Announcing: The Internet of Things

For those of us who believe that technology is a foundation for all industry – a horizontal feature, not a vertical – the recent interest in The Internet of Things is particularly vindicating.  The Internet of Things or “IoT” for short describes the larger network that is created by the inter-connection of  the traditional Internet and items you use everyday in the offline world.  IoT was mostly relegated to geek speak when it was first coined by a virtual team of RFID technology researchers in 1999, but lately it’s been experiencing a resurgence – as a pithy way to define the interconnected network of online and offline worlds, especially when the scenario involves RFID chips embedded in everyday items, allowing them to “talk” to the Internet.  Real world application? A user can communicate and control an RFID-enabled item – a car or kitchen appliance for example, using their computer or mobile phone.  This is the idea behind some of those really helpful mobile apps – like the one that turns your phone into a remote oven control.

At the moment, the IoT is really just a concept that is being researched and beta’ed. A recent presentation by Don Caprio of McKenna Aldridge suggests that in a decade the picture will be very different, and there will be billions of devices connected to the Internet worldwide.  In the US, the impact will be significant; Caprio estimates that each American will own at least 50 internet-enabled items, most of which will be “tagged” to that specific users.  Currently, the Internet could not handle this volume of web-enabled device traffic.  For IoT to progress from vision to reality, there must be “widespread deployment” of the next version of internet protocol – IP v.6 – which will allow for billions of additional, unique IP addresses.   This will involve considerable investment by the private sector – investment that probably won’t happen until regulators decide how to approach the big policy issues implicated by the IoT’s expansion – interoperability, data flows across jurisdiction, copyright, and of course, privacThis probably sounds familiar –  the scenario is similar to the current discussions around what should constitute effective regulation of cloud computing.

The implications for marketers and retailers are enormous.  The persistent harvesting of data at all points of customer contact – website, RFID-enabled device and retail stores – will help online marketers develop comprehensive customer profiles that will be worth their weight in gold to advertisers.  Retailers are already aware of the possibilities; Macy’s and Best Buy recently signed development deals for mobile, location-based applications that would “enhance the brick and mortar experience” by providing access to discounts and other promotions to offline shoppers.

But the privacy concerns posed by the IoT are enormous too.  A recent New York Times article discussed the probability of “online redlining” – where products and services are offered to some, but not all customers, based on usage data and statistical predictions.  Another recent article talks about how retailers use data to track spending habits – truly, the era of big brother surveillance in retail has already arrived.  These are just two examples of where the connection between online and offline worlds could result in more consumer harms than benefit.

Regulators are starting to awake to the connection.  Last week, Neelie Kroes, Commissioner for the EU’s Digital Agenda, spoke publicly about how an IoT might unfold and what policies would advance its development.  Her remarks followed on the recent announcements of  the EU’s Digital Agenda – which include increasing R&D for the relevant technologies that support advanced Internet deployment and adoption and increasing user trust in broadband technologies.  I have yet to see the IoT referenced publicly by a US regulator (I don’t recall it being raised in the recent FTC privacy workshops – but correct me if I’m wrong).  The issue is addressed to some degree in the discussion draft of federal privacy legislation that’s currently being circulated by Congressmen Rick Boucher and Cliff Stearns; the bill’s requirements apply equally to online and offline activities, and requires an explicit user “opt-in” before using location-based information for ad-targeting.

If anything, the IoT and the myriad privacy concerns raised by tracking an individuals use of everyday items are a helpful reminder that privacy concerns are not limited to the online world alone.   Indeed, if we want users to trust in this growing network of online and offline systems, then regulators must start treating the IoT as part of the Internet as a whole. And while online-specific issues – most prominently data privacy and security – have shaped much of the discussion around what constitutes adequate “information” privacy, it’s likely that offline issues will begin to influence the discussion.  As Jennifer Barrett of Acxiom, one of the nation’s largest data brokers, recently stated “the clear distinction that we had a number of years ago between online and offline [marketing methods] is blurring.”

What’s next? Perhaps we’ll look to Commissioner Kroes for the last word.  When asked whether she had a specific plan to support the IoT, Kroes borrowed another term – this time from Spanish author Antonio Machado – saying simply:  “”We have no road. We make the road by walking.”  I think that’s code for more discussions, more workshops, and definitely more speeches on the topic.