THE INTERNET

OF THINGS
SHAPING OUR FUTURES

>>
[ CONTENTS ]
4 PREFACE

SECTION ONE – REALISING THE POTENTIAL

OF THE INTERNET OF THINGS

6 EXECUTIVE SUMMARY

7 TECHNOLOGY AND STANDARDS

8 A BRAVE NEW WORLD?
8 WHAT TYPE OF CONNECTIVITY WILL THE IOT USE?
9 THE NEED FOR A STANDARD
9 LOW COST AND LOW ENERGY CONNECTIVITY
9 WHAT TYPE OF STANDARD IS NEEDED?
10 HOW DO STANDARDS EVOLVE?
10 A ROLE FOR GOVERNMENT AND REGULATION?
11 THE ECONOMICS OF TECHNOLOGICAL CHANGE
11 THE IOT AS A PUBLIC GOOD
12 COORDINATED ACTION TO PROMOTE THE IOT AS
A GENERAL PURPOSE TECHNOLOGY

13 PRIVACY AND DATA PROTECTION

14 THE VALUE OF DATA FOR THE IOT
14 WHEN IS PRIVACY AN ISSUE?
14 THE IOT AND DATA PROTECTION LAW
15 HOW MUCH OF THE DATA PROCESSED THROUGH
THE IOT WILL BE PERSONAL DATA?
15 UK DATA PROTECTION LAW IS CURRENTLY HARD TO
INTERPRET AND SOME ARGUE THAT IT IS NOT
CONSISTENTLY ENFORCED
15 EUROPEAN DATA PROTECTION LAW IS EVOLVING
AND IS LIKELY TO BECOME STRICTER OVER TIME
16 LITIGATION RISKS AND SOCIAL COSTS OF PRIVATE
LAW CLAIMS: ‘STEER CLEAR OF EDGES’
17 MINIMISING RISK BY REDUCING DATA STORAGE
AND PROCESSING
17 TECHNOLOGICAL SOLUTIONS TO DATA PROTECTION
18 ADDRESSING DISTRUST: ENABLE INDIVIDUALS TO
CONTROL THEIR PERSONAL DATA
19 NEW APPROACHES TO TERMS AND CONDITIONS
FOR DATA USE

20 CONCLUSION: THE WAY FORWARD FOR THE

INTERNET OF THINGS
[ CONTENTS CONTINUED ]

SECTION TWO – SOCIETY, HUMAN AGENCY

AND THE INTERNET OF THINGS

22 TWO VISIONS OF THE IOT: MUNDANE AND USEFUL,

OR SOCIALLY TRANSFORMATIVE?
22 THE IOT AND THE ONTOLOGY OF TECHNOLOGY
23 SHOULD WE DISINVEST IN OUR CURRENT MODEL
OF PRIVACY?
24 A DARK SIDE TO TRANSFORMATIVE TECHNOLOGY:
CAN SOCIETY CHOOSE?
24 THE TIMETABLE OF THE IOT
24 TECHNOLOGY AFFECTS DEMOCRATIC RIGHTS
25 WILL THE IOT EMPOWER MACHINES AT THE EXPENSE
OF PEOPLE?
25 CONCLUSION – SOCIETY AND THE IOT

APPENDIX

27 WORKSHOP PARTICIPANTS
 ×
[ PREFACE ]
Following a cross-disciplinary Workshop held in Cambridge
in September 2014 this report captures the views of
experts in the technology based disciplines and the social
and human sciences on the emerging technology known
as The Internet of Things.

This report is one of a series organised under the auspices

of the Cambridge Public Policy Strategic Research Initiative.
The aim of the report is to explore the consequences of
a new technology which many believe has the potential
fundamentally to reshape business and social relationships.

Understanding how technologies impact on society

requires an analysis of the underlying science, but also
of the economics which will drive technological change.
In addition it requires an appreciation of the risks which
arise from new technologies and the way in which these
risks are likely to be received and managed through
regulation and law.

This report has been written by Simon Deakin, Charlotte

Sausman, Boni Sones and Carolyn Twigg, on behalf of the
Cambridge University Public Policy Strategic Research
Initiative. It draws on discussions which took place at
the workshop but represents the views of the authors
and not those of individual workshop participants.

July 2015

>>
4
[ SECTION ONE ]

REALISING THE POTENTIAL OF

THE INTERNET OF THINGS

>>
 ×
[ EXECUTIVE SUMMARY ]
The Internet of Things (IoT) is the name given to
emerging technologies based on advanced forms of
connectivity. This generally accepted definition is subject
to deeper scrutiny later in our report. These technologies
have the potential to benefit society and business by
improving the way in which resources are used. Well-
documented examples include the ability to make cities
more environmentally sustainable, safer and more
pleasant to live in. There is also the chance to broaden
the scope of healthcare services and to deliver them with
greater cost efficiency. Further benefits may be realised
through reducing the cost and time taken for everyday
transactions. But alongside the commercial benefits, the
IoT poses a clear risk to privacy and data security. If not
properly addressed, these risks will impede the take up of
the IoT and its claimed social benefits.

This report looks at the prospects for the IoT and at the
potential technological, economic and legal barriers to
its widespread adoption. It is based on background
research, interviews with technology professionals and a
workshop convened in September 2014 in the University
of Cambridge with a panel of experts from areas such as
the law, engineering, financial services and social sciences.

We analyse the IoT as a complex environment which

touches on technologies, standards, markets, laws and
ethics. The first section of our report is in two parts,
covering Technology and Standards and Privacy and
Data Protection.

>>
6
[ TECHNOLOGY AND STANDARDS ]
Here we look at the current state of the technologies which define the IoT
and analyse potential barriers to their wider use and dissemination.
Technological innovation is not sufficient to drive IoT: two other ingredients
are vital. One is the need for interoperability, for devices to operate together
seamlessly. This may be built upon widely accepted technical standards. Such
standards take time to emerge and may require firms to share essential
technology. This type of standard setting involves a delicate balance of
cooperation and competition. This is often the case in the technology sector
as companies come together to agree a set of governing standards and then
diverge to create a differentiated set of products. Examples of this include
Wi-Fi and Bluetooth. We weigh up arguments for and against the view that
a common or open standard will be needed for the IoT to develop. We also
explore the economics underlying the IoT and the role governments can play
in encouraging its transition to a general purpose technology. The second
essential ingredient is the business model: who puts the IoT system together
and how do they make money from it? This involves analysis of the ways in
which firms are likely to position themselves as the technology develops.

7
 [ TECHNOLOGY AND STANDARDS ]
A BRAVE NEW WORLD?
‘I use it and I’m fine, I am better off with it, all my
laptops are connected to one another, all my lights are
connected, there is a sound meter in my weather
station, I have nothing to hide, and I have nothing to
fear. I go to the cloud, I go to the device, it is constantly
19.5 degrees in my flat, and my fridge is full.’
This is an optimistic, consumer-eyed account from an early
adopter of the IoT who was happy to accept the inherent
compromise to privacy and autonomy at a personal or
societal level. In many ways, the technology already exists.
For example, a doorbell can be controlled from a mobile
device over a network. Information is transferred between
the doorbell, a camera and the mobile, and a password
can be used to allow entry. Consider the case of
technology embodied in a contained environment such
as an automotive braking system which could be used,
in the near future, as part of an automatic lane system.
Reference to the ‘internet’ in relation to the IoT is
slightly misleading. The internet is essentially an open
system in which users are linked through a network of
digital connections and interfaces governed by various
protocols. Existing technologies involving machine to
machine transmission, by contrast, are often closed
systems: if a smoke detector contains a sensor which
activates an alarm or water system, this information is
not transmitted via computer, and the system does not
run on an internet protocol. A fully internet-connected
system can include elements of both types. However, if
a system is to be described in terms of the IoT then four
elements must be present:
• Sensors which react to physical signals;
• Software in these sensors transmitting information;
8
• A network for this information to be transmitted
on; and
• A database and control system which receives
and processes this data, and sends a message
back out over the network to instruct the initial
device or another one that is networked.
Sensors are relatively simple and cheap and central
databases are not difficult to create. The problem is the
communications link. At present, there are debates
about which sort of wireless system will emerge as the
preferred option. Most agree it needs to be able to
provide the necessary area coverage at low cost. Many
ideas are currently in play.
WHAT TYPE OF CONNECTIVITY
WILL THE IOT USE?
Several distinct communications systems would be
needed to enable a fully functional IoT network. This
would include a local area network, sending signals
from embedded sensors to a nearby transmission hub
or possibly a mobile phone, and a system to upload
this data to the internet. Bluetooth, for example, is
available for the Local Area Network, but it will not
work over long distances. It might serve for applications
in the home or another contained environment but it
cannot provide a solution for a washing machine that
needs to send data back to the company which
manufactured it.
Bluetooth paired or coupled with Wi-Fi is one possible
approach in solving this dilemma. There are issues
though around how a device identifies which system
to transmit data on, or what would happen, for example,
if the Wi-Fi was turned off or lost connection when new
software was being downloaded by a manufacturer to a
device. In addition, security is important: the technology
must be robust enough to stop unauthorised human
users in the case of an attempted hacking or physical
theft. It must also be able to prevent other electronic
devices accessing or picking up data sent over a
system’s Wi-Fi connection when they were not the
intended recipients.
An important point to bear in mind here is that it is
predicted that only 20 per cent of the IoT will consist of
applications for consumer use as opposed to industrial
purposes.
 [ TECHNOLOGY AND STANDARDS ]
THE NEED FOR A STANDARD
At present there is no single, generally accepted set of
standards which would permit connectivity on the
scale, and at the cost, needed to make the IoT fully
functional. But there are emerging standards for
networks which operate at both the local and wider
levels, using for example Wi-Fi, 3G or 4G (although
these may turn out to be too costly), 6Lowpan and
CoAP. Companies such as ARM are making software
available to help developers design devices to operate
in this area.
LOW COST AND LOW ENERGY
CONNECTIVITY
Information being transmitted over an IoT network is
likely to be different to that sent over a mobile phone
network. A telephone call can involve transmitting fairly
complex data. In the case of IoT, the information may
be extremely simple and could be transmitted at any
time of day or night. This gives us options in which IoT
data can be moved around a network, helping ease
potential bandwidth issues and save cost. One idea
being considered as part of the current work on
standards is how a way can be found of using the
available radio spectrum. This would be an ultra-
efficient option.
9
In addition to cost, we also have to consider battery life
in IoT devices, especially those which are deeply
embedded, remote or difficult to access. However,
systems are being designed which can run on batteries
with a ten-year life or potentially be self-sustaining by
utilising energy ‘harvesting’ techniques. This
technology relies on the capture and storage of kinetic
energy produced by the device, or its surroundings to
re-charge the main battery. There may be other options
too where energy can be transmitted to a device
wirelessly. This is an interesting technology but there
are challenges because of the potential for energy theft
and the need to ensure safety.
WHAT TYPE OF STANDARD IS NEEDED?
Standards for a new technology do not always take the
same form. A standard might be proprietary, that is,
owned by a company and licensed to others to use, at
a cost to them. Or, a standard might be open, meaning
that other companies can use it to develop their
products to be compatible with this new standard.
Sometimes, the evolution of technological standards
presents companies with a dilemma. Firms which are
competing may decide not to cooperate on the
development of a common standard as it may confer
an advantage on a rival. This means companies are
likely to back the standards for which they own the
intellectual property rights (‘IPR’). In this scenario,
several standards for a technology might exist
simultaneously. It may be difficult to achieve
interoperability between these competing standards,
resulting in customers being channelled in to buying a
single company’s products.
A different outcome would be to follow the example of
how the internet has evolved, where there are various
firms competing to offer browsing, search and so on,
on the basis of a common basic set of protocols which
define how the internet works. In this way a common
set of standards works for all and allows companies
to differentiate their offerings while permitting
interoperability.
 [ TECHNOLOGY AND STANDARDS ]

HOW DO STANDARDS EVOLVE? A ROLE FOR GOVERNMENT

In the past, certain technologies have arrived at a AND REGULATION?
universal common standard by a process of selection
from several initially competing standards. This can
occur via regulation, through adoption by major
players in the market, or through large scale
procurement of technology designed to that particular
standard. One example of a universal common
standard technology is Bluetooth. This standard was
not imposed by government regulation or law, but it
came about because large firms (Ericsson and Nokia)
promoted it to the point where it became a low cost
option for consumers and other firms. In this case there
was a significant drive towards a common standard
If general standards do not simply emerge of their own
because Bluetooth enabled communication between
accord, should government intervene to impose or
devices, so different manufacturers had an incentive to
trigger a solution? This can take the form of regulation,
make their devices compatible with one another.
mandating a particular standard, or it can be done via
History shows that one proprietary standard can evolve procurement where the government ‘picks a winner’
for a variety of reasons driven by consumer preference. by backing a certain technology which then becomes
An example is the competition between Sony’s a generally-observed standard.
Betamax and the Video Home System format from JVC.
The problem here is that government is often less well
Betamax produced better resolution, sound and image
informed than industry users and can be subject to
than VHS. However, consumers opted for VHS on the
lobbying. Governments can also make mistakes: the
basis of the extra cost of a Betamax video cassette
UK’s recent smart meter programme has been criticised
recorder and its shorter recording time.
by some as a failure for locking in the wrong technology.
Some observers worry that the present climate for IoT
Also, national governments often struggle to achieve
development is overly concerned with proprietary
much on their own and they need to seek consensus, as
technology and focuses on coupling all the necessary
with global climate change deals. A coherent approach
standards together rather than ‘layering’. Layering is
to IoT needs to be international, given the need for large
fundamental in technologies such as the internet to
scale production of IoT devices to keep down costs.
enable a universal standard, because it allows applications
to be built on top of existing applications, and creates There are currently over one hundred bodies working
flexibility as well as compatibility, in a way that on trying to develop different standards linked to the
standards embedded in vertical chains of firms do not. IoT. Some are coalitions of companies. Others are
principally technical organisations like ETSI (European
Telecommunications Standards Institute) or the ITU
(International Telecommunication Union).

In practice virtually all organisations run the risk of

being subject to undue political influence by particular
outside interests. Thus the feasibility of this route to
standard-setting remains an open question.

It may be that one organisation or a combination of

them working together will emerge as offering the
leading set of standards. One view is that the ITU’s
Telecommunication Standardization Sector bodies,

10
 [ TECHNOLOGY AND STANDARDS ]
which assemble experts from around the world to
develop technical norms, could develop the necessary
set of standards. The ITU aims to set standards in ways
which to avoid market battles over preferred
technologies. It tries to help companies from emerging
markets create a level playing field which provides
access to new markets. The ITU’s Global Standards
Initiative on the Internet of Things attempts to promote
a unified approach for development of technical
standards for the IoT on a global scale.
THE ECONOMICS OF
TECHNOLOGICAL CHANGE
Economics tells us that a new application can take off
once it reaches the point of being a general purpose
technology (‘GPT’), which can be used for purposes
beyond those for which it was initially designed. A
century or so ago, electricity was the outstanding
example of this; today it is the internet. No longer
simply a mode of communication, the internet provides
for online services which have proved enormously
profitable for companies, redefined products and
transformed markets, as well as bringing benefits to
consumers and users. The technology itself did not
change to enable these services to be provided; the use
of the technology changed. The internet now allows
for free emailing, websites and cloud services,
alongside novel combinations of technologies such as
the use of GPS with internet mapping applications.
What are the comparable general purpose applications
of the IoT?
At present, the IoT is not comparable with the internet.
The IoT cannot yet produce the general purpose, free
use applications of the internet. We do not know what
business models might arise around the IoT, comparable
11
to those which have arisen around the internet, which
make internet access appear cheap or free to most
people.
But it is clear that IoT has the potential to realise a wide
range of social and commercial benefits. Once there
are clear payoffs, businesses will invest. In addition,
there is also a case for kick-starting public sector
investment on the grounds that cleaner cities and
better health outcomes, for example, entail wider social
benefits.
THE IOT AS A PUBLIC GOOD
Even then there are areas where firms may be unwilling
to make investments, because the gain from the IoT
may be in the nature of public benefit which will not
necessarily generate a return for the private sector.
Here, government can play a role by investing in cost-
saving technologies which will benefit public services.
When 30 per cent of cars are touring a town, searching
for a space to park, there are costs which are not
factored into commercial transactions. There is waste,
in terms of space used, pollution, health and
commuting time, which fall on the community.
Potential ways to improve public order, such as sensors
that react to disturbances, switch on street lights and
alert local patrol cars, are of benefit to citizens at large
rather to than private business. Analysis of data on a
community scale might allow local government to
improve services, such as rubbish bin collections which
could be timed for when bins are full. It is unlikely these
uses will generate enough commercial profit for
companies to invest in the necessary infrastructure. But
these uses are socially just as valuable and their
implementation is a matter for public policy.
 [ TECHNOLOGY AND STANDARDS ]

COORDINATED ACTION TO PROMOTE

THE IOT AS A GENERAL PURPOSE
TECHNOLOGY
The European Parliament’s resolution of 15 June 2010
referred to the IoT bringing ‘tremendous benefits for
EU citizens’, not simply for industry or business.

The way forward is to take coordinated action across

the public and private sectors. Economics will mostly
determine the take-up of the IoT and the rate at which
it transitions to becoming a GPT. But government can
play a positive role in triggering the cycle of change,
through procurement. It is widely expected the UK
Government will take action such as this in order to
position itself as a global leader in IoT development.
Technical bodies operating at arm’s length from politics
can also help overcome barriers to the emergence of
standards.

>>

12
 >>

[ PRIVACY AND DATA PROTECTION ]

The IoT is emerging at a moment when there is growing
concern around privacy and data security issues.

Some argue that the risks to privacy and security posed by

the IoT are being overstated. They argue that the IoT will
not bring significantly different risks from those we already
face with the internet. But part of the economic value of
the IoT to firms lies in the opportunities it provides for the
accumulation, analysis and commercialisation of data,
including personal data. If risks to personal privacy from
this process are not addressed, the take up of the technology
will be delayed by a combination of legal liabilities and
consumer distrust. The internet has facilitated intrusive
surveillance and the rise of malware and cybercrime. Will
the effects of the IoT be equally mixed?

13 >>
 [ PRIVACY AND DATA PROTECTION ]
THE VALUE OF DATA FOR THE IOT
The IoT could bring significant social benefits as well as
providing new opportunities for wealth creation.
However, it also carries significant risks in the use of
personal data. In some instances the value of an IoT
application is in the ability to commercialise the data
being collected. Personal data can be combined with
other data to create ‘big’ or ‘meta’ data, which would
be sold on for commercial use. There is a danger that
the IoT will generate business models dependent on
the erosion of privacy.
There are two possible negatives here for the IoT. One
relates to public opinion: if the IoT is associated with
an invasion of privacy and a loss of control of personal
data, it will face significant political and reputational
obstacles. The second concerns the framework of data
protection law: the harvesting of personal data is not
permitted by data protection laws of the kind which
operate in certain regions of the world, most notably
the European Union, and which have the potential to
impose legal and regulatory costs on firms wherever
they operate.
Possible answers to these dilemmas lie in a conjunction of
evolving regulation and technical change designed to
allow consumers and citizens to control their own data.
WHEN IS PRIVACY AN ISSUE?
If we define the IoT as an internal system, data
protection is not an issue: for example, a domestic
system, such as one in which sensors on the solar
panels transmit information to a home hub which
instructs a washing machine to start a wash cycle, does
not compromise privacy because data does not leave
the system and is controlled by the owner of the data
through an interface. Even if data were sent to a cloud
from the home hub, this is no different to how data is
stored today, so it is not an issue specific to the IoT.
Unless that data is sent to a company’s database, or
accessed by anyone other than the owner of that data,
data protection is not relevant. However, this case does
not exhaust all possible uses of the IoT.
14
THE IOT AND DATA PROTECTION LAW
Data protection law only applies to personal data. This
is data about an individual and from which that
individual can be identified. Data protection law applies
when this data is processed and controlled by someone
other than the data subject. A data controller is one
who makes decisions about how that data should be
processed, and for what purposes. Where personal
data is sent to and processed or controlled by another
agent, such as a company or a search engine (these
could be joint controllers), or transmitted on a wide
range, possibly accessible to others, there could be
breaches of data protection law.
An important component of the legal framework for
companies collecting personal data is obtaining consent
from the data subject. Consent can be given by the
data subject to a company to process data for a specific
purpose. In the UK, this consent can currently take the
form of agreeing to the terms and conditions set out
in a standard term contract. However, serious doubts
have been raised about the fairness of existing standard
terms, and the European Union is considering limiting
the scope for this form of consent by requiring that
agreement to the use of personal data be given
explicitly. The processing of sensitive personal data, for
example concerning medical records or political or
sexual orientation, already requires explicit consent
from the data subject.
In many contexts the commercial value of data can only
be fully unlocked once it is shared. If it remains in
separate silos and is not combined with other data, its
commercial value is reduced. One possible development
in the IoT will be to plug systems together, so they can
communicate when transferring data, and send all this
data to a cloud server. But once data is shared in this
way, data protection becomes more complex.
 [ PRIVACY AND DATA PROTECTION ]
HOW MUCH OF THE DATA PROCESSED
THROUGH THE IOT WILL BE PERSONAL
DATA?
A key issue is how much of the data collected by the
IoT can be connected to an individual. One view is that
the concern over misuse of personal data is
unwarranted because personal data would only form
a small subset of the data used in IoT applications. But
once the data collected is combined with other data, it
becomes easier to identify individuals. For example,
data on food purchases (fridge to supermarket system)
of an individual combined with the times of day they
leave the house (house sensors to alarm system) might
reveal their religion, which is defined as sensitive
personal data. The accumulation of personal data
through its transfer can result in sensitive data being
processed. Consent works together with the purpose
rule in data protection law: data must be processed
according to the purpose for which it was initially
provided. An individual may have given their consent
for personal data to be used for a specific purpose. If it
is then used for another purpose, a violation of data
protection law could result.
Another argument for thinking that the IoT can operate
largely free of legal constraint is that personal data can
be ‘anonymised’ and will remain in that state no matter
which organisation is holding it. However, anonymising
data amounts to processing it, and as such is subject
to data protection law. And secondly, once data is
anonymised, it is potentially accessible under the
Freedom of Information Act, and can be requested by
an organisation and matched with other data to make
it ‘personal’ again. It may also be difficult to prove that
the data held by a company is or is not anonymised:
for example if a company holds two separate datasets,
15
these could be combined, so any regulation permitting
anonymous data to be processed would be difficult to
enforce.
UK DATA PROTECTION LAW IS CURRENTLY
HARD TO INTERPRET AND SOME ARGUE
THAT IT IS NOT CONSISTENTLY ENFORCED
Enforcement of data protection law is mainly the
responsibility of the Information Commissioner’s Office
(ICO), which is tasked with upholding information
rights in the public interest, while promoting openness
by public bodies and data privacy for individuals. Critics
of the ICO, however, have argued that it does not place
equivalent emphasis on the two elements of its role: it
promotes information rights, but it does not enforce
its powers to uphold these.
Data protection law is formally strict but is not
uniformly enforced and is open to multiple
interpretations of how it should work in concrete
situations. Some commentators say that as it stands,
UK data protection law is engendering a culture of
non-compliance, leaving individuals at risk of serious
privacy breaches.
EUROPEAN DATA PROTECTION LAW IS
EVOLVING AND IS LIKELY TO BECOME
STRICTER OVER TIME
UK law is also subject to the evolving EU law on data
protection. In the Google Spain case (2014), the
European Court of Justice made three rulings of critical
importance for the future of data protection law:
• Even if the physical server of a company
processing data is located outside Europe, EU
rules apply to search engine operators if they
have a branch or a subsidiary in an EU member
state which promotes the selling of advertising
space offered by the search engine;
• Search engines are controllers of personal data.
Google can therefore not escape its
responsibilities before European law when
handling personal data by saying it is a search
engine; and
• Individuals have the right, under certain conditions,
to require search engines to remove links with
personal information about them – the right to
 [ PRIVACY AND DATA PROTECTION ]

be forgotten. This applies where the information LITIGATION RISKS AND SOCIAL COSTS
is inaccurate, inadequate, irrelevant or excessive OF PRIVATE LAW CLAIMS: ‘STEER CLEAR
for the purposes of the data processing. OF EDGES’
The European Commission has also proposed a
modernisation of data protection law, aimed at
improving the ability of individuals to control their own
data. Among other things, it would require individuals
to have effective access to their own data and a right
to move it from one service provider to another. The
Commission’s proposals also contemplate a significant
strengthening of administrative and judicial remedies
for breach of data protection law.

This suggests that European data protection law will

become more, not less, restrictive (or, depending on
the point of view, protective) over time. However, the
Commission also set out a number of principles for
making data protection effective which could aid the
emergence of technological solutions to the risks
arising from data processing:
• Reinforcing data security, by encouraging the use
of privacy-enhancing technologies (technologies
which protect the privacy of information by
minimizing the storage of personal data), privacy-
friendly default settings and privacy certification
schemes; and
• Introducing the ‘Privacy by Design’ principle to
make sure that data protection safeguards are
taken into account at the planning stage of
procedures and systems.
Companies may also be at significant risk in future from
claims in tort and contract for misuse of personal data.
For example, a company offering a sensor in a device
as part of a health-care agreement to act on the basis
of the data sent by that device might be found to be
assuming a duty of care in tort towards the user, even
where the user might have a contract with the
healthcare company rather than with the sensor or
software manufacturer. Although software companies
currently disclaim such liabilities, a disclaimer may not
work against a third party victim of harm.
A further element of uncertainty is created by the
complex nature of supply chains, which can give rise to
multiple liabilities. Many firms might be liable out of a
chain of companies involved in supplying IoT to a
consumer: the software company, the sensor device
manufacturer, the product manufacturer, the company
storing the data, and the network company
transmitting the data. A relatively small risk of litigation
could have a major impact on technological
development. If, for example, a health company uses
the IoT to monitor an individual’s heart and feeds back
information which is 99% accurate, this is a huge
improvement on no monitoring. But if the health
company is sued for the 1% of times the monitoring
device does not transmit correct data, the profitability
of its operation may be at risk. If a doctor’s misdiagnosis
is based on incorrect or lack of information provided
by the IoT, where in the chain does liability lie?

16
 [ PRIVACY AND DATA PROTECTION ]

It must be remembered, though, that many of these natural brake on the misuse of meta data. It also suggests
issues already arise in the context of product liability that there should be different standards of security and
claims arising from the manufacture of diagnostic protection for data stored at different levels. At the
equipment. The IoT, in itself, may bring nothing new to lowest level, that is, the level on which data was first
the story, and existing legal solutions may be able to collected for a specific purpose, general standards of
cope with any increase in claims as new technologies protection would apply, with stricter standards to be
are tried out and bed down. met before transfer to the next level is permitted.
Regulation and litigation in the domain of privacy have
TECHNOLOGICAL SOLUTIONS TO
often been responses to sensational events, and it is
DATA PROTECTION
hard to predict what may drive legal change in future.
Technology companies will tend to develop business
models which ‘steer clear of edges’ where the law is
unclear, in order to avoid potentially catastrophic
litigation risks. Companies also have an incentive to
develop systems providing for ever more vigilant
control of personal data, to stay one step ahead of
legal developments.

Wider social benefits of the IoT may also be at risk

because of legal uncertainty. In the medical area, an
ageing population creates a need for innovation and
cost effective solutions. If key legal issues of liability and
user consent are not clarified, potentially useful
applications of the IoT may be deterred.
MINIMISING RISK BY REDUCING DATA
STORAGE AND PROCESSING
Technology itself may provide solutions for data
protection, making concrete the principle of privacy by
design. For example, technology can provide the use of
substitute IDs, cryptographic protocols for storage and
for transmission, and other solutions to safeguard the
privacy of the user. Technology embedded in the data
subject’s devices could be used to enable or ensure
functional compliance with the legal framework. This
would help ensure that the technical processing of data
transferred by the IoT meets the requirements of the
law on data protection.

Legal compliance can be assisted by technology which

One way for companies to reduce risk with regard to
data storage is to maintain any data collection to the
minimum necessary for the purpose stated, and to
store data locally and erase it when possible. This
principle could extend to minimising any transfer of the
data to a third party. With inputs from millions of
sensors providing data, there will be large energy costs
to storing and transmitting data. This may provide a
minimises the data collected and stored by a device. A
camera that records images of car number plates in
order to monitor for congestion charging does not
need to retain all the data recorded. Technology in the
camera could include a list of the number plates of car
owners who have paid a congestion charge, and
through cross-referencing, the camera computer could
automatically and immediately erase this data and
retain and send on the data of number plates needed
for further investigation.
Technology can also be used to control the way data is
sent from a device at different times and for different

17
 [ PRIVACY AND DATA PROTECTION ]

reasons. For example, data relevant to a local ADDRESSING DISTRUST: ENABLE

environment, whether a residential setting or a local INDIVIDUALS TO CONTROL THEIR
district might not need to leave that environment. PERSONAL DATA
Technology can be developed to ensure that data is
used for the specific purpose for which it was
processed, and to enable data subjects to monitor the
use of their data.

One set of technological solutions involves the

reduction of bi-directional data: in other words, the
user of a mobile device could be informed of their
location by their device. There is no need for
information to be sent to a company, such as a search
engine company, and back to the user if this data can
be processed and analysed locally on a hand held, user-
operated, device. The technology within the device
would provide what is necessary to block the sending
of this data. At present, many of these functionalities Lack of trust over the use companies make of their
are not widely available. An obstacle is the energy cost personal data may be growing, as a result of the
of processing data and running applications locally. If publicity given to headline grabbing cases of disclosure,
the data is transmitted, and processed at a central or hacking.
terminal, this creates scale and lowers the technology
Companies need to consider methods of addressing
costs of analysing data and informing the devices.
consumer confidence in the IoT era. These critically
However, the risk of legal liability for a service provider
involve increasing the extent to which individuals have
might provide an incentive for developing lower cost
control over their personal data. A key aspect of control
technological solutions which reduce bi-directionality.
is knowledge and understanding. By producing
To take another example: a smart phone connecting to simplified and transparent terms and conditions, and
a home hub already has an internet path. By these ensuring privacy issues are salient, not hidden in small
means, the user is in control of the system and of any print, companies can begin to reach a point where
data sent over this system through the user-interface, consent is informed and meaningful.
which in this case is the smart phone. This is a case of
Informed consent might depend on many factors.
technology embedded in a device handing control of
Some would argue that the key issue is the use to
data to the data subject.
which the data is to be put: will my data be used to
An obstacle to such technologies is the lack of a user send me information about products and services in
interface. Some devices already operate via touch or which I might be interested based on what I have
gesture: a child’s toy that can be controlled by voice is already shown an interest in, or based on an inference
a current example. Due to the cost of energy, the data about my lifestyle? Or will data analysis go further and
this produces is transmitted to a control centre, often make predictions about my health etc? Will my data be
in a different country. As the IoT develops, user- shared with others with whom I have a relationship,
interfaces may become rarer, and less visible. The e.g. my employer, insurer, my child’s headteacher? How
invisibility of the machinery of the IoT, along with the can I be confident my data will remain anonymised?
invisibility of data control and the resulting commercial
Others focus on where the data might be sent: to
exploitation of data, means that technological solutions
whom will this data be provided and for what
are unlikely, on their own, to address privacy risks.
purpose? Can this data be transferred to a third party?
Technology can help but it is not the whole story.
How long can this data be stored? How do I know
whether my data has been given to a third party or

18
 [ PRIVACY AND DATA PROTECTION ]

not? What redress do I receive if the data has been
processed for a purpose not specified, or given to a
third party without consent?
A problem in providing simplified terms for consumers
is to find out which of these approaches makes most
sense to consumers, while allowing data to be used to
drive economic growth and to realise the wider societal
benefits of technological change.
NEW APPROACHES TO TERMS AND
CONDITIONS FOR DATA USE
In drawing up a new approach to terms and condition
(‘Ts and Cs’) it may helpful to distinguish between certain
key uses of data. There may be two broad use scenarios:
(i) Consumer as target: this is where the aim of
assembling and analysing data about a consumer
is to offer them additional products or services.
In some cases these offers will be directly linked
to an action a consumer has taken online, for
example, researching specific products or
entering into a specific contract. In some cases
it may be the result of drawing inferences, for
example, about a consumer’s lifestyle on the
basis of various sources of information.
(ii) Consumer as topic: this is where the primary aim
of analysing data is to generate a ‘conversation’
about the consumer.
This covers situations where, without the
consumer’s permission, health data is sent to an
insurer or employer, or financial data goes to a
mortgage company or employer. It also includes
particularly difficult situations where data is used
to make sensitive ‘predictions’ about a consumer’s
health, for example, or to categorise consumers
in ways they may not approve of.
(ii) Your contracting party or a third party will use
your data to inform you of other similar
products/services, and a variety of different
products/services based on an inference about
your life style.
(iii) Your contracting party or a third party will use
your data to generate a profile about you,
including predictions of situations in which you
might want to know about a variety of different
services.
(iv) Your contracting party or a third party will make
best efforts to keep your data anonymised so
that it can be used for a variety of marketing or
social policy analysis.
(v) Your contracting party or a third party will not
use your data for any other reason.
In future, options of this kind could form the basis for
obtaining consumers’ informed consent about data
usage.
Some argue that there is also a need for companies to
offer opt in and opt out clauses, including the option
to leave and delete all personal data held. Such exit or
data portability clauses might become necessary to
comply with new EU regulations. Portability would
need to work so that a user would have the right to
move their profile from a social networking site, for
example, and delete all personal data, while also being
able to interact with this site by sharing data on a
temporary basis from a new social networking site.
Some form of third party certification of best practice
in this area could help provide consumer confidence.
Some advocate a body funded by industry, with powers
of enforcement and redress, as the best way to take
this forward.

We think that consumers are likely to be much more

sensitive in general about (ii).

Taking these two scenarios together it is possible to

envisage a scale of explanations/options for data usage
as follows:
>>
(i) Your contracting party or a third party will use
your data related to this contract/contact to help
maintain your product/service.

19
[ CONCLUSION: THE WAY FORWARD FOR THE INTERNET OF THINGS ]

The IoT has the potential to transform society for the better. It also presents new
opportunities for businesses to emerge and prosper. Whether the IoT develops sooner
rather than later, and how far it promotes the public good, will not be determined by
the technology alone. Firms need to find ways to collaborate on protocols and
standards which will cut costs associated with the IoT. They should also be building
consumer trust around issues of privacy and security associated with the IoT.

But while there is much that business can do, the IoT affects people as citizens and
not simply as consumers. Thus there should be civil dialogue and debate around the
implications of the IoT. Government has a role in stimulating this debate and
encouraging firms and industry bodies to come up with solutions to privacy and
security issues. The legal system must ensure that privacy rights are respected but
should also encourage experimentation over terms and conditions for data use which
can help address public concerns.

An active and engaged civil society, an effective government which knows its limits but
can intervene effectively when needed, and a flexible legal system, are among the
conditions needed for the IoT to realise its full potential.

20
>>
[ SECTION TWO ]

SOCIETY, HUMAN AGENCY

AND THE INTERNET OF THINGS

>>
TWO VISIONS OF THE IOT:
MUNDANE AND USEFUL,
OR SOCIALLY TRANSFORMATIVE?
There are two visions of the emerging technology
known as the Internet of Things.
One is that it is a fairly mundane but useful solution to
everyday problems, such as the allocation of car
parking spaces, but with a restricted use of data which
would remain with the institution and on the level it is
first collected.
The other is of a much more wide-ranging and life
changing technology which might also involve the
sharing of data on a huge scale. This second vision of
the IoT as a transformative technology may not be
entirely positive and not everyone will receive it with
unquestioning optimism.
In this section of our report we consider the wider
societal and philosophical implications of the IoT.
22
THE IOT AND THE ONTOLOGY
OF TECHNOLOGY
An emerging research field combining elements of
philosophy and social theory, the ontology of
technology, helps us to understand the wider societal
context of the IoT and to understand why its impact is
likely to be profound. Ontology concerns itself with
fundamental features of a domain, such as technology,
and how entities fit into social structures. A structure
could consist of a collection of rules, duties or policies.
The entities could be people, groups, devices or objects.
These entities may be associated with particular
functions and uses. The point of this conceptualisation
of technology is that when an entity is removed, the
space it occupied lingers in society’s imagination. In
other words, a space for this technology remains present
at the level of human consciousness and awareness,
and this may bring about a substitution effect, as the
connections or functions or an understanding of the
need for that entity persist. This could partly explain
why although we now all carry around hand held
computers, we still refer to them as mobile phones.
However, it is likely that the smart phone will evolve
over time to become something distinct, a ‘mobile’
which is no longer simply a phone, in a gradual
changing of our understanding of the ‘slot or space’
occupied by that technology.
Society’s acceptance of technology is important for the
development of new products and for their acceptance
by consumers and citizens. Society’s understanding of
technologies may not be entirely rational or correct, at
least in terms of the material or technical features of
particular objects. Rather it will involve the mapping of
an understanding of one set of functions or connections
on to something new and unfamiliar. There may be a
crucial period of time when society’s expectations are
geared towards something new. In this period, there
may be many competing notions of new technologies,
which struggle for acceptance.
Until recently the Uber taxi booking service which allows
users to order a taxi through their mobile phones at
cheaper rates and then give drivers feedback on their
journeys, has been undercutting the traditional pricing
structures of traditional licensed taxi firms and hailed as
a success. It was used to illustrate what new smart
phone technology could achieve for its customers but it
is now becoming extremely controversial throughout
the World. Uber has been ordered to stop operating in
Spain, after a series of protests by taxi associations, and
a Judge there has said the Uber drivers don’t have
official authorisation and accused the service of unfair
competition. The app’s ranking system has been criticised
for institutionalising means of discrimination through the
preselection of both drivers and passengers. Further,
the company’s so-called “God view”, which enables it
oversight of a vast network of city transportation, raises
concerns about privacy, autonomy and security.
An ontological approach helps us to understand why we
view the IoT by reference to the internet, even though
one is a computer connecting to another computer,
both operated by human agents, where as the other is
a machine or product which has a sensor attached to
it, which sends information to a control centre without
a human agent, which then controls another machine or
product. But as the IoT becomes more established, we
can expect the marginalisation of the human agent in the
operation machine to machine communication to be
troubling and unsettling. Perhaps this disappearance is
more apparent than real: in systems based on the IoT,
machines can only communicate with one another
through mechanisms which have been designed and
implemented by human agents. Yet the loss of human
control implied by the emergence of such a potentially
disruptive technology may be tangible for many.
This marginalisation of the human agent in machine to
machine communication is currently leading to a
healthy societal debate about the future of AI –
23
Artificial Intelligence. Professor Stephen Hawking the
English theoretical physicist, cosmologist, author and
Director of Research at the Centre for Theoretical
Cosmology within the University of Cambridge has
spoken of the need to think through the implications
for society of AI and has raised concerns about
machines taking over from people even predicting “the
end of the human race as we know it”. However, this
is hotly contested by other experts in the field such as
Cambridge Computer Scientist Ben Medlock who is
looking at how software can understand nuance in
language. He has said: “We dramatically underestimate
the complexity of the natural world and the human
mind. Take any speculation that full AI is imminent with
a big pinch of salt.”
After Google acquired the British AI firm DeepMind in
January 2014, it set up its own ethics committee to
examine how this technology is used. DeepMind’s
founder Demis Hassabis told journalists that he only
agreed to sell his firm to Google on the basis that his
technology would never be used for military purposes
but that decision now rests with Google’s own ethics
committee and commentators have pointed out no-one
really knows how this technology will ultimately be used.
SHOULD WE DISINVEST IN OUR
CURRENT MODEL OF PRIVACY?
Some claim that privacy is entering a new age. Will the
arrival of the IoT bring about a fundamental shift in our
prevailing notions of the individual’s right to control
their own identity?
Those advocating this view argue that it is worth giving
up prevailing notions of privacy in return for the gains
which the IoT will bring. There may be added security
in monitoring residential properties remotely. Devices in
cars or computers might prevent theft by communicating
to the owner if there is any movement. Privacy, they
argue creates negative as well as positive environments.
If a camera or recording device is linked to IoT
technology, people can be alerted when needed: police
to disturbances; health workers to elderly patients;
human resource managers to inappropriate language
in the workplace. The IoT could potentially help to
deliver better health services, and to use energy resources
more effectively.
A DARK SIDE TO TRANSFORMATIVE
TECHNOLOGY: CAN SOCIETY CHOOSE?
Allied to this view is the claim that the IoT will render
privacy irrelevant whether we like it or not. But a
countervailing view is that technology is not independent
of law and politics. One of the prevailing narratives of
our time is technological determinism. This usually
begins with a vision of the transformative benefits
technology will provide to society without addressing
potential downsides. Yet it is too often assumed that
these downsides will resolve themselves, and that
anyone who takes them seriously is a technophobe. In
practice, there is still space for human choice to be
exercised over the future of the IoT. The IoT could
develop in away which places it beyond political control,
but we are not at stage yet. There is still time for a
meaningful debate to take place over the governance
of the IoT at local, national and global levels.
THE TIMETABLE OF THE IOT
There are currently vending machines all over the world
which communicate with a central control to indicate
whether they are empty or not; this is already a globally
used form of the IoT. We also have smoke detectors
which communicate directly with emergency services. So
one form of the IoT is already here. However, this is not
the IoT as it might be defined in the future, in that it does
not involve sending a message from device to computer
to control another device. Industry experts predict that
in five years from now, all Chinese manufacturers of
washing machines will install sensors to enable these
machines to automatically download software which can
advise on various wash cycles. This would involve a two
way communication system between the washing
machine and a central database or computer system.
24
As we have seen (section 1 above), there may have to
be a recognised standard before the IoT is introduced
fully into industrial manufacturing supply lines. This may
slow things down. Engineers design machines which
will not work if designed to conflicting standards, while
there are health and safety issues once software and
technology are added into actual machines.
But even if the full manifestation and consequences of
the IoT are not just around the corner, the path we
choose to follow today matters, because each choice
will constrain the subsequent set of options, and we
could end up in a society that is radically altered. For
the time being it is possible to raise concerns over the
direction of the development of the IoT, but this
window may soon close.
TECHNOLOGY AFFECTS
DEMOCRATIC RIGHTS
Will it be possible to opt out of this new world? With
the internet, we have the option to connect or not to
connect. But consent to participation in the internet is
already ambiguous. Is it possible to fulfil our obligations
as citizens without access to the internet? There are
already discounts and benefits such as extended
deadlines to those who pay or fill in forms online. There
are already disadvantages for those who do not. We
have online voting. Does an offline existence allow for
active participation in certain elements of society? Is it
socially acceptable to live offline? Can we rely on
receiving an invitation by post? There are also specific
cases where consent is not given. Whereas there is at
least some semblance of a private contract between a
user of gmail and Google, a non-gmail user who sends
an email to someone else’s gmail account cannot CONCLUSION – SOCIETY AND THE IOT
prevent the Google server accessing the content of that
communication.

An individual who participates in today’s society is not

able to function effectively without a particular
technology once that technology becomes widespread.
As a result, a citizen’s privacy may be compromised with
no consent on his or her part, and with no parameters,
conditions, guarantees or means of redress. The only
possible retaliation appears to be from within the
system: if the IoT were to develop to the level of today’s
internet, the only options for a user might be to change The future of the IoT will not be determined by
providers, to encode messages or to alter privacy technology alone. Choice and market incentives will
options, but it is not clear there would be a real choice play a role alongside law and regulation in framing the
to opt out of the IoT entirely. evolution of this emerging technology. Individual
control and choice will drive consumers’ responses to
It could be argued that citizenship involves expectations
the IoT. If companies can create a relationship of trust
from which a citizen cannot opt out, if they are to act in
and transparency and then embed appropriate controls
accordance with prevailing laws and norms. But citizens
within the technology, protection of privacy could
also get a vote. Technology and its rules do not appear
evolve over time. Litigation, regulation and insurance,
to be governed in this way. We did not vote for Google.
if they work well, can create greater transparency over
WILL THE IOT EMPOWER MACHINES societal risks and costs, and trigger the search for
AT THE EXPENSE OF PEOPLE? lasting solutions.
Technology is neither good nor bad, but nor is it neutral
either. Some fear a dystopian world in which machines
acquire autonomy and agency at the expense of human
beings. But if this is unlikely, there is a real likelihood
that it will become increasingly hard to opt out of its use
or to escape its effects. User interfaces between machines
and humans are already being limited by the development
of touch and gesture recognition.

The problem is not so much that machines will acquire

agency, as that the technology will develop in ways that
limits personal freedom. What is destroyed in the ‘creative
>>
destruction’ wrought by technologies can include valued
social norms such as those relating to privacy.

There is no easy answer to this question, which is inherent

in the nature of a market economy which depends on
technological innovation to progress, but when
considering it we should avoid the view that technology
is above politics and ethics, or otherwise beyond our
control: ‘technological determinism’. The IoT will not
flourish unless we find answers to the risks it poses. Thus
its future depends, not on technology alone, but on the
effectiveness of our social and political institutions.

25
[ APPENDIX ]

INTERNET OF THINGS
WORKSHOP PARTICIPANTS

>>
University of Cambridge Public Policy Strategic Research Initiative and Centre for Business Research

INTERNET OF THINGS WORKSHOP 3RD SEPTEMBER 2014

LIST OF PARTICIPANTS
We would like to thank all our Internet of Things Workshop participants for their contributions to our
Workshop and related discussions.
1. Ross Anderson, Computer Laboratory, cryptography and internet security
http://www.cl.cam.ac.uk/~rja14/
2. ARM – Krisztian Flautner, Stephen Pattison, Kerry Maguire
http://www.arm.com/
3. Ian Brown, Cyber Security Centre and Senior Research Fellow at the Oxford Internet Institute
http://www.oxfordmartin.ox.ac.uk/people/516
4. David Connell, Venture Capitalist Researcher
http://www.cbr.cam.ac.uk/about_us/connell_david.htm
5. Simon Deakin (co-chair)
http://www.cbr.cam.ac.uk/about_us/deakin.htm
6. Tom Dougherty, Philosophy (political), University of Cambridge
http://www.phil.cam.ac.uk/news/dougherty
7. Phil Faulkner, Economics (philosophy of technology), University of Cambridge
http://www.jbs.cam.ac.uk/faculty-research/fellows-associates-a-z/philip-faulkner/
8. David Feller, Research Associate, Centre for the History of Science, Technology and Medicine,
University of Manchester
9. David Howarth (co-chair)
http://www.law.cam.ac.uk/people/academic/dr-howarth/90
10. Francois Meunier, Morgan Stanley, Industry Analyst
http://www.machinetomachinemagazine.com/francois-meunier-morgan-stanley/
11. John Naughton, The Observer, Open University, Cambridge University
http://www.wolfson.cam.ac.uk/people/professor-john-naughton
12. Michael Pollitt, Economist, Cambridge University
http://www.jbs.cam.ac.uk/faculty-research/faculty-a-z/michael-pollitt/
http://www.energy.cam.ac.uk/directory/mgp20@cam.ac.uk
13. Julia Powles, Intellectual Property Lawyer, Cambridge University
http://www.law.cam.ac.uk/people/research-students/julia-powles/4273
14. Jatinder Singh, Senior Research Associate Computer Laboratory, University of Cambridge
http://www.csap.cam.ac.uk/network/jat-singh/
15. William Webb, computer science and engineering, protocols
http://www.csap.cam.ac.uk/network/william-webb/
CEO of the Weightless Special Interest Group (SIG)
http://www.weightless.org/blog/author/william-webb/
16. Carolyn Twigg (Researcher and Coordinator for this project); Charlotte Sausman (SRI Public Policy
Research Co-ordinator); Boni Sones (Policy Associate, CBR), Graham Copekoga, (Photographer).

27
THE INTERNET OF THINGS
SHAPING OUR FUTURES

Centre for Business Research

Top Floor
Judge Business School
University of Cambridge
Trumpington Street
Cambridge CB2 1AG

01223 765320
www.cbr.cam.ac.uk