Conclusions and further work
In this article we have discussed the origins of the IoT and how this has posed a major challenge to standardisation and a single overall vision. This, in turn, has given rise to challenges for security and assurance in the IoT.
Arguably the most significant challenge, but also the most fundamental, is to encourage standardisation and coordination in the IoT. This is not only difficult in terms of process and technology, but also politics. There needs to be consideration of all stakeholders and their conflicting views on the IoT.
The P3P project shows the difficulties involved in gaining consensus and trust between parties that have different visions and interests. The P3P project was laudable but faced considerable difficulties. An analogous system for the IoT would certainly be beneficial, but it is challenging to ensure that the outcomes are relevant and acceptable to all. If there is to be a protocol, analogous to P3P, to communicate how data are captured, processed, stored, and transmitted, and offer users a way to have choice and control regarding their data, it is important that lessons are learned from the P3P project. It is important that, for any standard to be successful, the project should be mindful of the politics involved. Privacy advocates may see the development as industrial subterfuge, a criticism that was levelled at the P3P project; the protocol should not allow services to create an illusion of privacy whilst gathering personal data. It should be recognised that any standard is likely to be only part of a solution, and as such, implementing the standard alone may not provide adequate protection. Therefore it is recommended that the standard should be used together with other privacy enhancing tools.
