Regulating the Internet of Things - the Opposition’s argument

Profile picture for user slauchlan By Stuart Lauchlan October 23, 2019
Labour's Chi Onwurah outlines the argument for regulating the Internet of Things in this first of a special two part report.

Image of Chi Onwurah

Chi Onwurah is best known as the Labour MP for Newcastle Central and currently Parliamentary Under Secretary of State at the Department for Digital, Culture, Media and Sport. She has another boast that she can make however - the first MP to mention the words Internet of Things in Parliament.

It’s fitting then that she was the driver behind a debate in Westminster Hall earlier this month on regulation of the IoT, “a reality of our times” she emphasised. Whereas the text of Prime Minister Boris Johnson’s recent (bizarre) address to the UN General Assembly puts the IoT in inverted commas, Onwurah takes the topic very seriously indeed:

I am an Internet of Things believer. I have studied it, lived it and effectively built bits of it all over the world. It has huge economic and social benefits, as well as environmental benefits, ranging from energy management to tracking endangered species. We cannot address climate change without the Internet of Things. It allows the monitoring of energy usage, but also enables a smart grid. IOT can literally save the planet, which is just as well now that it accounts for 8% to 10% of European electricity consumption.

But she’s also got a lot of provisos, not least of which is that she’s not about to welcome IoT connected devices into her home, stating:

Personally, if a device is called smart, I do not buy it, at least not without a one-hour technical interrogation, which few customer service agents can pass.

So if someone who’s emphatically not a technophobe and one of the few MPs who has a career track record that validates their understanding of digital issues is wary, her argument about the need for an IoT regulatory regime demands to be taken seriously, certainly more so that the UK government has been seen to do to date.

Onwurah’s top line principle is a simple one in theory, if more complicated in practice:

People, and not technology or things, must be at the heart of the Internet of Things revolution. An IoT that works for everyone requires action, action that this government seem unwilling to take. The IoT will be as pervasive as electricity, and found in every home and handbag. And, like electricity, IoT is an enabling technology, only the enabler is not electric current but data—people’s data—and right now we have no idea who owns that data.

Take personal health tech. A company called OrCam has developed discreet camera glasses for the visually impaired, which can read text and recognise people, while the L'Oréal UV sensor, which detects ultraviolet exposure, is small enough to be worn comfortably on someone’s fingernail. However, who owns and controls the data gleaned by these devices?

Onwurah’s answer to her own question is that is should be the people who generate that data:

As companies bring more IOT devices to market, this is a pressing issue. Although the GDPR represented progress, it is already years out of date: it addresses privacy, not control; it barely takes account of Artificial Intelligence and algorithmic management; and it ignores completely the Internet of Things. The Information Commissioner’s responsibilities over IoT are unclear.

Where does the responsibility lie? 

Then there’s the question of cyber-security with Onwurah noting that in 2018 there was a 500% increase in the average size of a botnet attack. With more than 7 billion IoT devices out there today and that number rising daily, the potential for security problems is growing:

In 2017 the US Food and Drug Administration recalled almost half a million pacemakers due to fears that they were vulnerable to hacking, while a Chinese IoT firm recalled 4 million cameras for the same reason. November 2018 saw the first scaled botnet attack using smart TVs. Other household appliances can also be used not only to bring down internet platforms such as Spotify, Amazon and Twitter, as happened in 2016, but to take control of our homes or any networked utility. 

Back in 2010 an Iranian nuclear facility was targeted by a malicious computer worm, which led to the shutdown of multiple gas centrifuges, and in 2015 blackouts in Ukraine were caused by cyber-attacks. Although we call them “cyber-attacks”, they have very physical consequences. In 2017 the Federal Network Agency, the German communications regulator, told parents to destroy a talking doll called Cayla, because its smart technology can reveal personal data.

Onwuhra charges the current government of ignoring the threat level here:

There are no current regulations that require a security standard for Internet of Things devices. About 30 groups are developing security standards for the Internet of Things, but if we have 30 standards, we do not have a standard. Our public response needs to be as joined up as our networks, but it is not. 

Responsibility for cyber-security lies across several disconnected Government silos. The Home Office publishes cyber-security stats; the cyber-security strategy comes from the Cabinet Office, although it was launched with a speech by the then Chancellor [Phillip Hammond]; the Department for Digital, Culture, Media and Sport takes care of cyber-skills for young people; and the cyber-essentials scheme sits in the Department for Business, Energy and Industrial Strategy. Responsibility for cyber-security is defused across Government. There is a lack of leadership and, even worse, a lack of concern.

Interestingly, she suggested that this lack of concern isn’t true of industry and that there’s a desire for leadership here - and not just in the UK. She recalled being at the CES show in Las Vegas, where she says a US consumer electronics start-up “literally begged me” to reach out for standard regulations so as to create a level playing field for manufacturers and shut out less reputable providers.

That’s a pretty big ambition - the problems with international standards efforts is that while participants talk up a shared purpose for the greater good, behind closed doors their vested interests kick in and they fight like a sack of cats! And it’s not being helped by PM Johnson’s recent speech according to Onwurah:

When US presidential candidate Elizabeth Warren talks of regulating the tech giants for the benefit of consumers Facebook trembles—so much that Mark Zuckerberg has promised to “go to the mat” and fight her over it. However, when the Prime Minister talks about “pink-eyed terminators” the world laughs.

She concluded by returning to the assertion that the IoT could be a “more profound technological change than anything since electricity”, but added:

However, to take advantage of the changes, we need a Government who understand the opportunities of the internet of things, and who work with industry to mitigate the threats.

My take

An impressive articulation of the important debate that needs to become a political and economic priority and one that goes beyond tech-happy photo opps and ‘something must be done’ soundbites.

In the second part of this report, Matt Warman, Parliamentary Under Secretary of State at the Department for Digital, Culture, Media and Sport, offers the government response.