The ability for everyday devices to connect with each other and with people is a hot topic. The Nigerian Communications Commission identified a need for the Nigerian legal system to be aware of present and future possibilities, grey areas and learnings from other countries that have taken proactive steps to prepare for this inevitable future. Learnings from the EU, USA, China etc are considered. It is comforting to know that no country claims to have its legislation ahead of the tech innovations curve, but the catchup game needs to be at a pace that dragnets the present effectively and constantly repositions for the unknown future. Regulation should also be smart. Rather than get bogged down regulating aluminium weight for car use, fuel grades for combustion, rather regulate speed (protect lives) and drive regulation by principles that outlive wherever tech wants to go next. The session was eye-opening for a good number of the aged and candid judges, but it was gladdening to see the mindset: mobile tech is not "that thing", it has to be used, understood and admitted as evidence. The nerds and more tech savvy should help these 'learned ones' to better embrace tech and help them do their work better for joint good! Attendee/delegate feedback was candid and NCC hopes to build on this in the coming years.

1. Important & Realistic Legal
Perspectives beyond the hype
Simon Aderinlola
NCC-NJI Workshop June 2015, Abuja, Nigeria

2. A Hot topic worldwide
There’s already a plethora of conferences, projections,
webinars, discussion sessions & consultants around the
‘Internet of Things’

3. A Hot topic worldwide
There’s already a plethora of
conferences, projections, webinars,
discussion sessions & consultants
around the ‘Internet of Things’

4. Intros: what this is not about
This presentation won’t try to impress you with the extent of
the tech around The Internet of Things.
A few slides will indicate where IoT is in 2015, but it won’t dwell
on just that.
The aim is also not to belly-ache about what Nigeria is not
doing at present, but to:
1. build a possibility picture and
2. make useful recommendations to shape policy

6. What is the Internet of things?
First, what is the Internet?
a global system of interconnected computer networks linking
billions of devices worldwide, using standardized communication
protocols to provide a variety of information and communication
facilities.
Next, what is the Internet OF THINGS?
Short-definition: The ability for everyday devices to connect with each
other and with people
Long-definition: The Internet of Things, also called The Internet of
Objects, refers to a wireless network between objects, usually a
network that’s both wireless & self-configuring, such as household
appliances....Wikipedia

7. What is the Internet of things?
How does it come about?
By embedding short-range mobile transceivers into a wide array of
additional gadgets & everyday items, enabling new communication
forms between people and things, and between things themselves,
we enable, not just for the wow factor, but for true convenience.
Reality check
• Today, there are 6 billion internet-connected devices
• By 2020, estimates put that number as high as 50 billion: 4-7
connected devices per person
• At present, most smart products are fragmented and do not work
together. As data are siloed in each product’s separate app.
• That will change in the future as devices grow more inter-
connected

8. GE Jet engine sensors

9. Connected
stadia
• Enhanced stadium
experience for
fans
• Live Augmented
reality: who’s that
boy?
• Player information,
news, injury
status, former
club etc.

10. Sounds nice, so what’s the problem?
The Johnny Depp access rights problem in ‘Transcendence’
With unlimited access to data, he could tell by Oxytocin, Dopamine
and other hormone levels that his wife was lying. With unlimited
access to data, he could see through her skin and though he was her
husband, her comment “that’s not right” underscores the ethical
nature of the challenge.
Identity theft and being locked out
Valid concerns if you have ever experienced your signature being
forged, your ATM PIN being used or your email account hacked!
Over-empowering governments
Most respondents off a survey do not believe the internet is safe,
not even if in the hands of their country’s government = top men
The malfunction concern
Security and mitigation systems lag behind front-end innovation

11. Learnings from the EU
The Data Protection Directive 95/46/EC:
• This is the reference text, at EU level, on the protection of
personal data, inspired by Council of Europe Convention 108/81
• It sets up a regulatory framework which seeks to strike a balance
between a high level of protection of individuals and the free
movement of personal data within the European Union
• It provides a high level of protection of personal data, regardless
of technologies used & sets limits on its collection and use
• It demands that each Member State set up an independent
national body responsible for the protection of these fundamental
concerns & it applies to both the public & private sectors.

12. Learnings from the EU
The roadmap for the review
– Public consultation (May-Dec 2009)
– Written input received: 150-200
– Commission reflection (Jan-Sept 2010)
– Stakeholder meetings, impact analysis
– Communication (November 2010)
– Consultation & additional feedback
– Commission proposal
– Co-decision of EP + Council
– Implementation, where necessary

13. Learnings from the US
• In a February 2014 speech, Commissioner Brill expressed
concern that data from devices—that consumers might not
even know are actually connected to the Internet—can be
combined with existing troves of data to make it even
easier to make sensitive predictions about consumers, such
as those involving their sexual orientation, health
conditions, religion and race

14. Learnings from the US

15. Learnings from China
China’s 5-year plan
• Understand the importance of the IoT
• Correctly get the general idea of the IoT
• Assign the local development task of the IoT
• Guide the development of the key projects of IoT
• Create favorable environment for the development of the IoT
• Create 10 clusters and more than 1,000 IoT firms
• Build a $100 Billion industry by 2020

16. Expected industry moves in 2015
• More ‘productized’ offerings. There will be many more platforms
and solutions enabling out-of-the-box connected devices
• Breakthroughs in smart city service deployments. 2015 will be
the year when we’ll see some real commercial success stories in
smart cities, especially from services that save money e.g. in
Street lighting
• Major OS and new startups will disrupt the connected car market
• Mobile gets a say: i-beacons and wearables to drive more
“connected-ness”
• Avatar concepts start getting real beyond ‘Second Life’ and
related games, e.g. a company called ‘Evrythng’
• Privacy and security. Issues of privacy and security will reach the
top of the agenda. The complexity of IoT solutions will require a
fresh, yet collaborative way of thinking about security.
Source: Machina research

17. What does an IoT enabled house feel like?

18. Summary of valid concerns
• Threats to the Individual & to physical safety: planes, trains and
automobiles (Personal Injury/Property Damage)
• The changing face of identity theft: extends to the “things” that track
our behavior that can then be mal-used to threaten us personally.
• Infringement of IP, copyright, DRM and rights recognition & protection
• Physical & data insecurity
• Impacting of legal Compliance programs: consent to use data, privacy
policies, data breach notification, etc.
• Obscuring of Security Procedures via unauthorized remote
”experiments”
• Contractual Indemnity: the argument of ‘it’s a thing, not a person’
• Insurance fraud and self-inflicted damage
• Country distrust e.g. USA - France communication based on Wikileaks’
claims

19. We say NO to that ☺ ...it’s inevitable and already here. An easy 1st
step is that legislation mandates manufacturers of smart devices to:
• build security into devices from the outset, rather than as a
design afterthought
• train employees on the critical nature of security and when
outside service providers are engaged, those providers are
capable of maintaining reasonable security measures and
providing appropriate oversight
• when a security risk is identified, using a "defense-in-depth"
strategy whereby multiple layers of security may be used to
defend against the identified risk
• ignite measures to keep unauthorized users from attempting or
accessing a consumer's device, data, or personal information and
• monitoring connected devices throughout their expected life
cycle and providing security patches to cover known risks
So…do we say NO to IoT?

20. • Make a conscious effort to make proposals for regulation succinct,
discernible and follow/obey-able
• Avoid cut-and-paste regulation (Covey’s law: Seek first to understand…)
• Always be clear on whose side you are when launching new tech:
fairness, ethics, humanity, profits, did-it-first etc.
• Balance need for openness with the principle of a need-to-know
And finally, a word for the tech-savvy
…and our learned legal practitioners
• Expand your knowledge frontiers, ask more questions, demand
rendition in plain English (e.g. PIN use, identity theft, Social media use)
• Good news: there are sites designed to render complexities simply
• While not becoming complacent & abdicating this responsibility,
never forget this is a “difficult conversation” that must be had

21. “Seek first to understand, then be understood”
THANK YOU

22. Picture & data credits
• www.eecatalogue.com [smart-home setup]
• European Commission DG Justice
• Corporate immersion institute: China & the IoT
• https://www.oasis-open.org/committees/ubl
• http://www.w3.org/html/.
• www.fool.com
• https://www.oasis-open.org/committees/tc_cat.php?cat=cloud
• www.holistichosting.com
• www.ge.com
• Machinetomachine magazine
• www.comsoc.org/blog