The Future of IoT : Toward More Secure and Human-Centered Devices

 

Co - organizer

  • Afi Edoh, E-Hub, Africa.
  • Juliana Harsianti, Global Voices, APAC

2.   Associated Programme Theme(s): Cyber Security, Internet of Things, Data Governance

3. Description

In 2016, the most prominent cyberattack on public record happened because of vulnerabilities in over 600,000 small, innocuous devices connected to the Internet. By harnessing the collective power of devices such as home routers and thermostats, cyber criminals were able to cripple major websites/systems such as power grid systems. This demonstration showed, without a doubt, that the security of the Internet of Things is a major concern.

From the consumer perspective, joint research between Internet Society and Consumers International has revealed some consumer attitudes toward the Internet of Things. A high number of respondents felt that privacy and security standards should be assured by regulators (88%), followed by manufacturers (81%) and championed by retailers (80%). Also, a high number of people (75%) distrust the way data is shared. Consumers are also thinking about the need for more formal regulation in the market. It is likely that this demand will grow as information about the risks associated with connected products becomes more widespread.

Starting from those concerns, this session will identify the security challenges throughout the complete process of IoT service delivery – from the infrastructure to the application layer. Speakers from different stakeholder groups s will discuss the solutions and challenges from their perspectives and the complexities of maintaining security when considering the different private actors involved in producing, operating and using IoT devices and onto the rights, roles and responsibilities of consumers and regulators in using and overseeing such devices. The panel will address case studies (e.g., the Dyn IoT DDoS attack) to demonstrate known and emerging security challenges., These include vulnerabilities with device software, protocols for securing devices, updating hardware and software, data aggregation, utilizing standards and best practices to securely register and manage devices. The panel will also share their policy views regarding providing security for the consumer, the data and the IoT devices themselves, to achieve the better IoT in the future.

 

4. Agenda

A. Introduction and session overview by moderator, some rules for Q&A, panelist introduction

B. Panelist presentation

Round 1 :  General view on I oT, cybersecurity and problems on around IoT Security (40 minutes)

Round 2 : The good practice to protecting your personal data (80 minutes)

C. Q&A on site plus remote participation: 

D. Conclusion remarks session by

·        speaker on each round

·        the moderator

5. Policy Questions 

A. General view on I oT and Cybersecurity:

  1. What should consumers know about IoT security? What should manufacturers communicate at a minimum and what should governments mandate?
  2. Which challenges are consumers facing, and how can policymakers steer the marketplace in the right direction to address them?

B. I.o.T security issue

  1. Which IoT security initiatives or standards can improve the security of the IoT ecosystem in a meaningful way and at scale?
  2. Which security challenges are unique to IoT and how can they be addressed?

C. Good practices to protect personal data

  1. Who should shoulder which responsibilities (consumers vs. manufacturers vs. government)?
  2. How long should IoT devices receive security support? What should be the responsibilities of consumers and manufacturers in maintaining the (security) hygiene of their devices?
  3. What are the processes undertaken for governments to request data, and to what extent can these processes be made open and transparent?

6.     Chair(s) and/or Moderator(s)

  • On site moderator : Solana Larsen, Mozilla Foundation
  • Online moderator : Juliana Harsianti, Global Voices, MAG Member
  • Rapporteur : Afi Edoh, E-Hub, MAG Member

7.     Panelists/Speakers

Round 1 :

  • Benedikt Abendroth, Microsoft, Senior Security Program Manager
  • Walid Al Saqaf, Senior Lecturer - Soderton University and Board of Trustee - ISOC

Round 2 :

  • Lily Botsyoe, GCNet/GYIGF, Ghana.
  • Wahyudi Djafar, Research Director - ELSAM, Indonesia
  • Marit Hansen, Chief of Independent Centre for Data Protection, Germany
  • Michael Ilishebo, Data Forensic - Zambia Police Service.

8.     Plan for in-room participant engagement/interaction

Format: Panel discussion

Duration: 120 minutes.

The session will allow lively interaction with panelists, the audience will be able to ask and comment after each panelist presentation. Offline and online moderator respectively will engage with the audience and encourage them to ask questions, as well as managing the flow of the discussion. 

9.     Remote moderator/Plan for online interaction

This session relies on the online participation due there is possibility some  stakeholders couldn’t be able come in person to Berlin. Online participation will make sure the main session have widely participant in order to achieve discussion with diverse audience and geographic location

  • Zoom platform/IGF Platform
  • Live Tweet with certain hashtags, display on the screen.

10.   Desired results

  • To create/to plan a common denominator for robust communication and data standards that work together and provide real world benefits.
  • On demand by the consumer, companies should explore how to deliver assurances to consumers that their devices and services are helpful and useful without crossing the line into crepiness. At this level, company along with another stakeholder could help to build trust in connected devices among consumers.
  • The IoT will require new laws along with significant and ongoing changes to our social mores and to explore the more human centered IoT
1. Key Policy Questions and Expectations

During this main session, we will be discussing the following policy questions:

- What is the general view on IoT and Cybersecurity?

- What are the  IoT security issues?

- What are the good practices to protect your personal data?

We are expecting from this main session to:

-          Create a common denominator for robust communication and data standards that work together and provide real world benefits.   

-          Advice technical companies on how to build  trust in connected devices among consumers by providing the consumers the assurances that their devices and services are helpful and useful without crossing the line into crepiness.

-          Discuss the new laws that could be put in place to build more human centered IoT which will be more useful, secure and safe for everyone.

2. Summary of Issues Discussed

During the discussion, there was a diversity of opinions on who should insure that IoT devices are secure and how consumers could protect their privacy in this digital world. Most of the speakers agreed that the regulators (government), the manufacturers, and the retailers must work together to insure that consumers to privacy, online and offline freedom are been taking in consideration.

And even though the challenges faced but each country around the world in term of digital  innovation, most of them are related to: regulation,  infrastructure, human resource, the guarantee of privacy and data protection.

To create a more secure and human centered IoT devices , we (consumers) must all be awarded of our digital rights  and what are the personal information we would like to share with everyone thus if you do not want the information out there, you do not put it there because you actually put it into the hands of potential hackers and  the risk of being prone to attacks is high. And internet never forgets.

Internet or technology must be seen as a tool and not just a space, therefore , do not connect your devices unless you need to.

 

3. Policy Recommendations or Suggestions for the Way Forward

Some of the recommendation are:

While talking about IoT, the discussion must not focus online  in one direction as IoT devices are manufactured for divers users.

Manufacturers  more broadly should think about the risk that users of their devices are facing and in what environment do they operate in?

Regulations on IoT must progress according to the innovation in IoT is progression, meaning regulation and innovation must go together, we can not put in place laws and regulations for innovation that does not exist and we can not innovate without putting rules and regulations to insure a proper development.

It is important that all of us (government, private sector, civil society, technical community) hold each other in check.

4. Other Initiatives Addressing the Session Issues

During the session, these different projects have been mentioned:

Smart city project in Indonesia: that is meant for  traffic management, pollution control and criminal prevention.

Consumer awareness project in Ghana: when the public has been educated on Internet in general with a special focus on IoT devices and their security  

Mozilla Internet Health Report, is a rapport that combines research and stories in publications that explore what it means for the internet to be healthy (decentralization, privacy and security, openness, web literacy, and digital inclusion)

The future of IoT: Privacy and data protection (Germany) with focus on security, privacy and  surveillance.

5. Making Progress for Tackled Issues

In the issue on how progress might be made in the issue of  IoT devices security, we came to the conclusion that every party must be involved in the process of IoT security, from the regulators, to the business party going through the end users and the technical community,  they must all work together for a better future of IoT devices. Yes, IGF ecosystem  is already doing that but we will have to do to get to where the Multistakeholder process will become the basic way to solution problem in this new digital age.

6. Estimated Participation

Onsite participants: 100 and +

online participants: 300

40% of the participants both online and offline are women

7. Reflection to Gender Issues

The session mentioned women as parties who has more vulnerability in unsafe IoT, both on data governance and the product itself. And as one of the most vulnerable party, it said that women must be involved in the issues related to IoT devices to offer their perspective on certain biases that may come with the design of IoT devices