have researched a little bit, and I know for a fact that from the time that the device is planned to when the components are developed, when it is deployed, there is a huge life cycle, and then after that, there is the whole life cycle that goes into the person's home and then there's no policy there.  How do we work with that, everyone?  How exactly do we deal with this and we make sure that whatever comes forward, we have the legacy five years from now, what do we do with that?  I see that we're unmuted, he's fired up to answer this one!  I give it over to you.

>> EDGAR RAMOS: Yeah!  This is one of my passionate things in the sense, I believe in a sustainable world.  I believe we should be in a planet where the things shouldn't just be trashed because they cannot be updated.  I think there's a crash here between let's trying to make things sustainable, the most long‑living possible, and the other thing, let's bring new products, let's bring the new features as a new product so you have to buy again the same thing that you had but a little bit better, and then at the same time, we don't get ‑‑ do we force you to go to the upgrade?  I leave it ‑‑ I work in the industry.  I know how this thinking goes.

This should be more circular economy thinking, it is being brought to the industry and it is being brought to the industry.  It is starting to belong there, where we are now starting to generate products which are more generic, generic in the sense that they're more like platforms, they enable features and these features, they may be software features and they use artificial intelligence features or they use support from other parts, like, for example, new sensors, new type of data inputs which may be services given by websites, whatever, that maybe the previous generation didn't have and the only thing you have to do is a software upgrade and then getting new things in the data platform, a little bit, we can think about ‑‑ I like Android a lot.  It has brought a bit of that, not fully, I still ‑‑ still we have to buy a new phone if you have the latest Android, let's say device.

But you can actually have quite many updates and bring quite a lot of new value to your device.

Then my refrigerator, the car, until the end‑of‑life of that device gets, so, okay, you cannot have enough processing because the lithium battery can no longer be processed and there is certain reasons for that.  Then maybe you only need to change certain parts and then the device could continue going on.  I believe that's the future, that's how it should go, but everything is a market economy these day, now you have to find the incentive to make it happen.

>> MARK DATYSGELD: I find that rather insightful.

We really need to balance out things here.  It is not just being an activist, saying how do we do this, how do we balance the industry, how do we make sure, okay, let's make money, at the same time, let's make this responsible.  I think there is a very tricky balance there.  Savyo, I wonder if you have anything to add on top of that, you're the academic/industry/‑‑ you're there.  You're in the middle.  How does that go?

>> SAVYO VINICIUS DE MORAIS: Another point of view, it is legacy systems.  It is not quite so different from in computers, for example, so we still have cases, for example, of computers and companies and schools using Windows XP, which was ‑‑ which has now security updates a long, long time ago.  Still we're saying that it was a continuation, not that much user group, but we still have end users using it.  We just deal ‑‑ this is a problem we'll have to deal with dramatically in IoT because of the nature of the ecosystems and then thinking in countries, in development countries, who ‑‑ I think that will happen in this type of situation, it is that ‑‑ okay, we have a smartphone, I have ‑‑ I want to be able to buy and use my phone so I'll sell my one here and buy another and the life cycle will keep going and going and going from a different point of view, ongoing on the shelf IoT at least for the mass enjoyment systems, they're available on a website where you have to communicate to the website to use your IoT systems.  This can force us to change again.

It is not a big difference.  We have some different points to take in consideration in this type of thing.

Maybe we'll have maybe not that much problems because we'll have this type of communication with the device that's created by the vender.

>> MARK DATYSGELD: I find it fascinating we're moving to a point where we can actually start to have these conversations and hopefully we will.  I wonder if Martha has anything to say, I know that is something that's also very much in your heart.

>> MARTHA TEYE: I think to add to what's been said so far, an alternate way would just be to use gateways where you provide the data chain that you have, the sensors, trying to get or create all of the data and then use them.

This is an opportunity to have an optimized device and prevent failure in most cases.  So it would much more services at the end of the day and this would have to come with intelligence, including intelligence in that this is done to avoid any mishappens in the system.

>> MARK DATYSGELD: That sounds perfect.

A lot has been discussed here, exposed here.  For the benefit of the audience, in case anyone wants, I'll be posting my email on the chat, in case anyone wants to connect with any of the panelists to ask further questions or learn more about some of the technologies that we have discussed here, please reach out to me, I would be more than happy to connect you and bring this information to you as I think we're discussing some very valuable points here and time flies.  We have 3 minutes to go.  I would like to thank my panel, you have been wonderful!  I think this discussion has been well structured and we have brought very interesting points and it is so good to have everyone talking about such interesting things and I would leave a space for a small 30‑second consideration, 1 minute top consideration that you may have for us to close out the session.  You can also do some spam and advertise any project that you have.

I'll pull the trigger now, going straight to Savyo.

>> SAVYO VINICIUS DE MORAIS: Thank you.

The first thing, I would thank you for the invitation.

An interesting point to think about, this is not a future problem, this is an ongoing problem or not just a problem but a solution.  We have an ongoing problem.

Thank you.

>> MARK DATYSGELD: I would call from the floor our Rapporteur Jaewon, you have been watching so intently our discussion.

>> JAEWON SON:  Thank you to the panelist.  I have learned a lot today since I'm from a very non‑technical community.

Yesterday I was talking about exhausting computing and IoT can help environment and now we're talking about the threat.  It made me kind of think of everything.  For me, the users, they may not even know about these system, I really hope that this session may have brought more awareness toward the issues.  Just when you buy a cigarette, it says the warning about you may buy or something, but for the IoT devices, the one really says, when you buy it, you don't really know what's on it, right?  I think the company wouldn't really write about it, since they have to set it.  I thought of ways, that maybe there should be a policy, a law about the implementing a warning, maybe you have cyber attack, something, maybe it should be there.

 

Contact Information

United Nations
Secretariat of the Internet Governance Forum (IGF)

Villa Le Bocage
Palais des Nations,
CH-1211 Geneva 10
Switzerland

igf [at] un [dot] org
+41 (0) 229 173 411