Does IoT Data Need Special Regulation?

dkatana writes: As part of the UK's Smart Meter Implementation Programme, Spain's Telefonica is deploying a M2M solution, using its own proprietary network, to collect and transmit data from 53 million gas and electricity smart meters. The most troubling issue is that the UK government awarded the contract to a private telecom that uses a proprietary network rather than to an independent organization that uses freely available spectrum and open source solutions. Those Smart Meters are supposed to be in operation for more than three decades, and rely on a network that can cease to exist. On top of that, the network, running proprietary protocols, can be hacked, and "will be hacked". Only Telefonica will be able to fix it.

Re:open source?

[KGIII]

I like the way you think. I really do. Which made me think of an answer to this non-question.

The answer is no, we don't need special regulation. What we need are intelligent and informed persons. Eventually, and this doesn't discount closed source, we could have open and interoperability-built standards that are published, vetted, and agreed on - or at least published and open. The idea being that, yeah, smart people would select to use such instead of insisting on reliance on closed and mysterious. This doesn't mean that the code, itself, can't be proprietary but the communications methods that it uses should be - they should be open, available, and free to use, even for commercial means. In this case, using this example, I'd suggest relying on the standards IPv6 and TCP/IP (or UDP, if applicable - does UDP support error correction?).

If there's any benefit to this new, proprietary, communication format then, by all means, share it with the world so that it can be reviewed, improved on, standardized, and benefit others. It's not like it will do anything more than help the company's bottom line to do so. If anything, it will increase their visibility and market share. Perhaps, I guess, they could license it for commercial use but, honestly, I don't think that will help. If anything, and this is important to me - at least, it's a municipal project (from the looks of things) and thus it should be open.

The summary mentions that it will be hacked, and it will be, so having other companies that can layer on security (if needed) or perform repairs prevents lock in and price gouging. There's a vested interest, from the people, to insist that these types of things remain open and rely on commonly accepted (i.e. standardized even if unratified and informally) and readily available information. Should this company go out of business then the tax payer will have to keep them afloat just to insure they can read electrical usage meters? Surely you jest... When a security flaw is discovered, and it will be, who is going to repair it and how much is it going to cost? Truly, I can think of no benefit to this being proprietary but, perhaps, I'm missing something.

Ah well... I should be sleeping, though I've called the desk and have paid for another night so I'll not have to be out of the hotel by 10:00 in the morning. What an ungodly hour to insist that I check out. I'll be in Buffalo for another night and that means I get to spend a little bit of time online. Yay...

Re:open source?

[Dutch+Gun]

Question: The summary and article is talking about the user's data that's collected. Is this data considered sensitive, other than the fact that one could potentially determine if someone is home or not if collected in real time? Do these smart-meters collect more than gas, power, and water usage? If it's just utility metrics, does anyone really care all that much about that? I'm trying to figure out how if any sort of data-leakage could really negatively affect someone. Maybe I'm just not imaginative enough.

Getting the meter hacked could be annoying or expensive, but probably not a catastrophe, as you'd simply dispute any ridiculous charges. Naturally, that's always an issue with any device tied to infrastructure.

As for using a proprietary network and protocol, I'd hope that the UK required exact documentation of what they're using, and how it works. That way, if the company goes belly up, another company could provide similar reading services based on those protocols. Of course, government bureaucracies being what they are, I guess I wouldn't be surprised if no one thought to do that.