| The Future of Privacy in a Ubiquitous Environment - Part 2 |
| Written by Ajit Jaokar, Author and Telecoms Specialist |
| Tuesday, 08 September 2009 14:52 |
|
The first installment of this multipart article explained the concept of the smartgrid, Web 2.0 and its relation to data, the Cloud and the opportunities for telecom service providers within an M2M environment. Part 2 will address the two principle issues that arise when the boundaries start to blur, namely: (1) Interoperability (2) Privacy
Interoperability The world of Telecoms and sensor networks/M2M converge through the Cloud. Sensor networks interconnect devices through the Cloud and the Cloud could be the ‘glue’ that enables the Internet of things to take off because network layer connectivity is hard to achieve. In principle, technologies like RFID, NFC, EPC etc should all talk to each other for Internet of things to be really ubiquitous [1] . In practise, this does not currently happen and history has shown that network layer connectivity is hard. However, it is possible to achieve 'best case' i.e. good enough interconnectivity between the various 'intelligent objects' at the Cloud level. (And not at the network level) How to get all these systems to work together at a software level? One option is: we could create a global standard to make all these systems work together. The goal of standardization is for systems to talk to each other. The problem with the standardization process is: It is slow, it does not allow for differentiation and it needs a lot of upfront work before its use can be availed. So, if we are talking of global interconnectivity and interoperability - this becomes a complex problem and one which is not easy to solve.
Privacy The second problem is Privacy. When it comes to privacy, we see that sensor networks have made the whole environment more complex. However, note that Privacy issues for Smart grid and Cloud are the same that we are facing in the mobile industry at the moment and also for Web 2.0. In that sense, this is a familiar domain. According to Lawrence Lessig, “practical privacy” is shaped by four interacting forces: markets, social norms, legislation and technology[2]. Furthermore, these devices have now become generative[3]. A generative technology is a technology that can be put to a multiplicity of purposes. A PC is a good example of a generative device because it can be reprogrammed for many uses, and one machine on the net can impact every other without compromising the fundamental backbone of the network. The principles of Privacy 2.0 [4] are also worth considering in this context The Cloud changes the nature of identity and privacy fundamentally because traditionally, privacy and identity were protected through limits on physical access to the computing device. Once that device was accessed, further services were accessed from that device (e.g. computer). However, the Cloud is agnostic of a device. Hence, users have to establish their Identity each time a service is accessed by giving out personal information which could include their name, home address, credit card number, phone number, etc. This leaves a trail of personal information that can be harnessed by third parties either for commercial reasons or more malicious reasons. Thus, Cloud computing required identity services that should: [5] 1) Be Device independent 2) Enable single sign-on to thousands of different online services; 3) Allow pseudonyms and multiple discrete (but valid) identities to protect user privacy; 4) Be Interoperable 5) Enable federated identity management; 6) Be transparent and auditable. 7) Allow flexible, user-centric identity management i.e. empower the user to manage and control their personal information. 8) Be transferable Implementation There are two possible implementations of an ecosystem in a ubiquitous environment: a) Federated Identity and b) Open source One way to solve this problem of standardization is to add a Federated Identity layer on top of existing systems. Federated Identity could make existing systems work together without getting them to 'standardise' first. We could extend the concept of federation to a wider remit and overcome some of the limits of standardization by getting various systems to talk to each other in a more organic way through a common identity framework For example, consider a flight booking system and the car rental system. Both of which are independent systems but are often needed together (the person booking a flight may need a rental car when she lands at the destination). Thus, if a federated identity system were present then the airline can access the car rental system with their own logon. Obviously, this needs an agreement between the two entities and the system invoking the request should be able to access only part of the destination system - but nevertheless, it is not a complex paradigm to implement. Now, if the Identity management system could have more attributes - then we could implement a measure of interoperability/communication between two disparate systems using the Identity as a bridge between the two systems. The idea itself is not new since many federated identity systems have features like attribute exchange (in OpenId 2). In the case of mobile devices, that Identity could be tied to the user's identity and not to the device. There are a number of mechanisms that could be used to implement this: for example, Facebook, Twitter, Azure, Operators (SIM) and OpenId. In any case, the greater the ability to exchange attributes and support for existing systems, the easier it would be to create an ecosystem which works together but also does not need a large overhead to get started. The option (standardization) is to get them all working together in some way first. As we get into more complex interconnectivity - devices, smart grids etc - this approach may be more practical, simpler and more organic rather than having every system first follow the same standard (which needs time and overhead). Also, many of these devices may be generative (creating content as opposed to merely consuming it) - which makes the requirement of standardizing them all more complex. The second mechanism is Open source. Intelligence is captured at multiple levels of the device stack especially with non phone devices. – The sheer number of devices will become too numerous to interact with and Open Source can offer a way to manage all these devices. We will discuss the Open source implementation in the next section.
|
