Title: Workshop on Iot Business Cases. Short Description: Under the auspices of the European Network of Excellence in Internet Science we're putting together this seminar/one-day workshop to be in Cambridge (in the Computer Lab) on Friday Sep 26th, 2014, in LT2. Outline input from two main speakers, Irene Ng from Warwick, and the UK HAT Project and Sasu Tarkoma from Helsinki, and the Finish IoT project: and then have discussions structured around value propositions and use cases for IoT. Right now, most Internet of Things projects and projects are badly siloed into single domain, and also tend to designs which are walled garden services (e.g. energy systems with web only access) - this is indicative of a market failure, and doesn't bode well in terms of ambitions widely expressed in the larger vision for IoT (e.g. Smart Cities, Smart Homes, mobile e-health etc etc) let alone a true Internet style innovation space. The intention of this seminar/workshop is to break this logjam, by exposing participants to truly disruptive ways of designing markets and use cases for IoT that provoke more creative, integrative and synthesizing thoughts... Involved JRA(s): JRA2 Link: http://www.cl.cam.ac.uk/~jac22/eins/iot-biz.html Participants: See attendance list below - 31+ attendees. (several additional students dropped in for the keynote talks) Background of Participants: Business, Manufacturing, Law, Computer Science, Engineering, Policy. Number of Students participated: 7 Collaboration: with UK EPSRC Hub-of-all-things project, Finish National IoT programme, UK Catapult, RAND corporation Discussion Topics: As well as two keynotes, from Professor Irene Ng from the Warwick University, WMG and from Professor Sasu Tarkoma from Helsinki University, we had four breakout sessions, on Law, Analytics, Governance and Minimal Effective Deployment. See below at the end here for draft notes on the sessions. Outcome of the workshop: Several very useful results, especially from the four highly effective breakout groups: 1. Legal aspects of compliance 2. business cases for first movers 3. aggregation and privacy models Attendees Irene Ng Sasu Tarkoma Dr. Julien Mineraud, Helsinki Petri Savolainen, Helsinki Jon Crowcroft jon.crowcroft@cl.cam.ac.uk Amir Chaudhry Anil Madhavapeddy Helen Oliver "Bjoern A. Zeeb" "Eiko Yoneki" Neal Lathia Yan Shvartzshnaider Sarfraz Nawaz Jat Singh Kuan Hon "Skilton, Mark" Glenn Parry j cave ecsae@live.warwick.ac.uk Roger Cliffe "Sousa, Sonia" "Gunashekar, Salil" Rebecca Schindler (rand) Ma, Xiao Ewa Luger john Naughton Arosha.Bandara Anne Alexander Richard Mortier Vladimiro Sassone Paul Galwas References video from helsinki group: https://www.youtube.com/watch?v=JdgcHlMa4Jw Also looking at this on analytics: Frontiers in Massive Data Analysis Natl academy of sciences http://object.cato.org/sites/cato.org/files/pubs/pdf/pa755.pdf Responsible Counterterrorism Policy By John Mueller and Mark G. Stewart from cato inst - v. cool http://www.cato.org/publications/policy-analysis/responsible-counterterrorism-policy Homework: http://www.cs.nott.ac.uk/~rmm/papers/pdf/uist12-homework.pdf http://www.cs.nott.ac.uk/~rmm/papers/pdf/dis12-unremarkable.pdf ------- Break out group draft notes: -- Group: Law Notes: Compliance/ Legal Group -Compliance must balance against the need to be open (to engage with the market) -Tension - Compliance versus Supporting market needs -There are 4 things (a) security (b) confidentiality (c) privacy (d) trust The first 2 things are bounded; the second 2 are about perception – the HAT must be both private and seen to be private -The team have developed a principles-based approach (comments about ‘fair’ and ‘reasonable’ practice, which are contingent upon context – what is fair is different as the context shifts) -There will be an ‘exposure widget’ - the widget will let you know who you are sharing data with. The intention is that this will inform consent. -Question: The were questions over what happens if a HAT provider fails to comply? -Question: How do you make it legally enforceable? -Solution: We use the market as a penalty if you don’t comply -Compliance is put into the inbound and outbound API – compliance for the widget provider -All HATs are synchronized through the HAT foundation. Similar to iOS -Main Issue: Data will be hosted by a third part but own by someone else -Problem – you don’t own you data – you only have controls and rights -API – creative commons - can use it but can’t change it -All data is encrypted at all stages - at the API level -Consent occurs at the event level – the user create ‘events’ or those events are pushed at them from the widget (there will also be suggestions around what type of event the HAT community have created). -Informed consent is not the only legisitimsier for the processing of information in Europe. Though it has a stronger role in the US. -The HAT could offer ratings for ‘ratings’ for products for the level of data exposure occurs with your data. So, there could be an ‘F’ rating. BUT you don’t want the inbound API to be ‘HAT ready’. -Ideally they will bring people together to see ‘what should HAT look like’? To ensure that the HAT is compliance. -One of the overlooked issues is deletion of data after it has been used for the purpose for which it was intended. This done. DP laws are often largely ignored. – must make sure that these are reflecting the HAT widget. -Want to change the mechanisms of processing – computing can occur locally. -You can enforce the flow control (through having trusted partners) coupled with encryption -Technological measures of DP are more effective than legal controls -If it’s health data then you would want great protective controls – if it’s less important data then the controls could potentially be relaxed. ------ Group: Analytics Main topic:- Data & also monetization of said data. People don't understand the data! Described/broke down the Components of analytics... Discussed Personal data v. personal metadata... Semantics/meaning and control/ownership of data -> governance Empowerment - opting out - how? Cognitive v. experiential data changes depending on decision value : e.g. Jaguar/Landrover...data to make decision over model to buy might take months whereas deciding to buy a can of coke is "immediate". Highly different data to buy car compared with soda Uncertainty & realtime data (telemetry on front of car versus long term shampoo preferences.) Velocity of data - tricky! has to be in frame of decision making... Uses of data - social policy around definitions - case of airport, having been in north Africa....etc etc...is this a question for surveillance, or tourism targetted adverts! Aggregate v. individual/fine grain... Surveillance society...micro v. macro/granularity of data Important aspect: people change behaviour when they know their under observation! and everyone reacts differently! Efficacy of data w.r.t conversation... (provenance/audit) e.g. Round music industry...disruptive effect of data (positional intrinsic value from physical location of object v. digital is dislocated...) - corral ary - value of info and way impacts business models alters in cyberspace... Boxset for Rhianna (some) people will buy 120 quid, even though it could be free on iTunes - counter logic. -- EC regulation (that can become a directive) stipulates that the collection of any personal data is illegal. Observation: regulations are generally driven by scandals. There isn't one for IoT (yet). I would argue there isn't an IoT (yet). -- (Question) How can you opt-out of a system that by default collects personal data? Case in point: IoT smart homes, smart office, smart cities, etc. HAT: individuals can opt-in and opt-out. Possibilities to circumvent privacy problem: - through collection of anonymized data, - losing the geo-tags/locations, How about destroying information after processing it: collect -> process -> destroy? We should only care about the result. Though the result might in itself be indicative of the individual's personality. -- Ecosystem and output-based engineering has value e.g. phones/watches recording heart rate or other medical data. -- Epistemological problem of how data is collected, i.e. how believable, reliable, credible and usable is it? Questions arise such as why do I believe it? What makes this reliable? -- Velocity of information collection and speed of processing to make business decisions. It is about "value - market" more than "value - money". The definition of real-time and active systems might change with fast reactive devices. We are already seeing driver assist systems in BMW and Volvo automobiles that break when the vehicle gets dangerously close to the other vehicle. -- Spatio-temporal analysis to know what you might want to know (meta-data analysis). Possible use-cases: - prediction: can help prevent incidents or avail opportunities based on data analysis, e.g. LAPD uses live feeds of city activity (from roaming cops) to prevent possible crime. - mass personalization: personalized services, adverts/marketing, outing, etc. -- However, (awareness of) observation changes behavior (the Hawthorne effect). What about privacy (and ultimately freedom) of the individual if there is so much intended/unintended monitoring (sensors as monitoring devices)? This is a socio-philosophical question. -- Where there is data, there is data federation problem: IoT systems (and the system of IoT systems) will need to ingest all kinds of information in all kinds of formats. Either that or all systems conform to a standard. Not easy to make all parties conform to a standard (too restrictive). -- Data has been driving science disciplines such as physics and biology for some time now. Data is driving and will drive economy as well as socio-political concerns. An example is how Apple changed the music industry from product-driven (players, recorders, CDs, cassettes) to service-driven (iTunes store). Not sure people completely understand how it actually happened. It was a mix of a dedicated music device (iPod) + Apple/Job's marketing skills + Apple/Job's fan-base + ubiquity of digital format (MP3s, WMAs, AACs, ALACs). ------ Group: IoT control and regulatory issues High-level topics: 1. Hardware and software specifications, code safety and how it is taken into account in the ecosystem 2. Level of automation and how much the user is involved 3. Dynamic combination of IoT components 4. Privacy Notes from the group meeting 1. Hardware and software specifications, code safety and how it is taken into account in the ecosystem - APIs for control operations, need for API specifications - also hardware specification needs to be taken into account - operating specifications and conditions - safety, compiler/runtime ensures that safety requirements are maintain - regulation, certified code - unsafe code, iOS versus Android models - ecosystem: untrusted apps, semi-trusted, trusted certified apps (mathematical checks, formal verification), reputation system 2. Level of automation and how much the user is involved - How much automation is needed? how much should user be involved in the decision making? human-in-the-loop. - Apps as a interface for users toward IoT: Android permissions -> more configurability, options  - emotional context: what is the context - What about uncertainty? data is inaccurate and incomplete, what is the error? should be taken into account in the platform  3. Dynamic combination of IoT components - how to combine IoT systems? offline and runtime - Controller interference, heating and lighting, separation by design / enforcement - Blackboard solution for IoT - Interesting point on considering IoT Product lines, feature interaction - Toolkit for IoT 4. Privacy - How to protect privacy when data is being combined. - Visibility to the data. - Legal framework: purpose of data linked to the data. Overall - Tussle OS for IoT: separation of critical functions from non-critical functions. ----- Group: Minimal Deployment Levers The "killer app" type discussion: Is there something (like mobile game for Nokia, or app store for smart phone...) that would be the killer edge for IoT three ideas i) what things do people have/use already? apps/phone - apps for hat... ii) but what about horizontal efficiency&effectiveness: lives are full of interruptions - can we find something to take these away? iii) community or infrastructure based IoT society (s/I/we/) - i.e. "going social" might be a trigger for adoption So that's for the public: but what about firms? Further points: Aggregation&Independent HAT advisory Stream of relevance.... -----