ACM IoT Roundtable: Internet Experts, Luminaries and Innovators

By Ken Briodagh March 15, 2017

To celebrate 50 years of the ACM Turing award, the Association for Computing Machinery (ACM) recently brought together some of the world’s foremost Internet experts, including Vint Cerf, one of the ‘fathers of the internet,’ to answer questions about how far the internet has come, where it’s headed and the potential impacts, both positive and negative, of IoT.

The expert panelists include:

Vint Cerf, Internet Pioneer and Chief Internet Evangelist, Google; ACM Turing Award Laureate (2004); ACM Fellow (1994)

Jennifer Rexford, Professor, Princeton; ACM-W Athena Lecturer (2016); ACM Fellow (2008); ACM Grace Murray Hopper (2004)

Martin Casado: General Partner, Andreessen Horowitz; ACM Grace Murray Hopper Award (2012) Co-founder of Mural Net

Eric Brewer, Professor, UC Berkley; VP Infrastructure, Google; ACM-Infosys Foundation in Computing Sciences (2009); ACM Fellow (2007)

Jim Kurose, Assistant Director, National Science Foundation for the Computing and Information Science and Engineering (CISE); ACM Fellow (2001)

Nick Feamster, Professor, Princeton; ACM Fellow (2016)

George Roussos, Professor, Birkbeck College University of London; ACM Working Group on the Internet of Things (2016)

Each panelist has provided unique responses to a variety of questions including their thoughts on the biggest and most impactful transformations brought about by the Internet; benefits of connecting the unconnected; possibilities and repercussions of IoT today; security and privacy challenges, and what the future holds for the most ground breaking IoT applications of tomorrow.

Vint Cerf
Vice President and Chief Internet Evangelist for Google; ACM A.M. Turing Award Laureate (2004); ACM Fellow (1994)
Cerf is an American Internet pioneer, who is recognized as one of "the fathers of the Internet”

What have been the biggest transformations brought about through the Internet, and where you think we’re headed next?
The first one is this common, internationally accepted protocol (TCP/IP) that allows virtually any brand of computer to communicate with any other using this very neutral network that we call the Internet. As a creation of that platform, this openness and stability for anything to connect to anything else, I think, created a “tabula rasa” upon which much has been written.

The second thing, which I think is quite dramatic, is the development of the worldwide web by Tim Berners-Lee around 1991,.--The standardization of the representation of content in video, visual, audio, text, fonts and so on, which then created yet another platform.

This platform sitting on top of the Internet essentially enabled an enormous variety of people all around the world to contribute information to this shared environment. What was surprising to me in the early 1990s, especially after the advent of the Mosaic browser (one of the first to have a graphical interface), is that it induced an avalanche of content coming from ordinary users who were not motivated so much by remuneration for the information they shared, but for merely the satisfaction that it was useful to someone.

This avalanche of content spurred the need for search engines, which have now transformed the landscape because they have created an environment in which information is widely available. It’s the underlying support engine for a strong advertising base and for social networking, which has also had a dramatic impact.

Again, we see this massive engagement using online resources and, of course, smartphones. That raises another interesting feature of the last decade, which is the enormous dependence that people have on their mobile smartphones and all the functionality that you get from that device. This is now going to lead to what people call the “Internet of Things (IoT),” which is Internet-enabled devices and appliances of all kinds that interact with each other and with people in homes, at work, in the car, on wearable technologies, or in the manufacturing plant. This will also even eventually lead to the instrumentation of smart cities--where the cities are increasingly self-aware and are increasingly populating models of their own operations to understand how well or poorly they are serving their citizens.

So, that’s the next major wave that we can see coming. We will soon see a time when artificial intelligence and machine learning will become topic “A” for many discussions and will lead to people using network resources to accomplish things that would be very hard for an individual to do.

Searching the web isn’t something you would ever want do manually because of the scale. The same may be said for things like machine translation which, again, is being accomplished with very significant fidelity, at least with certain language pairs.

Projecting into the future, we can see much higher-speed access to the net, more wireless access and increasing amounts of artificial intelligence and machine learning adding to our ability to accomplish our objectives. It’s a rich environment we’re heading into.

There are reasons to be concerned, for example, about safety, security, privacy, resilience and robustness. I am particularly concerned about what I’ll call “autonomy,” which stems from my concern that you don’t want to have a highly-automated house that doesn’t work when it’s not connected to the Internet. So, you need to have local capability independent of or in addition to interactions through the public Internet.

So, we’ve got a group of individuals in the world that is quickly finding everything connected to this Internet, yet, there’s still a larger portion of individuals that have no online access.
There are reasons for that. For one, the infrastructure may not be available or support individual access to the net. About half the world’s population is online and about half is not, based on the International Telecommunication Union’s (ITU’s) statistics.

So, do you think that the “Last Mile” element of the infrastructure is the overwhelming reason why many remote areas are not connected to the Internet?
Actually, I don’t. I don’t think it’s just the Last Mile. The Last Mile is part of that story, but it’s also literally backbone infrastructure.

Someone has to invest in that and be persuaded that there is a business model that will pay for it. The cost is of constructing the Last Mile is dropping because a lot of it is becoming wireless and a lot less expensive than digging up the street and putting in fiber. But you will eventually need to have infrastructure in the ground in order to link the wireless systems through the wired part of the Internet.

There are a number of initiatives attempting to do that. So how will connecting individuals in underserved communities benefit them?
Connecting to the Internet does not, in and of itself, benefit anybody. The benefit comes when there is local information that’s of use to you. For example, being able to access maps or knowledge about available products and services that are local to you.

A lot of the value of the net comes by having content which is in the local languages and is locally useful. Of course, it helps to have the infrastructure in place to support affordable access to the Internet. If it’s too expensive, only a small portion of the population will use it. Of course, what we want is to lower the barriers to access so there can be new businesses formed that are based on relatively low costs, widespread access to the Internet and the ability to produce new products and services that can be obtained online.

There are a lot of different reasons why one would want to be connected to the net. The barriers to being connected have to do with its availability and cost.

With more people, humans, and devices online, in order to function with a degree of trust and transparency that the underlying security needs to be present, how do you see the Internet of Everything impacting the overall security of the Internet as a tool and of the humans who utilize it?
Security and privacy are extremely important in this environment. People won’t use the net unless they believe it’s reliable and secure. They won’t use it if they believe their privacy is at risk. So, technologists have a serious challenge to improve on all three of those points. There are technologies that allow people to protect themselves better. Two-factor authentications are a good example of that--the best practice of which is to encrypt everything from the laptop or mobile all the way to the server on the net. All of these are practices we adopt at Google.

If we don’t do that, we run the risk that users will be fearful that using the network will have inimical consequences, and they will be less likely to use the products and services that are part of the growing ecosystem of the Internet today.

A botnet was recently created from some of the Internet of Things devices and was used to attack portions of the routing and infrastructure of the net. Do you think cyberattacks are increasing because of the IoT? 
Absolutely. The biggest worry I have is that people building these devices will grab a piece of open source software or operating system and just jam it into the device and send it out into the wild without giving adequate thought and effort to securing the system and providing convenient user access to those devices.

We saw the Dyn attacks coming as a result of a lot of webcams being hacked, and the hacking was trivial. Either they had no access control or they had a well-known and publicized username and password. So, I consider that kind of thing to be irresponsible. And companies looking to make their brands attractive are going to have to pay a lot more attention to security and privacy and access control if their users are going to endorse their products. This is a fundamental problem that has to be solved before we try to push very hard to expand access to the network.

Some would argue that considering security at a fundamental level prior to development or testing stymies innovation. Would you agree or disagree? 
Well, this has been a yin and yang problem. Certainly, that was true in the early days of the Internet, although there was definitely a path toward military security for the military applications at the front end. Some of the technology that was used to work further along on that path was classified at the time I was working on it. So, the rest of the Internet was largely unprotected. That’s changing now with the ease in utility of public-key cryptography and other two-factor authentications. In order for the net to be useful for everyone, we have to concentrate on making it safer and more secure and reliable. If we don’t do that, eventually people will lose patience and trust in the system.

Is it possible to go back and retroactively protect the Internet?
In some cases, we have done this. We’ve gone back and retroactively outfitted the security capabilities in the system. Take, for example, two-factor authentications or HTTPS, which Google had adopted exclusively. So, the answer is a lot of these things can be retrofitted into the existing net.

What do you see as the biggest possibilities or repercussions of smart cities being increasingly connected with citizens? 
There is a sort of hidden elephant in the room, which is surveillance and privacy and things of that sort. Continuous monitoring can be enormously beneficial for a smart city. By asking questions such as “What resources are being consumed?” or “What’s the traffic flow?,” we can glean information that can be used to try to figure out how to adapt the city to its requirements.

I love the idea of continuous monitoring and data collection and, to the extent possible, sharing broadly that information so third parties can devise and build their products to take advantage of that capability. I do worry that we will end up with devices that are acting as surveillance devices, even if we don’t think of them that way. There are potential abuses that come with obsessive observation.

Nonetheless, I think the concerns that we all share about the safety and security of the Internet should be persuading us to pay a lot more attention to the mechanics for securing the network.

What do you think the effect of making the world a safer place has on the human spirit? 
Information is very helpful in figuring out how to make something safer. You have to know what is going on and what is unsafe. Continuous monitoring of the cars and communication between them can help a lot. A cartoon example: four cars come up to an intersection, and they can negotiate with each other, assuming they have protocols for communications, to decide which one goes first.

These sorts of collaborative and cooperative algorithms are really powerful and very important for us to use. Examples like that give me hope that the Internet can be tamed in a way that makes it safer and more secure, and at the same time, makes it possible for us to find important functions that we need to have done. Finding friends, for example, who have either common experiences with us or at least identifiable common interests.

I’m very optimistic about this network environment, even though there’s some detailed things that have to be worked out, including enforcement of security mechanisms, for example.

What do you see as the most exciting or important apps or connected industries developing in the next decade or so that you’re most excited about? 
The first one is medical data and the ability to do personalized medicine and the ability to do mass customization of therapies and pharmaceuticals and things like that. That’s one area. The second one has to do with the ability to use things like 3D printing for producing products that are very specific to a particular requirement, maybe a one-off as opposed to a mass production in order to drive down costs.

I’m pretty sure that we will see a sort of smart city that tracks power generation, flow of traffic and supply chain mechanisms, including railroads.

Although I can see plenty of risk factors here associated with bad software or failure to update software, I am much more optimistic about the positive outcomes of the spread of Internet everywhere, including computer-mediated interactions between the user population and the government--not to mention users discovering each other through social media and other means, which can lead to all kinds of interesting possibilities, including new startups.

Just for fun, what’s the silliest device with connectivity that you’ve ever come across? 
I confess, that there was a time where I would’ve said, “well, a light bulb,” but now there are some really smart light bulbs. There was a time when we used to tell jokes about an Internet-connected toaster, and how about an Internet-connected picture frame, which in the end turned out to be pretty useful.

I’ve sort of given up ridiculing Internet enabling of things because I’ve discovered that, even if it sounds crazy on the surface, there may actually be something useful arising. So, I hesitate to point to anything that I would claim is silly or short-sighted.

Let’s just stick with Internet enabling of everything, but on the other side of that, let’s make sure that when we do that, we think our way through the security, safety and reliability of the systems and especially their ability to function without benefit of the Internet, because if we don’t do that, there will be lots and lots of unhappy people.

Jennifer Rexford
Gordon Y. S. Wu Professor in Engineering, Princeton University; ACM-W Athena Lecturer (2016); ACM Fellow (2008); ACM Grace Murray Hopper Award (2004) 
Rexford in known for her contributions to network control and management systems, including helping to lay the groundwork for software-defined networks (SDNs)

What do you see is the biggest transformation that has been brought about through the Internet, and where do you see things going next?
If we look at the history of the Internet over the last 45 years, we see a steady progression that has started with connecting people with computational resources in remote locations, primarily as just a way to log in. It then evolved to connecting people to information and to each other with the Web and applications like email, Skype and so on. More recently, the Internet has become an amazing way to collect and analyze data about people and their behavior and the kinds of things they do online. This, in turn, has allowed the information we see on the Internet to be much more customized, like Google search and so on. Which brings us to the current evolution, the connecting of the Internet to the physical world, or Internet of Things (IoT). This is where we're actually effecting change in the physical world based on the information that gets collected over networks.

There are still more people in the world that are offline than on. Will connecting these people help neglected and underserved communities? If so, how?
There's a lot of opportunity to collect data that can help people make better decisions. For example, farmers could determine the going rate for their crops, rather than relying on a third-party intermediary to determine prices. In addition, knowing what the weather is going to be like in a few days can aid in making decisions about farming practices, and so on. So you can certainly imagine where people without access to information could make ill-informed decisions and use the limited resources they have less effectively. Having access to information for education, training and awareness doesn't replace having access to clean water and very basic needs that a lot of the developing world needs. But even in those situations, access to information can help in making it more cost-effective to meet people's basic needs--particularly if the technology is connected to the physical world, as is the case with IoT.

As far as how to connect them, at least in developing areas, we have the exciting opportunity to skip some of the steps that the evolution of the Internet has gone through. For example, developing areas are able to see all the different ways in which one can connect to and access the Internet and can essentially determine an option that is most appropriate for their situation. Similarly, one problem in a lot of the developing world is that much of the Internet traffic is routed back through more developed areas; traffic in South America being routed through Miami, or traffic in Africa going through Amsterdam or London, etc.  So there's a missed opportunity to host local content locally. If you're in Kenya, a local Kenyan website will be hosted outside of Kenya, making it very expensive and slow to get information. What we're starting to see more, are efforts to have Internet exchange points in the region so that the multiple network providers within Africa and within South America can directly connect with one another and provide a stable platform for hosting of local content. This allows for local traffic to stay local, making it more cost-effective and improving performance to allow people to access the information they need.

What do you think is the biggest challenge in getting those local access points up and running? Is it a question of infrastructure? Is it a question of resources? What's the major challenge in localizing?
There's a host of different constraints. Particularly in Africa, it's an infrastructure challenge--there simply is not a lot of fiber installed. Sometimes, the only way to get information from point A to point B is to go through Europe, and that's been gradually improving with the laying of additional undersea cables. So infrastructure is certainly one of the biggest challenges.

Other challenges include competition among companies, having access to a skilled workforce and being able to access reliable power, especially if you're going to host content locally. We see this in South America in particular--companies will choose not to connect their networks to one another because they're concerned about competition. They feel more comfortable connecting to a commercial provider in the U.S. rather than connecting to each other because they don't have to worry about that commercial provider in the U.S. stealing their customers. Ironically, these competitive issues are a major impediment to keeping local traffic local, even though it should be in the mutual interest of both parties.

A third challenge is that we think of the Internet as a singular network-THE Internet-like it's a single object. But in practice the Internet is 50,000 or more separately administered networks with different economic constraints and different political realities. This, of course, means that different nation-states and companies are either in competition with one another or have different views about privacy, security, surveillance, etc. Effecting change becomes a real struggle as long as we think of the Internet as a singular service. In particular, if we look at the idea of keeping local traffic local, a lot of countries are interested in keeping their local traffic in the region, not just because it performs better or is more cost effective, but also because they don't want their traffic going through an intermediate country whose laws and practices they do not respect. Concerns about surveillance and censorship make it difficult to think about the Internet as a single entity. If it goes through the U.S., it might be subject to U.S. surveillance laws, if it goes through China, it might be censored, etc.

Going back to the question about security, the same challenge applies. To truly make the Internet more secure, we would have to find a way to get these 50,000 networks to collectively agree on what they want to do and how to do it. Not only would this be nearly impossible on its own, but the early design of the Internet assumed the bad guys were on the outside of the network and the good guys were on the inside, so even the core protocols underlying what we now call the Internet were not designed with security in mind. It would be like trying to change the tires of a moving car; it's very difficult to retro-fit security after the fact.

IoT amplifies the security problem by connecting millions of relatively resource-impoverished devices-- many of which are created by companies with little to no security experience--to a complex infrastructure. Things like Wi-Fi-connected picture frames, televisions, Barbie dolls, thermostats, cameras, door locks, etc. are often running a conventional operating system inside with no patches applied. It's really just a ticking time bomb for security vulnerabilities that are ripe for exploitation. We've certainly seen this in the last few months with a number of severe cyberattacks being launched from IoT devices. The risk is compounded because these devices are collecting information about our personal space and also acting or effecting change in our physical world.

As a networking person, the exciting thing for me is that the most likely solution for the security problem will come from a network perspective. It's not going to be the toaster defending itself--it will most likely be the network that connects that toaster to your home router or to a cellular access point. That's going to be the place where you look at the traffic going to and from the device and try to figure out if it's behaving like it should or receiving information that it shouldn't. I strongly believe that network infrastructure will be the first line of defense in handling the risks associated with IoT.

Do we need to start thinking more about the network security, rather than who's responsible for the security of each device?
There is a lot of discussion around this in the policy community, but it really can't be the user's responsibility to maintain security. The devices involved are so heterogeneous that's it's difficult to expect consumers to make informed decisions about the security and privacy implications of what they're doing. Obviously, keeping consumers educated about things like password security and understanding that a device that's tracking their location for one purpose might be sharing it for another will be beneficial. But in terms of actually managing technical risks, there need to be guidelines and expectations about things like security patches. In the same way we have recall notices when cars have flaws, we could create a system for consumer devices for patching requirements or reporting when a problem is detected.

So from a broader perspective, networks will be part of the story, but on the other hand I don't think the network providers have all the answers. Consider this: when the number and types of devices that a user might connect to in their home network are so broad, is it really reasonable to expect the service provider to manage all of them? In most cases, consumers may not even want their service provider to see or have access to the devices. The home router may be the end of the consumer's relationship with their provider, so the idea that the provider would have enough visibility and control inside the home is far-fetched. Unfortunately, I'm not sure there's an easy answer here. As a consumer, I want someone else to be handling security, but it's not immediately obvious that my network provider is the right answer to that question.

Final thoughts?
The Internet and IoT is a space where a lot of different communities can come together. Clearly, computer scientists and policy makers need to be having more conversations, but we're starting to see more of this with different federal agencies and advocacy groups. It's a complicated issue, because IoT, by its definition, is a pretty broad space. People often ask me about IoT because I work on the Internet, and I like to say that "I know a thing or two about the Internet, but I don't know much about things in general." It's tricky. If someone wants to think about the security risks of a self-driving car or a thermostat, or a device on a factory floor, the kind of expertise one needs about the physical environment the device is interacting with, one gets into other areas of engineering that are normally disconnected from computer science. The places where we need computer science expertise are much, much broader. We need to start thinking of computer science much more broadly as a discipline. The average mechanical engineer is not going to take a cybersecurity course in college, but perhaps that needs to change. There's a definite human challenge here to get the right kind of broad awareness for consumers, reasonable training for the typical technical person, and specialized expertise for policy makers who need to make informed decisions. That's a big challenge for the field. That's an area I think groups like the Association for Computing Machinery (ACM) in particular can play a big role, because we have pockets of interaction with all those communities that need to have different levels of expertise.

Martin Casado
General Partner, Andreessen Horowitz; ACM Grace Murray Hopper Award (2012)
Co-founder of Mural Net, a non-profit that brings internet connectivity to underserved tribal lands with the explicit goal of aiding education

What do you see as the biggest transformations that have been brought about through the Internet, and where do we go next?
The cliché, of course, is that the Internet is the new medium of human interaction impacting commerce, socialization and public good. And that is generally true. However, I think the awesome breadth of this transformation can be concretely appreciated by how the Internet has changed the way we do business. Going forward, it is the conduit through which the vast majority of services will be rendered, goods will be exchanged, and transactions will take place. Even the most mature industries are undergoing radical transformations—everything from banking and retail, to media and lodging, to automotive and farming. You can add to those services that straddle the public-private boundary, such as education, healthcare and defense. For all of these, it serves not only as the point of discovery, the communication medium, but in many cases also serves as the point for services or goods distribution and the transaction. From the consumer’s standpoint, the entire planet of (connected) services is immediately available. And from the producer’s standpoint, the entire (connected) planet is accessible to customers. It’s hard to think of a larger or more fundamental transformation in … well ... forever.

There are still more people in the world offline than on. How will connecting these individuals help neglected and underserved communities around the world?
I agree with the United Nations in the view that connectivity to the Internet is a basic human right. Beyond the intrinsic benefits of better communication within the community, it provides access to the grand marketplace that’s erupted within the Internet. In many ways, that can become a great equalizer. If it costs me less to produce a good or a service, and the distribution cost (in this case the Internet) is the same, then I have an advantage in an open market. Of course, it isn’t as simple as that, but it certainly does inject underserved communities directly into the economic nervous system in which they can participate.

I’d be remiss not to mention education as well. The Internet has not only become the central repository for human knowledge, but for pedagogy built around that knowledge. It’s a primary medium from which people learn. Inasmuch as the Internet is becoming the goal marketplace, it’s also becoming the global university, and if you’re not connected, it’s tantamount to not getting admitted. This is a point I feel very strongly about. So much so that I co-founded Mural Net (, a nonprofit that brings Internet connectivity to underserved tribal lands, with the explicit goal of aiding education.

For organizations and individuals to be confident when conducting transactions and exchanging information, the Internet has to be secure. How does the IoT impact the security of the Internet?
The discourse around this topic has the wrong focus. Most discussions are around how more connected endpoints means more of the world is ripe for cyber attacks. And certainly there is truth to that. But is there a fundamental paradigm shift going on? I doubt it. I think you can easily extrapolate the state of affairs today to IoT, and yes, we need to continue to improve that. But the reality is that much of the world already relies on the Internet, so it’s hard to see this as a major paradigm change.

That said, I do believe there is a massive transformative shift in security underway, and that’s how the cyber world and IoT impacts physical security. To put it plainly, we will be more secure because IoT gives us better tools for security. This includes smart locks that log access, and allow for time-based access and revocation. This includes smart video cameras that can tell the difference between someone walking by and someone breaking into a car, and drones for reconnaissance. And that’s just the beginning. I believe the potential impact on physical security is as large as major physical breakthroughs in the past, such as flight.

What are the possibilities, and repercussions, of IoT capabilities such as smart cities and connected cars?
There are obvious answers here around energy efficiency, traffic, safety, etc. But I feel that those are already easy to see from where we are today. So perhaps I’ll take a bit of a longer view and say that in the limit IoT could very well make the notion of a city anachronistic. Cities are largely products of organic growth and physical constraints; close enough for protection and commerce, and far enough away for privacy and access to resources. However, IoT changes these constraints. Drones can deliver goods without requiring traditional roads or supply routes. Advances in connected and urban farming can allow sustainability just about anywhere. And the Internet provides a social overlay that’s independent of geography. We’re heading toward a future where cities are more defined by common interests than by geography.

What do you think are some of the potentially most exciting/important applications of IoT beyond the ones already being actively developed?
We need IoT to help us save the world. And by save the world, I mean address the ever-growing issues around climate. It’s hard to think of a more significant existential threat. To solve it, we have to understand and track it to hopefully reverse the trend. While connected “things” are already in use, I think IoT can play a much more significant and far-reaching role as the “eyes and ears” of the climate community that’s trying to get a handle on what’s going on. The climate problem is very much global. Yet as we know from weather modeling, the global patterns are the product of local actions. With IoT, we’ll have the ability for globally pervasive tracking, and hopefully mitigative actions as well.


Nick Feamster
Professor of Computer Science, Princeton University; ACM Fellow (2016)
Recognized for his work on data-driven studies of Internet security and Internet censorship

What do you see as some of the biggest transformations that have been brought through the Internet and where do we go next?
The early Internet was a network of trusted research universities with very few stakeholders. There was no business aspect to it, there were no profits to be taken, and there was little to no concern over security. The chief goal was connectivity and the primary challenges were technical in nature.

Today, the situation is much different, with each of the previous points having been turned completely on their head. We see increasing tensions between stakeholders, especially between Internet service providers and content providers with regards to issues like pricing of Internet access, network neutrality, performance guarantees and quality of experience.

We see tremendous tension in the area of cybersecurity between attackers, businesses and end users. In fact, data breaches, hacks and other cybersecurity-related problems have become so commonplace you can read about a new attack almost every day. Many of these problems are due in part to the proliferation of devices that are connected to the network. We’ve built a network with so many different attack vectors that it has become nearly impossible to secure. And despite numerous solutions in the market, we continue to see new forms of attacks that we just don’t have answers for yet.

Another of the major challenges we face has to deal with Internet oversight. When it was originally created, the Internet was under the control of a single government. However, as the Internet spreads and proliferates to countries around the world, not all governments will see communication and access to information in the same way. Each government has different ideas about what a citizen’s access to information should be, which of course leads to censorship as well as manipulation of content.

So to tie all of this together, in the early days of the Internet, purely technical solutions could guarantee that a user was going to see good performance. Throughout the 1990s and even the early 2000s, we saw an almost exclusive focus on optimizing the performance of Internet protocols. And while that work is still extremely important, many of the biggest issues we face today are no longer purely technical. Many relate to economics, policy, security, sometimes even psychology and human-computer interaction. In order to truly address today’s problems, our work needs to be increasingly informed by and driven by things at the boundaries of other disciplines.

There are still more people offline than online. How will connecting those individuals help neglected and underserved communities and institutions around the world?
This is an interesting question, and one that I’ve thought a lot about, as I have done some work studying the performance of fixed and mobile broadband access in South Africa.

To better understand or wrap our heads around this issue, we need to first recognize that the Internet as we conceive it in the United States is not necessarily going to be the same Internet that we see in the developing world. To give you an example, there are far more users in Africa that connect to the Internet via their mobile phones than via a fixed line, cable, fiber or other type of connection. Not only are these users connecting to the Internet more frequently using mobile devices, but also they use the Internet for very different things than we’re using it for here. To add to the problem, mobile Internet tends to be more costly than fixed-line Internet. It is a different paradigm than what we are used to thinking about in the US.

One example of something I worked on where we ran into this is when I taught a massive open online course (MOOC). When we talk about “connectivity to the next billion,” we often use education as one of the prime drivers for expanded Internet accessibility, but the reality is that most of these users won’t necessarily be sitting in front of their laptop screens at home on a gigabit fiber connection. We’re talking about people on potentially much lower-speed mobile devices facing much, much higher costs for their data. It simply isn’t realistic to believe that these individuals will, first, be able to access the necessary educational information, and second, be able to afford to connect to the Internet to see it.

We need to think more about making connectivity affordable and accessible. Just as the original Internet designers probably didn’t imagine many of the apps that are running on the Internet today, I don’t think we should necessarily be conceiving of the apps that people in other cultures and developing economies will use the Internet for. We shouldn’t necessarily presume that their uses of the Internet will be the same as ours.

But these issues aren’t just concerns abroad–we also talk about connectivity in rural or “underserved” regions, for example, rural parts of the United States. While we’re thinking about Netflix and YouTube, there are farmers thinking about how to more efficiently plant and harvest crops. They’re thinking how they can use wireless networks and drones for surveying crop fields as well as Big Data and predictive analytics to figure out how to make the best use of the resources they have. A lot of that is increasingly going to depend on connectivity.

For organizations and individuals to be confident when conducting transactions and exchanging information, the Internet has to be secure. How does the Internet of Things impact security?
I think there are a couple of reasons why IoT raises the stakes as far as the security of the Internet is concerned. With so many new devices being connected to the Internet, and many of these being “cyber physical,” it’s not enough to secure my laptop or my phone anymore. An Internet attack may now involve physical inconveniences or threats such as security cameras, door locks, thermostats, etc.

Another problem is that everybody is plugging these devices in everywhere, but nobody is particularly interested in managing them. Right now, we have the option to purchase Internet-connected devices, like the items I mentioned earlier, but soon, we’re not going to be talking about Internet-connected anything, we’ll just buy a fridge, and it connects to the Internet; buy a car and it connects to the Internet; buy a house and it will have hundreds of light switches, plugs, motion sensors and environmental sensors that are connected to the Internet. So, we’re going to have a lot of stuff connected to the Internet that’s just going to disappear into the infrastructure. And yet, a lot of the manufacturers and vendors who make and sell those kinds of devices aren’t thinking about Internet security. In many cases, they don’t even have the resources to think about it.

The issue here is that most businesses are fundamentally focused on the market they serve. In other words, a hardware company is just a hardware company, a consumer electronics company is just a consumer electronics company; they aren’t thinking about software development. They’re not thinking about the security of the software they put on the devices they sell. So it won’t be long until we have an abundance of fundamentally un-patchable, insecure, and difficult if not impossible-to-patch devices affecting nearly every aspect of our daily lives. It’s a perfect storm.

What are the possibilities and repercussions of IoT capabilities such as smart cities and connected cars?
The pervasiveness of Internet-connected devices and sensors in things like cars and cities is something we should really spend more time thinking about. Right now you could go out and buy a device that tracks your fitness and activity level, and have a pretty good idea of the type of data that’s being collected, and maybe a bit less of an idea about how that data is being shared, etc. Now imagine what would happen if you were to buy a connected car with built-in biosensors that measure things like heart rate or drowsiness, or could detect if you were in declining health. What if every car in the future had these same sensors? Where’s my choice, do I have a say in what data is collected and how it’s used? Can I say, “No, I don’t want that option?”

I believe it was senator Brian Schatz, talking about consumer choice, who said that we may soon live in a world that requires that consumers click ‘I agree’ simply to participate in life.

That pertains to smart cities as well. We see in big cities now the deployment of so-called photon sensors; who has access to the data and under what circumstances? It’s a tough balancing act when we think about lowering crime rates, improving traffic patterns, etc., while still protecting and preserving the privacy of our citizens and consumers.

What do you think are some of the potentially most exciting/important applications of IoT beyond the ones already being actively developed?
For all the security and privacy problems we were discussing, there are solutions. As a networking researcher, I tend to think of it this way: Let’s assume we are going to have devices that are “fundamentally un-patchable” or are going to misbehave as far as sharing our data with third parties or collecting and sharing data that we would rather not have shared. We can certainly start to consider the kinds of mediators that could be installed in the network to give users visibility into what the traffic flows are between their devices and the rest of the world. Hopefully by doing this, we can give more control, allowing them to say, “No, I don’t want that data going to destination X on the Internet or in my home, I’d rather not have my smart TV talking to the cameras or the smart plugs.”

These are tricky, complicated questions because there are user interfaces issues at play here. Obviously, if we have thousands of devices, you can’t be asking users thousands of questions just to set up their home. We’re going to have to develop systems that hopefully learn what the “right” questions are. Instead of having a few devices--like computers or phones--connected to the Internet, we’ll have tens or hundreds of devices connecting, but these will in some sense be more predictable in terms of their function. This will raise interesting problems on the security and privacy front, but I don’t believe the solutions will be purely technical.

For example, does the responsibility fall on the consumer to patch the device, on the Internet service provider to block the attack traffic, or on the vendor to make sure the device is automatically applying software updates? There are a lot of different players in the ecosystem and a lot of different stakeholders, some of which we never thought of—who would have guessed 10 years ago that our fridge vendor would potentially be a stakeholder in our Internet policy?

While I can’t totally predict what’s going to happen, I do think networking technology is going to play an important role in improving security and privacy for Internet users.

Needless to say, as broadband connectivity increases and as more rural and underserved areas come online, things like improved education and personal health become possible.

To wrap up, any final thoughts?
If there’s one thing to take away from this discussion, it’s that the future of the Internet is very hard to predict, and that’s especially true of Internet applications. The fact that it’s so easy to develop new apps that involve Internet connectivity is a testament to how good the original design was in terms of making it easy to get connected. All you need to develop an Internet app is a device that speaks the Internet protocol. That is really cool when you think about it, but that’s also why trying to guess what’s next is nearly impossible. The emergence of IoT makes this even harder because it’s not just about making a cool phone app or innovative new website--we literally need to consider the entire physical world. That’s really exciting. At the same time, this great design characteristic of the Internet, the ease of connectivity, is one of its biggest problems because it introduces all kinds of security and privacy wrinkles. I can say one thing with absolute certainty: security and privacy researchers are going to be busy for a long time.


George Roussos
Professor of Pervasive Computing, Birkbeck College, University of London; ACM Working Group on the Internet of Things (2016)
Roussos’ experiments explore human dynamics as a core ingredient of urban and social computing systems

What do you see as the biggest transformations that have been brought about through the Internet, and where do we go next?
The Internet is the first truly global medium and has provided the foundation for globalization in the sense of a worldwide means of cultural communication and exchange, and sometimes collision. Reflecting on my own experiences growing up in Greece in the 1980s, the prevailing sense of the rest of the world was that it existed far away and that our parochial preoccupations had little influence on global events. Things that seem to matter especially to younger people, such as music and movies, arrived from abroad after a year or two of delay. As a university student, accessing a modern science handbook would cost over a month’s salary and would typically require months to obtain. Technology took even longer to become accessible — my first experience of the Internet was in 1988 through a refurbished 20-year-old CDC 7600 terminal, practically my coeval. Comparing this to my nephews' and nieces’ experiences today, they have a much stronger sense of their place in the world and seem preoccupied with the same issues as my students in the UK.

While it is gratifying to presume that this process of social innovation will continue, it is not difficult to observe indications that suggest the opposite. Despite the idealism of the early years of the Internet, its benefits have not been shared equally and technology in itself has not been enough to guarantee liberty and prosperity in the way that many in the pioneer days anticipated. Such concerns are only likely to increase in the coming years, especially with the proliferation of opaque and unaccountable data-driven algorithmic decision-making that is taking over many areas of human responsibility. Uneasiness about the future is increasingly expressed by individuals and groups that choose to deflect its immediate ramifications by retreating into familiar, safe patterns of behavior, often expressing outright hostility for the new and the unfamiliar, and sometimes altogether withdrawing from the commons. One should not underestimate the role of Internet technologies in intensifying this effect by, for example, filtering the information experienced so as to eliminate alternative points of view. As computing professionals we prefer to consider our role as politically and ethically neutral. This is no longer tenable because the tools we create define the modern world by shaping the structure of public discourse in a way that not only creates but also rules out certain kinds of content and audiences —surely this is both an ethical stance and a political act. Our profession should provide strong leadership in this process by clearly establishing the tradeoffs in the choices that our societies face and by helping mitigate their negative repercussions.

There are still more people in the world offline than on. How will connecting these individuals help neglected and underserved communities around the world?
The two main factors limiting the ability of people to access the Internet are affordability and lack of literacy and language skills. While getting online can provide benefits, connectivity is not a panacea for all ills. Lifting these communities out of poverty and getting the basics right such as having access to clean water, vaccinations, or in some cases a less corrupt government, would be a priority. Moreover, joining the connected world as a latecomer involves significant hazards as well as opportunities, so developing the appropriate skills and safeguards is a precondition.

In any case, there is already some experience on the types of benefits that such communities can expect and these relate primarily to enabling trade and access to healthcare. It is important, however, that these communities have the opportunity to engage with the Internet on their own terms and discover ways to benefit from it that better fit their distinct circumstances. There are already interesting cases highlighting how innovations can be created from the bottom up to generate opportunities suitable for those directly involved that best represent their needs--for example, through micro-lending and using the mobile Internet to broaden access to financial services.

For organizations and individuals to be confident when conducting transactions and exchanging information, the Internet has to be secure. How does the Internet of Everything impact the security of the Internet?
There are already many examples that suggest that the large number and the particular mode of operation of Internet of Things (IoT) devices raise considerable security issues —not necessarily new issues and certainly not novel from a purely technical perspective— but the scale and complexity of IoT systems change the nature of the problems encountered. However, this will hopefully be a short-term problem while manufacturers of IoT devices fully understand the implications of connectivity and acquire the required expertise. In the medium term, a more pressing concern might come from hybrid attacks combining cyber and physical assets. Most current security measures depend on controlled access to specific attributes of a material entity only by the authorized user. But the IoT makes this entity accessible either directly or via an IoT-connected artefact in its immediate environment for example consider a compromised toy robot operated remotely to visually access printed security tokens. Recently, I had firsthand experience of this type of attack on my banking facility where both physical and online assets were compromised — to resolve this proved costly and very time-consuming, as it was next to impossible to provide authoritative evidence from a distance.

Yet, a more critical implication of the IoT from a security perspective stems from the fact that it brings critical infrastructures online and thus makes the payoff of attacks over the Internet potentially much more profitable. This could be especially transformative through a process of weaponization and the reconstitution of the Internet into theatre of war. Conducting warfare over the Internet will inevitably have casualties pertaining to civilian targets and likely with very considerable costs. Unlike other types of weapons that can bring mass destruction, the use of cyberweapons is not regulated and there are currently no internationally agreed-on provisions for the protection of civilian populations. Although this is certainly not an easy task, I do not share the view that there are insurmountable difficulties in reaching non-proliferation agreements for cyber-weaponry. In fact, similar concerns were expressed for nuclear weapons but the world recognized that such controls are for the benefit of all, and such agreements were eventually successfully reached.

What are the possibilities, and repercussions, of IoT capabilities such as smart cities and connected cars?
There are two schools of thought on how Smart Cities will develop. They concur in that the implementation of IoT technology can enable efficiency improvements such as significantly reducing the environmental impact of cities through better resource and refuse management; direct engagement of citizens with public life; and improved quality of life and prolonged independence especially for the elderly. However, there is considerable divergence of opinion on how this might be achieved between those who seek to impose a top-down authoritative approach and those that advocate self-organizing alternatives through direct participation and citizen empowerment. At the core of this discussion are questions of fairness and the right tradeoff between transparency and privacy —the particular choices that specific societies make will surely determine the nature of everyday life for future city dwellers.

Like many in our field, when thinking about these matters I am influenced by science fiction literature that has long contemplated these questions. Indeed, in many ways we are facing today exactly the kinds of issues that sf narratives traced 50 or 100 years ago. A typical theme in this regard is whether the future will be a utopia in the spirit of H.G. Wells’s The Shape of Things to Come or a dystopia such as George Orwell’s 1984 or perhaps being ambivalent about the final outcome such as Aldous Huxley’s Brave New World. The latter seems to be the alternative that most resembles currently emerging patterns of civic life with their emphasis on consumption and the diminishing regard by the public for science and hard-gained scholarship.

What do you think are some of the potentially most exciting/important applications of IoT beyond the ones already being actively developed?
I expect that the more interesting opportunities will occur at the intersection of the IoT and other technologies-- notably materials science and biology, and in particular DNA editing and neuroscience. New materials with rather exotic properties, engineered life forms and closer integration between computing and human perception appear likely to produce surprising outcomes when combined with developments in robotics, the IoT and AI. We are at the very beginning of exploring where these synergies might lead, with the main barrier being our limited understanding of the human mind and body. In any case, my point is that one should look beyond the boundaries of our discipline for the more interesting opportunities. One specific way that I hope the IoT can bring about change is by shifting the emphasis away from our current predominately visual mode of interaction with information, which I consider to be the key ingredient enabling sedentary and passive contemporary lifestyle. IoT technologies afford interactions engaging the whole body through touch, proprioception, equilibrioception, interoception and perhaps a few new artificial senses that can hopefully rebalance the focus on the brain as the only locus of intelligence.

Yet, the biggest surprises often emerge as a result of the dynamic and volatile processes that enable distinct individuals and groups to appropriate innovations. While technology offers the potential for creating new city infrastructures, a more powerful force for innovation is the dialogue between the different social groups occupying the city. Nevertheless, I prefer to imagine that applications will emerge in the spirit of the hacker ethic, by making something great because it is worth making and because it scratches a personal itch. In particular, my hope is that the IoT will play a key role toward improving the health and the sustainability of the planet: overconsumption of raw materials, pollution from fossil fuels and industrialized farming, the destruction of forests and numerous other effects of modernity are setting massive challenges ahead. I believe the IoT has to play a central role in addressing these challenges and ensuring the welfare of future generations.


Jim Kurose
Assistant Director of the National Science Foundation for the Computing and Information Science and Engineering (CISE); ACM Fellow (2001)
Kurose leads CISE to uphold the nation's leadership in scientific discovery and engineering innovation

What do you see as the biggest transformations that have been brought about through the Internet, and where do we go next?
We’ve seen huge transformations arise from the ubiquity of Internet connectivity, and the vast reach of people, information, and ideas available on the Internet. With high-bandwidth mobile cellular and public WiFi access and wired access via enterprise and home networks, we’re constantly connected, whether at work, at home, or on the go. Information is always at our fingertips, and friends are only a swipe away. But the spread of misinformation and the effect of opinions resounding in echo chambers, in spite of the unprecedented amount of openly available information, certainly wasn’t obvious 20 or 30 years ago.

The Internet is clearly a socio-technical system – it harnesses technical capabilities into systems that are used by people and organizations. Its technical capabilities will continue to evolve and improve, driven by science and engineering research and innovation. But the user-facing sides of these systems must also evolve as we learn (through use, business-driven innovation, and public debate) exactly which capabilities we want in such systems.

Where to next? The technical answers to that question are the easiest. We’ll see higher-bandwidth untethered connectivity through pico-cellular wireless networks; we’ll see real-time, conversational, and natural question-and-answer information systems with reasoning and explanatory capabilities that operate over huge repositories of structured and unstructured information; and we’ll see an increasing emphasis on systems that are secure, privacy-preserving, and resilient “by design.”

The societal answers to “Where to next?” are much tougher. Privacy research – understanding how and when the personal information in our digital footprints is used – will continue to be increasingly important. There are also deep social and policy questions that will need to be answered. And the answers may well differ from one country to another and may change over time.

There are still more people in the world offline than on. How will connecting these individuals help neglected and underserved communities around the world?
Actually, data from the International Telecommunications Union, a part of the United Nations that tracks telecommunications use, indicates that 2017 may be the year when more than half of the world’s population will be connected to the Internet! But, indeed, that still leaves half of the population unconnected.

Basic connectivity is the first challenge; the second challenge is then to enable a wide range of applications that serve local needs that are built on top of that basic connectivity. The research community has an important role in both.

Changes in technology, particularly the rise of wireless cellular technologies, may allow under-served communities to leapfrog more well-served communities. Twenty years ago, for example, increased telephone connectivity meant expensive deployment of wired infrastructure to homes, institutions, and businesses. Today, a wireless base station can serve a large geographic region of users, with inexpensive handsets (phones) providing Internet connectivity, and obviate the need for expensive, last-mile, wired infrastructure.

With such basic connectivity in place, the question then becomes what applications will be deployed on top of this infrastructure? And how will those applications service local needs? Already, we’ve seen examples of rural farmers using cellular connectivity for crop planning to increase yields and entrepreneurs in small villages receiving microloans via the Internet to start small businesses.

For organizations and individuals to be confident when conducting transactions and exchanging information, the Internet has to be secure. How does the IoT impact the  security of the Internet?
Many consider the Internet sufficiently secure for certain day-to-day transactions. Consider, for example, that it wasn’t that long ago when the majority of us might have been uncomfortable making credit card purchases over the Internet. Today, the tens of millions of transactions processed by an online retailer on a given day are testament to the widespread belief that there are sufficient safeguards in place for such commercial transactions over the Internet.

But with an ever-increasing array of devices being connected to the Internet (between 26 and 50 billion devices in manufacturing, business, and home applications by 2020, by some predictions), the question of resilience – knowing that a device will continue to perform its tasks safely and securely in the presence of unintended as well as malicious faults – is increasingly important.

As a research topic, resiliency by design – creating systems with known a priori provable properties under various environmental scenarios, including attacks – is tremendously important. Indeed, the 2011 Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program and the 2016 Federal Cybersecurity Research and Development Program both explicitly call out “design for security” as key elements. The 2014 NSTAC Report to the President on the Internet of Things also calls out IoT security as being particularly critical.

There are myriad research challenges. Security and resiliency have not only technical challenges, but social challenges as well. For example, research can help to provide solutions to one of the most basic questions one can imagine – who is responsible for a device’s software, which will inevitably need updating? There are also a number of privacy research challenges. How can the consumer be knowledgeable about how information recorded from IoT devices will be used? It’s been estimated that it takes an average of 10 minutes to read a privacy policy at popular websites. Multiply that by the number of websites one visits in a day, and it becomes clear that our current solution approaches are unlikely to scale or be realistic in the long term!

What do you think are some of the potentially most exciting/important applications of IoT beyond the ones already being actively developed?
It’s difficult to predict future Internet applications. But I’ll make one prediction. I believe education and skill acquisition have yet to be truly disrupted by the Internet, or by interactive and/or virtual reality/augmented reality technologies. As a long-time teacher (and learner), I don’t think there’s anything as good as learning with inspired and engaged teachers and students, using interactive active learning and team-based activities in the classroom. But that approach is neither uniformly affordable nor scalable. So I do believe a next generation of interactive software/textbooks/classes is increasingly important to meet the pace and need for training, skills updating, and acquiring new fundamentals. Research and evaluation will be needed to understand how this can best be done. Credentialing and more agile matching of workers with work could accelerate the arrival of this important future application.

Beyond that one prediction, it’s also important to provide a level playing field for the application ecosystem, so that new and potentially disruptive applications can be both conceived and deployed. The wild success of the Internet has been due in many ways to the ease with which new services and applications can be developed and deployed – develop some server-side software (now easily deployable at scale on cloud service platforms) and a user-side front-end app, and you’re ready to go! Implicitly, this requires access to network and computing resources. The social, economic, and legal framework that governs such resource access is still evolving, may vary from country to country (as noted earlier), and may even vary over time within a country. It’s been said for some time that the Internet is in its “Wild West” phase, with technical, social and policy aspects still very “fluid”; more than 40 years after the term “internetting” was coined by Cerf and Kahn, that characterization still rings true!

Edited by Ken Briodagh

Editorial Director

Related Articles

IoT Healthcare: AMA Collaborative Initiative Leverages Data to Improve Care

By: Ken Briodagh    10/17/2017

New AMA collaborative initiative brings health and technology stakeholders around a common data model

Read More

IoT Healthcare: Huawei, Philips Cloud AI Makes Society Healthier

By: Ken Briodagh    10/16/2017

According to a recent release, Huawei and Philips have successfully developed an advanced cloud IoT Healthcare solution in China.

Read More

Ericsson, PS Solutions, CKD Dig into Agricultural IoT

By: Ken Briodagh    10/12/2017

Ericsson, PS Solutions, and CKD Corporation are collaborating on an update to the "e-kakashi" platform, which applies AI and IoT technologies into agr…

Read More

Salesforce IoT Explorer Edition Seeks to Unlock Customer Insights with Connectivity

By: Ken Briodagh    10/12/2017

Salesforce IoT Explorer Edition is a platform service, designed to remove barriers to connecting businesses and harnessing IoT data.

Read More

Icon Labs Considers Embedded IoT Security Solutions

By: Chrissie Cluney    10/11/2017

Security vulnerabilities can result from implementation flaws, design flaws or failure to properly enable and use security features.

Read More