Here's a relevant perspective as we consider adapting the UMA Authorization Server for IoT.
CRYPTO-GRAM
February 15, 2016
by Bruce Schneier
CTO, Resilient Systems, Inc.
schneier@schneier.com
https://www.schneier.com
A free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise.
For back issues, or to subscribe, visit <
https://www.schneier.com/crypto-gram.html>.
You can read this issue on the web at <
https://www.schneier.com/crypto-gram/archives/2016/0215.html>. These same essays and news items appear in the "Schneier on Security" blog at <
http://www.schneier.com/blog>, along with a lively and intelligent comment section. An RSS feed is available.
** *** ***** ******* *********** *************
In this issue:
The Internet of Things Will Be the World's Biggest Robot
Integrity and Availability Threats
Security vs. Surveillance
Paper on the Going Dark Debate
News
The 2016 National Threat Assessment
AT&T Does Not Care about Your Privacy
Schneier News
"Data and Goliath" Published in Paperback
NSA's TAO Head on Internet Offense and Defense
Worldwide Encryption Products Survey
** *** ***** ******* *********** *************
The Internet of Things Will Be the World's Biggest Robot
The Internet of Things is the name given to the computerization of
everything in our lives. Already you can buy Internet-enabled
thermostats, light bulbs, refrigerators, and cars. Soon everything will
be on the Internet: the things we own, the things we interact with in
public, autonomous things that interact with each other.
These "things" will have two separate parts. One part will be sensors
that collect data about us and our environment. Already our smartphones
know our location and, with their onboard accelerometers, track our
movements. Things like our thermostats and light bulbs will know who is
in the room. Internet-enabled street and highway sensors will know how
many people are out and about -- and eventually who they are. Sensors
will collect environmental data from all over the world.
The other part will be actuators. They'll affect our environment. Our
smart thermostats aren't collecting information about ambient
temperature and who's in the room for nothing; they set the temperature
accordingly. Phones already know our location, and send that information
back to Google Maps and Waze to determine where traffic congestion is;
when they're linked to driverless cars, they'll automatically route us
around that congestion. Amazon already wants autonomous drones to
deliver packages. The Internet of Things will increasingly perform
actions for us and in our name.
Increasingly, human intervention will be unnecessary. The sensors will
collect data. The system's smarts will interpret the data and figure out
what to do. And the actuators will do things in our world. You can
think of the sensors as the eyes and ears of the Internet, the actuators
as the hands and feet of the Internet, and the stuff in the middle as
the brain. This makes the future clearer. The Internet now senses,
thinks, and acts.
We're building a world-sized robot, and we don't even realize it.
I've started calling this robot the World-Sized Web.
The World-Sized Web -- can I call it WSW? -- is more than just the
Internet of Things. Much of the WSW's brains will be in the cloud, on
servers connected via cellular, Wi-Fi, or short-range data networks.
It's mobile, of course, because many of these things will move around
with us, like our smartphones. And it's persistent. You might be able to
turn off small pieces of it here and there, but in the main the WSW
will always be on, and always be there.
None of these technologies are new, but they're all becoming more
prevalent. I believe that we're at the brink of a phase change around
information and networks. The difference in degree will become a
difference in kind. That's the robot that is the WSW.
This robot will increasingly be autonomous, at first simply and
increasingly using the capabilities of artificial intelligence. Drones
with sensors will fly to places that the WSW needs to collect data.
Vehicles with actuators will drive to places that the WSW needs to
affect. Other parts of the robots will "decide" where to go, what data
to collect, and what to do.
We're already seeing this kind of thing in warfare; drones are
surveilling the battlefield and firing weapons at targets. Humans are
still in the loop, but how long will that last? And when both the data
collection and resultant actions are more benign than a missile strike,
autonomy will be an easier sell.
By and large, the WSW will be a benign robot. It will collect data and
do things in our interests; that's why we're building it. But it will
change our society in ways we can't predict, some of them good and some
of them bad. It will maximize profits for the people who control the
components. It will enable totalitarian governments. It will empower
criminals and hackers in new and different ways. It will cause power
balances to shift and societies to change.
These changes are inherently unpredictable, because they're based on the
emergent properties of these new technologies interacting with each
other, us, and the world. In general, it's easy to predict technological
changes due to scientific advances, but much harder to predict social
changes due to those technological changes. For example, it was easy to
predict that better engines would mean that cars could go faster. It was
much harder to predict that the result would be a demographic shift
into suburbs. Driverless cars and smart roads will again transform our
cities in new ways, as will autonomous drones, cheap and ubiquitous
environmental sensors, and a network that can anticipate our needs.
Maybe the WSW is more like an organism. It won't have a single mind.
Parts of it will be controlled by large corporations and governments.
Small parts of it will be controlled by us. But writ large its behavior
will be unpredictable, the result of millions of tiny goals and billions
of interactions between parts of itself.
We need to start thinking seriously about our new world-spanning robot.
The market will not sort this out all by itself. By nature, it is
short-term and profit-motivated -- and these issues require broader
thinking. University of Washington law professor Ryan Calo has proposed a
Federal Robotics Commission as a place where robotics expertise and
advice can be centralized within the government. Japan and Korea are
already moving in this direction.
Speaking as someone with a healthy skepticism for another government
agency, I think we need to go further. We need to create agency, a
Department of Technology Policy, that can deal with the WSW in all its
complexities. It needs the power to aggregate expertise and advice other
agencies, and probably the authority to regulate when appropriate. We
can argue the details, but there is no existing government entity that
has the either the expertise or authority to tackle something this broad
and far reaching. And the question is not about whether government will
start regulating these technologies, it's about how smart they'll be
when they do it.
The WSW is being built right now, without anyone noticing, and it'll be
here before we know it. Whatever changes it means for society, we don't
want it to take us by surprise.
This essay originally appeared on Forbes.com, which annoyingly blocks browsers using ad blockers.
http://www.forbes.com/sites/bruceschneier/2016/02/02/the-internet-of-things-will-be-the-worlds-biggest-robot/#678f2e763162
Ryan Calo on the Federal Robotics Commission:
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2529151
Japan and Korea:
http://japan.kantei.go.jp/97_abe/actions/201505/15article3.html
http://www.roboticsbusinessreview.com/article/the_quiet_giant_of_asian_robotics_korea
Kevin Kelly has also thought along these lines, calling the robot "Holos."
http://longnow.org/seminars/02014/nov/12/technium-unbound/
Commentary:
https://resilient.com/bruce-schneiers-notion-of-the-world-sized-web/
** *** ***** ******* *********** *************