August 2024 - For this interview, we hear from Rob van Kranenburg who is a veteran of the IoT industry and founder of the IoT Council. Rob describes his first encounter with IoT concepts and how they transformed his world outlook and career path. He also talks about why it is important for the IoT community to address policy challenges as much as cybersecurity and technology ones.
Q: Would you begin by introducing yourself to our readers?
RvK: I am a Dutchman, living in Belgium and interested in origins, how things start, and how they evolve. My background is in language and literature. I also have an interest in helping engineers to think about being more political. Many people know me from my involvement in promoting a global community around the Internet of Things (IoT) and for World IoT Day which falls every 9 April.
Q: Describe your current role and professional activities/interests.
RvK: For the past two years, I have been working as the Chief Innovation Officer for Asvin, which is a small-to-medium sized enterprise based in Stuttgart (Germany). We focus on cybersecurity, and we help businesses to protect themselves and their valuable data in relation to supply chains and the need for end-to-end security. We also look broader than defence to resilience and risk by context management.
Q: How did you first get involved with the IoT?
RvK: In 1999, I was teaching in the Film and TV department at the University of Amsterdam. I went to the I3 conference on the Disappearing Computer because of my interest in mixing literature and computer hypertext. There was a lot of discussion among the three hundred attendees about ubiquitous computing and ambient intelligence. People spoke about having Bluetooth everywhere and being able to point to a tree and a screen would pop up to get information about it. In time, everything came true. However, it was not via a screen but through Smartphones. There were a lot of hardware and software experts at the event, but they lacked experience in interface design. In any case, I came away from the event completely changed.
In subsequent years, I got together with some techno-social friends to build a response to these ideas. We aimed to counter the potential surveillance capitalism that we felt was in IoT with open hardware and community development. Around the same time Katherine Albrecht was working on anti-RFID protests. She thought time in Brussels and Washington DC was a waste. I felt that IoT, Big Data and AI was inevitable. There was such a strong convergence in its favour.
I then wrote a book about RFID and the IoT because I felt that there was no point in being only negative about surveillance. There are other very positive trajectories happening. Businesses were desperate to get a perspective about their supply chains and there was a huge appetite for data – the more the better.
Then, my text came to the attention of Gérald Santucci, who ran the RFID/IoT Group at the European Commission’s Directorate-General for Communication Networks, Content and Technology (DG CONNECT). He particularly liked my idea to go from privacy to privacies (situation specific information). He invited me to be a part of the IoT-A project which set out to define a reference architecture for the IoT.
Around 2009, I set up the IoT Council, based on a mailing list of industry and other experts to share knowledge about this emerging industry. My work with EU projects continued because there was a lot of interest at that time in building Europe’s cloud infrastructure and IoT platforms. To some extent, that was motivated by developments in large-provider businesses, like the cloud providers or gatekeepers as we now refer to them. My idea of Europe having its own cloud infrastructure was to build on a base of 500 million phones to leverage that data with security guarantees instead of having data to make large companies profitable.
Q: Does the evolution in your professional interests and career pathway say anything about how the IoT market is evolving?
RvK: Yes, recently there has been interest in data minimisation as a technique to reduce your cybersecurity risk, for compliance purposes and, to protect your privacy. It is a reversal from the past in that less data might be better. This is what leads to the idea of disposable identities or self-sovereign identities that cannot be traced back to the owner (or only under specific circumstances).
Let me give you an example. A person might want to create an identity for a service, such as paying rent for their house. The house owner just needs to know that you can pay - you send a token stating that. They should not need other information about you. If you do not pay, information about you will be disclosed. At the moment, they can demand a lot more.
Q: You recently canvassed opinions from people about their first encounter with the IoT. What themes or surprises caught your attention?
RvK: Yes, I put out an open call to people on the IoT Council mailing list to ask about their memories and their first involvement with the IoT. These people look at things from many different angles, but one common observation was about connectivity. Everybody sees a little bit more connectivity in what they are doing and then, suddenly, people notice that that connectivity is driving what they do and changing things.
I would say that the other common observation about IoT is that it is horizontal. It is just a term we use to describe connectivity.
Q: What are your views on the market dynamics of the IoT sector?
RvK: The telecoms operators still have a basic role, but they need to recognize that the notion of connectivity is shifting.
Compliance is going to be a big driver with the EU’s Cybersecurity Act and the set of seventeen Acts and Directives linked to the EU’s Digital Strategy.
I mentioned that IoT is horizontal. The recent CrowdStrike incident reveals how everything is so connected, horizontally. We should see changes in pricing as providers build more hardware and software security capabilities into systems to avoid future incidents.
The proliferation of data has consequences for cloud storage, so the industry is going to need to work on new ideas for water consumption (for data centre cooling) and energy use.
Q: Is the IoT experiencing a resurgence and, if so, what advice would you offer to people entering the IoT industry and businesses that are pursuing adoption?
RvK: That is very difficult to answer given my own unusual, career path, but I think it is best to be broadly interested and focus on what you really want to do even if it is difficult to find a job. Maybe it is best for them to travel for a year. Be interested in change and how things change. Organize online through all the tools but also locally in your street and neighbourhood. Ask your local shops what they need and see if IoT and AI can provide that.
When it comes to the IoT, one thing that has changed is the branding. In the past, we had terms such as RFID and ‘ambient internet’ which people associated with single companies, P&G and Philips in these two cases. Now, that the IoT term is generic, there is more willingness to embrace it without fear of being tied into a single provider.
Q: What are views on oneM2M as a technical standard?
RvK: The fact that oneM2M has been relevant for the past 12 years testifies to its success. Having a firm foot in regions like Europe, the US and Korea shows it is global. The three-layer architecture is a brilliant idea to explain IoT systems to non-technical people.
The world needs a common architecture as we need the interoperability that comes with it. Without it, we would be getting large intranets of things, and, like the internet and the web, we may end up with an IoT splinternet.
Q: How do you view oneM2M within the landscape of organizations that are shaping the way that business decision makers, engineers and students approach the IoT?
RvK: It is very impressive to see oneM2M’s list of member organizations. They have made a lot of progress in 12 years. There seem to be parallels with the foundational role that the US’ ARPAnet which contributed to the development of the internet. I get that sense when I read statements likening oneM2M to the Android operating system for the IoT.
Q: Do you have any other observations or advice to offer to readers from the IoT industry?
RvK: I believe that cybersecurity and governance are important topics. I hope that organisations like the IEEE or oneM2M will set up cybernetic working groups that look beyond the interoperability of the technical advances in IoT and AI and how they affect decision making at the level of countries, regions, maybe even the United Nations.
It is heartbreaking to see the largest technology businesses operating like feudal Lords, just hoarding resources without any interest in their Kingdoms. What they offer consumers today is just more of the same. If they tuned their resources to the nation, they could create abundance instead of the austerity. I also think that a lot of engineers are tired of turning their brilliant brains building just another gadget. That is why it is important for them to think about the policy aspects of what they work on in AI and the IoT.