IoT: Internet of Toothbrushes?

The internet was once a network whose main job was to connect beasts of computers, often by way of a simple dial-up telephone line. Today nearly everyone has a smartphone with incredibly fast wireless internet, and you can even buy fridges and toasters that are ‘online’ 24/7. The internet is no longer a computer network, but a gigantic collection of digitally communicating devices - already numbering some tens of billions worldwide, which together form the Internet of Things (IoT). But how can we keep this system running, and how can we safeguard our privacy and maintain our security in the era of the Internet of Things? And who needs a toothbrush with an IP address anyway?

by
photo Shutterstock

To start with that last question: Tanir Özçelebi sees very few IoT applications that have any real added value for the user. “Many of the IoT solutions are actually more or less forced onto the users. I would not want to pay for a smart toothbrush. And who does?” Applications of the Internet of Things like these are, believes the Assistant Professor in System Architecture and Networking, of most interest to the manufacturer, who uses and sells the data. “These companies make more money selling data products than selling the device.”

Naturally, there are exceptions. Özçelebi says he never goes anywhere without Google Maps on his smartphone, and now there is the ‘smart thermostat’, a technology that has proven its worth. And, obviously, he sees the use of smart systems linked to lighting, an area he himself researches. “I think you can say that as individuals we don’t need IoT technology right away, but as society we do actually need some.”

Lighting systems

The Turkish scientist is leading the Bright Environments research program at the TU/e's Intelligent Lighting Institute. Given the presence of lighting in every room of every building, lighting systems form a very practical basis for all kinds of smart sensors communicating with one another via the internet, he explains.

“In the Atlas building, we will have an IoT lighting system, where all light endpoints and additional sensors will be IP-addressable. One project is to create a Seasonal Affective Disorder free building, led by professor Yvonne de Kort. The idea is that the lighting system collects your data in order to know exactly how much light you need during the day to stay SAD-free, perform well, and to sleep well at night.” A smart lighting system like this one can also be useful in saving energy, because the lighting is only switched on in those (parts of) offices which are actually occupied.

If you have ten thousand sensors in your building, with batteries that last a year, you have to change roughly thirty of them every day

Lifetime

As well as lighting systems, Özçelebi works on the life cycle of IoT devices. A very practical problem, for example, concerns the replacement of batteries in the countless sensors in our future ‘smart home’. “If you have ten thousand sensors in your building, with batteries that last a year, you have to change roughly thirty of them every day. So we’ll have to increase the lifetime of the batteries to ten or twenty years, close to the lifetime of the building. We try to do that using battery management, and by making more efficient devices. People are also looking into the wireless transmission of energy to solve this problem for small sensors, but I myself am not a strong believer in wireless energy harvesting for these systems. Not for the near future at least.”

To a certain extent, the Internet of Things has to be self-reliant. Having people check one component after the next the whole time is simply not feasible. The system needs to keep an eye on itself, and communicate its status automatically, Özçelebi points out. “If a sensor is close to running out of battery, I want it to call the maintenance guy and tell him to bring an AA battery without my being involved. And if something is wrong, I should not be required to find which one of the one hundred devices in my home is causing the problem. That is simply not doable.”

Communication between billions of components

If the Internet of Things is to be future-proof, new components must fit seamlessly into the existing system. Because Internet of Things networks comprise many components and they are continually in contact with the internet and each other, very efficient protocols are needed to organize their communication. A new generation of devices can't suddenly start speaking ‘a different language’ without potentially disastrous consequences. You don't want to have to throw out many of the old devices because they can no longer communicate with newer devices.

Özçelebi is optimistic about the chance of standard protocols for the Internet of Things being introduced in the foreseeable future. His colleague Georgios Exarchakos at Electrical Engineering has a less rosy view. He heads up the program related to the Internet of Things at the Data Science Center Eindhoven (DSC/e), in which his Turkish colleague is also participating. The Greek tells that a great deal of energy is going into producing the standards, but in practice this has little benefit - simply because there are already too many different standards that are incompatible with one another. “This really is a serious problem. You don’t want to have to change everything if one thing changes.”

The best solution, he believes, is to design the hardware of all devices in the Internet of Things in such a way that different types of software can run on it. Then any changes could simply be implemented by way of a software update. “In the end, a combination of standardization and flexibility will be needed,” Exarchakos thinks.

A great deal of energy is going into producing the standards, but this has little benefit because there are too many different standards.

Don't imagine that the Internet of Things is made up only of small devices. Electron microscopes costing millions, for example, are also connected to the internet, partly in order to store the microscopic data that's collected in the cloud. For systems of this kind the most convenient option, believes Exarchakos, is not to build new hardware on site, but simply to add it online using a rapid internet connection. As long, that is, as we are not talking about a new electron gun, deflection magnet or sample holder. But processors, for example, do not need to be physically connected to the device. “Calculation can be done in the cloud, or at another location in a supercomputer.”

In the ideal scenario, the device is so smart that it can decide for itself which type of connection is needed and what quality of data needs to be sent, explains Exarchakos. “An MRI scanner in a hospital might need an ‘optical wireless’ connection, but if there's not a lot of background noise, a lower standard will suffice.” Such flexibility helps make the Internet of Things future-proof, because it enables the system to make its own decisions without people needing to be involved, and without physical components needing to be adapted. And that is essential for a system with billions of these components.

Dark web

If maintenance is a task we have no choice but to leave to the Internet of Things to manage itself, the same has to be said of its security. And that is an important point, certainly if you consider that the electricity grid is also connected to the IoT, as will be self-driving cars in the future. This means not only must the system be protected against technical errors, it must be given the best possible means to combat people with malicious intentions.

As his career progressed, computer scientist Luca Allodi became intrigued by the sociological aspect of his profession. With questions like, What economic motives do hackers have? And why do they attack certain systems? To find out how cybercriminals collaborate, he learned some Russian and went undercover in Russian market places on the internet where ‘exploits’ are traded: computer instructions for exploiting weaknesses in digital security.

Criminal hackers' sites are remarkably well organized, the Assistant Professor at Mathematics and Computer Science points out. The internet criminals have not only a code of honor, but also a complete legal system designed to deal with rip-offs and scams. “With a court, the burden of proof, witnesses, everything. All on the dark web. The sanction is exclusion from the market, not jail time. That's where the underworld differs from legitimate business.”

The business model used by criminals who focus on the IoT is often extortion

Luca Allodi
Researcher Security Group Mathematics and Computer Science

It is important to know how cyber criminals work, the Italian stresses. “This is because there is an huge imbalance between an attack and defense: the attacker need focus only on a single weak spot, while the defense has to secure potentially everything. And that is impossible.” That is why it is important to know exactly what things are of economic interest to the hackers, he says, then you can make the best estimate of where you are likely to be attacked. “You cannot avoid being attacked so you have to focus on managing the risks.”

A striking example of a risk factor is the central locking used on doors, as found on the TU/e campus, explains Allodi. “The business model used by criminals who focus on the IoT is often extortion. An example is to lock people in a building and demand a ransom. There was a case of this at an Austrian hotel last year.”

Pessimistic

Whereas hacker-prone systems today are controlled centrally, they are less likely to be so in future, Allodi says. “Think of self-driving cars: they don't communicate with a central computer but they do communicate with each other. Using a continuous stream of updates to keep them fully secure may just be unfeasible. You are talking about perhaps billions of cars, and their update mechanisms remain unclear at the moment.”

Autonomous systems like this must be inherently safe, believes the Italian. “But I am pessimistic about the possibilities for achieving that. We computer scientists make these systems, but even so they do things even we didn't expect. This will only be aggravated if we start making self-learning decentralized networks of devices, as security tends to get worse as system complexity adds up.”

I am shocked by the type of user information new apps often collect

Safety and privacy are like Siamese twins on the classical internet, inseparable. On the Internet of Things their relationship is perhaps a little more complicated. If only because you can no longer withdraw from the arena. You simply can't log out anymore, as Katleen Gabriels puts it. This Flemish woman is Assistant Professor at the TU/e section Philosophy & Ethics and has written a popular scientific book, Onlife, about this issue, based on her postdoctoral research.”

The way Gabriels sees it, we need to make rigorous efforts to minimize the harmful effects of the IoT on our privacy. “I often attend conferences about internet technology and, to be honest, I am shocked by the type of user information new apps often collect. That the people who invent them then simply point out that the user gave permission when installing the app is something else I find shocking.”

Digital tracks

The large technology companies, often dubbed the ‘big five’ (Google, Facebook, Apple, Amazon and Microsoft), are the organizations ideally placed to benefit from the indelible digital tracks that everyone leaves behind in the Internet of Things era. Not only what you do on a computer or smartphone can be tracked, but also the information that smart devices pass on to their manufacturers (the smart toothbrush not only knows how well you brush, but can also estimate how late you go to bed, and perhaps how often you sleep elsewhere, and when).

For one-party states, this technology is enough to trigger a wet dream

Dubious companies aren't the only agents who can abuse these data. Since recently in China, for example, the streets have been hung with cameras whose facial recognition technology means they can track whether you run a red light. This information is linked to a national database in which everyone's 'social credit score' is logged, a score with far-reaching effects, including whether or not you are eligible for a job, or a home. Of course, criticism of those in power, spotted via whatever channel (online, security cameras or the smartphone that's eavesdropping) is disastrous for people living under such a system, Gabriels points out. “For one-party states, this technology is enough to trigger a wet dream.”

And the Internet of Things already exists, the philosopher admits. “This isn't a pipe dream. There are apps that can secretly analyze your driving style in the car. There are sites where you can watch non-stop what poorly secured security cameras are recording. People working at home are monitored by Time Doctor, software that makes screenshots to see what you are doing. And we even join in by choice: at Kruidvat drugstore, you can buy the Spotter, a GPS tracker you can use to trace your child at all times.” Which means hackers can too.

Privacy as showstopper

Exarchakos, a technology man himself, shares Gabriels’ concerns. If the privacy problems related to the IoT are not resolved, the entire technology may fall out of favor, he fears. “It will depend to a large extent on the privacy aspect whether society accepts this technology. Every generation has a different attitude towards privacy, but it's evident that people are now becoming increasingly skeptical. And rightly so, when you consider that a lot of personal data is being sold. As an individual you have little power in this discussion, so collective action is needed.”

This is a view Gabriels in turn fully endorses. And you can see that collective protest helps, she explains. “You really can prevent things: the body scans at American airports are now less revealing than they used to be.” Going to court can also help. “Facebook also tracks you on sites where it hosts only the Like functionality (not the site), even if you don’t have a Facebook account. We have to take strong action to stop that; Facebook was found guilty of breaching Belgian privacy law last February.”

In Gabriels' opinion, the new European privacy law that came into force on May 25, the General Data Protection Regulation (AVG), is a good step in the right direction. “This law insures that for new devices and applications, privacy is part of the design.” In any case, without a doubt, Europe is ahead of United States where privacy is concerned, says Gabriels. There, even medical data can be sold by law. “Fortunately that is prohibited in Europe.”

Promise or specter?

The Internet of Things offers almost unlimited possibilities for collecting current information and this is undoubtedly generating valuable knowledge that can be put to good use. But this technological promise also has a flip side, as the conversations with the experts featured in this piece made clear, at times almost painfully so.  

First and foremost, the IoT is so extensive and complex that in time the only thing capable of maintaining it will be itself –the job is simply too big for humanity. The loss of control that this seems inevitably to involve gives food for thought.

Towards the end of his life, the late Stephen Hawking warned of the dangers of artificial intelligence. He referred explicitly to autonomous weapons systems, among other things, but in a certain sense the Internet of Things is one large artificial brain in development. If at some stage we are no longer able to control this brain, then giving serious thought to an inherently safe design is the least we should do.

Whether we would be better off having full control of the Internet of Things is highly debatable, though. Having control of the IoT basically comes down to having access to sensitive information about every person in the developed world. This may make decentralizing the IoT – chopping up the network into relatively independent clusters - not only a technical necessity, but also highly desirable if we want to keep a certain degree of privacy – and thus our freedom.

So the question is whether ultimately the benefits of the Internet of Things will prove to outweigh the drawbacks. Personally, for the time being at least, I'm inclined to stick with a toothbrush that doesn't have Bluetooth.

Share this article