Bosch's Dr. Stefan Hartung: I might still want to be allowed to have my secrets. In the era of the Internet of Things, discussion on personal data issues is needed – individuals are at stake
Humankind is entering a new era of the Internet of Things. In the coming years, everyday necessities like cars and household appliances will become interconnected in a single network to ensure our comfort. Technology already allows accomplishing this. But the risks to an individual that innovation might bring along lead to an active discussion about the boundaries of people's personal space, where technology might penetrate.
A new concept of technology development, the Internet of Things (IoT), has become a real fetish for the engineers at largest technology corporations. IoT is a concept assuming that all devices in our everyday life become "smart" (at least equipped with sensors and remote control), interconnected in a single network designed to provide maximum comfort to people and save energy. Among the most affordable solutions in the area include the function of activating or deactivating home alarm or a car engine and AC via smartphone; refrigerators connected to the internet, home climate control or home coffee machines that can be operated the internet.
But these examples are just the tip of the iceberg. Futurists and marketers already suggest that in the near future, various sensors might even start being implanted in human bodies, analyzing without their carriers' participation the data on their health condition and mood, giving commands to smart devices for the sake of their owners' comfort (say, when your neck is numb but it hasn't even started aching yet, the sensors in your body already know you have an issue with blood supply to the neck muscles. You lean back on a sofa which accordingly adjusts its back to help your neck relax).
However, all these potential attractions have the downside: against the background of recent data leaks, like that from Facebook, the questions arise of the possible transfer of most personal data to third parties; the issue of overall security in general (thieves might hack your home alarm or an assassin might hypothetically disable brakes in your "smart" car); and ethical issues of a more subtle nature the developers of IoT-technologies are already facing.
UNIAN sat down with one of the planet's leading IoT experts, Dr. Stefan Hartung, who is a Member of Management Board at the world's largest technology corporation, Robert Bosch Gmbh. At the corporation, Dr. Hartung is particularly responsible for construction technologies, energy, security systems and thermo-technical equipment. At the moment, Bosch is one of the world leaders in IoT development, allocating nearly 10% of its turnover for R&D in the field.
There are so many definitions of it. All technical giants are in the game but they all offer different definitions. Some say it's just the philosophy, some believe it is a special way of making life more convenient for people by developing a new generation of home appliances with some cool names. So how do you in Bosch define the Internet of things?
It is always difficult to define. But we go for a simple definition. There may be some simple thing, then we add to that simple thing some sensors and some connectivity, and then we have a smart thing. Because with sensors and connectivity, we bring a different approach to whatever it is. This could be a glass, let's say. If we put a temperature sensor and a radio it would become a smart glass.
A part of IoT…
It is really difficult to define what IoT in general is. Because it's hard to define an impact, what happens when everything is connected and everything has sensors. The use case, ultimately, is really hard to predict. It's like predicting 12 years ago what apps could do. It's not about a technical revolution, it's about a change in people's behavior.
And we saw that with smartphones. The real change for me is that people interact with devices in so many different ways, and between each other, too. Say, I don't call you, I might just text you, you know? That's a change in behavior.
So, is IoT a new era, a separate part of human history?
Behavior changes normally don't happen that fast, but we've seen over the past 10-12 years how our behavior changed dramatically. It's frightening sometimes if you reflect on that. But it's such a great and intriguing experience that is giving so much positive feedback.
But the change has its downside, as it is with the impact of social media. The way we communicate to a whole bunch of people – we suddenly realize that people know right away what we've just spoken about…
So IoT will be about a behavioral change. We have to strive for the IoT to make people's life better. When we bring technology out, we must also consider what we have to protect and where we have to make things very easy or a bit more difficult. With this technology comes a clear obligation to monitor what can be done with it.
It's a very interesting point. You've already mentioned human behavior, when people don't clearly realize consequences of their actions, like clicks on their smartphones when they post yet another photo on Instagram… Many companies claim that they are investing in R&D in IoT. But IoT is an area where users don't quite understand what might happen next and what they might want next. As Steve Jobs once said, none of the focus groups wished to buy in future something like an iPhone before it came out. Regular people don't know how the connection works between a smart glass and a smartphone. So engineers and marketing operatives should think about it, to find a solution and channel it to people. So how do you invest in R&D within this concept?
First, you start enabling, you start making things smart. You start with what you have. So if you have a laundry machine, you make a connected laundry machine. Period. Second, normally, you start changing the interaction with the device through IoT technology. You just start making things easier for the people. You can also handle and program very complex things through your mobile phone, like audio recognition. It's so complex, yet so easy. So we suddenly enable devices and upgrade them to have a capability to operate with a mobile phone.
Next thing we do is upgrade functionality. Like, if you leave home, you want to be sure that all your appliances are shut down – your cooking stove and everything. Then if you're not at home and you see that your lights are on then you understand that there is clearly an intrusion underway. So you can actually use your light switches as a protection device.
So the third stage is adding functionality which is not yet out there. You ask yourself, what could be done. For me, it's a question of what people start doing with it. You might lower the hurdle of what could be done, and then people come up with ideas of their own.
So, for example, thinking in terms of IoT, if you go on a vacation to Australia and leave your house as it is, am I right saying that in the future, your house might itself check the crime rate in town and, if it rises, the house might switch on the lights for you to scare off thieves?
If your house recognizes with its sensors that something unusual is happening, it should automatically ask for help, make service calls or whatever. So remote operation is the first stage.
The real good thing is that you automate functions. You enter the room and it recognizes you. Once it knows it's you, it knows the right temperature and lighting for you, it might guess you want to watch TV. It starts easy. Like automatic lighting in your bathroom at night. Once you have that, you don't want to give it away. People get used to good things, like a dishwasher. So yeah, a smart home should be a learning smart home. It should adjust to your needs, and to other people's needs, too. Maybe your wife likes other temperature in the room than you do.
That would be convenient…
And how would a smart home react when you enter the room together with your wife? The system should somehow define whose wishes are dominant…
I believe that would be a smart thing to make things the wife's way…
We will be seeing these kinds of things happening.
I'm sure we will. Now, here's a kind of a commercial question. Say, in five years from now, when all these connections have already been programmed… Bosch does not produce all devices that are out there. There are other manufacturers. There is a real danger that there will be another war of brands and different standards. How can we avoid this?
Yes, this is a very important question in the framework of IoT introduction – the development of a common ecosystem. There's already an idea being worked out that there will be two dominating ecosystems connecting devices made by various manufacturers. This may be a common interface, like a voice assistant that hears your commands and transfers them to various devices in your home. As you said, people will be using products from many vendors. Now a lot of work is being done to figure out, at what levels this should be done – whether at connectivity or functionality levels. So if you leave your home, this information needs to be passed to all devices. This is what we do in the framework of a joint enterprise with ABP and Cisco – we try to establish common standard layers and communication layers, to have a website where you can connect all those things.
But that is probably not enough. Because you want to have this highly secured. When you leave your house, you send information to multiple devices that you're out. The worst thing would be if the wrong guy gets that information. Let's take a smart lock. It’s a highly secure product because you don’t actually have a key. So if the system gets information that you're back, and you're not, it would be a problem. Technology-wise, these things are a challenge but this will be dealt with. The same applies to the industrial segment.
We are very much engaged in setting up an alliance where many companies are members so that we have common standards. But we need to have this in every domain. It's absolutely right to have a constant discussion on that.
Do your partners and competitors realize that they need to move together or will it be something like it was with Internet Explorer and Netscape Navigator?
Google, Microsoft and Amazon – they obviously have very conflicting interests. Their targets are completely different. But for appliances manufacturers, it's just a matter of time. No matter how big they are, in this area, where you cover the entire planet, you can't do this alone. You may cover some certain segment, but without collaboration, the risk is too high that you will reduce your functionality.
This will surely take time, for everyone to realize the need to cooperate. But you know what? That's how it happens at the beginning, all the time. The first iPhone didn't have a Bluetooth and only later was the function added.
From your experience in working on IoT, what requires more time to invest and what is more complex for you – software or hardware?
Software is always a complex part. Because with hardware, you extend capabilities you have. The complexity with software lays in the fact that the users in their behavior are unpredictable. What do they like? What are they going to do with it, what changes do they need? Sometimes, complexities arise at a basic connectivity level. Because many times, we are relatively energy-reduced, we have batteries, small radios, so we have to be very careful about how we handle the energy we have in a right way. You if want to have it safe, secure, stable, and at the same time easy, it becomes complex. It may appear easy to connect the device with just one click or a barcode scan, but on the background there is a huge software stack without you being aware of it. And you don't want things to happen in 10-20 seconds, you want this to be done right away.
And here comes the cloud part, and it is a big challenge because of the scale. IoT with 5,000 devices is easy but with 5 million, this might be an issue. You always have to check on your back-end capabilities, your connectivity capabilities – whether another million of added devices is still okay. These numbers will increase dramatically, you know, so we better be prepared.
Then comes this thing with the updates. Some users update their devices, but some don't, then how do you force these updates – should it be at the level of devices, gateways or back-end? Then some people say they want to have Alexa interface to it – oops! Another complexity level…
Therefore I should say that the software part is definitely a challenge. You want to have all those dimensions – usability, high functionality, and easy use. At the same time, you want to have the same quality of performance as with a simple plug-in electric device like a hair drier. To reach this with the complex structures of IoT – that's a challenge. You don't want to have an IoT system which fails every day.
There is of course a key issue of security. In many movies, we see how hackers penetrate your car systems, for example, or reprogram your couch to set it on fire…
Yeah, some great movies (laughs)
I understand you take care of things like that. But I'm curious, if some project requires 10 days to develop, how many days do you spend on security issues?
A lot, really. But, frankly speaking, there can be no absolute security, and you know that.
The key is to adjust security to the purpose but that starts with the architectural design. If you do something which is critical in terms of personal data, you have to invest quite a lot of effort to make things secure. We start normally with a security concept, we have our own company dealing with IoT security issues. Companies like that have the key infrastructure and specialists who do conceptual analytics so we come up with our architecture, come to them, and they review it. Then we put it into place and do penetration tests to check on it.
So, if an engineer sees a smart glass in his dream, he goes to security specialists before he starts drawing a model?
Well, that's practically like this. First we look at whether it is conceptually viable and then we see if it's also safe practically.
And that process takes a long time. When you have things set up systemically, then you can replicate devices. But you have to be aware and we do that pretty much on every single device we connect. If at a factory you work to protect the entire perimeter, at a household level you cannot assume that the entire perimeter is protected. So it is a significant part of the work.
I can't give you a clear percentage but it's definitely double-digit. The efforts must be constant because what's safe today, maybe in ten years from now, it won't be anymore.
A few months ago, I spoke to a visionary and futurologist, Mr Kjell Nordstrom, and he told me that the future of IoT is about those very small sensors in your body, health trackers that might as well suggest your living room coach a right position for when your back is aching, and so on. Are you looking so far ahead? Are you at least thinking about such or is it too early to talk about it?
The sensors are becoming smaller. Body sensors are already typical, like in your wristwatch, Bosch sensors too. So the question is whether they should be inserted in a human body. Well, we will see… Some people are already trying this, although I would not recommend it. But definitely, some of these technologies seem to be viable.
For me, the interesting thing is not when sensors are in your body but when you as a person are identified. If there is really a 100% identification in place, then there are opportunities suddenly unlocked which were unheard of. Suddenly, you are you, and everything is linked. So why do you need a credit card or anything else? Once you step in front of the system and the system recognizes you, you get access to all your data…
Right now, say, here is my mobile phone. I can use it myself or give it to someone else, and they would use it with their own data. But in theory, if it is all linked to you, this could be the end of what we consider right now a personal device. Because then the device will read only your personal data. That would be another behavioral change, a monster change.
So you mean that I may take your phone and once it recognizes me, I can check my email and log in on my Facebook, then make a phone call (and pay for it, too)?
That's right. You take the phone, and it's yours for the moment. This is a monster change in a lifestyle because one may not need to carry things around all the time.
We can look even further. Say, you walk into a shoe store with all those sensors. They already know your size, what colors you have, the stuff you wear, because you've already communicated this to them.
The question is, can you decide whether this stuff communicates or not. Can you decide if you want to be recognized or not? Can you decide who knows whether you've just been recognized here or not?
This sounds very Orwellian…
Yes, I might still want to be allowed to have my secrets. Or are we talking about global transparency? I know, now it sounds a bit like a movie stuff.
...But serious, at the same time.
Yes, in theory, you have to reflect on these dimensions. So for all devices, we think what positive things they might bring to users by recognizing everything about them, but what if someone has some genetic disease that they don't want to communicate to everyone? After all, it's your right. You're a human being. We have to understand that mandatory transparency will change our lives for good. Therefore we need to have a clear and open public discussion on these issues.
Hopefully, with all the latest developments in data security, this discussion will become livelier. Each individual should be able to make their own decisions about their data. Individuals are at stake, democracy is at stake…
Therefore, here at Bosch, we are not only looking at the technology and the business side of IoT – it is also a very important issue for the society. I think there is a difference between the American companies and our European companies. Here it’s very important to look at business, technology, AND society. We need to be aware of that.
It's funny how we're discussing ethical issues, sitting at the heart of an engineering company.
Yes, our conversation is pretty much not about technology. However, technology is in our company's DNA. And this indicates a great transformation in our era. IoT technology is a huge change, definitely, like social media once was and still is, by the way. And the discussion on them is far from finished. With IoT, it will be the same.
For example, if you have an insurance contract for your car and it is linked to your driving behavior.
So if I drive carefully, I get a discount?
Right. But you must make a clear decision on whether you want to share your driving behavior with your insurance company.
There was a thing with a cable company in the U.S. when people had to pay a certain monthly fee for their services, and there was an option to share with this company everything you watch for $20 a month in return. And there was a huge number of people who agreed. But you see, it's clearly individual decisions. So yeah, we need to see if it's okay.
This is a society question. This should be available to people to decide to give their data away and what they should not be allowed to make a contract on – a question of unethical contracts. You cannot give your freedom away to someone to become a slave, right? So we have clear rules for that but you know that data space is something in-between.
Mykhailo Gannytksyi, Renningen