Some initial thinking around the governance of the Things of the Internet…

One of the problems facing IoT implementations is the reality of data. Not the data created, that is a topic that has been beaten to a pulp in the various expert prognostications. Rather the lines of demarcation or the governance of IoT device data.

Who owns it?

Well, people say that is an easy answer. Whomever deploys the IoT device owns the data. But is that true? No. There are governance lines already established. For example, with a valid court order the police can take video surveillance footage from any company to use in a criminal investigation. If the many high-tech police shows are even partially correct, hackers use that same information feed to avoid detection as they interact with the world.

The concept of data ownership is interesting when talking about video and obviously the police needing to see video. Destroying video then, needed in a criminal investigation would cross another line. But what about other information? Where are the clear lines of demarcation within the IoT world for information?

Can the government seize information on my car?

Can the police seize information on a cellular device?

The easy answer to both of these is yes, with a court order. There are instances however when public court orders won’t or can’t be used (terrorist activities). Thank you patriot act for that particular joyous potential. Now we have to a clear definition of what a terrorist act is. Which, if you watch the media at all lately, isn’t likely in the near term.

110 Zettabytes of data produced by IoT devices in 2015. The vast majority of that data wasn’t reviewed but simply notifications sent and if needed action taken. Companies are rushing to create tools to evaluate that information faster. Spotting the abnormality within video footage. I hope they are also considering the reality of patters also. As in, watch for new patterns created and maintained. A new pattern sustained for a few days can also be masking an attack.

Governance is the management of all that data. Who knows, when do they know and how do act on the information they know about. As we move into the IoT world one of the huge changes is going to be the number of cameras watching us. I’ve argued in the past about who owns my image if I don’t commit a crime. I worry about that frequently. As more and more cameras are deployed the governance of that information concerns me.

Where does information stop?

I don’t have an easy answer here. I am and have been working on the concepts of personal information and crime information for many years now. Reality is this, if you commit a crime in front of a video camera that footage should be freely available to the authorities. No warrant required, simply shop owners or small businesses handing the video over. But all the other images on that footage aren’t open for use or reuse. Bystanders should remain bystanders. Once the authorities have video of the act being completed, they don’t need eye witnesses.

Lines of demarcation are critical both for the data flow (up and down) but also for the safety and welfare of all involved. The other side of data flow is something I am still struggling with. Information is an interesting problem. You can effectively create lines of information flow that reduce the information content as the information flows up. Systems that move massive amounts of information require processing and bandwidth. Systems that only move previews don’t require either the compute or bandwidth, they also create less storage by only storing the video in one system.

It is an interesting problem. Somebody is watching you. What happens to that video footage?


I am not paranoid, someone is watching me…