Then something happened: "It's Official: The Internet Of Things Takes Over Big Data As The Most Hyped Technology" read a Forbes headline. "Big data", last week's darling, is condemned to the "Trough of Disillusionment" while Gartner moves IoT to the very top of its 2014 emerging technologies Hype Cycle. Something had to be said.
The key point for me is that the IoT is "emerging". What's more, few are entirely sure where they are on this uncharted journey of adoption. IoT has reached an inflexion point and a point where businesses and others realise that identifying with the Internet of Things may drive sales, shareholder value or merely kudos. We all want a piece of this pie.
In Part 1 of this two part exploration of IoT, I explore what the Internet of Things actually is.
IoT –what is it?
Applying Gartner's parlance, one thing is clear; when any tech theme hits the "Peak of Expectations" the "Trough of Disillusionment" will follow because, as with any emerging technology, it will be sometime until there is pervasive adoption of IoT. In fact, for IoT, Gartner says widespread adoption could be 5 to 10 years away. However, this inflexion point is typically the moment in time when the tech industry's big guns ride into town and, just as with cloud (remember some folk trying to trade mark the word?!), this will only drive further development and adoption. But also further hype.
The world of machine to machine ("M2M") communications involved the connection of different devices which previously did not have the ability to communicate. For many, the Internet of Things is something more, as Ofcom (the UK's communications regulator) set out in its UK consultation, IoT is a broader term, "describing the interconnection of multiple M2M applications, often enabling the exchange of data across multiple industry sectors".
"The Internet of Things will be the world's most massive device market and save companies billions of dollars" shouted Business Week in October 2014, happy to maintain the hype but also acknowledging in its opening paragraph that IoT is "beginning to grow significantly". No question, IoT is set to enable large numbers of previously unconnected devices to connect and then communicate sharing data with one another. Today we are mainly contemplating rather than experiencing this future.
But what actually is it?
The emergence of IoT is driving some great debate. When assessing what IoT is and what it means for business models, the law and for commerce generally, arguably there are more questions than there are answers. In an exploratory piece in ZDNET Richie Etwaru called out a few of these unanswered questions and prompted some useful debate and feedback. The top three questions raised by Ritchie were:
- How will things be identified? - believing we have to get to a point where there are standards for things to be sensed and connected;
- What will the word trust mean to “things” in IoT? - making the point we need to redefine trust in edge computing; and
- How will connectivity work? - Is there something like IoTML (The Internet of Things Markup Language) to enable trust and facilitate this communication?
None of these questions are new, but his piece reinforces that we don't quite know what IoT is and how some of its technical questions will be addressed. It's likely that standardisation or industry practice and adoption around certain protocols and practices will answer some of these questions in due course. As a matter of public policy we may see law makers intervene to shape some of these standards or drive particular kinds of adoption. There will be multiple answers to the "what is IoT?" question for some time. I suspect in time different flavours and business models will come to the fore. Remember when every cloud seminar spent the first 15 minute defining cloud models and reiterating extrapolations for the future size of the cloud market? Brace yourselves!
I've been making the same points about "cloud" for the past 5 years – like cloud the IoT is a fungible concept. So, as with cloud, don't assume IoT has definitive meaning. As with cloud, don't expect there is any specific Internet of Things law (yet?). As Part 2 of this piece will discuss, law makers have spotted there's something new which may need regulatory intervention to cultivate it for the good of all but they've also realised that there's something which may grow with negative consequences – something that may need to be brought into check. Privacy concerns particularly have raised their head early and we've seen early EU guidance in an opinion from the Article 29 Working Party, but there is still no specific IoT law. How can there be when there is still little definition?
Realities of a converged world
For some time we've been excited about the convergence of people, business and things. Gartner reminds us that "[t]he Internet of Things and the concept of blurring the physical and virtual worlds are strong concepts in this stage. Physical assets become digitalized and become equal actors in the business value chain alongside already-digital entities". In other words; a land of opportunity but an ill-defined "blur" of technology and what is real and merely conceptual within our digital age.
Of course the IoT world is also a world bumping up against connectivity, the cloud and mobility. Of course there are instances of IoT out there today. Or are there? As with anything that's emerging the terminology and definition of the Internet of Things is emerging too. Yes there is a pervasiveness of devices, yes some of these devices connect and communicate, and yes devices that were not necessarily designed to interact are communicating, but are these examples of the Internet of Things? Break these models down into constituent parts for applied legal thought and does it necessarily matter?
Philosophical, but for a reason
My point? As with any complex technological evolution, as lawyers we cannot apply laws, negotiate contracts or assess risk or the consequences for privacy without a proper understanding of the complex ecosystem we're applying these concepts to. Privacy consequences cannot be assessed in isolation and without considering how the devices, technology and data actually interact. Be aware that the IoT badge means nothing legally and probably conveys little factual information around "how" something works. It's important to ask questions. Important not to assume.
In Part 2 of this piece I will discuss some early signs of how the law may be preparing to deal with all these emerging trends? Of course the answer is that it probably already does and it probably has the flexibility to deal with many elements of IoT yet to emerge.