While emerging Internet of Things (IoT) innovations offer consumers valuable benefits in areas such as assistance, efficiency, comfort, connectivity, and entertainment, there is a need to understand the issues around trust, identity, privacy, protection, security, and safety (TIPPSS) also introduced by these systems.
The Internet of Things: Understanding the Core Challenges for the Gen Z and the Gen Alpha Consumer Webinar, hosted by IEEE Standards Association (IEEE SA) in October 2020, provided insights and views from manufacturers, system integrators, service providers, and vertical implementers of consumer IoT applications through a series of presentations from industry experts, as well as a panel discussion on data governance which I moderated. In addition, the webinar has stoked discussion within IEEE SA about possible avenues for additional open collaboration around the IoT and consumer applications.
Consumer applications are an integral part of the IEEE SA Foundational Technology Practice. Through the development of a global community of interested volunteer stakeholders, the practice helps to address core issues of TIPPSS through both foundational level horizontal standards and domain-specific standards.
A key theme for the webinar was who are Generations Z and Alpha, and what are the core challenges that these emerging generations face now and in the future when using the IoT?
Here were my key takeaways from the discussion.
Who Are Gen Z and Gen Alpha?
Gen Z, born between 1995 and 2009, are understood to be digital natives, expecting lifestyle, comfort and convenience, ease of use, and voice enablement on their connected devices, through home appliances, automation, gaming, and increasing use of augmented reality (AR) and extended reality (XR) across many applications. They tend to grasp the concept of security and distrust violations of privacy.
Gen Alpha, born between 2020 and 2024, are just children now. They may be currently using connected toys, geo-locators, and baby monitors, but their world will become a lot more connected through the IoT and XR/AR games.
One key issue that webinar participants discussed was that current developers are prone to thinking about users like themselves, instead of designing for the diverse breadth and depth of humanity—including Gens Z and Alpha and their unique needs and limitations.
Security Challenges and Risks
The proliferation of the IoT, with its hundreds of millions of devices, means a significant increase in security challenges from network access vulnerability. A much wider attack surface is presented by the IoT than was the case with standard networked devices. Each of the millions of smart devices—closed-circuit television (CCTV), home routers, fit bits, and even pacemakers—invites denials of service, ransomware attacks, and violations of personal and sensitive data.
Security risks for gaming include content inappropriate for children and predatory behavior by other users. Laws are hard to enforce in the gaming world, with no good and practical solution, and technical solutions like authenticated access can be foiled when children share persistent IDs. Data anonymization just isn’t secure enough for privacy considerations, the webinar participants said, as it is easily broken through.
Overall, there is concern that security features come at a cost, which some feel challenges the manufacturers’ drive for revenue and providing a competitive product price. Very often, revenue outweighs security, leading to underdeveloped security features.
Exploring Security Solutions
Many manufacturers are recognizing the security risks introduced by the IoT and are looking into how to mitigate them. Standard techniques like authentication, authorization, accounting (AAA) in accordance with IEEE 802.1x™, IEEE Standard for Local and Metropolitan Area Networks–Port-Based Network Access Control, and increasing use of biometric recognition are popular. Some use the RFC8520 Manufacturer Usage Description (MUD) standard for network access control, and there are standards in development—such as those coming out of the IEEE 2048™ IEEE Virtual Reality and Augmented Reality Working Group—to tackle privacy and security issues in AR/XR.
Whilst vendors must implement legislated data privacy standards and laws for personal, sensitive data—such as the European Union’s General Data Protection Regulation (GDPR)—they also need to look carefully at electronic signatures (“e-sign”) and other methods for obtaining user consent to use personal data.
Persistent Issues to Work Out
There are many challenges and persistent issues to work out that go beyond the vendors’ current remit. These include widening data privacy standards and laws for personal and sensitive data and how average users will maintain an IoT security framework, when the complexity of the system and the time taken to manage it may be too challenging.
Webinar participants commented that most people who have or use intelligent devices and IoT don’t think about the security risks, or even keep their systems up to date. It’s hard to enforce responsible or secure use or management of IoT or to force users to implement and then to securely and strictly maintain the manufacturer’s security framework and policy to ensure managed access control. Automation of systems, education for users and administrators, and enforcement were among the methods discussed.
IoT systems should be compared and treated like secure payment systems, the participants said. The systems should just work securely, and the user should have the minimum amount of responsibility to maintain them. There should be standards and legislation to prevent data misuse and privacy violation, and mandatory security features should be provided with “opt out” only.
How might the global technology community best anticipate and accommodate the IoT needs and patterns of Gens Z and Alpha and other users? IEEE SA is assembling a core team of IoT experts to focus on key considerations around consumer applications and identify potential areas for pre-standards, standards, or compliance activities. Watch the webinar recording to learn more and stay connected with ongoing developments or explore opportunities to engage.