June 6, 2017

The Internet of Things Connectivity Binge: What Are the Implications?

Theme 5: Human ingenuity and risk-mitigation strategies will make the Internet of Things safer

A large share of these experts wrote about the ways in which solutions might be found to mitigate the risks posed by highly connected life. Some expressed hopes that market forces might punish Internet of Things creators if they do not build safe and reliable products and come to an agreement on appropriate system standards. Some predicted there will be consumer protests that might shame makers of shoddy products. Others expressed the hope that the ever-evolving code underlying the IoT and its connected items will be intentionally aimed – as a first priority – at security, safety and human rights while keeping up with the emergence of negative exploitations of the IoT. And they predicted that there may be solutions that could wall off mass-scale attacks on the IoT.

Effective regulatory and technology-based remedies will emerge to reduce threats

An anonymous vice president of global engagement replied, “The hacks and attacks to come will be followed by market-driven and regulated demands for increased security and resilience measures, rather than people deciding to disconnect.”

Hacks, ransomware and so forth will continue to be a game that we play, but the market will generate fixes and provide services to continue to allow people to participate online.
Susan Price

Robert Bell, co-founder of the Intelligent Community Forum, wrote, “Sooner or later, there is going to be a significant wave of cybercrime that makes every company in the ecosystem and every user wake up to the dangers. We may see a step back at that point, but I have confidence that services providers on one side and the users themselves will find solutions that strengthen security online. It unfortunately takes a crisis to make people care.”

David Karger, a professor of computer science at MIT, said, “As it becomes ever easier for computers to kill people, I do expect a dramatic increase in pressure on people in the computing industry to develop more trustworthy and reliable computing systems. There are ways to do that, but they come with costs in time, effort and money that haven’t yet been seen as worth it. I do expect some highly visible and severe incidents to occur, but I expect that people’s chronic preference for fun/convenience over safety (consider the number of people who still smoke, ride motorcycles, play football, etc.) will continue to drive adoption of risky but convenient IoT technologies.”

Brian Behlendorf, executive director of the Hyperledger Project at the Linux Foundation, wrote, “A greater premium than before will be placed on systems that are resilient to failures of different sorts; are focused on individual sovereignty (e.g., personal control over personal technology, if not control over one’s personal data); and are interrogatable (able to answer the question of ‘why’ – why it did a certain thing, or recommends a certain course of action). Those greater premiums may be expressed in the form of regulations, or in lower insurance premiums, or in new consumer meta-brands that operate like ‘organic’ did.”

An anonymous associate professor active in wireless research said, “The Internet of Things is a cyberphysical security disaster in the making. Think Sony Pictures (the company was being run by North Korean-employed hackers for some weeks) times 50 billion networked things. Now that is a disaster movie I never want to see. These IoT risks will lead many sensible people to be very wary of the first-generation crap now on offer by Silicon Valley Unicorns and the usual-suspect firms. A new model for cyberphysical system security is needed if it is to be advisable for people to have faith that Internet of Things devices and objects are safe to use and can be relied upon. Fortunately, some of us have been working on such a model for 15 years. The Open Specifications Model for Wireless Grids in the Internet of Things version 0.4 was released in the fall of 2016, incorporating blockchain, military-grade, embedded system security mechanisms and role-based access control to make the Internet of Things safe. We hope :). The most likely damage is that which is present today, where malware and specifically ransomware takes over carelessly guarded or unprotected systems.”

An anonymous professor of computing observed, “Different devices can cause different damages (e.g., cars can crash, but a toaster cannot move). Since there is no universal technique for guaranteeing the safety of disconnected devices, it is unlikely that we will be able to develop such universal safety techniques for networked devices. Nevertheless, Underwriters Laboratories does a good job of certifying disconnected devices through experimental measurements. Perhaps a similar experimental approach could be used to certify networked devices as well.”

Susan Price, digital architect at Continuum Analytics, wrote, “I do hope that blockchain technologies and user-empowering identity and data management platforms will emerge to enable users to have a better understanding of the value of their data and give them opportunities to monetize it – or at a minimum, a much more sophisticated awareness of its existence, who has access to it, and its uses. Hacks, ransomware and so forth will continue to be a game that we play, but the market will generate fixes and provide services to continue to allow people to participate online. There’s too much potential benefit for citizens and vendors for such activity to cease.”

An anonymous respondent commented, “We need to throw a lot of engineers at it and perfect AI learning engines aimed at real-time safety systems when objects interface with humans.”

Joan Noguera, a professor at the University of Valencia Institute for Local Development, replied, “Prevention mechanisms (anti-hacker, anti-virus, etc.) will most probably be improved, thus diminishing the risks of connectivity.”

Jeff Kaluski, who did not share additional identifying details, commented, “Trust is going up as security vulnerabilities are being found and patched; hackers are having a harder time once the potential pitfalls are published. Open source will be the path that the IoT will be secured along.”

An anonymous principal at a communications consultancy with previous top-level experience at several of the world’s top technology companies said, “Government must work with the tech sector on smart solutions for better security. And yes, it is possible to network objects that will generally remain safe for the vast majority. That’s the case now.”

Isto Huvila, a professor at Uppsala University, wrote, “Natural disasters and human action are the most likely threats. The best possible way of securing connectedness is to see to it that systems are autonomous, regional and local and do not rely on the functionality and presence of specific global infrastructures. That online systems can function on a municipal, regional and country level, [assuring] that infrastructures do not rely on each other.”

The train cannot be stopped anymore. Technology providers need to be aware of their responsibility.
Thomas Keller

Ray Schroeder, associate vice chancellor for online learning at the University of Illinois, Springfield, commented, “The Internet of Things will continue to rapidly grow and become more reliable with time. Connectivity and networking will become the lifeblood of effective tools and technologies. Systems will be hardened against intrusion and disruption. While hacking battles may persist, effective technologies will continue to adapt and advance to remain one step ahead of the black hats.”

David Morar, a doctoral student and Google policy fellow at George Mason University, replied, “If engineers and policymakers are able to create infrastructures and standards that prioritize privacy and security, the future will be slightly less dangerous. If one examines technological innovation, the most glaring thing that pops out is that path dependency plays an important part. If the initial steps are not guided by what can already be identified as potential future issues, then the work of mitigation and consolidation later on will be much more difficult. A total reliance on connected software for almost everything in our lives will lead to a significant dependence on technology. After a few generations of such dependence, a critical failure in the system would nearly cripple the world. Thus, another concern that should be addressed would be to prepare for a temporary shutdown of our connected systems, just like we do now for potential power outages.”

Thomas Keller, head of domain services at 1&1 Internet SE, based in Germany, and active ICANN leader, wrote, “The train cannot be stopped anymore. Technology providers need to be aware of their responsibility.”

John B. Keller, a director of eLearning, said, “We need override capabilities and firewalls that will keep contamination from spreading virally. This is especially important in any system that could be directly or indirectly associated with human safety (e.g., navigation, air quality, water quality, food safety). We must have ways to minimize the opportunity that such systems would be compromised and should insist on designs that allow for quarantining to mitigate the effect of malicious or inadvertent corruption.”

Erik Anderson, who did not share additional identifying details, replied, “Devices will always have vulnerabilities. You must stop investing [only in] firewalls and other perimeter security. You must add security at the data level. Secure objects that remain secure regardless of whether they are in motion or at rest. Look at Constructive Key Management (CKM).”

LT Wilson, who did not provide other identifying details, said, “We’ll collectively learn as we go. Advances and vulnerabilities and fixes will successively ladder up.”

An anonymous executive director at a major provider of open source software observed, “Most of us will become more connected – and we won’t see the trade-offs – privacy, security, personal agency, risk of failed systems. At some point, market actors will emerge to give people a connected life with fewer trade-offs and more control. But this will take a long time.”

An anonymous managing director replied, “Better underlying infrastructure – in hardware and software – will be developed (two steps forward, one step backward, but progress will be made). Better systems will be developed to limit the damage. It will remain a cat-and-mouse game. If populist governments are able to use the internet (via Facebook, Google, etc.) for their hideous purposes, things will change and people will become far more careful.”

An anonymous professor at a major university commented, “Technology companies will respond to threats by making connected devices more secure. They will tout this security as a competitive feature of their products.”

Michael Dyer, computer science professor at the University of California, Los Angeles, said, “I am not a networking expert, but researchers in networking are developing distributed systems that produce quality of service while remaining robust under a wide variety of perturbations.”

An anonymous executive producer and creative director commented, “Theft of money, data and identity. Attacks on the government by other nations and organizations. The solution is to create the best super-intelligent AI at any cost and have its interests aligned with ours.”

Ed Dodds, a digital strategist, wrote, “Most ‘hacks’ are still a case where a database administrator is on two payrolls at once (i.e., thumb drives walk). Government IT contractors will continue to classify unnecessary amounts of materials at a ‘top secret’ level so as to make their services appear indispensable and un-auditable. Private software-defined networks are likely to proliferate as a means to limit some outsider access to the connected sensor grids.”

Dariusz Jemielniak, professor of management at Kozminski University and Wikimedia Foundation trustee, said, “Current technology already offers much higher levels of security than the market actually uses; there is a scope for radical improvement if people demand it.”

Malcolm Pell, an IT consultant, observed, “Too many manufacturers, OEMs, developers see effective security as a cost burden. Also, how do we maintain the security of legacy and unsupported and obsolete devices?”

Barry Chudakov, founder and principal at Sertain Research and StreamFuzion Corp., replied, “Sanjay Sarma, [MIT professor and] one of the fathers of the IoT, points to a potential cause of networked-object damage when he says there are too many standards and not enough commercial, academic and government coordination to help create a dominant IoT architecture: ‘Outside of a few exceptions there are no toolkits and everything is open-ended.’ … Manoj Saxena, executive chairman of Cognitive Scale, says computers are super-intelligent, they are not super-conscious. It is now incumbent upon us – and of course the creators of the Internet of Things – to bring awareness and consciousness not only to the objects we use, but also to the people who use them. This is something for which we are mostly unprepared. … The way to network physical objects in such a way that they will generally remain safe constitutes an entirely new industry, or at least a sub-industry: communicating about the nature of connected objects (how do they think and what does that thinking mean for you); explaining hidden functions and processes or making those functions and processes completely transparent; and enlightening the users of those objects about possibilities and dangers. … Sarma posits three important steps for making things more secure and safe: 1) agreement on a system architecture, 2) development of open standards reflecting the best architectural choices, and 3) creation of a DARPA-like test facility where best practices can be designed and perfected.”

Adrian Hope-Bailie, standards officer at Ripple, said, “The vendors who provide Internet of Things services to users will be measured in some way on how well they protect their users, so market pressure will force them to continue to try and stay ahead of the curve with respect to security.”

David Williams, who did not share additional identifying details, said, “We are in for a rocky ride. There are sure to be many very high-profile cases of that connectivity being abused. One of the bigger challenges we’re faced with is how to ensure all those new connected ‘things’ are connected securely and yet able to be safely updated as new bugs and vulnerabilities are found. Things like Wi-Fi access points and cable modems are cautionary tales as they often are tuned on, connected and never patched. That security patching has to be built-in, bulletproof and secure. Manufacturers need to have the cost of patching and maintaining those ‘things’ built into their costs, perhaps covered by a ‘thing’ annuity that would ensure funding for maintenance over the long haul and across mergers and acquisitions.”

Ryan Hayes, owner of Fit to Tweet, commented, “It’s true that our attack surface will just keep increasing as we surround ourselves with devices, but defenses are getting more capable as well (analogous to how people used to leave their houses unlocked when communities were more simple but today they have elaborate security systems and cameras, etc.). What I hope and expect to see coming into the market soon are more tools that use AI to study home network activity and identify anomalies instantly (so if your toothbrush suddenly starts sending large data files to some server overseas it flags and stops that quickly). Protecting home networks needs to be more of the focus as that’s the big weak point right now.”

David Krieger, director of the Institute for Communication & Leadership, based in Switzerland, commented, “System crashes pose a greater threat than cyber warfare or criminality. Much more work has to be done on data security, AI security, etc., which must be based on global governance structures beyond nationalistic self-interest. Techno-socially, engineering will become a question of ‘design,’ that is, accounting for all possibilities in the most efficient and aesthetically acceptable way.”

Transparency will emerge regarding who has the best interests of global citizens at heart, and who is a manipulating mercenary.
Anonymous president of
a consulting firm

An anonymous director of human rights replied, “People will likely have to actively choose to disconnect, meaning that many will automatically become more connected. Governments and companies should consider connectedness by consent instead of by default as a guiding principle, along with articulating clear and effective privacy protections and safeguards – including greater liability for private actors involved in serious privacy breeches.”

Several respondents expressed the hope or expectation that global technology companies will become more willing to be transparent about their processes, security and other aspects of connectedness important to the individuals they serve.

An anonymous president of a consulting firm replied, “Transparency will emerge regarding who has the best interests of global citizens at heart, and who is a manipulating mercenary. The politics of control and the politics of appearances will give way to the politics of transparency, which will force corporations to do the right thing for humanity regardless of whether they want to, or not. The sheer volume of discounts made possible when hundreds of millions participate creates a whole new set of global dynamics ripe for innovation. The battle between good and evil will continue online. At issue is which side the majority of the global population makes the choice to join based on personal values. The dire need is for everyone to understand how to achieve a win-win for all citizens globally to actively participate in the interconnected global economy.”

Chris Zwemke, a web developer, said, “The Internet of Things is but a giant playground. As people become more and more aware of security and algorithm dangers, the bar for what is a useful ‘thing’ will continue to rise. … What we connect to will shift. People will realize the safety perils of cameras and interconnected cars. The age of having dozens of devices on Wi-Fi will come to an end before the decade and a superior, secure wireless format will emerge. First from a consortium of the typical large industrial players (Google, Apple, Microsoft, Verizon, AT&T, GE, etc.) but it will morph into a regulated space, much like television and radio. I have no idea what the answer will be, but there will be one. Once the secure and trustworthy communication is found and proven, the rise of smart cars and appliances will start in earnest. However that rise is more than a decade away. In the same time span, culture will realize some of our connected things are in fact dumb – the smart toothbrush – and the utility of connected things will rise. Perhaps a hurdle of regulation and openness will force the lesser-quality actors out of the field and into the black market where they won’t have anything more than a pestering impact.”

Some respondents speculated on ways in which individuals might handle taking some control of personal safety.

Cristóbal Palmer, technical director at ibiblio.org, commented, “People are likely to get more sophisticated about segmenting networks, using distinct personas for different devices, and other steps to mitigate the risks associated with what some call ‘The Internet of Unpatchable Crap.’”

An anonymous respondent wrote, “Some sort of ‘airplane mode’ will become more common, and a sizable minority of people will use it regularly, but most will not disconnect entirely.”

An anonymous system analyst commented, “I think that, in fact, people will choose to create some kind of ‘disconnection sanctum,’ maybe a corner in their house, or an office, or even going into a cafeteria, time after time, where they’ll give away their connections and stay offline for a while, so they can ‘breathe in.’”

An anonymous respondent replied, “People who see their only option as being exploited will disconnect from whatever is exploiting them, once they learn what’s really going on. … Everything depends on the quality of mentorship, training, and ongoing support within a trusted support network working to limit online risks and maximize online benefits requiring the least investment in time, energy, cost and prerequisite literacy.”

Will Kent, an e-resources staff member at Loyola University-Chicago, used a historical reference to early mail service to introduce more-modern measures needed today, writing, “Two hundred years ago we were able to make mail safe enough to become the relied upon technology for all sorts of information (health care, social, civic, economic, etc.) so it seems like there should be a safe digital analogue in the technology somehow. It may take business embracing privacy in order to do it (like the government respecting privacy with physical mail). It will also take coordination and de-centralization to preserve balance, back-up and adaptive support to ongoing threats with developing technologies. Lastly, and most problematically, it will take the vigilance of users to demand protection, oversight and transparency. This is the only way we will be able to fix damaged devices in networks or reconfigure things on the fly or call out attackers. As it stands, this conversation is over and things will become more connected. Authoritative bodies must advocate for user education and safety. Even if this is a priority for some, it is not a common practice for all.”

Edward Friedman, emeritus professor of technology management at the Stevens Institute of Technology, replied, “These new technologies will not emerge overnight. As they evolve, people will have an opportunity to evaluate them and adapt to new connections in a judicious fashion. The technology of safeguards will also be evolving and becoming more effective.”

Additional anonymous respondents chimed in on risk mitigation:

  • “People won’t stop to think about risks they don’t even understand.”
  • “Better responses to these threats will be developed once more people are involved.”
  • “With some basic precautions (VPN, SSL, HTTPS, good passwords), I can for the most part participate in the available connected life.”
  • “Vulnerabilities will delay but not prevent the inevitability of the connected life.”
  • “Problems resulting in injury or death will be addressed after the fact using best practices that are good enough for insurers.”
  • “While it is possible to improve safety, [a] sense of public responsibility needs to be aimed at the legislators and large corporations with the power to create better security.”
  • “More attention is being given to these safety issues by government agencies and efforts are underway to increase digital infrastructure security.”
  • “These systems will need to change from being cast in stone (not upgradeable with bug fixes and security fixes) to being upgradeable in the field.”
  • “Safety-critical systems will be [created], and hopefully will be designed to a higher standard and be ‘fail safe.’ In many cases the networking is just a gimmick and provides not real benefit (such as smart homes).”

Governments should be doing more to regulate negligent companies, punish bad actors

Many respondents called upon government to do a better job holding both the IoT companies that are building the systems and devices and those who perpetrate crimes accountable for their actions. Some said profit considerations are generally prioritized above security in the research, development and rollout of IoT-connected devices and services, and bad actors are often not penalized, from companies that are negligent in the creation of IoT products to criminals or crackers who take negative actions.

The issue of how much trust will exist in the face of heightened vulnerabilities likely will be decided on how effective government regulation is and how quickly it goes into effect.
Evan Selinger

M.E. Kabay, professor of computer information systems at Norwich University, wrote, “The IoT will result in even greater numbers of systems compromised by criminals to create ever-larger botnets (networks of ‘zombie’ computers responding to instructions from ‘master’ systems). Botnets are used for generating spam (unsolicited commercial email), and especially for fraud. Use the search string < refrigerator used for botnet > for example. Distribution of malware such as ransomware is also facilitated by botnets. Botnets are also used for distributed denial-of-service (DDoS) attacks, in which targets are flooded with overwhelming traffic that can slow response time or even crash the targets. Some of the IoT includes controllers for critical infrastructure. The Stuxnet attack on Siemens centrifuges in Iran and other countries demonstrated the long-standing view of information warfare specialists that unprotected or under-protected supervisory control and data acquisition (SCADA) systems could be subverted to cause significant real-world damage, not just effects on information alone. Medical IoT devices are particularly significant when considering possible damage to people; so are connected automobiles, which have become computers with wheels. There are already many examples of how cars can be hacked at a distance; use the search string < car hacked crash > for reports. The fundamental issue is that security is an afterthought for much of the IoT; the manufacturers bear few consequences for misuse of their poorly engineered systems, so some managers elect to shift costs away from their development process and simply let consumers bear the brunt of the damages. The calculation is that they can pay less in fines than for better security. The notorious Ford Pinto exploding gasoline tanks is the classic example of this cost-shifting approach. There is no reason that IoT security cannot be improved; however, under the current economic system it is largely free from independent regulation. When IoT devices are subject to the same stringent requirements that pharmaceuticals must meet, we will see some reduction of risk.”

An anonymous respondent said, “The IoT will increase the pervasiveness of ‘transactional overhead’ problems (e.g., adver-surveillance). The desire by IoT providers to preserve the supplemental commercial opportunities afforded by such unwanted side channels will make the IoT less secure, and thus contribute to more frequent and severe incidents over time, but these are unlikely to deter the vast majority of consumers from embracing the IoT more and more unless/until some profoundly disruptive and unavoidably high-profile incident interrupts the trend.” Another anonymous respondent wrote, “The necessary incentives to employ and upgrade and maintain the highest security levels of the IoT, may not be able to be driven by market forces – it remains to be seen.” And another said, “Online security breaches are going to be a pervasive part of life from here out.”

Matt Hamblen, senior editor at Computerworld, wrote, “Governments in some countries seem on top of the dangers, but the U.S. government is clearly not up to the task and doesn’t seem aware of the dangers or equipped to deal with them as there is a very small consumer protection establishment in place.”

Evan Selinger, professor of philosophy at the Rochester Institute of Technology, said, “The issue of how much trust will exist in the face of heightened vulnerabilities likely will be decided on how effective government regulation is and how quickly it goes into effect. For example, in “The Internet of Heirloom and Disposable Things” [an article published in the North Carolina Journal of Law and Technology], Woodrow Hartzog and I argue that not enough regulatory emphasis is being placed on the different kinds of things that can be wired up online. In some cases, the different lifespans between IoT software and IoT objects can be staggering.”

An anonymous emeritus professor at a large state university observed, “I see no signs that governments, as presently oriented and influenced, will even attempt to limit the harms that result from a connected Internet of Things. … Catastrophic failures will occur, and our responses will be inadequate, in part because a population that has become dependent upon this network will not be willing to shut it down.”

An anonymous respondent commented, “Governments won’t be able to do anything as long as they remain willfully ignorant about how these systems work, and they continue to attack security researchers, encryption manufacturers, etc. If they actually worked to create knowledgeable groups within government about technology/networks they might be able to create some headway by requiring security audits and strongly encouraging (or even requiring) FOSS software on network-critical points that might be able to interrupt some attacks. Technologists would need to critically assess what is going on, instead of assuming that there will be some sort of technological breakthrough (quantum computing for example) that will wave a magic wand to fix everything. Air gapping is possible but would require a complete reversal of the present course. This simply won’t happen in 99%+ of situations.”

George McKee, a retired research scientist who began online in 1974, replied, “Governments will be compelled to step in with regulations regarding ‘fail-safe’ modes and for ‘living will’ provisions for security updates and continued operation of backend systems supporting internet-connected devices. This is unfortunately likely to happen only after serious injuries and lost lives occur.”

Christine (Malina) Maxwell, entrepreneur and program manager of learning technologies at the University of Texas, Dallas, replied, “Cyberwarfare is real – major breakdowns are more likely to occur as the IoT goes ‘mainstream.’ There will need to be far more collaboration among governments and technologists to thwart ever-more-sophisticated cyberattacks. The public should be educated on the impact of the Semantic Web – and it should learn swiftly why it should be pushing for IPv6!”

An anonymous vice president of product at a new startup observed, “The big threat is the deplorable level of security in the Internet of Things ecosystem. … A combination of an industry standards certification approach like Underwriters Laboratory and regulatory oversight like the Consumer Product Safety Commission could help.”

An anonymous principal architect at Microsoft wrote, “Increased use of IoT devices is inevitable – but many of these devices are negligently designed. Their designers will need to face civil and criminal liability before they clean up their act.”

An anonymous software engineer wrote, “More people will be more deeply connected despite potential dangers. The system is not closed and will iterate to a balanced trade-off between benefit and risk. It’s not possible to be generally safe with any technology and the benefits will not be worth either the risk or the cost of security, so use will be more limited than the hype suggests. Government intervention will be late to the party and mostly ineffective other than to assign liability. Technologists will have solutions but will be mostly ignored by management until there is liability risk to them. Naturally evolving standards in the marketplace can have a mitigating effect on security risks.”

An anonymous respondent observed, “From my own experience, I have moved more into networking because it simply has become too much of a nuisance not to. I don’t like it, though, and I don’t believe it is very safe. A government approach to safety might involve a complex physical token that must be read along with a password. The Japanese ‘inkan’ seal might be the basis of such a system. However, could it be easily replicated by a 3D scanner/printer? It seems to me that flaws and insecurity are inherent in digital computer technology and will get worse when physical systems are more inter-networked.”

An anonymous respondent observed, “The Internet of Things is far more likely to manifest as a collection of unconnected wide-area networks – all the traffic lights in my town, not all in my country. Of course things will be rushed to market and products will be badly designed and poorly made (see any other innovation). Eventually there will be standards and hardening, physical and logical separation, etc. Early adopters like the Netherlands and Singapore are more likely to take a practical approach to implementation than places like the U.S. This means we’ll end up with two standards – the global standard and the American standard. And they won’t cooperate.”

Another anonymous respondent replied, “It is not possible to run an open network safely. The internet was not intended for this and all the Band-Aids and new ideas they apply won’t make it so. Either they have to lock down the internet so they can do this, or they have to give up on this to keep what is good about it already. Strict liability for anyone who holds data would be a good start. Ninety-nine percent of our problems are from organizations keeping people’s private data that they have no legitimate need for, and then it gets stolen. Stop keeping the data, security rises exponentially and then other things might be possible.”

A cohort of respondents talked about basic forces that might work to mitigate some key problems in the IoT space, but also added that they are not sure the perpetual fixes will ever enough to beat back bad actors. Some said no matter what happens, the threats accompanying complicated connected digital systems are never likely to be completely conquered.

An anonymous respondent with the Internet Engineering Task Force said, “The advantages [of the IoT] are compelling. But the risks are, too. There will be some major public failures. Hopefully these will motivate tightening up the systems so people can continue to use them. But the problems will not go away, just as crime never goes away in the physical world.”

Chris Showell, an independent health informatics researcher, said, “I have argued in ‘Risk and the Internet of Things: Damocles, Pythia or Pandora?’ … 1) These risks should be viewed as similar in nature to ecological risks, and … the precautionary principle should moderate the widespread introduction and use of the IoT. Making these devices ‘safe’ will be almost impossible. A number of manufacturers and vendors pay insufficient attention to device security … and may even weaken security settings in the user environment. 2) Reliably upgrading the embedded security of these low-power devices retrospectively will be near impossible in a dispersed domestic setting.”

Andrias Yose, a global freelancer, wrote, “The possibility to network physical objects in such a way that they will generally remain safe for the vast majority most of the time? Not very likely when humans with humans’ self-will or self-determination are involved. The most likely kind of physical/human damage that will occur when things are networked [is tied to the things that] make humans human; personal security; identity theft; deep(er) self-reflection/introspection on things in general or of interest; national security threats. Governments and technologists respond to make things more secure and safe: more laws; more spying; more safety nets or safeguards; incrementally complex encryption and/or protection (also with loopholes), all of which will be created with unthought-of loopholes.”

An anonymous assistant professor at a U.S. state university said, “This is the hardest to project. It depends on how public policy addresses the security of information online and the protections the governments provide from cyberattacks and the like. The federal government has struggled to develop a comprehensive policy to these ends, and if that continues, and cyberattacks intensify, it is likely that the government acts in response to any serious uptick rather quickly, preserving public trust. But ultimately it will depend on appropriate government action.”