Privacy in the Past

Have been reading about the past some, recently. For example, the rather fine England Arise! by Juliet Barker, about the revolt by Peasants in late 14th century England, triggered by the last straw, yet antherpoll tax (lets not pause to reflect how the rediculous sanctions threatened against Greece if they renege on their debt, and revoke their austerity measures under their own democatically elected governement might by related in some way:)

What I am more interested in here is the notion, reported in some places, that the idea of personal privacy is somehow only a recent invention.

Its actually quite hard to find good evidence on this,  of course, but it is clear that in every day life, most people lived hand-in-glove with each other to the extent that routinely private activities (the privy and procreation) were likely not terribly private, from your kith and kin.

Note well, though, this is the nub -- "private" is a triadic adjective. WHat is private about you, with respect to whom. I doubt very much if medieval peasants would have appreciated strangers turning up to queue at the window of their toilet or marital bed to watch. There was a social context.

What is interesting in the account in the book is that a highly distributed, lightly (hardly) coordinated activity arose which could not have used letters to coordinate since many were barely literate, but also due to cost, let alone the Victorian Internet (telegraph) or the telephone or e-mail or Online Social Networks. So people rode around on horseback, or walked about a lot to tell others what was happening.

And yet the powers that be were practically caught napping.

i.e. no surveillance state.

I assume the folks running this uprising were not idiots (they nearly succeeded, after all) and realized that a moducum of secrecy was needed in planning resistince and events. So they had a pretty good clue, obviously that their discussions and communications were indeed private, at least against being overheard by adversaries.

As with all revisionism, apologists angling to support the encroachment of the surveillance state on civil society, use the claim that privacy was a brief-lived, recent invention associated with wealth and individualism, and they use this to justify, in the face of relatively small injury to open societies, massive revokation of the right to privacy of every day folk (of course, secrecy in government (and banking and so on) is retained - why? do they have anything more to hide, I wonder:)).

Fact is, privacy is as old as whispering.innocently

Addendum  - just dealing with yet another teenager - do you remember hiding stuff from your parents when you were a kid? Its normal. Its part of asserting your individual nature and becoming self sufficient. Growing up. SPying on your kids is bad for them and you. Spying on your citizens is same, oh governments...

anonymous, boring, repetitive and dull

I've just read two very good (but quite similar books on Anonymous, one is We Are Anonymous by Parmy Olson, and the other is Hacker, Hoaxer, Whistleblower, Spy by Gabriella Coleman.

While I like a shot of lulz as much as the next guy, and the righteous support of Wikieleaks, and even more, support of Arab Spring uprisings (esp. Tunisia) was a Good Thing, a huge amount of what these folks did is really rather dull and tedious. Indeed, reading the Enki of Loki (apologies to Neal Stephenson ) or any random religious tract of biblical proportions is really quite similar (and topiary slew glenbarry who slew kayla who was the daugther of Satan who was the son of SkuleMystress who lay with socketscientist and beget IIS and Apache vulernabilities daily etc etc)

Sheesh, if i wanted this sort of stuff I could just turn to the Gideon's Bible (cue Bungalow Bill)

Open Sauce

Recent moves in US and EU have meant that Science (especially publications) that is largely funded from the public purse, is being made openly available by requiring Scientists (now, no longer in an adventure with Pirates) to publish in Open Access journals and conferences - this is a jolly good thing, in my view. Indeed, the science (drugs, software, machines) itself should also be so available.

But what about other walks of life  like Comedy, or even Politics, Economics and Philosophy?
Surely most of this is developed at Universities, and so should be made freely available to the public in the same way? Indeed, I think it would be a tragedy if we don't have Open Access to Comedy and Rock and Roll as soon as possible.

Just finishing the excellent Hacker/Anonymous book by Gabriella Coleman. Its really a work of an anthropologist, studinying the weird new tribes in the cyber-jungle and their odd, odd ways....fun, but it does make one wonder (especially bits about Arab Spring) how nuch of a "performance installation/artwork" this all is, how much truth, rather than a Margaret Mead type debacle...we shall see....(or probably not, given the nature of Anonymous....

collaborated to death

I'm working on quite a few projects, and we use what used to be quaintly known as "productivity tools" - basically, we use (for example - non exhaustive list):

twitter/facebook/google groups & email lists and sms to coordinate stuff

shared calender tools

Git, Svn, Basecamp and a zillion other version controlling repositories

wikis, wordpress, for shared live journaling/awareness/coordination where > 140 char and less ephemeral, but not as versions as code, reports/papers

hotcrp, easychair, edas for conference management

webex, skype, younameit for video/voice realtime meetings

sharedlatex, office360, google docs for shared edits

This is a triumph of toolsets over sanity! I spend the first 7 minutes of any meeting trying to remember the use-context of the tools....arghhh!!!

death by computer supported collaborative computing!

Big Brother2.0 debate/conversazione, Lady Mitchell Hall, Nov 1, 11-12.30

I'm going to discuss things from a technical (computing) perspective, but with a modicum of social science

1. The canard: "If you've got nothing to hide, you have nothing to fear" needs debunking

(cue visual duck being thrown out of a hammock:)

This oft-repeated statement misses various important features of the way the world and people work:

Firstly, we all hide things all the time - the reasons are many:

some things are not finished, and need further work before they are presentable - 

sometimes, that is our own selves -our half baked opinions.

some things are hurtful to some people, but not to others

we present ourselves differently to different people - our kin, our close friends, our colleagues, our acquaintances and people that we encounter - all are given different levels of trust, because there are different levels of shared experience (and many other reasons). Context matters

Surveillance is toxic. It reduces everyone's choice of behaviour to that which is acceptable to everyone else. For all time. 

2. Because of the change of context over time (we grow older, our social network varies, the world changes, new stuff gets discovered, people forget stuff), we need to control aspects of information about ourselves as seen by others - indeed, we need to have obsolete data removed from their view

The statement that this is "censorship" is false. It is about a generalization of the "public right to know"

In general, the "public" is a set of people who we can send information to - e.g. my family, my friends, google, facebook, Sky TV, Isil, or GCHQ or the NSA or the Polis. Most of these, most the time, do not have a "right" to know. this is obviously false. I have a right to tell or not. I can judge my context.

e.g. Wes Hardaker, en route from san Francisco to Vancouver in SFO airport tweets to his partner at 5am "this airport is so dead" - the NSA might think he's a terrorist. he isn't - he means that the airport is really quiet (its 5am, after all).

e.g. Euan Blair on his 18th birthday gets drunk and is found /photographed in a gutter. before he was 18 it was no-one's business (he's a minor)- after he's 18, he's an adult -t he fact that his father is prime minister isn't relevant. the fact that many of the journalists covering the story are functional alcoholics and hipocrites is of no more interest, either, even if it is deliciously ironic.

e.g. mark thatcher gets lost in a rally drive across the sahara isn't specially interesting - see above. His mother isn't responsible for her 25yr old son's poor navigation skills doesn't reflect on her free market dogma or handbagging skills

3.with a suitable combination of technology (tracking content using DRM just as music and movie companies do, but on behalf of the citizen) we can tell if people send our data further than we wish, and law (data protection law, esp. in Germany - mainly because over time, the experience of the Stasi surveillance state rammed home why you really should care about this) we can 

catch bad people, fine them, put them in jail and (hopefully) make people think about whether they should inappropriately gossip - we can also age and remove from sight data that is no longer relevant (criminal records for crimes that the perp has rehabilitated, health records of no public interest, financial info that is out of date). THis is no less true of trivia (my birthdate is not necessary for buying a drink, just the fact that I am over age X...)

4. Enforcement ideally should be social, but should include suitable independent organisations - perhaps a new Estate (the first virtual estate)

5. GCHQ (and the NSA etc) are in no special privileged relation to most people in regards the above.

We need to incent them to do their job right. expensive surveillance is not a substitute for good old fashioned Humint....

6. Google (facebook, NHS care data/Price Waterhouse) aren't exempt either

7. we need law with sharper teeth, because of the heavily asymmetric power held by agencies named above compared with the individual

8. data,just because it can be copied without error, is not necessarily true in the first place. and it can become false (law change, for example). recall by humans is revisionist, because context changes. Data without context is inherently false

9. Every decoding is an encoding (Maurice Zapp, Small World, by david lodge).

10. If you don't by this, give me all your keys and all your passwords.

There's a lot of background work to this, but I'm assuming the audience probably won't want bell, book, candle and footnotes:-)

My 10 cents

http://www.festivalofideas.cam.ac.uk/events/big-brother-20-our-future-age-surveillance

refs
stephen farrell quite (59 mins in):
https://www.youtube.com/watch?v=oV71hhEpQ20

terrorism, evidence etc report card:
http://www.lawandsecurity.org/portals/0/documents/02_TTRCFinalJan142.pdf

CATO report on costs of counter terrorism compared to what:
http://object.cato.org/sites/cato.org/files/pubs/pdf/pa755.pdf

John Naughton's notes are now available too

Not wrong to be forgotten

A few more points after the illuminating debate at the Cambridge Union Society last night (23.10.14).

i) so people are still hung up on the notion that,
because the internet/web/cloud can copy/store things so cheaply,
then deletion is impossible -

first off, that isn't necessarily so,
but even assuming it is,
its tantamount to arguing that
because we can now 3D print guns, we don't have to bother with gun control law...

- in fact, if there is a reason to remove data from publication
(its required by law - because its  defamatory or wrong,
or its required by ethics because the use is no longer relevant,
or its required by emotions - it would hurt someone's feelings again and again)
then the imperative is to embed the right in a law so that we incent people to withold their copies
(which is not the same as _erasure_ but is quite possible, and easily enforced

keeping a copy of my ex-partners photos private is fine (i do) -
re-broadcasting them 35 years later is not.

ii)  preventing search producing a hit on content from i) isn't pointless -
its just a weaker version of stopping people re-publishing stuff
the european court finding was blurry on this
because of the definitions of stakeholders in current law. poor.

iii) the argument that there are many search engines and meta-search,
and that the internet "routes around damage"
so people will setup sites like "blockedbygoogle"
minutes after something is not returned by search, is irrelevant -

if we get the law right, and the right put into action, then technology can work -

scale out of distributing rules for filtering spam (e.g. see how ApamAssinsin shares filter rules, see how ingress filtering and BGP policy checks work, see how legal censorship works etc etc and see how collaborative filtering and recommendation engines work), and
other tricks works vert well (no, not 100% -but we aren't arguing 100% -
we're arguing shifting the balance so
a) people think a bit about this,
plus
b) law that gives victims teeth, so deliberate flouting
earns the perpetrator fines/criminal records, public opprobrium etc

personal clouds, with personal control of flow of data through cloud, and
making the relationships between people and between people and organsations
(whether government or corporate)
more symmetric in terms of control of flow and lifetime of data)
is essential

people get confused about "google do x" or "person re-tweets y" -
the size of the agencies shouldn't
matter - anyone can leverage the internet to scale out cheap copying of data to many,
but should they?, is the question to ask?,
to whom? who is the entitled audience, now? or later? -
see next points:


iv) people are confused that this is censorship -
certainly currently the legal framework, and its "enforcement" by Google is a form of censorship,
because the "right to know" (i.e. public interest)
isn't being tested by an organisation that _represents_ public interest,
in any accountable way - sure, that's a bug, but we can fix that too - that doesn't mean
the right to be forgotten is wrong either

popular journalism (especially in recent years) has not helped :-)

Right to be forgotten & trolls & hobbits & elves

A two-part blog today

1. Right to be forgotten.
This is a very bad phrase. The right should be to not be reminded (as much).
The false dichotomy is just that - the binary decision between "remember and not remember".
Neither humans nor technology remember things accurately.

a) Every encoding is a decoding (Maurice Zapp, of Euphoric State University, in David Lodge's fictional Small World) - recall is revisionist for humans. It is also revisionist in technology - you may decide to do an audit (who read the file, when ? these are often recorded or appended to meta data) - where were the people looking at the data? why. Should we sort the results of a search to show more recently accessed data higher? this will affect others. Just as it does with your own grey matter!
b) We need to forget things - its part of coping with trauma, even just at the level of embarassment
c) We evolve (and we all evolve) so stuff we did that they agreed with then, we and they may not agree with anymore. Why should we be faulted now for what was ok back then?

Ref:
Delete, by Viktor Mayer-Schönberger

Better solutions - social nets should use interaction/activity based weights to decide what is recalled easily - stuff should fade - this copes with public figures naturally (as they interact with world but about their public duties, not their private lives) as well as the private individual online - if I havn't seen you for 25 years, I won't naturally recal lstuff about you - if you show up asking mefor a reference, maybe some stuff will come "flooding back" - this maps also to natural cognitive resource limits that are known about in humans, and implements a nice form of relevance filtering easily. THis also implements "unfriending without tears" on online social media - you just ddidn't interact with someone (like or mention or comment on their timeline) so they slowly fade from memory - many systems already are implementing things a bit like this, but for somewhat misguided reasons - lets fix it - its easy!

2. Trolls
There's a saying from 30 years or more of newsgroups (Usenet, if you go back that far):
"Don't feed the trolls"

So trolling is getting worse - this is not surprising - there's more people in the hills (which have eyes) than ever. These people don't know from Adam (and they are probably eating the apple). Why do they troll - to share in your glory? who knows....but they can because of what I might call Internet Induced Empathic Disorder - they are alienated, and they don't know you are a person - many of them do stuff they wouldn't dream of doing in the same room as you - this is well known. Its worse where there are too many terrible cultural examples (see the Russian Social Media abuse below, but nearer to home, see BBC's :Have your say" comments  or Youtube's hilarious children from hell type comments on videos there (remindes me of the evil devils on rollerblades in the hilarious film, Dogma!)

How to fix? Engage or Ignore? I don't believe the troll's target is the right person - we need to have a social response - peer pressure - show the troll where they sit, surrounded by hobbits and wizards (and elves) - that'll wake them up, or else turn them to stone, come sunrise.


Ref:
Protest 2.0 - networked negoative consolidation

The Lottery of Babel and the Library of Babylon

On every floor of the tower, it is sometimes said, a different language is spoken. once a month, the floor manager buys a ticket for the lottery. if the ticket wins, the language stays the same. otherwise, a new language is chosen, and everyone on that floor must learn it. the chances are rare that the language stays the same for 2 months in a row, let alone a lifetime. however, it is rumoured that sometimes this has happened. Indeed, it is said that there are dizzy heights and possibly sepulchrous depths in the tower where denizens of neighbouring floors have found they spoke the same language as each other for a time. the lottery is administered, of course, by a priesthood, who either understand all the languages, or else have their own universal tongue and each learn the language of a handful of floors. nobody knows which.

few people on each floor are capable of learning a new language every month, and so most people cannot truly understand one another. sometimes, a group get together and try to keep the old tongue alive. these cathars claim too that there are no priests and there is no lottery. they are quickly suppressed.


In the library of babylon, the most sacred works of all religions are kept. the more common books, such as the bible, the torah, the koran, the vedas and so on occur in many versions. the rarer religions, or ones for whom there are few remaining living followers, often have a single copy, or even only a partial segment of the Ur text. the organisation of the library is chaotic. the librarians wanted to organise the text in order of date, but could not agree on whose calendar to employ. then a small group  proposed alphabetizing the entire collection, but were resisted by those who pointed out that there were more ways of writing than there were religions.

the theological experts suggested that there was a tree of religions, not to imply "older" or more "fundamental", but that one could see many similarities in the gods - the indo-european polytheists at least, and the abrahamic religions.

the chief librarian suggested that this was merely the result of errors that crept in during the copying of texts due to the biases of the monks at the time.

as a result, no-one can vouch for the correctness of any of the religious tracts. reform and born-again are thrown together in confusion. there is a ground swell of opinion that the library must be burned, as it represents the ultimate sacrilege. the librarians have all deserted the buildings, which stretch far across the sands to the sea, where the boats full of foreigners are arriving. it will not be long now.

I Need a Vacation

I went away (as we do) for 2 weeks to Paleochora, Crete and then 1 week in La Villa, Fosciadora, Garfagnana so I should be feeling great, n'est ce pas? well up til the last minute in each place, all was v. good, but then, in each case, there's a long drive to an airport, waiting around for a plane, and a long drive home from the airport in England. Then there's no food in the house and everything smells of damp and cat. Then there's a pile of obscure letters on the doormat. Then there's kids' results to open and ponder.

Then there are rental car add-on bills in the e-mail which appear to be made up out of thin air (thank you Maggiore, yes that's you - bogus bill about twice the amount of the quote on the booking).

Then there's email - two weeks away and 1300 mesages to deal with, at least 100 of which actually require thought - 1 week away, and another 450 messages - this is in august, for godsakes, when most people should be on a beach or by the pool, but no, they are writing research proposals, drafting theses, preparing responses to research funding agency calls, discussing research code releases, posting papers from conferences (yes that's you SIGCOMM, right in the middle of august and in Chicago, where no sane person would go except to see Buddy Guy, and then not in mid-summer). And my vacation away mail told people (and I told all my colleagues I'd be offline too).

I think that German Company that started to delete all e-mail for people on vacation has the right idea - work/life balance tricks like that are essential for some sort of sanity. I actually had a vacation message that said that once, but still people resent stuff after I know they got my auto-response.

Modern Technology is not progress - repeat after me:)

NPfIT - NP Hard and Not Fit for Purpose

In an interesting report from the Cambridge MPhil for Public Policy student group, on the largest IT project failure ever, so far, a lot of historical detail is dredged up, and a number of useful conclusions drawn under headings like Haste, Design, Culture & Skills, which are pretty hard to disagree with.

Some stuff goes unsaid, but reading between the lines, one might ask

1. were no "references taken up" for the people who were shortlisted for the contract? I mean I know BT pretty well, and I'd never hire them for a systems integration job like this - sure, for the spine/N2 (which worked fine, and afaik, were loosely modelled on SuperJANET), but not to bring together an unknown outfit with a dodgy sounding name (iSoft - wannabe Microsoft:) and Fujitsu (ok, make decent clone PCs once then, but large databases etc? Not really).

2. So I realize it was a while ago, but even then, we had rapid growth internet outfits with many services (like google and apple and onlone gaming) who had built customer relation databases (with ok security) for 100s Millions of users, which managed a lot of stuff that scaled out, and could address the srts of needs the NHS requirements said (oh, ok - the requirement capture was one of the biggest failings in the whole thing, of course) - one thing that open source, internet/cloud companies do is to stay agile, so they can interface to legacy systems (as they get big enough to acquire them - e.g. google buying youtube or the maps system, or microsoft buying skype) - in the same way, rather tan imposing a central design on an heterogeneous set of health services, interfacing between them woould have been just fine...

3. How bad was Lorenzo? Didn't anyone do a code inspection ever? It sounds a bit like the Obamacare sign-on system fiasco - but why? I mean lashing up a bunch of patient recor databases into mongodb, mysql or whatever (let alone Oracle or Ingres or some big iron dbase) is not rocket science. Its done by Internet startups 100s of times a year and is hardly ever the reason they fail.

Of course, the other component that work (Picture Archiving / Comms) worked because there is much less heterogeneity in those systems - image standards exist and you just need web/email access to glue systems together....so lucky no-one managed to balls up that part, eh!

Anyhow, nice report, but would be nice to hear more about the contract failures (lack of penalty clauses with enough teeth)....

forget me, forget me not - how to implement?

some haev argued that
copyright takedown == right to be forgotten
(ie. not quite the same as censorship - just enforcement of access control
by the data owner (in case of PII, person is owner of rights to access some
facts about themselves, unless there's a compelling argument for public knowledge) -
there are other arguments for and against, but this analogy (whatever its flaws) might be useful for estimating the cost of the right to be forgotten (as per EU court ruling)

whatever the many of pros and cons on the topic, but how to implement?
well, if you upload film, music (or stills) to youtube, and are worried about copyright, don't:
google have made it their business to acquire legal copies of Just About Everything digital, and will eventually match whatever you've uploaded to a copy they have in house - they will then discover if there is a rights holder (that isn't you) and, if they havn't already done so, will contact said owner, and ask/ngotiate
 a) do they want content taken down b) do they want analytics c) do they want advertising revenue -
in fact, google can and do optimise this by region by doing blanket agreements with large publishers of digital content.


so to do the same for stories in webpages (and search results) concerning individuals could be done exact same way (probably is) - the technical cost might be a bit higher because you need to
keep a per page (per region) filter entry. The bigger cost (by far) is establishing genuine rights holder (data subject) and whether there's a public interest angle or not - this requires judgement (rather than just money:) so I think its interesting that Google is doing this now...

but the negotiation is where this differs and that's a really tricky business...

Mutually Assured Distraction

A lot of commentary on the current fad for extra-territorial mass surveillance misses the point - the reason countries are doing this isn't just because they can, its because they can't currently be held to account.

In the old days, spies would be caught from time to time, and executed (or exchanged). Now, the spies aren't in the other territory, and plausible deniability means you can't even use extradition agreements between allegedly friendly countries (e.g UK &US) to get them bought to book/justice. This shows up in other domains than mere military intelligence:

1. Drones
2. Finance
3. Energy

Sadly for all these, the level of technological development of a country really doesn't have to be that great to gear up to use a bunch of 100$ radio control quadcopters, or a cunning HFT instrument, or even just the ability to turn off the gas pipeline to a neighbour - of course, there are expensive versions of these weaponised tools (e.g. BAe Systems drones that US uses in Pakistan are quite pricey - surprisingly so given cost of crop spraying, or outside sports broadcast drones, really - but then the MoD/DoD were always targets for ripoff pricing) - also the US threatens banks who don't reveal US taxpaying customers accounts/transactions details with massive fines if the bank has a stateside operation (of course, swiss and german banks just close down US tax payer accounts rather than face this), and Putin wields the russian gas wealth like the playground chess playing bully he is:)

But the low cost versions are just as bad.

Hence, talking about this needs to move up a level, methinks, as the realpolitik of using this stuff is not going to go the way of nukes, quite the reverse, since the Use of Weapons of this type doesn't lead to Mass Destruction, just death by a thousand strikes......

Horizon Digital Economy annual shindig - some ideas...

so we had the Horizon annual conference last 2 days in Nottingham, and jolly good it was too - esp. two v. good "industry" talks, one on New Media from local 21st century 'cinema' people in notts, the other from the link guy for NHS data projects which was v. v cool

couple of ideas sproinged up during discussions

1. the loneliness of the long distance spectator - instead of filing a long strung out event (marathon run, tour de france etc) from central, string together a set of friends and family of a given participant into a narrative...lovely idea  - whole new experience for all concerned - main problem is legal consent (if spe, participants have prior agreement, e.g. with news media channels) - should be fairly easy tho to think through

2. informedConsent.com - a startup idea - we are suffering from ethics questionnaire fatigue - we need a pool of people who agree to be study groups for repeated things (a la Nielsson ratings biz model) and just deal with their informed consent once (or occasionally) for all those twitter/facebook/email/emotionsense/mypersonality etc etc

3. Embrace Messy

Lots of studies of systems (esp. internet of things or other tech embedded in everyday life) involve lots of noise - e.g. multiple occupancy houses etc etc - why bother trying to be a control freak nailing down who is who (e.g. with fascistic rfid tagging of everyone or even worse, invasive use of cameras or mikes and face speaker/gait/gesture recognition etc) - embrace the mess - for example, lots of people in my house use computers at random, so we all get each others' profiles/recommendations - this is amusing and, indeed, gives us a community feel about who likes/watches/listens to what!! this is good not bad:)

the fact that it also acts as cover traffic is also good for fuzzing (plausible deniability:)

35 years of irresponsible research

Yesterday, I went to the very cool science museum london future room to attend the very cool Responsible Innovation project's flagship event showing off their rather good ideas on how we in the tech sector (the hated ICT term unfortunately due to funding agency's presence) should include some sort of notions of responsibility (e.g. to people, e.g. ethics and society) into our work in innovating (i.e. don't just do it because you can, but choose what to do because you should and what not to do because you should not:)

being a grumpy old git yesterday, I had to intervene in various curmudgeonly ways, but on the whole, I thought the proceedings were constructive, optimistic and helpful, and surprisingly, a lot of people in the audience seemed positive too:)


So here's some comments on the event

Marina Jirotka (University of Oxford) introduced the project - a few things I didn't like

1/ they were filming and we were told if we didn't want to be filmed, not to ask questions - that's a bit of a technology fail up front:)

2/ the noise level fro mkids running around in the science museum would have made life difficult for anyone with significant hearing loss (e.g. me, which is why i was sitting in the front row being annoying)

Marina showed a REALLY cool video showing affective robots as a use case example of hat can be good, but then bad - i didn't say it at the time, but Robots have been done to death in the Sci Fi (our ethical storifiers) community - not just going back to the Golem of Prague, but Asimov's Zeroth law, and then things like Aliens Synths (good and bad in Alien 1 and 2) and BLade Runner's Replicants (and Philip K Dick's dissection of what makes us human and them not (empathy!). and even humans falling in love with robots (see one of the original I Robot stories - or for a more oblique version, see John Wyndham's story abotu smart monkeys painting and revealing adultery in a family) see also Sladek's Roderick & Roderick at Random for a lot of discussions of robots in society

Indeed, one distinguishing feature of the Geek/Tech (ICT) sector is the addiction of many practitioners to the morality tales that we get from 100 years of Sci Fi (HG Wells, Jules Vern to Star Trek and Dr Who - many featuring techno ideas 50 years before they are realized, with a full exploratory discussion of their pros and cons - for more recent stuff, look at Pat Cadigan's  work, e.g. Synners or Charlie Stross's Accelerando....for other areas of concern including mixed reality and new economic forms...or even Eternal Sunshine of a Spotless Mind

 Sir Nigel Shadbolt (University of Southampton)

Sir Nige is ever the optimist - I asked him about being forgotten - why do we need to save everything personal - he bought up the difference between Commons and Public goods and private goods (see question later about 17th century models:) which was a good answer - I asked why we just talk about data and not just processing - for example, why can't I direct th digital camera stream to my phone (which knows where I am in the room and has enough processing to remove the pixels with video of me and send back to the net without me, for example - many other examples, given the copious amount of CPU cycles out there where we could personalize and filter the interweb in ways that reflect our preferences for what is seen by who about stuff that concerns US! we could even build Social Machines (e.g. for democratic or dictatorial households or meetings) to determine what rules for processing and storage apply:)
Note, Technicolor routinely customies digital movies for over 30 different locales in europe (e.g. substitute for a coke can, Orangina in France, or IrnBru in Scotland) - so substituting for my image in known location in a (fixed) camera view is really quite trivial:)

 Artist display - Barbara Gorayska - quite a cool performance/installation in the break

PANEL: How do we innovate responsibly in a digital world?

Chair: 
Lizzie Coles Kemp (Royal Holloway, University of London) - great synthesizing chair person!
Panel:

• Daniel Stauffacher  (ICT4Peace) - very cool stuff - like the IRTF's GAIA group (see research group which will meet soon )
• Derek MacAulay  (Horizon Institute, University of Nottingham) -- Gave a nice chat about Horizon model of personal cloud etc 

• John Hand  (EPSRC) - the funders viewpoint - I mentioned the NSF as an Ethics for STEM programme that's more general that EPSRC should look at...
• Anthony House  (Google) quoted Tim O'reilly "Create more value than you capture" and also got asked a great question about breaking concrete that cements us to 17th century values:)
• Judy Wajcman (London School of Economics) - a GREAT talk about women and about time (why should everything that's faster be better:)

Q&A:  Questions to the panel

I asked "since many areas like banks/finance, government/war, pharma/medical, energy/global warming, as well as cloud/privacy, don't take ONE BLIND BIT OF NOTICE of what would be socially responsible, why should we in the tech (ICT) community bother?

Several questions followed, which were a bit less blunt....

The gist of the answers was that we could lead/set an example, but also that businesses if large need to keep their brand clean so theres is mileage (economic) in being ethical, plus small outfits would like help ("tell us what to do")

of course, not just being motivated by profit (Pikketty got namechecked) was good - i'd have love to have heard Precariat views too:)

 WRAP UP: Tristram Riley-Smith (University of Cambridge) wrapped up with the Science/Evidence-> Policy story which was good stuff

I'd have like to have heard about making the law responsibile too (GCHQ said "we don't break the law" - not on paper, bt in a moral sense they do:)
[shout out here to PIs Campaign to test this in European Court

Duty Cycles Finished

We depend more and more on Solid State Storage, and more and more devices use rechargeable batteries.

What if one day, everything went wrong at the same time?

Why this is not unlikely?

Simple - the devices are made and sold in batches. They have a duty cycle limit (there are a maximum number of write cycles you can apply to Flash memory and there are maximum number of discharge/recharge cycles you can run a battery through). The chances are likely because of the law of large numbers - most people buy things at xmas or other holidays, so manufacturing and usage are synchronised.

Devices (like cars) are built so that components fail on the guarantee lifetime boundary (or just after).

The law of large numbers (central limit theorem) says that this is something that will apply to lots of stuff....

So picture this (cue Blondie music) a day in december, 2024, all the electric cars and phones and networks and power systems and internet of things die. And cannot be rebooted. Ever. Again.

Solution to the Google Glass Privacy Problem

It's obvious that Google Glass is the only way we will solve the dementia problem of the future, but the current worry on many peoples' mind is the ominpresent privacy risk - as written about so cogently in Dave Eggars' book, The Circle, this is not acceptable.

I propose a solution, not very different than several technologies I invented many years ago such as the Hairt and the Gurl (a clear pre-cursor to the Glass, and obviously prior art sufficient to bust any patent on it:)

The solutions is that every Glasshole shall be given a regulat supply of enough kits for everyone in every social encouter that might cause embarassment for innocent bystanders (colleagues, sexual partners, family etc) - a suitable kit is already available for around 5 bucks - see google tache proposal, for one fine product.

This would also make many pub situations infinitely more entertaining.

the net is a very gendered engenderment

so thinking back, its hard to remember any women associated with the creation of the internet - lots of "fathers of x" and so forth

yet in the 70s and early 80s, computer science was nearly 50/50 gender balance (in jobs I had an university courses and departments)

so why did this happen?

and how would the net be different if it had been designed/discovered/invented by women?

answers on a woven tapestry embroidered with holerith string band music

Towards an Aesthetic for Conspiracy Theories

So we need to lay down some terms for these conspiracy theories, that enable people to get them right (lets say we want to start a few bogus ones and see how they run, for example:-)

Rule 1. Lack of evidence proves that there is a cover up.
This is an essential rule of the conspiracy theorist - its part and parcel of the next rule:

Rule 2. A conspiracy theorist should strive to make their story unfalsifiable.
Falsifiable theories are for Popperians seeking objective knowledge, not for the hunter for objectionable ideas.

Rule 3. Ideally, a conspiracy theory should have great (in the sense of broad) explanatory power or applicability - it ought, at one fell swoop, to encompass several problematical domains (missing aircraft, beleaguered news readers, confused celebs). Conspiracy theories make the inexplicably complicated, suddenly comprehensible to a complete dolt.

Rule 4. Any decent conspiracy theory resonates with some fundamental cultural meme, especially one that engenders fear, uncertainty and doublets. Hence myths from eldritch times, alien technology, hidden rules of numbers and the odd way some people look at you when you talk about this in the context of UKIP's chances at ruling Scotland, are essential.

Rule 5. There is a cover up, which means that there are coverer uppers. There is some group (Illuminati, Opus Dei, the French, the Arms/Drugs/Car manufacturers, UKIP) who know something, and are not telling us.

Rule 6. A good conspiracy theory exploits the principle of maximum astonishment (see also Rule 3). On the other hand, a conspiracy theory might sound occasionally plausible for a moment - for example, the fact that mice, cats, dogs and horses are just different stages in the growth of the same creature, or that the names of passengers on flight MH370 were the same as the travellers on the Marie Celeste, or that 3D printers contain secret scanners to make sure you don't ever copy people, especially not members of UKIP.

Search Me

In the UK, we had/have a deplorable police practice called "stop and search"

now this was ostenisbly so people suspected of carrying {drugs, knives, guns, islamic-extremism, irishness} cold be caught - unlike the US, this was targetted - of course, the net effect was to alienate various groups (especially the last 2) even more.

ironically, one of the things about the british police people like is that you could ask them staff - "ask a bobby" was a common piece of advice - the {time, location, help, etc}...and generally, they would be helpful (still are sometimes) - also, them not carrying guns makes them a bit more accessible:)

So now, if you search the internet via some engine {Google, Bing, Yahoo! etc}, what you look for will no doubt be part of the encroaching polis-state's total information awareness - as someone said at the IETF, when flying to Vancouver recently, he'd set off from another airport very early, and was about to send his partner an {e=mail, SMS, checkin} saying "this airport is SO dead", and then thought "do i really really want the NSA to put their interpretation on that".....

how weird to live in this world.

so the {NSA, GCHQ, Disney, etc} collect all our utterances.....but you can't go ask them for anything.

note that despite this, 9/11, 7/7, and poor Rigby's murder occurred. all that money spent by the surveilance state, but they can't reveal what they know in case the bad guys know that they know who the bad guys are and where they live.

come on, its our money, and we know you know where everyone lives, so how about you use it t round up the usual suspects for once before they commit some outrage, eh? just once. to prove you didn't spend it all on drink and drugs

Dave Eggars puts it in to context with a nice article discussing the swings of history and the story of Bernstein and the Front....for me, what we need is an extremist liberal take over of government which locks up and persecutes all the surveillance people for a couple of years, to give them a taste of what they are going to enable, but to point out that if it was an extremist right wing takeover, it would never end.

terms and conditions, part II

1. We were wondering why there's no service that explains all online services' Terms&Conditions in Plain English once and for all (using a common set of terms:)

e.g. you own everything you put here on google's blogger service; or you own nothing you put here on google's blogger service. When you die, it is all deleted; or when you die, it is all in the public domain; etc etc

2. We were also wondering why there is no service that explains to you your privacy settings in one simple infographic, once and for all

e.g. using a simple visualisation of which people  who you don't know from Adam can see something you post or tag or blog, when a friend of a friend responds, reposts/ tags etc  - i.e. a simple venn diagrammy type thing with your ego net extending at least to friend of friend, then with pictures of people further away in the you-centric infosphere, and so on.

Of course, one answer to these two questions is that there isn't really an honest way to make money from such a service - or at least, not in a way that would a) induce trust and b) not cause all the existing service providers to set their best lawyers on you...

So I'm thinking this is an excellent project for cloud legal people at QMUL - we can get law students each year to do a project translating T&C for for the lay person, and explaining about property and privacy for the great public users of the unwashed Interweb....

3. Single sign on - hmmmm - how do we do this with really fast revocation? I quite like the two-gadget approach (you need a fitbit like device that talks to your smart phone - without both, AND you, then all bets are off....

The Role of Religion in Revolutionary Network Architectures

I'm looking forward to the forthcoming IAB workshop on Internet Technology Adoption and Transition for lots of reasons (catch up with many people, navel gaze about important topic, maybe even find out what works and what doesn't)!)

However, I'm looking through all the papers that will be presented and am worried that we are missing a very big factor in technology's success or failure, and that is faith.

The papers to be presented break into 4 rough groups
1. Economics -
     e.g. how do markets and commons interact.?...
     how do various tricks bundling, regulation play out?

2. Process -
     what do patents do to things?
     how does the ietf capitalize (or not) on research?

3. Ecology
     does the hourglass emerge always?
     how is diversity helpful (or  hindering)?

4. Technology
   what makes a protocol tick well?
   what pieces of the current experimental world (ICN, bitcoin) will make it to      prime time?

All good, but all roads that have been trod several times before in the communities - in general, economics has not had a great track record in prediction, and bio-inspired stuff is fun, but again doesn't match the details.
It is always worth studying the process and use cases are well worth documenting of course, but what bugs me is that there are so many potential failures we havn't looked at, and what do they have in common?

For me, it is the lack of a fervour, and what is more, persistence in the face of strong adversarial reaction - when we started deploying IP (I am not talking about the mega-ARPA projects, I am talking about the "going into schools at weekends" and "laying out community nets in small towns" movements in the mid 1980s), we were conducting a missionary movement - I recall also giving courses on TCP/IP to hoards of commercial folks despite their seniors in their companies still buying all sorts of CCITT (now ITU) and ISO (now nowhere to be seen) products being pushed by big companies and government agencies (GOSIP - Government OSI Procurement, was the official religion).

We persisted on this for 20 years - we still do....but we are now the official religion.

so now what happens if you want to introduce new tech, you need to make it the underdog - IPv6, no good at all - DNSSec secure BGP? hopeless basket cases. You need something that
a) is really barking mad, but might just work
and
b) has the feel of overthrowing an older dogma
and
c) inspires faith, even when the evidence is thin....

but you also need to think long term - 20 years is too short - its generational.
And most of us in the game are from the previous generation, and we need to get out the way.....but of what?

future of the net & its impact on birth and death of industries

Yesterday, I attended an interesting meeting between policy maker/implementors, and techie/geeky people to discuss this fine topic (again - previous meeting was blogged earlier here under the topic of collective intelligence

this time, we split into two groups first, and laid out our wares to each other as techies all in one room, and policies all in the other, and then came together.

1. Techie discussion was perhaps more far reaching - long term problems like the use of the Internet as a metaphor for organising other sectors (decentralisation, symmetry between clients and servers/peer progressive) for energy, government, education, crowd sourcing/funding, journalism etc etc...

Some v. interesting stuff on power-law distributions in networks, and how these impact the way power itself plays out across a web of organisations, and if we do adopt the internet metaphor for these other secotrs, what that would do to wealth (in all senses of the word).

2. Then the policy people summaries their topics, which were much more about immediate problems the net brtings in their space under the general headings of

Personal - Does the net impact our cognition?; why do some things succeed and some fail? does the net replace people & jobs?

Business -does the net replace businesses or just optimise them?

Government - who is going to lead on regulation and governance?; is the net just too big to control;?
specifics (who is going to pay for rural broadband? how should public broadcast be funded?)

There was sme discussion about transport area stuff (esp. under optimnisaing both the operations and the large decision making - e.g. HS2). There was some discussion about censorship and darknets.

The main conclusions the tech people draw on these discussions (and tried to lead the policy people towards) were largely optimisitic

Again, background reading
1. Jaron Lanier's "Who Owns the Future"monetizing your personal data instead of being owned by the net
2. Cory Doctorow the war on general purpose computing and appliances
3. The Interconnectedness of Everything

Crucial background was on defending systems against bad guys. I'm not so optimistic about this aspect of the net

F.U. NSA

More than  a decade ago I was involved in the Internet standards (being on the IAB) and we responded to the RIPA excessive intrusions in the US (and elsewhere) quite robustly - see for example with RFC1984 (so aptly numbered by the late, lamented Jon Postel - see IAB's statement on crypto)).

So then we thought that was that.

Some of us built some cool network monitoring technology (e.g. Endace) which was originally used (innocently) for long term understanding of the evolution of internet traffic characteristics (and led to fine conferences like PAM and IMC (this years conf)

So it became apparent that some agencies in funny big round buildings in the US and UK were buying lots of this kit (esp. when they insisted that companies that built and programmed it only have US citizen employees).

So these, and other worries about wiretap by good and bad agencies led many Cloud service providers (think social media, search, webmail, etc) to turn on HTTPS by default - after all  much of the Internet runs over unsecured physical infrastructure, and much of its use is now a big carrier of transactions of financial worth (home shopping, home banking, whole sale information business too), so loss of identity is no joke - we were aware of the threat - or so we thought

We complied with lawful intercept requests - why would we not? we aren't the bad guys - we want to be a contributer to a healthier, wealthier, greener, happier, safer world. THat's the kind of people we are in the Internet Staff. 

And so, now having stirred the IETF with one big swizzle stick, the NSA and their cronies are going to reap the whirlwind - BUT, this won't just be that they can't wiretap anymore (we did that mostly with HTTPS going on by default, although we can harden systems (like my institution has just done) against MITM attacks too, better - no, we are going to make the WHOLE net and CDN and Cloud go dark - you know why this is BAD, dear #nsa morons? because it means you wont even be able to catch genuine bad guys any more - if you'd cooperated with us instead of attacking us, we wouldn't have had to have done this.

Now they are not only doubly wasting our money, the unintended consequence of having to harden the net against these hardened criminal nut agencies, is that the bad guys will go dark along with the good, not by default - permanently, ubiquitously, eternally, with forward and backward secrecy.

Not even evidence will be gettable - even with warrants.

Well done, NSA and GCHQ. This happened under your watch, not ours.

well hard

human machine improved collective intelligence....

[Background reading list:
http://www.amazon.co.uk/lm/RQZNXYWO3LEX1/ref=cm_sw_r_fa_lm_hbnDsb0P80MXH
warning- lots!!!]

1. I am very skepticle of some of the far out machine
intelligence/singularoty folks (kurzweil et al) -

They hark back to the big AI errors of the 1960s,
and all the advances in real machine "intelligence"
that appear to be clever have been made on the back of
a) a lot of data and fast processors
and
b) some very simple mechanisms - e.g. Bayesian Inferencing

Of course, there's some very clever algorithmic work
making big systems go fast -
Just for example, facebook run around 3000 interactive jobs
a day in their entire graph (1 billion users)
to explore various business questions - the tools
(data centers with a million cores,
map/reduce and Pregel style highly
distributed/parallel or large

memory system processing frameworks) 

are not like anything in the past, 

but nor are they anything to do with AI, 

nor do they exhibit any emergent properties we don't expect:)

2. In hybrid human/machine thinking, 

such as we do now with big data in commerce 

(google, aforesaid facebook) and Big Science 

(LHC, Astronomy, Genomics, Proteomics etc) 

there are plenty of cool things to do, 

but they don't involve large groups of people, 

rather small numbers of skilled smart people 

with a LOT of silicon slaves...

3. So in the collective space, what do we have? 

Things like twitter for news, 

Wikipedia as a knowledge base, 

Kickstarter for investment, 

Liquid for democracy, 

EBay for commerce, etc and so on -  

These are emergent social thinking machines, its true - 

and they evolved/emerged out of web systems  - 

so what changed since Vanavar Bush's seminal article, 

As We May Think?

http://www.theatlantic.com/magazine/archive/1945/07/as-we-may-think/303881/

A bunch of things, really 

but they havn't been codified/captured very well...

which are the meta-behaviour constraints that have evolved to

control bad behaviour in online social worlds, 

e.g. to reduce trolling, 

help people defend against fishing and grooming, 

and to damp down flame wars and so on - 

IBM, back in the day, did a study of the

use of Lotus notes in a lot of customer sites, 

and ended up buidling some nice systems that, 

with human help, reduced the 

incidents of antisocial colleapse:

People were allocated roles 

(the "lightening conductor" was one role I liked,

who would take the heat when someone was becoming abusive -

like proxy victim!);

Studies of bulletin board use 

(Usenet News, the Well and so on, 

in the 60s and 70s 

showed informal evolution of similar roles, albeit informally...

So wikipedia now has lots of distributed controls 

to prevent edit wars, 

and liquid and ebay have a bunch of heuristics 

that do a lot of damage limitation.

These systems look a bit kludgy:- 

they evolve to meet needs;

they look a lot like immune systems; 

it looks like they work! 

Systems like recommendation networks, 

and reputation systems (with +ve and -ve) 

which use strategy-proof algorithms (like pagerank)

seem promising, although obviously Wikipedia 

is interesting in that they don't use explicit 

named author&reputation, so its a lesson in

another approach that can work too.

So these involve preventing the 

collapse of group comms into chaos, 

or domination by small vocal groups, 

but don't necessarily demonstrate improved intelligence 

over traditional think thanks/meetings of minds 

(the royal society, the academy of science in US , 

and ad hoc groupings formed to solve particular problems - 

e.g. NASA's moon mission, the IPCC, 

and DARPA's autonomus car (precursor to google cars), 

the LHC, the genome, the search for HIV vaccine, etc etc

I don't have anything to offer that solves the 

problem of increasing intelligence above existing human levels, 

but stopping groups becoming more stupid than the dumbest member 

seems a goood start. 

Also, it depends on your goal - 

if the goal is to have a society with

collective intelligence on the average human level, 

but with buy-in because everyone is involved,

engaged and owns it, then that seems good enough...

Stuff with nanotech meets quantum computing meets singularity 

is not relevant really (in my opinion). All it does (for me) 

is scale up the technolgty we have to day. There's no indication 

that it makes computational thinking easier. 

It just means we can stay on the curve we are on led by Moore's Law 

and other amazing engineering feats of improving performance that

computing has managed in storage and communications as well as

processing...

By the way, a nice paper on the non-utopic use of bitcoin by some

friends (and an ex student) of mine:

http://cseweb.ucsd.edu/~smeiklejohn/files/imc13.pdf

and I am sure this is just a step in the arms race there...

we just finished a modest EU project in this area which might provide

a few more useful pointers (perhaps:)

http://users.cs.cf.ac.uk/Recognition.Project/

Why Big Data Bugs Me

I've been talking to a bunch of serious social science people and it
appears there's a ground swell of backlash against naive big data hype

1. we did this paper to try and capture some of this which we call
HDI

2. kate Crawford (see also ted talk) continues a nuanced revision of

what big data's place should be  limited to, and here, how:-e.g.

Big Data Governance
also see Acquistis talk and I also really like Janna Malamud Smith's nuanced book on Private Matters

3. For any "interesting" big data (i.e. about people, not about
particles or weather:), we have major major problems with ground
truths of the data - just starting from selection bias (data mining
twitter or any online material ignores, systematically, the 25% people
who don't use the net - of course, these are in the main, but not
exclusively, the poor, so if you're setting social policy based on
what people online say, then you're ok if your a tory (sorry:) but
anyone else better worry....

but its much more insidious than

4.  On the NHS data, if you claim to be doing logitudinal, cross
population studies, and you don't compare the NHS records to (say) the
center for longitudinal studies' data, then you are missing out
healthy people - this is a bit of an issue if you are trying to do
public health, as the healthy people are the ones that might contain
clues about what to do constructively to do prevention
whereas people that get various syndromes will have a wide variety of
factors that may or may not have contributed...

However, to track the healthy people, you'll need lots of lifestyle data,
which the GP/NHS record wont have whereas a proper study (with random
trials of various things) would do, and would do with informed
consent...

Basically, for me, the rush to explit data (in these ways - no
criticism of the natural scientists who use big data all the time
perfectly reasonably) is motivated by a) laziness
and b) cheapskate attitude the above would suggest...

In government, of course, a big problem is that proper use of
logitudinal studies takes several electoral cycles to produce
results, so the "powers that be" are basically "has beens" by the time
the cool new knowledge start to roll in, so they don't get to claim
credit....

this is, of course, the biggest challenge to liberal democracies today
(how to make evidence based policy that has planning horizon of 1-10
decades:)

Oxford Uni have some thoughts on this last problem, although my take is a bit more radical...

viz

The reen and pirate  party in germany are causing the big parties to adopt a

thing called Liquid Democracy - this is crowd sourcing engagement, and

appears to generate long term stable decision making/sticking capabilities

in society that may turn out to be the eventual outcome of the careful

thinking in some parts behind the (less crazy parts of the) occupy and

Indignados and related moves (there's others in russia and some interesting

cover ones in China and in the Islamic countries (not just the obvious Arab

spring ones)....

I personally think that liberal democracy in its current form is incapable

of carrying out long term planning- but  some organisations (that aren't just 

Opus Dei or the Mafia) are able to do it in inclusive ways, and we should figure out how to construct

such systems as needed - long term planning (e.g. for reaching WHO targets

for eliminating diseases) appears to work in some cases - so why not in

others, and how does new tech help (or hinder)?

In my particular discipline, this is what is called "games on graphs" (think

Conways game of life played out over complex topological/topographic spaces)

- we have some ideas why some patterns (memes) are dynamically stable and others

collapse and some take over (endemic) so why not use this stuff....

how does a religion persist for 1000 years? why does a clearly broken idea like free market economics based on rational choice theory last 30 years? How come liberal democracy has survived so long?

time for syndicalist anarchism based on maths:)

The Prismer (with apoligies to patrick mcgoohan -- http://en.wikipedia.org/wiki/The_Prisoner)

One of the points about #Prism is that the various national security agencies (#NSA, #GCHQ etc) are using it mostly to get meta-data on conversations involving foreigners - however, the conversations must be between those foreigners and citizens, so they are, by trivial corollary, getting meta-data on citizens. The 2nd conclusion is that between agencies who cooperate (e.g. UK and US), they can merge the two views to get a view on everyone, without even breaking their own constitutions (well, ok the UK doesn't have one). So the step to a "global market in espionage sigint" has been largely completed. of course, the irony is that the real enemies of freedom have had enough tradecraft to avoid leaving meta-data trails, since ancient roman times (e.g. undercover religions - living in "crypts") so they won't show up - no, the old adage is the opposite of the case: if you are innocent, nothing of yours will be hidden - if you are guilty of something, it ain't going to show up on any of their screens unless you are seriously stupid. Of course, the most guilty of all, the people wasting our tax money on this system, instead of doing their job (humint on real bad guys) and turning our society into a toxic moral slag heap, they sure as hell won't shw up on any screens either - they all are too busy looking at all the espionage porn of normal peoples' lives to get caught by each other - or do any good whatsoever.

internet of things = SDN + hypergraph

basically, almost any service in the future internet of things can be decomposed into a graph (food/waste, health monitoring/control, environmental, security/access through doors/windows, power network, air con, etc etc) and a set of on/off operations (a few involve set points - like thermostats, but if you assume a network which provides heat, then that is just on/off at some level of granularity)

so we could do this all with SDN applied to a hypergraph - the specific graphs would be VPNs and openflow specifications would say how permissions and TE work, then you just use same tech to run ALL the IoT apps across the VPNs - then your home hub/service center (or cached/cloned copy on your smart phone, or car computer) would just be the controller for this - the state (and audit trail/history) can be written/read to an append only (cf. git/irminsule) database which can therefore be easily replicated for high availability/low latency access, and then you are done....all other tools work
in the right direction...

Where devices might be a bit more complex, we might want to build a simple semantic description system (but many are going to be like the setpoint controller - even your PVR/home digital media recorder) - how many more patterns can there be? well, think how many physical actuators there are (include remote controls for existing legacy devices) and what state/actuator model they have - not many....

IoT - game over...

j.