,

The Ethics of the Internet of Things Ecosystem

By Vint Cerf

I’ve written on this topic before, mostly in the context of the Internet. I would like to focus now on products and services developed by engineers. “Ethics” is derived from the Greek ethos, which is defined as the characteristic spirit of a culture, era, or community as manifested in its beliefs and aspirations. IEEE has a code of ethics that’s comprehensive and, if applied uniformly, informs our actions as engineers — as well as the quality of the systems, products, and services we develop.

I’ve become very interested in the so-called Internet of Things (IoT) that’s sometimes referred to as cyber-physical systems (CPS). Many companies, inventors, engineers, and researchers are plowing this field, planting ideas, nurturing their development, and harvesting the results offered to the general public. We live in a highly competitive age, and the exigencies of business sometimes conflict with our notions of and commitments to ethical engineering. It seems to me that many products that lie in the CPS space reach the public before they satisfy what I would consider to be highly desirable criteria.

Of those criteria, I would consider reliability to be at the top of the list. No one will make use of devices or services that are unreliable. Next is safety. These devices must be safe to use or to apply; engineering’s ethics demand this. We would also like them to be easy to use and — although this might stretch the notion of ethics — ease of use contributes to safety and reliability. These devices also need to be secure, in the sense that a malicious third party (between you and your device, for instance) can’t interfere with operation, thereby causing harm or damage to persons or property. Some devices have the potential to invade privacy. Video cameras are a prime example; but even something that is just tracking whether anyone is in the room might hold information that is deemed private to the user.

We cannot neglect the notion of autonomy. Indeed, one reason the Internet of Things elicits interest and concern is that these connected devices might be given substantial latitude to operate autonomously and to potentially cause harm. Moreover, we want these devices to have a certain degree of autonomy; it wouldn’t do to have a house full of electronics that can’t work if the house is disconnected from the Internet.

Documentation for operation and maintenance is another desirable feature; failure to provide such information seems like an ethical breach to me. However, if something requires a 50-page manual to use, you might argue that the design violates the notion that ease of use should be an ethical priority, especially if complexity is the source of a potential hazard or harm.

To the degree that these devices rely on software for their function, it is essential that updates to repair bugs or to upgrade functionality can be installed safely and securely. This means that the device itself or a proxy operating for it must be able to validate whether new software comes from an authorized source. Failure to provide for this capability puts users at risk and that, too, would be a violation of ethical conduct.

Although perhaps not precisely an ethical consideration, we must take into account that some devices will operate for decades. Maintaining the operating system on which they depend — in addition to the application software — is a highly desirable property. It’s unethical to equip devices with software of unknown origin or containing known and exploitable bugs. It’s all-too-common to see residential networking equipment equipped with “open source,” but then you highly suspect that it is software that the device’s manufacturer does not stand behind.

I think it is difficult not to include other considerations on this list, such as concern for accessibility and usability, or for durability and reasonable lifecycle cost. I also would add serious considerations for interoperability with  devices from the same and different manufacturers. This falls partly into ease of use, in which I would include ease of configuration. At some level of abstraction, we begin to see a kind of ethos of the IoT ecosystem emerging. Transparency to assure knowledgeable use of devices in this ecosystem adds to ethical practice.

In the end, pride of engineering must include a deep regard for ethical practices that should guide our actions and our obligations to the society we serve.