It will not only be that in 2020 there will be 20bn connected devices, but essentially the new internet, in which everything gets connected will become a reality. That this will happen is probably an inevitable reality. The value equation to industry, society and individual users will very much depend on the individual use cases, and how data can be used and by whom.
Let's turn to B2B first: As a company offering my products and services increasingly in a connected way, I do expect that I can protect my property rights, the integrity of my services and the experience of my customers. Providing data only makes sense, if I know who is using it and for which purpose, and if I can control the use of what I am providing. As a provider of data, I need to have the security provisions in place that allow me to exert my ownership rights, and set price and conditions of use for the data I am providing. And I may be interested in who is using my data.
As a user of data, I want to be assured that the source is trustworthy, reliable and that I can contract the conditions of use for that data that I am using. Let's assume that I digitized an essential part of my supply chain or production - I need to be 100% sure that the whole process is working and that there are clear accountabilities and a chain of trust and contracts along my process. Therefore, I do expect that identities are verifiable, as well as the integrity of data and the conditions of use.
What is needed to make that work is an open "digital twin eco-system" that safeguards identity management (through trusted identification and authentication ideally handled at the end points, e.g. through hardware based encryption and TPM based PKI infrastructures), as well as verifiable contracts and footprint in the cloud, e.g. through blockchain. End point security and blockchain will serve as complementary tools to ensure trustability of the whole system. The third element will be interoperability through a common semantic framework and a contribution based governance around it.
As a participant in this system, there are huge benefits, as the new internet will provide existing services and transactions at a significantly lower cost and unlimited scalability. But as a user, I would only want to participate, if the system is trusted. Therefore the question is not so much what a participant is willing to pay specifically for security, but much more what kind of pre-requisites need to be in place in order to participate at all. It is a basic infrastructure element that is needed, and will be key for e.g. Europe's success in IoE.
Is this different on the B2C side: Not really. As a user, e.g. of smart home services, I do not care so much about the security risks I am entering. I do see useful services, from my telco or utility, from Google and from Amazon, Withings, Fitbit and others, and to a varying degree I do believe that those brands built their brand on the fact that they are not fooling me. That is the same mechanism, that allows greek peasants to leave their door open, when they leave...but that breaks down in the moment somebody is miss using the trust. And that will happen. And if it happens and there is no secure answer to it, it will seriously hamper the trust in the whole system. Therefore, also on the B2C side, there should be trust injected into the "new internet" from the end points (e.g. from hubs/routers in the home that have a TPM and serve as trust anchors for smart homes), contracts and transactions should be verifiable e.g. through blockchain mechanisms, and the end user needs to be given the choice over who is using his data and how it is used. And again, as there is so many data from so many sources, we need a common semantic framework to safeguard interopearbility and access for web developers to come up with interesting new use cases.
The key problem of the discussion today is that we ask for the propensity to pay on the user side for platform features, which should be commonly regarded as essential features and therefore have all the character of a public good. It is probably policy makers that should safeguard that this system is working...not necessarily as regulators, but as convenors for a common and open interoperability and security framework for IoE - and Europe could be an excellent starting point.
------------------------------
Boris Maurer
Accenture
------------------------------