The most important thing you need to know right now about the Internet of Things (IoT) is that when you choose your phone, you are choosing a platform, an ecosystem, eventually what the first phenomenologist Edmund Husserl called a Lebenswelt — lifeworld — that moves ceaselessly toward connecting everything and everyone in your life and many outside of your life to you.
By tying all of the data points generated from connected devices back to a user’s identity, businesses will be able to create truly personalized and lifestyle-based experiences for individual consumers. This reconciliation and attribution of data to a single consumer identity is what will enable a user’s toothbrush to successfully communicate with his or her smartphone, cloud-based calendar, and dentist’s patient scheduling portal.
Without a clear system in place to attach information to individual user records, data can become fragmented and, essentially, useless. If the data points from each device are housed in independent silos, the experience becomes disjointed and aggravating for users.
The best practice for businesses is to keep data clean, organized, and attached to a user’s identity from the very first point of connection. This process starts with registration. When a consumer first registers with a business on a connected gadget, either through traditional site registration or via a pre-existing social account, a user record needs to be created.
From this point on, the business needs to tie any action taken by the consumer from any touch point managed by the business back to the user record. It’s this connection with user identity that allows devices to communicate with one another in order to learn user preferences and deliver convenience.
For example, if a person purchases a Samsung smartphone, that individual is now a part of the Samsung ecosystem. If the user decides to treat his or her phone as a control center for a Samsung smart TV, remotely do laundry via a Samsung connected washing machine, or send files to a Samsung wireless printer using a third-party app, he or she should be able to do so using the same login credentials created upon first entry.
(By the way, “1:1 experiences” includes both du and es —Thou and it — in Martin Buber’s terms; in the IoT, people are devices that create content and communicate in unusual ways, unusual because by 2020, fewer than 1/5 of the devices connected to the internet will be people.)
The Federal Trade Commission does not yet understand this point specifically or “platform thinking” generally, but The FTC’s Report on the IoT almost begs for that understanding. The report reaffirms the importance of notice and choice, but then states, “This does not mean that every data collection requires choice.” Then, however, the report descends into its old 2012 context-sensitivity nonsense — yes, nonsense, at least in the “context” of the IoT — excusing data uses generally consistent with consumers’ reasonable expectations from notice obligations. Can you imagine how nonsensical the fashionable Nissenbaum-inspired context-sensitivity criterion will seem when you walk into a room and before you do anything you have to consent to a thousand things that think they might not be sensitive enough to your context? Even more, imagine what useless nonsense context-sensitivity will be when you are forced to choose the platform that will become your lifeworld?
Since the report was published, the FTC’s smart technologist Ashkan Soltani has been begging for platform thinking from the security side as well. Soltani blasts security in the IoT in an article that is SO much better than the FTC’s staff report, because it steps out of the cloistered world of big-company lobbyists appearing at hearings that naturally tends to dominate the FTC’s thinking, and steps into the real world of millions of tiny, re-programmable devices, made by new market entrants and interacting with each other. His article captures well the “weak link” half of what I was trying to say in predicting that the FTC’s report would not help (the other half being that the major risks are not to personal information at all). The answer I propose to (1) his dilemma, (2) the dilemma posed by the failure of the IoT Staff Report to come up with any viable solution to the IoT notice and consent issue at all, and (3) the security issues of the IoT much bigger than personal information is: platform thinking.
Now we have the Federal Communications Commission, in the context of its Net Neutrality decision, reclassifying broadband Internet service as a telecommunications service and indicating that Section 222 of the Communications Act will be used to govern consumer privacy. The FCC may or may not know it yet, but Section 222 of the Communications Act may be the regulatory platform that begins to fix information security and create privacy in the Internet of Things.
We had better have enough control over the IoT through platforms, and we had better have enough control over our phones not to have to engage in extreme information governance like this fictitious young woman:
Remember, Kids, never swallow your phone, nor let it swallow you!
By 2020, fewer than 1/5 of the devices connected to the internet will be people.