Video: Trust and IoT

A short lighthearted description of the issue of trust in Internet of Things products with some of their attached risks.


CISOMAG, 2019. Hackers can steal your identity and bank details from a coffee machine!. [Online]
Available at:

Daws, R., 2019. Hackers attempt to extort $400k in Bitcoin from Ring doorbell owners. [Online]
Available at:

Greenberg, A., 2015. Hackers Remotely Kill a Jeep on the Highway—With Me in It. [Online]
Available at:

Khandelwal, S., 2017. Over 8,600 Vulnerabilities Found in Pacemakers. [Online]
Available at:

Nucleus, 1975. Alleycat. [Sound Recording] (Vertigo).

White Paper Review: Smart Buildings Security

Can You Trust Your Smart Building? (IoTSF, 2019)

Understanding the security issues and why they are important to you

Published by: IoT Security Foundation

Available at:


Smart buildings are one of the most common categories of IoT implementations. In seeking to provide guidelines for smart building stakeholders such as owners, contractors, and installers, an IoT Security Foundation working group has devised a set of guidelines published in a 2019 whitepaper titled “Can You Trust Your Smart Building?” (IoTSF, 2019).

Initially the authors discuss what smart buildings are: systems designed to fully manage and control all aspects inside a building, covering sub-systems such as HVAC, UPS, elevators, lighting, fire detection, and security. Optimal asset management and resource consumption leads to energy and water savings, reduced costs, less waste, improved safety and security, and overall better maintenance and occupant satisfaction. It is thus an expanding multi-billion-dollar global market.

Smart buildings potentially impact the wellbeing of all citizens of the modern world. If there is a trust issue, as the title suggests, and they cannot be trusted, then we should seek to identify the challenges and the ways to address them. The relevance of the whitepaper is clear.

Inside a smart building, sensors gather relevant data about the controlled environment and data analysis facilitates both automation and human decision making. Management systems are increasingly offered as a service in the cloud. Therefore, smart buildings are IoT systems since they share all characteristics of IoT by utilizing sensors, Internet connected smart objects, which generate large amounts of time series data, automatically analyzed through AI in support of decision making.

Threats and Risks

Next the authors turn to discuss the risks. Threats to a smart building system can come from multiple parties including insiders, rivals, criminals, and activists. As the authors show, it is all too easy today to browse a special search website and find Internet exposed building management systems (BMS) accessible by essentially anyone. Those buildings could belong to businesses, health organizations, education establishments, and various other sensitive sites. Security companies have shown the ease in which some Building Automation Systems (BAS) could be hacked (Forescout, 2019).

Furthermore, the authors mention the devastating effects of the Mirai botnet attack and the WannaCry and NotPetya ransomware global attacks. It is this reviewer’s opinion that the whitepaper authors could have made the distinction between the former and the latter two. While Mirai primarily targeted IoT devices (CCTV cameras) with weak passwords turning them into a botnet army later used for the actual onslaught, the other two ransomware targeted vulnerable Windows operating system computers no matter their function causing them direct damage. But since many IoT systems run old unpatched operating system versions this had made them especially susceptible.

Therefore, what we can observe by this comparison is that IoT devices are both easily compromised leading to collateral damage through botnets and DDOS attacks, but also easily individually targetable which can cause direct damage due to their special role.

Risk Management

Following the introduction of risk, the authors discuss how it should be managed. The approach taken is that not all systems within a building are equally important and that not all data is equally sensitive. A series of questions is thus provided for stakeholders to weigh the risks. This section is too short and unstructured to serve as guide for effective threat modeling or risk assessment. On the other hand, Aufner (2020) surveyed several threat modeling techniques which could be used such as STRIDE or CORAS for security, LINDDUN for privacy, and DREAD for risk. They should be used as a starting point, while realizing that research has shown there are gaps between the common threat models and IoT due to lack of consideration for hardware and physical interactions (Aufner, 2020). When it comes to smart buildings it is obvious that physical security is essential. The whitepaper only briefly mentions physical security without going into any detail.

A relevant term in this respect is that of Cyber-Physical Systems (CPS). A review paper focusing on smart buildings as cyber physical systems recommends to increase analytics and visualizations, making smart building systems even smarter for increased resiliency and security and lastly a consistent inclusion of security throughout system lifecycle (Osisiogu, 2019). Here again, identifying the interactions between the physical and the cyber security aspects is imperative for effective risk management.

As for best practices, the whitepaper does not attempt to define its own framework and instead prefers to reference that of NIST (NIST, 2018). I fully support the reliance on a respected standards body’s publication for security implementation.


So, can we trust our smart building? The question from the title remains unanswered. Readers gain better appreciation for real world cases, vulnerabilities, and risks. Surely, one’s trust in smart buildings is diminished by that account. On the other hand, direct stakeholders involved in designing, constructing maintaining, and owning smart buildings can gain insight into what it would take to increase trust.

Overall, the whitepaper does a good job in moving from domain introduction, through problem definition and into the solution space with sound recommendation for how to proceed with security implementation. The whitepaper does not dive into details in any single topic, but instead prefers to paint the entire landscape in a broad brush. By doing so it primarily raises awareness to a pervasive aspect of our lives, dealing with our day to day surroundings, with global implications on sustainability, and personal implications on safety, privacy, and wellbeing.


Aufner, P., 2020. The IoT security gap: a look down into the valley between threat models and their implementation. International Journal of Information Security, 19(1), pp. 3-14.

Available at:
[Accessed June 2020].

IoTSF, 2019. Can You Trust Your Smart Building? Understanding the security issues and why they are important to you. [Online]
Available at:

NIST, 2018. Framework for Improving Critical Infrastructure. [Online]
Available at:

Osisiogu, U., 2019. A Review on Cyber -Physical Security of Smart Buildings and Infrastructure. 15th International Conference on Electronics, Computer and Computation (ICECCO), pp. 1-4.

Article Review: Ethics in Design

Ethics of technology and design ethics in socio-technical systems

Author: Eleonora Fiore


Couple of years back I was duped by my mobile operator to renew my contract with a fitness bracelet as part of the package. I assumed the gadget would not be top of the line. But I was not prepared to be so right. That thing could not do anything right. It grossly miscalculated daily steps (I know because I was running a lot and using my quality fitness watch). It had extended periods in which it was roughly doubling my heartbeat, and sleeping times were not quite right either. Needless to say, I tossed it aside and never looked back. A week of my fitness data might still be floating somewhere in the cloud, but I do not care, partly because it is so inaccurate.

As this little story shows business ethics impact the consumer in different ways. First, the mobile operator most likely knowingly offering a bracelet priced well over its actual worth. Second, the bracelet manufacturer which really should not be selling such low-quality product. And finally, the data.

But why did I not have high degree of trust in that piece of technology in the first place? Because I figured the involved businesses did not hold my satisfaction in high regard. They did not direct their design to what I value.

Paper in Review

Internet of Things solutions present many ethical challenges. During system design, designer decisions can bear significant moral implications. The reviewed paper (Fiore, 2020) advocates for an inclusion of ethical principles in designers’ conduct. The author focuses on Value Sensitive Design (VSD) implemented in Human Computer Interaction (HCI) as part of IoT and AI applications.

The starting point of the paper is the lack of a formal approach for providing guidelines for ethics in design, whereas if looking into the field of HCI some work has been done on Value Sensitive Design. VSD emphasizes human values as the pillars for responsible design. The author then narrows the focus into IoT systems, characterized by having connected appliances. It is primarily awareness, as brought by Artificial Intelligence, which turns connected appliances into smart objects. Thus, turning the attention to AI the author brings forth several ethical challenges. First, user disempowerment, or a reduced sense of agency, resulting from wrongly applied or too much automation. Which in turn can cause disengagement. Second, undesired consequences of technology use in unintended manners.

The author further explains that due to these issues, mistakes designers make can have grave consequences. Therefore, designers should first be equipped with an ethics code which can aid them to navigate the treacherous waters of their craft. And furthermore, three guidelines are provided for responsible design: First, security, privacy, and data accessibility. Second, keeping humans in control, and finally, increasing friendliness via physical objects and interfaces.


The paper focuses on the design aspect as opposed to engineering or operational aspects which of course involve ethics as well. NIST’s IoT Trust Concerns whitepaper provides 17 technical concerns vital for establishing trust in IoT systems. These include scalability, control and ownership, security, reliability, and usability to name a few (Voas, et al., 2018). Efforts such as NIST’s of course highly correlate with efforts to standardize responsible design practices.

In “Carousel Kittens” Spiekermann (2018) describes IEEE P7000 Working Group’s initiative to standardize the inclusion of ethics in IoT system design. The Carousel Kittens 1960s experiment in which kittens where rendered immobile for extended periods of time is brought as a metaphor for “being carried along by technology without any agency of my own” (Spiekermann, 2018).

As above two 2018 examples show, some efforts have been made to standardize ethics in IoT, but the theoretical maneuver conducted by the author does not record them. Perhaps this work predates them as most recent references are from 2017.

Overall, the paper is highly abstract and philosophical in approach. It also condenses a lot of ethical design history into small space. This to some extent reserves it to academic experts, rather than IoT practitioners. Still, IoT practitioners could benefit by being exposed to the overall topics and concerns. From a practical standpoint, the paper references the IoT Design Manifesto 1.0 (2015), which is a down to earth attempt to formulate 10 short and easily understood principles encapsulating the spirit of ethical design.

Also, more practical is the final guidelines part. But it is there that I struggle the most with one thing in particular. The author is adamant on the need to “protect the human agency” (Fiore, 2020). The proposed test is whether after implementation the user is found to be the final decision maker. This view is too simplistic as even though AI is more commonly used in decision support systems it will inevitably be more incorporated in automation. One could say that the operator can always pull the plug on the machine, but I am pretty sure this is not what the author means. In addition, sometimes relinquishing control is the right thing to do morally, because in some situations a machine has a better chance of taking right life-saving decision.


I find the paper to be original especially in its synthesis of theories and approaches as well as in the quality of background research. In terms of methodology, this is a paper which mainly grapples with academic ideas. It does not follow a qualitative or quantitative research method. Its declared objective is to offer an approach for guidelines formulation to incorporate ethics in design. While this was achieved to some extent, the final three guidelines are not exhaustive and a lot more can be said about the unique challenges of IoT. The paper should be read by anyone seeking to open their thinking towards design ethics.


Fiore, E., 2020. Ethics of technology and design ethics in socio-technical systems investigating the role of the designer. FormAkademisk, 13(1), pp. 1-19.

IoT Design Manifesto 1.0, 2015. IoT Design Manifesto 1.0: Guidelines for responsible design in a connected world. [Online]
Available at:
[Accessed 18 6 2020].

Spiekermann, S., 2018. Carousel Kittens: The Case for a Value-Based IoT. IEEE Pervasive Computing, 17(2), pp. 62-65.

Voas, J., Kuhn, R., Laplante, P. & Applebaum, S., 2018. Internet of Things (IoT) Trust Concerns, Gaithersburg, MD: NIST.

White Paper Review: Edge Computing

Forrester surveyed 300 IT and OT decision makers from diverse companies revealing to what extent edge analytics is utilized as part of IoT deployments and found that around half has either already implemented or plan to implement edge analytics within a year. This post reports on their findings as presented in a January 2019 whitepaper and identifies issues requiring further examination for practical adoption.

Edge analytics in IoT is a relevant topic as more Internet connected edge devices are added every day and as data quantities keep increasing. The topic is at the forefront of IoT implementations these days as evident by the fact that major cloud providers offer solutions for it. Amazon Web Services Lambda, Microsoft Azure Functions, and Google Cloud Functions are prominent examples. It is also an established academic research topic with some work advocating for a move from cloud backends to edge and fog computing (Schooler, et al., 2017).

In terms of methodology and ethical disclosure Forrester’s paper does a decent job at presenting the facts. The paper was commissioned by Dell Technologies and VMware to report a survey conducted during October-November 2018. Methodology highlights are provided over three appendices and are at a level of detail one could expect from a business whitepaper.

Edge Analytics has been a focus area for Forrester. These days for instance they look into the increase in edge analytics implementations for content delivery networks (CDNs) in light of COVID-19 induced rise in content consumption (Staten & Stutzman, 2020). Edge analytics certainly could support operational IoT initiatives, but this example suggests it can have direct user experience impact as well.

The paper starts by listing IoT-enabled use-cases reported by survey participants as: security and surveillance, tracking and tracing, energy management, automatic operations, predictive maintenance, and various other use-cases, some industry-specific. The appendix indicates use-case categorization was provided to participants upfront which could miss some fine details. Since not all methodology details are shared it is hard to fully judge. In any case these results are fairly consistent with other findings surveyed here (Horev, 2020).

The whitepaper builds the case for edge analytics by reporting 40 to 49 percent of participants citing security, high costs and accessibility as potentially limiting factors for data analytics in the cloud. Furthermore, it seems half are either expanding, implementing, or planning to implement edge analytics within 12 months. Driving factors were found to be growth of edge generated data, security, cost efficiency in data transportation, reduced latency, and regulatory reasons. Overall, the report is informative, well written, and logically structured.

The best part of the paper is kept for last. In it, the authors move from results reporting into making one primary recommendation: organizations are encouraged to use specific criteria for selecting IoT use-cases best suited for edge analytics. For example, the authors suggest that by looking for IoT use-cases characterized by large volumes of data as well as low latency requirements the benefit potential of edge analytics could be maximized. The use-case identification theme is kept throughout the remainder of the paper with some rather generic set of recommendation. The question of where it is best to put our edge analytics efforts is a great practical question, and the idea of criteria combinations is a strong one. The paper only scratches the surface here and further research should be well received.

And thus, the whitepaper describes a reality of edge analytics being increasingly adopted. If so, one could have hoped for the report to go beyond incentivizing to offering implementation recommendations and alerting on expected challenges. But this is not the case. The savvy reader might not be surprised by that. Industry whitepapers tend to stop at the point at which the prospective customer would want to seek further guidance. Avnet’s whitepaper on the exact same topic serves as a second excellent example of that (Avnet, 2018).

Turning to academia, I could not find academic surveys over multiple industry cases for identification of successful patterns of edge analytics implementation. Most academic papers are either domain-specific (for example, Ferdowsi et al. (2019) on intelligent transportation systems) or theoretically driven (for example, Harth et al. (2018) on predictive intelligence algorithmic efficiency). The power of surveys such as Forrester’s could be in the finer real-world insights but those are lacking.

The paper is in fact not concerned at all with what it takes to implement edge analytics. Consider for instance the edge device itself. Research has shown that choice of machine learning algorithm as run on a Raspberry-Pi platform affects efficiency and accuracy across multiple datasets (Mahmut, et al., 2018). Not cautioning the reader as to at least some of the main concerns could be perceived as detracting from the whitepaper’s credibility.

Edge analytics does not necessarily mean running computations directly on the sensing device but rather across multiple devices at the proximity network. The industry term for that is Fog Computing and discussions on its role in IoT can be traced back to 2012 (Bonomi, et al., 2012). Unfortunately, the whitepaper does not mention the term let alone report its role in surveyed companies’ implementation.

Moreover, academic researchers have suggested an approach for using publish/subscribe systems to organize edge data analytics (Florian & Neagu, 2018) in fog computing scenarios. Publish/subscribe technology is indeed heavily utilized in the industry. When surveying companies, a lot can be gained by going into some implementation detail. It could make the whitepaper much more practically insightful.

In summary, Forrester’s white paper rightfully identifies edge analytics as a major industry trend. It provides insight into its drivers and benefits for business. And general guidelines are provided for selecting the right IoT use-case for adoption. However, the paper falls short of illuminating any practical aspects of edge data analytics implementation. Being able to ask hundreds of industry decision makers on a hot topic, one could have hoped Forrester will opt to extract practical insights on implementation trends, but this will have to wait for another time.


Avnet, 2018. AI at the Edge: The next frontier of the Internet of Things. [Online]
Available at:
[Accessed June 2020].

Bonomi, F., Milito, R., Zhu, J. & Addepalli, S., 2012. Fog computing and its role in the internet of things. Proceedings of the first edition of the MCC workshop on mobile cloud computing, pp. 13-16.

Ferdowsi, A., Challita, U. & Saad, W., 2019. Deep Learning for Reliable Mobile Edge Analytics in Intelligent Transportation Systems: An Overview. IEEE Vehicular Technology Magazine, 14(1), pp. 62-70.

Florian, V. & Neagu, G., 2018. Towards an IoT platform with edge intelligence capabilities. Studies in Informatics and Control, 27(1), pp. 65-72.

Harth, N., Anagnostopoulos, C. & Pezaros, D., 2018. Predictive intelligence to the edge: impact on edge analytics. Evolving Systems, Volume 9, pp. 95-118.

Horev, B., 2020. Webinar Review: IoT goals, applications and challenges with emphasis on security and private networks. [Online]
Available at:

Mahmut, T., Basurra, S. & Mohamed, M., 2018. Edge machine learning: Enabling smart internet of things applications. Big Data and Cognitive Computing, 2(3).

Schooler, E. et al., 2017. An Architectural Vision for a Data-Centric IoT: Rethinking Things, Trust and Clouds. IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pp. 1717-1728.

Staten, J. & Stutzman, E., 2020. IoT Analytics Create New Edge Computing Value Props For Content Delivery Networks. [Online]
Available at:

One-Minute Paper: Information

This is a one-minute paper to promote thinking based on the content of the very first lecture in an Information Systems course. As I listen to the lecture, I look for points relevant to my field of interest, the Internet of Things. The introductory session surveys several different topics and I will focus on just one – information.

First, a distinction is made between data and information and what strikes me as particularly important is the fact that it is meaning which separates the two. I suppose it can be deduced also from the fact that the same data can generate different kinds of information, depending on how it is analyzed and to what purpose. Through data analysis one creates a specific meaning which is relevant to one’s context of investigation.

Continuing along this theme, the lecture surveys information characteristics (timeliness, frequency, accuracy, etc.). Those characteristics are viewed in the context of their impact on business. The discussion is brief and there is no dwelling on priority or comparative significance. Perhaps rightfully so since different businesses have different needs. Still, I believe just as meaning is key to our understanding of the essence of information, so do the appropriateness and rarity characteristics of information are key for deriving business value out of information.

IoT research has attempted to deal with appropriateness of information in several ways. Some research is aimed at providing models for generating reliable information from sensors data (Lewandowski & Thoben, 2017). While others attempt to provide a taxonomy for types of data analytics techniques used in across a wide range of IoT applications in different verticals (Siow, et al., 2018).

I think that IoT systems are sometimes viewed as data mining systems leveraging new connectivity technologies to haul data from edge to center. This view does not hold promise for generating surprising or rare information, not even for appropriate information, and frankly not even for any information at all. In other words, IoT platforms run the risk of creating efficient data pipeline with very minimal effectiveness as measured by information.

There is a mentality of collect the data first, worry about what to do with it later. Since we have the technologies to create vast data lakes we are tempted to do so. We also say: well, we may have this initial application in mind, but after we learn some more, surely, we will find other applications for the data we have already accumulated. Thus, we better start collecting now.

Nowhere is this approach more challenged than in consumer applications of data. When it comes to back-office decisions, sure you can gather telemetry data about your customers and figure out new ways to analyze it to improve operations and cut costs. But when it comes to value driven by information presented to the end user, we better have a better plan.

For example, using big data techniques, a service can offer “recommendations” for more of something: books, podcasts, things to buy, content to consume. It is obvious though this is not highly personalized. If big data is used to solve a personal problem, then the value is much more apparent.

Information appropriateness raises the issue of data privacy and trust. The greater the value provided to the user the more trust they have with the system and the more willing they may be to relinquish data in exchange for more value. But if users see that their data is applied in generic or business self-serving ways then trust could be broken. One attempt to deal with privacy in IoT is to contextualize the requirements – to differentiate the privacy concerns between groups and individuals in a way that benefits both the user and business (Zhou & Piramuthu, 2015).

In IoT, data efficiency considerations enhance edge computing trends. Instead of just collecting data and sending everything to the cloud, it is now possible to apply machine learning models at the edge for early information generation. This is more efficient and can better serve the user. Additionally, it can address trust issues by not requiring some of the data to be transferred over the Internet and to be centrally stored. Edge analytics is covered in Lalitha (2017).

These musings only scratch the surface, but I wanted to keep this post short. I find HBR’s Analytics 3.0 an interesting read.


Lalitha, B., 2017. Edge Analytics on Internet of Things: A Survey. i-Manager’s Journal on Computer Science, 5(4), pp. 36-40.

Lewandowski, M. & Thoben, K., 2017. Deriving Information from Sensor Data. 14th IFIP International Conference on Product Lifecycle Management (PLM), Volume 51, pp. 623-631.

Siow, E., Tiropanis, T. & Hall, W., 2018. Analytics for the Internet of Things: A Survey. ACM Computing Surveys, 51(4), pp. 1-36.

Zhou, W. & Piramuthu, S., 2015. Information Relevance Model of Customized Privacy for IoT. Journal of Business Ethics, 131(1), pp. 19-30.

Article Review: IoTT

Internet of Tangible Things (IoTT): Challenges and Opportunities for Tangible Interaction with IoT

Authors: Leonardo Angelini, Elena Mugellini, Omar Abou Khaled, Nadine Couture

IoT systems provide innovative services but still in most cases the user interface is web or mobile phone based. Tangible user interactions, which leverage natural human skills, offer opportunities for better understanding of a system and better trust. The work surveyed (Angelini, et al., 2018) is an attempt to apply ubiquitous computing (ubicomp) ideas for this day and age’s IoT realities. My previous post discussing key paradigms feeding this motivation can be read as prolog.

The researchers argue that effective human-machine interaction is becoming ever more important as things to people ratio keeps increasing. And they see this particularly applicable to smart environments and personal and social applications, in which people directly interact with things. The objectives are clearly stated: first, an extensive literature review to identify eight tangible properties appropriate for incorporating into IoT objects design and second, a card-set to facilitate tangible properties-based design. The card set was further put to the test in an experts’ workshop.

The work is aimed at establishing a new field “Internet of Tangible Things” (IoTT) which marries research in IoT with Tangible Interaction. The authors report a lack of sufficient research on Human Computer Interaction (HCI) with IoT; and that work stemming from ubicomp has not been tailored to the unique challenges presented by Internet connected things. I find this insight interesting and relevant.

Tangible Properties for IoT Objects

The authors recognize earlier work such as Koreshoff, et al. (2013) adopting Atzori, et al. (2010) the Things-Internet-Semantic framework for designing IoT systems with HCI in mind, although such work merely provided HCI guidelines and not a complete framework. The complexity of IoT systems is a challenge for interactive design. Objects’ connectedness or bouts of disconnection require consideration. So does the fact objects connect with other objects. Tangible interactions are proposed in this context to allow the user to experience objects and their interactions in a natural way. Of special concern are peripheral interactions which are designed to work not at the focus of attention.

The authors perform an initial survey of literature and derive eight tangible properties to measure IoT systems by. My review is too short to cover all eight properties. Suffice it to say this list does seem to form a sound basis for an IoTT objects classification.

Some emphasis is put on personal objects, objects which the user cares about even with some emotional attachment, as facilitating long lasting interactions. Work in this area was done both with children and older adults. A related interesting concept is that of “technology individuation”. While I understand the motivation, I also think this approach to some extent opposes the ubicomp principal of a quiet servant. The object being a thing of itself can cause phenomena equivalent to cellular phone addiction. And on the other hand, things which are designed to evoke positive emotion can at some point evolve to evoke the opposite emotion and cause disengagement.

Another interesting tangible property is modeling IoT objects via physical tokens which can be combined in several ways to control the combined behavior of their IoT counterparts with proposed applications in the smart home arena.

Grounding Tangible Properties in Academic Research

The authors explain their methodology in detail. 18 papers were methodically surveyed for their use of the eight previously identified tangible properties to estimate to what extent each of the properties has been suggested, discussed, and implemented. The findings for each of the properties are then presented in a dedicated section and at some length. Overall, surveyed papers are interesting and thought provoking.

For example, in relation to the peripheral interaction property the authors mention the fact that some of the surveyed toolkits enable the use of LED lights for “non-intrusive information awareness” (Angelini, et al., 2018, p. 16). I think it is worth noting here that a blinking light can be very intrusive, such as in the case of a cellphone’s blinking light indicating an incoming message that simply cannot be ignored by the user. The level of intrusiveness is derived from what the symbol evokes in our mind.

In the discussion two observations further caught my attention. First, the usefulness of the three surveyed toolkits for interactive design in the hands of non-technical people. See for example, Mora, et al. (2016), also available here. And second, the somewhat ironic fact that participatory design and user evaluations were not abundant across the surveyed papers, which the authors attribute to the overall exploratory nature of work.

Card Games

Had the paper ended at this point it would have been a very respectable achievement already, but the authors further continued to devise a card-set for the practical consideration of their eight properties in IoT system design. The authors state that while card games were used in IoT before, their intended use for IoTT objects design is new. Besides the tangible properties cards the card-set also consisted of eight IoT properties cards depicting sought after system properties (such as function, power, and connectivity). It should be noted the theoretical background for the second set of cards is only thinly discussed.

Finally, the card-set was used in a workshop attended by 21 interactive design experts which created six IoT project prototypes. Not all participants enjoyed utilizing the cards as part of the design, perhaps because of their expertise, but overall, they were helpful. The authors report the observed links between implemented tangible properties and achieved IoT properties which the resulting projects exhibited. It is my opinion that whether those projects indeed posses those links is a matter of interpretation, which makes this part of the work interesting but not as strong methodically.


Overall, the paper is very well arranged and presented. It is packed with insights and directions for further research. Despite some of my earlier reservations it is apparent the authors are aware of the nuances surrounding the use of tangible properties to achieve a desired effect, and here again there is further room for exploration. With those things in mind, this paper really does lay the ground for an “Internet of Tangible Things”.

List of References

Angelini, L., Mugellini, E., Abou Khaled, O. & Couture, N., 2018. Internet of Tangible Things (IoTT): Challenges and Opportunities for Tangible Interaction with IoT. Informatics, 5(1), p. 7.

Atzori, I., Iera, A. & Morabito, G., 2010. The Internet of Things: a survey. Computer Networks, Volume 54, pp. 2787-2805.

Koreshoff, T., Leong, T. & Robertson, T., 2013. Approaching a human-centred internet of things. Proceedings of the 25th Australian Computer-Human Interaction Conference: Augmentation, Application, Innovation, Collaboration, November, Volume 25-29, pp. 363-366.

Mora, S., Divitini, M. & Gianni, F., 2016. TILES: An inventor toolkit for interactive objects. Proceedings of the International Working Conference on Advanced Visual Interfaces, June, Volume 7-10, pp. 332-333.

Webinar Review

IoT goals, applications and challenges with emphasis on security and private networks

WebinarIT Pros Weigh in on IoT’s Role in Transforming Enterprises
DateJune 04, 2020
OrganizerIoT-Now and Syniverse
ModeratorJeremy Cowan, Editorial Director & Publisher, IoT Now & VanillaPlus
PresentersDavid Hassman, VP Strategy, Syniverse
Dan Klaeren, Senior Product Management Director, Syniverse

The Internet of Things (IoT) has become a great enabler for businesses looking to transform their products and services and increase customer satisfaction. Internal IoT adoption additionally provides companies with opportunities for increased competitiveness through operational efficiency and cost savings.

During 2020 Syniverse conducted a survey by polling 200 IT professionals belonging to large enterprises (with over 1000 employees). Five industry verticals were roughly equally represented: Finance, Transportation, Health, Manufacturing and Retail, operating mostly from the United States, Canada, France, Germany, and the UK. The survey uncovered goals and use-cases in IoT adoption, as well as challenges and concerns.

This report summarizes a webinar organized by IoT Now and Syniverse which reported the survey results. The webinar was well organized and informative. Reflecting on the key messages as presented, I find that further discussion is required to properly interpret some of the results.

Goals and Applications

Top three main goals in IoT deployment were found to be improved efficiency and productivity (54%), improved product and service quality (48%), and improved customer retention and experience (35%). Interestingly, during the webinar, just before presenting this finding, webinar participants were polled for the same question, revealing similar results. Note the mix of external and internal goals for adoption.

Top three use-cases were reported as connected security – cameras, locks, alarms (70%), workplace safety and other smart building systems (64%) and remote payment terminals (53%). These are all internal use-cases. This seems contradictory to above goals. But I believe this is easily explained by the fact those use-cases are common to almost all companies no matter the type. Whereas the next use-cases on the list including asset tracking, predictive maintenance, and fleet management depend on company type.


50% of survey participants reported security as a challenge to IoT adoption, followed by concerns about integration with legacy IT networks (44%) and complexity of integration with business processes at 40%. Security ranking high in IoT adoption challenges is not a new finding (see for example Gartner’s report).

But the survey further checked top security concerns and found them to be ransomware and malware (58%), data theft and financial loss (55%), and accidental data and intellectual property leakage (52%). Note the overlap between these. I think malware and ransomware are a very easy and prominent reason to cite by a survey respondent as the stories are well known.

Private Networks

The webinar then continued to discuss main communication technologies employed as part of IoT deployments and found them to be cellular (68%), short range wireless (63%), followed by fixed, LPWAN and satellite. After the webinar I noted the Syniverse website boasting “the largest private network ever built for linking to the mobile ecosystem.”

The survey further found that private networks are implemented by many companies to address security concerns. 46% of respondents reported already using a private network such as private LTE, and 40% reported plans to do so in the coming year. Main reasons for private network implementation were security and privacy, better data management and control, and easier integration with existing IT systems. Reasons for not using a private network were mainly cost, geographical coverage and lack of expertise.

It seems this part of the survey and presentation coincides with the Syniverse product offering. The webinar has not made that apparent, although it was obvious by the relative weight the topic of private network was given in latter stages of the presentation.


The presentation part ended with a summary reinforcing the narrative of IoT adoption for a wide range of IoT applications being hindered by security concerns which are found to be addressed through private networks implementation. A 10-minute Q&A session concluded what I found to be a professionally prepared and well delivered webinar.

One must of course realize, granted the described goals and challenges, that other IoT providers or related industries incumbents could tailor the last part of the discussion to reinforce solutions other than private networks. SASE is one example. Secure Access Service Edge (SASE)  a term coined by Gartner, is a disruptive network and network security architecture for meeting enterprise connectivity and security needs through a suite of cloud services. As such it encompasses IoT edge devices as much as it does any other company asset.

IoT security is a complicated challenge. There is no silver bullet. It is only natural that the business world will offer multiple viewpoints for addressing it. Guidance should further be sought through relevant certification and compliance initiatives offered by government and various other agencies as well as academic research.


Cowan, J., Hassman, D. & Klaeren, D., 2020. Webinar: IT Pros Weigh in on IoT’s Role in Transforming Enterprises. [Online]
Available at:
[Accessed 4 6 2020].

Crist, R., 2016. New study details a security flaw with Philips Hue smart bulbs. [Online]
Available at:

Franceschi-Bicchierai, L., 2016. Blame the Internet of Things for Destroying the Internet Today. [Online]
Available at:

Gartner, 2019. IoT Opportunities and Challenges in 2019 and Beyond. [Online]
Available at:

Hay Newman, L., 2018. A New Pacemaker Hack Puts Malware Directly on the Device. [Online]
Available at:

IoT Security Foundation, 2020. IoT Security Foundation Publications. [Online]
Available at:

Judd, M., 2020. Secure Your Enterprise IT from IoT Onslaught. [Online]
Available at:

Lerner, A., 2019b. Say Hello to SASE (Secure Access Service Edge). [Online]
Available at:

Syniverse, 2020b. The world’s most connected company. [Online]
Available at:

Syniverse, 2020. IoT is transforming the enterprise. Find out how your peers are doing it. [Online]
Available at:

U.S. Department of Homeland Security, 2016. Strategic Principles for Securing the Internet of Things (IoT). [Online]
Available at:

Zurkus, K., 2019. ICS Ethernet Switches Littered with Flaws. [Online]
Available at:

Ubiquitous Computing and the Internet of Things

Internet of Things applications purport to deliver great value and comfort in the hands of consumers through Internet-connected smart devices. But let us take a look back to the underlying vision and see what remains unrealized.

Ubiquitous Computing (ubicomp)

Ubiquitous computing refers to the phenomena of computers quietly permeating our lives in abundance and in many forms. The concept of smart homes is a potential manifestation of ubiquitous computing in that the home environment can be filled with many computing devices in all shapes and sizes performing various tasks for the benefit of the people living in it. Smart buildings and smart cities could further extend this notion.

Wearable technology is a tactile example of the ubicomp vision coming to life. Smart watches, bracelets, ties, and glasses have all been developed and applied, some with wide commercial success. Main applications are health, sports, and entertainment.

The concept was coined by Mark Weiser around 1988. Weiser and his colleagues from Xerox PARC imagined a world in which computers are unobtrusive quiet servants seamlessly aiding us with everything to improve our quality of life. They advocated for calm technology, which unfortunately stands in stark contrast to some of this day and age’s anxiety inducing mobile and social technology.

“calm technology will move easily from the periphery of our attention, to the center, and back”

Weiser and Brown in “Designing Calm Technology

Furthermore, designs which enable “locatedness” allow a person to use a technology while staying attuned to peripheral queues. Contrast that with the way mobile phone apps push notifications are designed to do the exact opposite.

Ambient Intelligence (AmI)

A term coined in the 1990s by Eli Zelkha and Simon Birrell, AmI puts more emphasis on technology’s ability to react to our presence and on the user experience and interaction in system design. The simplest example would be an automatic door. A defining characteristic of AmI is described as

“The fact that AmI systems must be sensitive, responsive, and adaptive highlights the dependence that AmI research has on context-aware computing”

(Cook et al., 2009)

Cook, Diane & Augusto Wrede, Juan & Jakkula, Vikramaditya. (2009). Review: Ambient intelligence: Technologies, applications, and opportunities. Pervasive and Mobile Computing. 5(4). 277-298

The Disappearing Computer (DS)

Computers increasingly become invisible to people as they cease to be separate physical entities with which we directly interact. Computers become unnoticeable, receding to the background, allowing us to consume information and socially interact in natural ways. Or as Weiser famously put it:

(described for example in N. Streitz and P. Nixon. Special issue on ’the disappearing computer’. In Communications of the ACM, V 48, N 3, pages 32–35. ACM Press, March 2005)

“The most profound technologies are those that disappear. They weave themselves into the fabric of everyday life until they are indistinguishable from it.”

(Weiser, 1991)

M. Weiser. The computer for the twenty-first century. Scientific American, 165:94–104,1991, available here

Pervasive Computing

Pervasive computing can be seen as a business incarnation of ubicomp through supportive technologies such as Smart Devices, sensor technology, Wireless, Mobile, Human Computer Interaction, and context-aware systems.

An extensive technological survey is offered in “Ubiquitous Computing: Smart Devices, Environments and Interactions” by Stefan Poslad (2009 John Wiley & Sons).

But whether Pervasive computing business initiatives do in fact fulfil the ubicomp calm technology vision is a different matter.

All four paradigms were researched until the first decade of the 21st century. In the second decade of the 21st century there is some decline in focus in favor of the Internet of Things.

Internet of Things (IoT)

The term “Internet of Things”, as commonly told, was coined by Kevin Ashton around 1999 while working at Procter & Gamble after having the idea to attach RFID tags to inventory items (such as lipstick) for stock management.

As can be seen by the fact that IoT’s first application was to innovate in supply-chain management, IoT should be considered to primarily evolve from pervasive computing. It is a technological solution to a set of business problems. And while Ubicomp, AmI and DS all share a human-centric vision at their core, IoT technology is often adopted for internal business reasons, for the sake of digital transformation, not necessarily with added customer value.

IoT and pervasive computing both share the focus on Internet connected devices, whereas ubicomp, AmI and DS do not necessitate it by their definition.

IoT is a 3-tier architecture of edge devices (1st tier), Internet connected via an optional gateway (2nd tier) and cloud-based services (3rd tier). Commercial IoT architectures are abundant (random examples: Microsoft, WSO2). And if one makes the comparison to IBM’s 2003 pervasive computing technology stack, the architecture is essentially the same, of course implemented end-to-end with IBM’s suite of products.

Everyone is excited about IoT these days and its implications for business. Businesses are forewarned not to pass on this opportunity for digital transformation. Gartner says IoT is over the hype and there are real benefits for businesses, but since there are also risks adoption should be highly focused on business value. One cannot argue with the significance of this global trend.

To what extent IoT technologies can realize the vision of ubicomp, AmI, and DS?

I think the answer is that they are only an implementation medium.

First, as described in HBR’s Analytics 3.0, historically there was a shift from data for business intelligence towards customer value in the form of information derived from big data. But the future is in insight derived from information. In this sense, IoT platforms are only a medium.

Second, IoT platforms are not necessarily innovating in user experience. In most cases, the user facing application is developed in very standard ways, as a mobile app or a website.

Proponents of ubicomp emphasize interoperability. Interoperability is what enables cooperating computers to provide seamless experience. Again, IoT systems are not necessarily developed with this vision in mind. In fact, the opposite is true as there is a bewildering proliferation of edge technologies and proximity networks hindering interoperability.

I highly recommend Bill Buxton’s lecture titled “Designing for Ubiquitous Computing” in which he discusses these issues.

Bill Buxton (2003) – Designing for Ubiquitous Computing

Buxton asks us to consider how the smart phone existed well before Apple’s iPhone. Still, the iPhone brought flow and user interface that were never seen before. The move from function to flow is very important but it is no longer enough for a new product to be excellent. The next challenge is much more important – achieving flow at the “society of devices” level.

To illustrate, Buxton describes the use-case of conducting a mobile phone call while going in and out of the car where the phone and car exchange roles, user interfaces switch, and it all happens seamlessly without requiring too much of our attention. This level of interoperability is what we should be seeking a lot more of to realize the ubiquitous computing vision.

Interoperability, user experience and context awareness are unrealized challenges for many of the Internet of Things implementations today.

Want to read more? see Mossberg: The Disappearing Computer on The Verge.

Featured image:×1080

What is this all about?

IoT, IT, Security and more

I wish to talk about technology. The 4th industrial revolution is upon us. Better ways to offer products and services and to operate a business are available through cloud computing, the Internet of Things, sensor technology, Artificial Intelligence, Robotics and automation.

I wish to talk about businesses. Technologies open great business opportunities. To seize them established companies undergo digital transformation. This is not easy. Consider a software company moving to the cloud, a vineyard adopting smart farming with Internet connected sensors or an online clothing retailer looking to adopt service automation.

I wish to talk about people. What does it mean for us? as workers? as leaders? What will be our future of work?

My aim is to unearth, uncover, and bring to light trends, opportunities and challenges in the intersection between technology, business and people.

Hasn’t this been discussed? well yes. A lot. But if we are to think about something, to talk about something – let it be what excites us. So if you find it interesting, stick around!