Rob van Kranenburg: Clean slate approaches to Internet of Things; where to start?

IoT is a paradigm shift and an ontological change. Our very notions of what it means to be human and what it means to be ‚in the world’ are based on subject-object dichotomies. IoT brings a third party into the equation, a database, algos and scenario reality that is always present in any interaction between object and subject. This is not an indifferent reality, however, but one of real stakeholders and investors. The consortia that will decide the validity of that reality is the new raw power, much in the same way as some groups claim to represent or know the validity of ‚God’, the ‚law’, ‚democracy’ , or the ‚normal’. The protocols and procedures then that will build the IoT; driven by the need to individuate all objects; RFID, and SAAS in every object that can hold some software, Ipv6 are not neutral in a technological but also not in a political sense. When EAN and UCC merged into GS1 and became from ‚dumb’ (barcode) organizations the potential Google of the 21th century proposing an Object Name Server ( a database for all objects or ‚goods’), no standard bodies saw these potentialities. Since then - as organizations became aware of the enormous power that GS1 would have holding this position - there has been work on federation, but the basic premisse still stands. IP too has huge dependencies. It was not build for IoT. It has a track record of being part of political dependencies. Its authors are with American companies such as Google that have huge stakes in its success. It is essentially a situation where we are using patch after patch trying to remedy flaws of a systemic approach for which it was not build or intended. We see this most prominently in the way that security is fronted and foregrounded in IoT. Ignoring the very nature of IoT - full traceability throughout every operational action - the linking up of the BAN (Body Area Network), LAN (Home Area Network), Wan (Wide Area Network), and VWAN (Very Wide Area Network), read wearables, smart meter, connected cars and smart cities; security becomes something radically different from what it is now. In IoT everything is and has copies all the time. Ownership becomes less and less until everything and process becomes a service that will be leased. In realtime there is no more advantage in ‚timing’ in being the ‚first’. Currently over 80% of the work of ‚security’ experts is legacy. When you ask them what they are ‚securing’ exactly they can not say. It is rapidly becoming, if it not already is, the Emperor’s clothes. Everybody talks about it, yet it can not be defined anymore, neither in particular cases, nor in general. Security is only relevant at two points; the entrance to the system and the point of service. Are you the real you, and is the service the ‚real’ service. In between these ‚actions’ we should have only flow. Then an Internet of Things becomes a reality. Otherwise we will live in intranets of things and gated communities where this ‚flow’ is only for the rich, Club Med style. If then there are alternatives to IP IoT they should demonstrate radically new ideas on security.
We know that the Internet and even the web as we know it were flukes, never intended to end up as they are know. That is the very reason that they came to exist. Engineering paradigm shift in broad daylight having everyone’s attention is far more difficult, if not impossible. You have to find a hinge somewhere, an opening that can really crack a system wide open. It has never worked by trying to persuade policy makers, standard bodies and a general audience. The ‚normal’, however brief in times of internet and web (browser being just 21 years old) is too comforting and strong. Google did it with one patch on a search engine algo, Facebook did it by grabbing the timing of Orkut and even succeeded with a Founder who called his first ‚friends’ ‚dumb fucks’, so it is not impossible that a service, a product or a wearable can grab that same kind of energy and enforce a new systemic approach. Another possibility is that approaches of particular regions like EU, China, Brazil will start identification schemes based on devices,  thus scripting the protocols, platforms and service store frameworks themselves. We will see how RINA and Cubicon, two clean slate approaches can play out in this. RINA is a radical alternative to the incumbent TCP/IP paradigm. Cubicon is a graphical programming language, tools and technologies that perform context processing to support the intelligent interaction of networked devices and things.


| More