Why the Internet of Things may never happen (Part 2)

internet of things iot stock

The Internet of Things is the grand idea of our time. Unfortunately, that vision may never become reality.

The Internet of Things is great -- if, that is, you like the Internet and you also own some things.

Until this week, the Internet of Things vision had a fatal flaw. But now, it has two fatal flaws.

To avoid hyperbole, let me be clear that these flaws are fatal to the vision, but not necessarily to your things that are connected to the Internet.

Hoo-boy. Three paragraphs in, and I've already got a lot of explaining to do. But stick with me. The payoff is worth it.

I'm going to describe the vision, then the flaws. And then I'm going to tell you what I think is actually going to happen.

The Internet of Things vision

The Internet of Things idea is poorly understood. So I'm going to attempt the clearest explanation I can.

Because the component parts of computers (wireless chips, sensors, memory, storage, CPU and so on) keep getting smaller and cheaper thanks to Moore and his law, it's becoming increasingly feasible to build computers into random "things," such as lamps, toasters, garage door openers, water fountains, skateboards, shoes, sunglasses, air conditioners, coffee cups, refrigerators, door locks, kitty litter boxes -- just about anything, really.

Helping the revolution along is the emergence of extremely low-powered wireless radios, Bluetooth LE technology, the new Internet Protocol Version 6 (IPv6) -- because otherwise we'd run out of IP addresses -- and a host of new architectures, frameworks and protocols.

OK, that's not clear enough. So let me say it this way: Many different devices will become Internet-connected computers. That will make them "smart," which means that they'll communicate with other computers and with humans, and that they can be automated.

The end result of having everything on the Internet and loaded with sensors is that we will save energy, money and time, and our lives will be better because everyday chores will be done for us. Our Internet-connected things will keep us in touch, so we'll always know what's going on with the stuff around us and the stuff around us will always know what's going on with us.

That's the vision. The reality is starting to look different.

Flaw No. 1: Too many standards

I wrote a piece back in January called "Why the Internet of Things May Never Happen."

In that column, I pointed out both why the "Internet of Things" label is grossly misleading and also why incompatible standards will probably prevent the vision I articulated from ever coming into existence.

Those two ideas are connected. I believe the "Internet of Things" label came about as a bit of wishful thinking on the part of advocates. (The phrase was coined in 1999 by Kevin Ashton, an MIT scientist and creator of the Belkin WeMo home automation system.)

The spin behind this phrase is that the era of "things" on the Internet will go more or less like the era of computers on the Internet went.

There's no way that it will. It's a different world now.

The difference, of course, is that when the basic Internet standards were created, those standards were in the control of people who genuinely wanted universal standards equally accessible to all. You know -- engineers, scientists, programmers and system architects.

Nowadays, the Internet is in the control of corporations, each with a vested interest in using standards to gain an advantage, lock out competitors and make profits. It's also in the hands of governments primarily interested in keeping things open to surveillance or closed to new ideas through censorship.

In this version of the Internet, how are companies and governments going to agree on universal standards?

With the Internet of Things, standards are everything. Each device is supposed to broadcast to all other devices: "Here I am, this is what I can do, and this is how you can make me do what you want me to do." Without standards, they can't do any of this.

Adding to the challenge is the fact that by definition, Internet of Things devices are all very different from each other (unlike, say, PCs and servers, which are all very similar).

Many companies and organizations are trying to set standards. The major groups include the AllSeen Alliance, the Industrial Internet Consortium, the IPSO Alliance, the Open Interconnect Consortium and others.

But companies are coming out with hundreds of Internet of Things devices that are built with proprietary standards, and those companies are asserting that their standards are the ones that other companies should adopt.

There is no agreed upon set of universal standards in sight. Frankly, it's hard to imagine how this might come about.

Flaw No. 2: Security

This week, we were forced to confront the other fatal flaw of the Internet of Things: Security.

A new piece of malware called the Bash or Shellshock bug emerged.

To oversimplify the problem, there's a type of shell code called Bash (Bash is shorthand for "Bourne-Again Shell") that's used for command-prompt-like commands for Unix and Linux-based computers (including Mac OS X computers). Because of a flaw in the software, it's easy to slip malicious commands between legitimate ones and have them execute at the operating system level.

The National Institute of Standards and Technology said that on a scale of 1 to 10 (with 10 being worst), the Shellshock bug is a solid 10. Plus, it's really easy for hackers to exploit.

Shellshock is easy to exploit because no authentication is required to add code. Hackers don't have to break in, steal a password or pretend to be an authorized user or admin. That also means that it's nearly impossible to know when something has been exploited.

Of course massive numbers of servers run Unix- and Linux-based systems and are therefore vulnerable. They're also easily fixable. The process for updating and patching PCs and servers is well established.

But most Internet of Things appliances also run Bash. We're talking about the webcam that's pointed at your face right now, automated door locks to your house, your car dashboard, calculators, toasters and the whole incredible range of Internet of Things devices.

Many of these devices won't be patched. If they're exploited in certain ways by hackers using the Shellshock bug, those hacks could go on for years without anyone knowing.

This is the core problem with security and the Internet of Things. When a new vulnerability is discovered, malicious hackers will pour their energy and creativity into seeing how those vulnerabilities can be exploited. The Internet of Things, with its vast complexity and variety, is an amazing target.

Like the standards problem, it's difficult to see how this situation could be reversed.

The Shellshock bug is one problem. But the confounding complexity, variety and forgettability, if you will, of Internet of Things devices is the larger problem.

The owners of these devices mostly have no idea whether their Internet of Things devices even run Bash or not and, if they do, how to protect them. Nor will they in the future.

Like the standards problem, the security problem appears unsolvable -- or, at least, I have not heard anyone suggest any solution that's even remotely feasible.

Here's what's most likely to happen to the Internet of Things in the future: It will exist, and it will bring numerous benefits to people -- but in small, limited and proprietary ways. But there will never be universal standards and interoperability. There will never be security. Some of our devices will work for us, and some will be hijacked and programmed to work against us.

That's bleak and pessimistic. But at this point, I don't see any other possibility.

The Internet of Things vision of all our stuff being smart and working seamlessly together for our benefit is wonderful. It's just never going to happen.

FREE Computerworld Insider Guide: IT Certification Study Tips
Editors' Picks
Join the discussion
Our Commenting Policies

    17 hours ago
    Shaun Burch
    Alternative title for this article:
    "Mendable issues that will prevent the inevitable"
    2 days ago
    Pat Burns
    One reason for optimism on standards is Exhibit 6:  Apple's embrace of NFC and its newfound popularity as a wireless standard, in fact THE wireless standard for mobile payments.  For the IoT, NFC is a profoundly important baseline technology that can expand to solve for a great majority of IoT standards conflicts, by virtue of the fact that smartphones are becoming the de facto or de jure remote control for the IoT.  Additional insights on how we get there here:   ht.ly/BSxMN­
    2 days ago
    So, we cannot get to Internet-Utopia, because greedy people block the technology and nefarious actors try to subvert the system for their purposes.  I've heard this story before.  :D
    12 hours ago
    Will Plunk
    Businesses are in business to make a profit, this does not make all businessmen "greedy" or "nefarious" as you put it. Unfortunately, we do have over zealous executives of billion dollar companies who unintentionally and/or intentionally manipulate in an effort to create better positions to make higher profits.  And in our political system it takes huge amounts of money to be elected;   this does not make all politicians "greedy" or nefarious".   But, you would have to be very gullible or uninformed to think that given this combination and recent events concerning Net Neutrality and political funding, to think that there will not be more attempts to manipulate regulation to reduce competition and extract more profits from US consumers.  Just take a look at our recent economic history.
    I simply suggest that the lack of political will to keep the internet as open as it is now is another threat to furthering the development of IoT in addition to the tech standards and security issues that Mr. Elgan offers.  Also,  "Internet-Utopia" is an interesting term, what does it mean?

    3 days ago
    Will Plunk
    In the information age he who holds the keys to information opens and closes doors to resources as they wish. Mr. Elgan points out good issues in the developing Iot world.  However, on the optimistic side I see that the IoT is already happening, there is simply too much money to be made in this area for tech companies to ignore. And,where there is a security problem there are security resolutions and more products. Also for the most part once a good standard is agreed upon -which usually occurs when so many propriety methods proliferate that it dilutes everyone's effort to develop and spread their product - more useful products emerge. 

    My pessimism, and IMHO, concerns the question of who will have full and open access and will the general consumer be able to afford the benefits of IoT? As the relatively new moniker suggests the "IoT" is greatly dependent upon the Internet.  IoT is being threatened more by controls and demands placed on the internet more so than anything else. With the greatest threat to internet access being the loss of political will to make it open and free of special interest and corporate control.  

    We could have great products with high security, but if a few companies end up controlling access and blocking product signals and data that do not make money for them, the best and brightest products will not rise to the top and we will all pay, if affordable at all, for mediocre proprietary products while the marking machines of the controlling entities make these products look like the best thing ever. 

    As IoT develops, will small companies be able to innovate or will these simply be overpowered by large corporations who manipulate politicians to skew, or remove regulation in their favor? Unfortunately,  this is area in which general consumer is losing ground as politicians are already assisting large carriers and ISP's with gaining ground in taking control of internet delivery.

    3 days ago
    Heyl Family
    I think both your concerns with Universal Standards and Security will work themselves out because there will be bottom line reasons for corporations to work them out. Apple is a good company to watch right now. The new Apple Watch is part of the Apple ecosystem, but if Apple really wants to play in the IoT world, they will have to find a way to work with other devices. Or perhaps devices will build apps for their "things" that work on a variety of platforms. Apple is also making strides in privacy, which is another concern that you did not mention. Apple is encrypting their data in such a way that if anyone (aka the government) requests the data it would be near impossible to provide it. As far as security, yes that is something of a problem when it comes to the everyday person adopting the life of IoT, and it is a great opportunity. However I still remember the days when most people would not buy anything online because of security concerns. Those days are long gone. 
    3 days ago
    Cary Groneveldt
    I, for one, welcome our Imperial internet o' things overlords!
    4 days ago
    Anthony Artois
    Yeah, there are obvious security problems with the IoT that will have to be addressed before anyone should implement them in their home.  Otherwise, the next "fappening" will be from the hacked baby monitor in some celebrity's home, or simply a rash of incidents of teenage punks hacking into their neighbor's thermostat in the middle of the night.

    Another major issue I see with the IoT is simply this - WHY?!?  Why do I need for my toaster to have more computing power than NASA had in 1960?  (Fracking toasters!)  So, the industry will need to brainstorm some real world uses for some of these technologies (besides "expensive novelties") before I am willing to bite.  Technology simply "because we can" is not worth paying an extra $100 for a new refrigeration in my book.
    4 days ago
    So painful, a sentence doesn't equal a paragraph, this article is hard to read because of that. Any points made get lost in the awkward beginning structure that is hard to get past.

    4 days ago
    Anthony Artois
    So, did you deliberately make your own comment a grammatical horror show to mock them?
    View All 10 Comments