BABBAGE is getting a little tired of all the hype surrounding the “internet of things” (IoT). To judge from some of the more breathless claims, the IoT would seem to be just around the corner. The worst offenders, no surprise, are those who expect to profit most from embedding sensors in anything and everything, and connecting them wirelessly to servers in the cloud.
The expectations are huge. Gartner, an IT consultancy in Connecticut, reckons some 26 billion devices will be connected to the internet by 2020. Another consultancy, ABI Research of New York, believes the number will be 30 billion, while Cisco Systems, a network-equipment firm in California, expects there to be no fewer than 50 billion. Cisco is so enamoured of the IoT that it has installed a “connections counter” on its website. On May 26th, the number of “things” connected to the internet was over 12.4 billion and counting.
A chart published recently by zdnet.com shows how overblown the buzz about the IoT has become. The trend line for Google searches for the term “internet of things” remained essentially flat until the middle of 2013. It started to climb steadily last autumn and then went through the roof in January 2014. The crescendo seems to have reached a peak with Google’s $3.2 billion acquisition in January of Nest Labs, a Silicon Valley start-up that makes internet-savvy thermostats and smoke/carbon dioxide detectors for the home. The IoT company was Google’s biggest investment since buying DoubleClick for $3.1 billion in 2007.
By some accounts, Google’s acquisition of Nest marks a tipping point. If true, there is going to be no end to the clamour, as start-ups and established IT firms hasten to jump aboard the IoT bandwagon. So, expect a flurry of announcements of ingenious new sensors that chirp data wirelessly to the internet about glucose level, printer ink, engine wear, library books, stray pets, ripening crops, you name it. Others rushing to join the burgeoning new field will devise ever better algorithms for extracting relevance from the flood of big data the billions of sensors will be spewing out at the edge of the internet.
Babbage thinks many of those charging into the market are going to be disappointed. As conceived today, the IoT is not the transformative disruption a lot of folk imagine. One thing it is most certainly not is another World Wide Web poised to change the way people live, work, learn, shop and play—at least, not as currently conceived. There are simply too many missing pieces to the puzzle.
Devising sensors and algorithms to handle the front- and back-ends of the IoT are the easy part. Unfortunately, few developers are tackling the really difficult bit in the middle—the myriad infrastructural gaps that lie between the sensors in things at the edge of the internet, and the data collection and analysis performed by servers in the cloud at the centre.
These unglamorous middleware issues of standards, interoperability, integration and data management—especially privacy and protection from malicious attack, along with product liability, intellectual-property rights and regulatory compliance—are going to take years to resolve. Only when they are will the IoT have any chance of transforming society in a meaningful way. That day is a long way off.
The vast majority of the billions of things connected to the internet on Cisco’s website, for instance, are not the toasters, refrigerators, thermostats, smoke detectors, pace-makers and insulin pumps that the IoT’s true believers enthuse about. Almost exclusively, they are existing smartphones, tablets, computers and routers, plus a surprising number of industrial components used to beam performance statistics back to corporate headquarters. Without any hoopla, operators of power stations, passenger jets, railways, refineries, chemical plants, oil platforms and other industrial equipment have been doing this for ages. In the past, they have tended to rely on satellite links and proprietary networks to collect data for analysis. Lately, however, more and more have started to use the internet as a cheaper alternative.
As a result, it seems two quite separate IoTs are emerging, each with its own customers and characteristics. One, largely invisible to the outside world, is an industrial-grade network—which may, or may not, run over the internet. This enterprise-class IoT is progressing steadily and reaping real rewards. Jean-Louis Gassée, an Apple alumnus from the early days and a co-founder of BeOS (sought by Apple as a replacement for its Mac operating system), notes that the enterprise IoT is managed by IT professionals, who have the skill, training and culture—not to mention staff—to oversee the millions of unseen devices that control complicated and dangerous processes.
That is not the case with the consumer-based IoT, an extension of the promised smart home, which aims to serve the needs of private individuals. Lacking the end-to-end integration and expertise that supports the enterprise IoT, the consumer IoT is shaping up to become one of the biggest sources of frustration people have had to face in their dealings with technology. Indeed, some have already had a taste of the troubles in store.
Last year, for instance, the United States Fair Trade Commission filed a complaint against TrendNet, a Californian marketer of home-security cameras that can be controlled over the internet, for failing to implement reasonable security measures. The company pitched its product under the trade-name “SecureView”, with the promise of helping to protect owners’ property from crime. Yet, hackers had no difficulty breaching TrendNet’s security, bypassing the login credentials of some 700 private users registered on the company’s website, and accessing their live video feeds. Some of the compromised feeds found their way onto the internet, displaying private areas of users’ homes and allowing unauthorised surveillance of infants sleeping, children playing, and adults going about their personal lives. That the exposure increased the chances of the victims being the targets of thieves, stalkers or paedophiles only fuelled public outrage.
More such incidents are bound to follow. When mechanical devices are controllable online there is always going to be a risk that control will fall into the wrong hands, notes Womble Carlyle, an American law firm with expertise in information technology. For instance, a refrigerator can be switched off remotely, causing food to spoil. A bath can be turned on and left running over a weekend, flooding the home and causing large utility bills. More seriously, an insulin pump can be sent into overdrive, or the brakes of a car disabled.
This is no idle speculation. Spanish researchers at a recent Black Hat security conference showed how easy it was to hack some of the embedded controllers in motor vehicles. Meanwhile, the Department of Homeland Security in America has reported security holes in some 300 medical devices made by 40 companies that could be compromised by online tampering. These devices included surgical and anaesthesia equipment, ventilators, drug-infusion pumps, external defibrillators, patient monitors and various bits of laboratory gear.
Earlier this year, hackers were found to have penetrated the computer networks of a number of America’s top manufacturers of medical devices, including Medtronic, Boston Scientific and St Jude Medical. The break-ins originated in China, and seemed more concerned with stealing trade secrets than causing patient harm. Even so, the penetration showed just how vulnerable medical systems are to attack. Womble Carlyle is not the first to suggest a far more robust “internet of medical things” is needed.
The same goes for the rest of the consumer IoT. At present, this comprises little more than a handful of different types of sensors that can be controlled by a smartphone app, and used by owners to adjust the heating, turn on the lights, monitor security cameras or unlock the front door remotely. That is a far cry from an internet of things, in which all manner of devices communicate with one another in a collaborative and meaningful manner.
May be they never will. Evidence from the medical and corporate worlds suggests the security problems are such that solutions are more likely to come, not as interoperable systems able to exchange data freely with one another over a free and open internet, but as closed proprietary technologies in silos that are kept strictly separate for legal as well as privacy reasons.
Babbage hopes he is wrong, but he has seen no evidence to suggest otherwise. What is for sure, though, is that the internet the IoT is being built upon today is nothing like the benign and open internet that gave birth to the World Wide Web more than 20 years ago and allowed it to flourish so spectacularly.