Internet of Things: Regulation

[Mike Gapes in the Chair]

I beg to move,

That this House has considered regulating the internet of things.

It is a pleasure to serve under your chairmanship, Mr Gapes, in a debate on such an important subject. I am a tech evangelist. I believe that technology is an engine of progress. Growing up in the north-east, in Newcastle, the home of the first industrial revolution—although I know that some from the north-west may debate that—gave me a love of science, technology and innovation. The achievements of local greats such as Armstrong, Stephenson and Parsons—that is Rachel Parsons, the world’s first female naval engineer—inspired me to study electrical engineering and embark on a two-decade career as a chartered engineer working in telecoms all over the world.

Newcastle’s experience of the industrial revolution was captured in the excellent BBC series “A House Through Time” with David Olusoga, which showed a mixture of life-changing technological progress and huge social problems, as in many other cities. We are now in the midst of what some consider to be the fourth industrial revolution—although how to count them is not agreed—powered by data and renewable energy, instead of labour, discipline and steam.

Last week the Prime Minister made what I can only call an interesting speech to the United Nations on technology, with this historical analysis:

“When I think of the great scientific”—

I cannot pretend to do his way of speaking, so I will just quote—

“revolutions of the past—print, the steam engine, aviation, the atomic age—I think of new tools that we acquired but over which we—the human race—had the advantage”.

The industrial revolution radically changed society, but it is a mistake—one, if I may say, of privilege—to say that the human race had the advantage. The steam engine rapidly increased productivity but also powered factories and mills with brutal working conditions that produced textiles from slave-milled cotton. Those new tools brought benefits, but the benefits were not equally shared. Of course, that happened before the United Kingdom had universal suffrage or a labour movement and a Labour party, and when many in the world were colonial subjects. Our opportunity, and our duty, in the fourth industrial revolution is to make those technologies work for the many, not the few. In that context, I will today set out what the internet of things is, the benefits it brings, the concerns and the current state of regulation.

What is the internet of things? I was surprised to see that in the Prime Minister’s speech on the gov.uk website, the internet of things was in inverted commas. I am sure that the Minister is aware that IOT is not sci-fi, but a reality of our daily lives. I was the first Member of Parliament to mention the internet of things, in my Westminster Hall debate on machine-to-machine communication in June 2011, just a year after I entered Parliament. One of the Minister’s predecessors, the right hon. Member for Wantage (Mr Vaizey), responded, so I think he was the second MP to mention it.

I called that debate because my experience as a chartered electrical engineer and as Ofcom’s head of telecoms technology had brought home to me, even then, the opportunities and threats that the internet of things represented. At the time, Ericsson estimated that 50 billion things would be connected to the internet of things by 2020. In fact, that was a bit of an exaggeration, because we have about 7 billion. However, global spending on IOT is forecast to reach $745 billion by the end of this year, Ericsson now estimates that by 2023 we will have 31 billion things connected to the internet, and the Government’s own estimate is that there will be 420 million internet-connected devices in the UK within the next two years.

The internet of things is basically things connected to the internet—it does what it says on the tin, for once. That allows everyday objects to talk to each other and to people. In fact, the first internet-connected toaster was revealed in 1989. While there has been speculation for years about how the internet of things will change our lives, it is now that we are really beginning to see its full implications for how we live, work, play and do everything in between.

Smart homes and connected appliances are perhaps the most commonly understood applications. Smart meters mean that we can turn our heating on when we leave work, whatever time that is. A fridge can tell someone when they are out of milk. More poignantly, a child’s teddy bear could record their first words and share them with the whole family.

However, IOT is about much more than household gadgets and cuddly toys. Scaling up IOT will bring us smart cities, where bins can signal when they are full, parking spaces can tell us when they are empty, and traffic lights can tell an autonomous car how fast to drive, so that it never has to hit a red light. Every time I wait at a bus stop—despite the ridiculously high cost of bus travel in Newcastle, that is still quite often—I look forward to an IOT-enabled and truly integrated public transport system, which will mean buses stopping when and where people want them to, and not stopping if there is no one at a bus stop. That means a saving in fuel efficiency, and a saving in all our time.

IOT is also transforming industry. The fourth industrial revolution has at its heart smart factories, and intelligent and flexible automation, making manufacturing cheaper, quicker, more efficient, more personalised and more reliable. Indeed, the smart factory might be in someone’s home—3D printing plus IOT could equal home manufacturing.

I am an internet of things believer. I have studied it, lived it and effectively built bits of it all over the world. It has huge economic and social benefits, as well as environmental benefits, ranging from energy management to tracking endangered species. We cannot address climate change without the internet of things. It allows the monitoring of energy usage but also enables a smart grid. IOT can literally save the planet, which is just as well now that it accounts for 8% to 10% of European electricity consumption.

However, I hope that the Minister will agree that people, and not technology or things, must be at the heart of the internet of things revolution. An IOT that works for everyone requires action—action that this Government seem unwilling to take. IOT will be as pervasive as electricity, and found in every home and handbag. And, like electricity, IOT is an enabling technology, only the enabler is not electric current but data—people’s data—and right now we have no idea who owns that data.

Take personal health tech. A company called OrCam has developed discreet camera glasses for the visually impaired, which can read text and recognise people, while the L'Oréal UV sensor, which detects ultraviolet exposure, is small enough to be worn comfortably on someone’s fingernail. However, who owns and controls the data gleaned by these devices? I hope that the Minister can tell us that, and say why it is not the people who generate that data.

As companies bring more IOT devices to market, this is a pressing issue. Although the GDPR represented progress, it is already years out of date: it addresses privacy, not control; it barely takes account of artificial intelligence and algorithmic management; and it ignores completely the internet of things. The Information Commissioner’s responsibilities over IOT are unclear.

The more interconnected things are—which in itself is a good thing—the bigger the potential for cyber-attack, which is already a huge area of concern. In 2018 there was a 500% increase in the average size of a botnet attack. There are more than 7 billion IOT devices in circulation, and that number is only going to grow. Given that each IOT device is always on, it is possible to build and deploy large-scale attacks within minutes.

In 2017 the US Food and Drug Administration recalled almost half a million pacemakers due to fears that they were vulnerable to hacking, while a Chinese IOT firm recalled 4 million cameras for the same reason. November 2018 saw the first scaled botnet attack using smart TVs. Other household appliances can also be used not only to bring down internet platforms such as Spotify, Amazon and Twitter, as happened in 2016, but to take control of our homes or any networked utility. Back in 2010 an Iranian nuclear facility was targeted by a malicious computer worm, which led to the shutdown of multiple gas centrifuges, and in 2015 blackouts in Ukraine were caused by cyber-attacks. Although we call them “cyber-attacks”, they have very physical consequences. In 2017 the Federal Network Agency, the German communications regulator, told parents to destroy a talking doll called Cayla, because its smart technology can reveal personal data. A couple of years ago I wrote about the implications of internet of things security for sex toys, but today I will spare Members’ blushes.

The lack of security on IOT devices is not only a risk to the individual user; it threatens huge economic and social damage. Importantly, security for IOT devices does not just need to be built in at the start, even though that in itself takes time and money; it needs to be upgradeable over time as threats evolve. However, producers of IOT devices are simply not incentivised to consider security concerns, with global supply chains competing mainly on costs for devices that can be sold for only a few cents or even less. Of course, the lowest-cost device is, inevitably, the lowest-security device. This is one problem that the market cannot and will not solve on its own, which means that it is up to Governments to correct.

In his speech, the Prime Minister used quite lurid language on the issue of internet of things surveillance:

“But this technology could also be used to keep every citizen under round-the-clock surveillance. A future Alexa will pretend to take orders. But this Alexa will be watching you, clucking her tongue and stamping her foot”.

The Prime Minister shows both his lack of respect for women and his lack of understanding of technology in caricaturing it as a nagging housewife arguing with an unfaithful husband. That sort of gendered view is, sadly, far from uncommon. Technology is far too often the creation of well-off men and, unsurprisingly, it reproduces their biases and prejudices.

There is an important issue of surveillance to address, both in the private and public domain. The recent book by Shoshana Zuboff, “The Age of Surveillance Capitalism”, addresses the ways in which data is used not just to monitor us but to direct and control what we do. We see it already in the practices of Amazon, Sports Direct, Uber and Deliveroo, to name just a few, where the companies’ control of data can control work life.

Research by Defend Digital Me shows that the internet of things has an increased presence within our classrooms, from direct monitoring through biometrics to facial recognition and tracking technologies as part of a smart campus project, in some cases run by the Office for Students. Many of the applications that are marketed claim noble aims around improved health or scholastic performance, but they are rather less clear when it comes to consent. When we consider how the internet of things can be used to monitor children in compulsory education, how can the child or parent be said to consent if it is a generalised practice?

The Government have repeatedly ignored warnings on cyber, much less done anything to ensure that small businesses and citizens, as opposed to big businesses and national security agencies, are protected. There are no current regulations that require a security standard for internet of things devices. About 30 groups are developing security standards for the internet of things, but if we have 30 standards, we do not have a standard. Our public response needs to be as joined up as our networks, but it is not. Responsibility for cyber-security lies across several disconnected Government silos. The Home Office publishes cyber-security stats; the cyber-security strategy comes from the Cabinet Office, although it was launched with a speech by the then Chancellor; the Department for Digital, Culture, Media and Sport takes care of cyber-skills for young people; and the cyber-essentials scheme sits in the Department for Business, Energy and Industrial Strategy. Responsibility for cyber-security is defused across Government. There is a lack of leadership and, even worse, a lack of concern. The policies seem largely to ignore mobile devices and the internet of things.

At the same time, and for some years now, the Government have been encouraging us to take up smart meters, for example, without a regulatory framework to protect us from attack. Personally, if a device is called smart, I do not buy it, at least not without a one-hour technical interrogation, which few customer service agents can pass.

My hon. Friend is making a very important speech. I, too, have spent time reading the Zuboff book, and the more I read it, the more alarmed I became. Does she agree with me that the real issue is the one she started with: whose data is it? Without that being resolved, there is an inevitable drift towards big tech companies using it for profit. Why wouldn’t they? But it is our data, and on every one of these issues, if we could pin that down, it would completely disrupt their business model. That is why it is a tough thing to do, but it would ultimately resolve the issue.

My hon. Friend, who is a great champion of innovation and technology—coming from the constituency that he represents, it is appropriate—makes a critical point. I could not have put it better. Although this debate is about regulation of the internet of things, it is impossible to talk about protection and security in the internet of things without talking about the data that is its lifeblood: the flows of data that both drive and enable the internet of things. We are in a confused state about who owns and controls the data and how it can be shared. The Government, for example, had at the last count at least 80 different ways of sharing data with themselves. As long as that is the case, we cannot have real security or integrity within the internet of things.

Last year the Government finally took some action with their Secured by Design voluntary code of practice on the security of the internet of things, as well as guidance for consumers, which was later codified as ETSI TS 103 645. In May this year, the Government announced a consultation on the introduction of some mandatory legislation on labelling. For example, retailers would have to label internet-of-things products as complying with varying levels of the Secured by Design code. Labelling is necessary because the Government will not decide what is secure and make it mandatory—if everything were secure, it would not need to be labelled. We await the outcome of the consultation. However, there are at least five major issues, and many others besides.

First, the tone of the consultation is, “Regulation is very, very bad and stops innovation, so let’s just have as little as possible.” Secondly, there is no enforcement or sanction. Thirdly, while some mandatory requirements are proposed, they would simply be a declaration of adhering to standards. That approach puts a major emphasis on the consumer to understand these increasingly complex problems and does not account for the use of the devices in public spaces.

How long do you think we’ve got?

We have an hour and a half, which will be more than adequate. I should perhaps have said that the Minister has a background in technology, as a tech correspondent, so I am sure that he has the answers to all the questions.

Loth as I am to interrupt the exam paper, which I am sure will come to an end soon, a practical application of the questions came up not long ago with the facial recognition monitoring of my constituents at King’s Cross station. I hope that the Minister will be able to explain how they can be protected in future.

That is another excellent intervention from my hon. Friend. I look forward to the Minister’s response about facial recognition technology and consent.

I have asked the Minister nine questions and here is the 10th and final one: can we have a comprehensive forward-looking review of digital rights and responsibilities to deliver a regulatory framework fit for the future, which encompasses data rights and delivers an internet of things security architecture in which citizens can have confidence?

I hope that the Minister noted that when US presidential candidate Elizabeth Warren talks of regulating the tech giants for the benefit of consumers Facebook trembles—so much that Mark Zuckerberg has promised to “go to the mat” and fight her over it. However, when the Prime Minister talks about “pink-eyed terminators” the world laughs. That matters, particularly as the Minister advocates a hard Brexit, after which we would not have the support of our European friends and colleagues in establishing internet of things regulation.

The internet of things could represent a more profound technological change than anything since electricity, as I have said. To make it work we need to understand the problems that it raises, and lay out a clear framework for technology companies to work in. However, to take advantage of the changes, we need a Government who understand the opportunities of the internet of things, and who work with industry to mitigate the threats. That is a question not primarily of technology but of standards, interoperability, protocols, control, industry co-operation, self-regulation, legislation and enforcement. If we get that right we can look forward not just to a future of the internet of things but to a prosperous future of innovation that works for all, and things that have yet to be thought of, the benefits of which will be shared by everyone.

I, too, look forward to hearing the Minister’s response to all those questions in a few minutes’ time. I congratulate my hon. Friend the Member for Newcastle upon Tyne Central (Chi Onwurah) on securing the debate, which covers some of the most challenging issues that society— indeed, humanity—will face over the coming years, many of which are rarely discussed in Parliament. Her speech was quite brilliant.

The internet of things is such a vast subject that it is difficult to know where to start, but I will restrict myself to the ethical questions that underlie the regulation issues that my hon. Friend spoke about, given the epochal technological challenges. In a general sense, many challenges that the country faces appear inversely related to our capacity as politicians to properly discuss them, let alone resolve them. Increasingly, liberal democracies appear unable to navigate the complexities of the modern world. One obvious example is the escalating authoritarianism across Europe and the globe—where is the political diagnosis and response to it, and where is the defence of liberal democracy? To give another example, do we really talk, post referendum, about the issues and feelings that ushered in the referendum, or are we preoccupied instead with the technical aspects of Brexit?

Maybe politics has lost its ethical grip and become too technocratic, and maybe today’s populism is a backlash against that managerialism. Maybe we require a different conversation that addresses moral and ethical questions about the lives that people wish to live. I realise that that point appears unrelated to questions of robotics, the internet of things and artificial intelligence, but I would argue that it is imperative to embed our discussion of those technological changes in a deeper conversation. I welcome this debate because maybe we can start that conversation—arguably the most profound conversation that confronts us as politicians and public policy makers in this country and across the planet.

Whether the forecasts are apocalyptic or utopian, no one doubts the significance of artificial intelligence and the internet of things. They have the potential to affect all aspects of policy, from education to the labour market, and from policing to health and social care. However, much of the current political thinking about artificial intelligence is reactive and geared simply towards ensuring that Britain is at the forefront of technological change—we might describe that as the utilitarian approach. Maybe we should begin instead by discussing what role technology should and should not play in our societies, our workplaces and our personal lives. That departure point would be different from the one that tends to dominate the utilitarian approach: instead of focusing simply on utility or economic benefit to Britain plc, it would focus on justice and how society should be organised.

I thank my hon. Friend for his excellent remarks, which cover the ethical debate about technology that we too rarely have about the internet of things. One example of the approach he describes—the idea that technology can solve all our problems—is the proposals for alternative arrangements on the island of Ireland, which I understand are being driven by blockchain and other technologies that the Government are not fully familiar with. That libertarian idea that technology is the answer to everything has driven our regulatory approach for too long, so he is right to say that we need experts on technology who can stand up for and consider its future applications from the point of view of society and citizens.

That is bang on. For many in silicon valley, that confidence in the potential of technology goes hand in hand with a widespread libertarianism: as the role of technology and profit margin expands, so the role of the state should contract.

My hon. Friend did not mention those who come at the issues from a transhumanist approach. Modern transhumanism asserts that technological change creates the opportunity to transcend the human condition and become transhuman, and that that is to be celebrated, while resistance is deemed nostalgic or parochial. Politicians now and in the future will have to defend a discernible human condition in these debates, which will be a huge challenge.

For example, what happens when transhumanist thinking informs the technologists? Nick Bostrom is the director both of Humanity+, an international transhumanist organisation, and the Future of Humanity Institute at Oxford University, which regularly produces policy recommendations for Government. The point is that politicians and policy makers need to avoid being captivated by the promise of technological progress without an appreciation of the philosophical assumptions that inform the thinking behind the policies being advocated by those with agendas. Consequently, philosophers such as Jürgen Habermas have argued that politicians and policy makers should maintain a “species ethic” when navigating this terrain. These are deep waters, yet such questions are not really addressed in modern political debate.

On a slightly more practical level, the potential risks of mismanaging artificial intelligence are phenomenal. The most obvious example is mass unemployment. It is not possible to pick up a newspaper without reading about the march of the robots and the end of work. Estimates of the proportion of jobs in the UK that could, over the next two decades, be replaced by artificial intelligence and related technologies range from some 22% to between 40% and 45%. There are a wide range of estimates—some of them quite dodgy—of future structural unemployment, and they point to a range of conflicting policy options, such as universal basic income versus full employment. That suggests a wider range of policy remedies, but we are not spending enough time scrutinising the assumptions and empirical data that underscore those policy debates. Maybe we should.

To give a further example, we have already seen data analytics being used malignly in targeted political campaigns, and that practice will become ever more sophisticated, at the expense of our democratic process. As has been mentioned, in the corporate world facial recognition software is now being trialled for the purpose of marketing, to detect the efficacy of an advert on the viewer by judging their facial expressions. Businesses now have the potential to reach into people’s lives in the way Orwell’s “1984” imagined for totalitarian regimes.

My hon. Friend is making excellent points. Although my remarks on Brexit and technology were limited, I want to emphasise his point. If we agree that part of the Brexit vote was based on people’s sense of disconnect from Brussels and the corridors of power, how much greater will that sense of disconnect be when all decisions are made through technology that monitors but is not under the control of the people?

Exactly. These are essential issues for the democratic character of western market democracies. That takes us back to the question my hon. Friend asked the Minister about the Government’s proposed remedies and policies. As it stands, policy proposals to meet these challenges are phenomenally weak. For instance, they include developers undergoing training in ethics as part of their computer science degrees, companies ensuring that their workplaces are diverse, and individuals who are made redundant by AI, perhaps repeatedly, being able to train for a new career. As I mentioned earlier, universal basic income is one proposal floated to ensure that those who lose their jobs are not made destitute, but that would mean the state taking on a phenomenal welfare burden just at the time when fewer people were able to pay income tax. To make up the deficit, people such as Bill Gates have suggested a robot tax, but would we tax algorithms as well as robots? Trying to define a robot is a legal and regulatory nightmare.

Returning to the question of regulation, before we make good policy, perhaps we need to return to first principles, asking questions about the values we place on work, freedom, privacy, community and justice—in short, what we want our society to look like. From there, we can then discern the role that we wish to allocate to technology, rather than being seduced by the hype of novelty and processing power. We decide the ethical environment and responsibilities of technologists and their platforms, not vice versa. If we do not build policy on a well-defined vision of human flourishing, policy makers run the risk of slipping into techno- solutionism, thereby putting technological and economic progress above people, leaving them to become citizens of those corporations.

Alternatively, we could endorse a somewhat softer technological determinism and use policy only to manage what we euphemistically call “risk”, when what is really at stake is huge social issues: rising inequality, the accumulation of power in the hands of private companies and human dignity itself. Deeper political conversations are required about what constitutes a good life and a good society. That should inform our approach to regulation. We literally need to rethink human rights in a different way, in terms of the preservation of the species. Thanks to my hon. Friend the Member for Newcastle upon Tyne Central, we can start that conversation.

It is a pleasure to serve under your chairmanship, Mr Gapes. I congratulate my friend the hon. Member for Newcastle upon Tyne Central (Chi Onwurah), with whom I serve on the all-party parliamentary group for Africa, on securing this debate and being very fleet of foot in doing so. Of course, we were not supposed to be meeting this week, so goodness knows when she might have had time to secure the debate otherwise. It has been a pretty profound and comprehensive debate, and there is plenty for the Minister to respond to, so I do not want to take desperately long in reflecting as the Scottish National party spokesperson. However, given that we started with some debate about the industrial revolution, I remind Members that if they care to take a stroll through Glasgow Green, they will find the boulder that commemorates the spot where James Watt conceived of the condensing steam engine, and much has flown from there.

I thank the hon. Gentleman for giving way. I recognise that while I did acknowledge a debate between the north-east and the north-west of England as to whether they were the home of the industrial revolution, I failed to acknowledge Scotland’s claim, which is equal. I will only add that obviously Watt’s initial invention was perfected and made commercial as a steam engine in my constituency in Newcastle.

I think there is enough credit for it to be happily shared. It is a timely debate, not least in the context of the Prime Minister’s speech at the UN General Assembly. Both the hon. Lady and the hon. Member for Dagenham and Rainham (Jon Cruddas) have made comprehensive contributions in which there was much to agree with that does not necessarily need repeating.

I am not certain whether the SNP has an established view on transhumanism. We have a vision for the future of Scotland and our population, but whether that extends into the far future of the human race, I am not entirely sure. It is important that we have these opportunities to reflect on this kind of thing, and the idea of starting from first principles is important. A range of significant and exciting opportunities come with the internet of things, but it clearly raises challenges, too. It is already part of some people’s daily lives, perhaps without them even realising or with them already taking it for granted. I know several people who take for granted being able to control central heating from a remote location and switch it on when they are on their way home.

On the roll-out of automated and electric vehicles, I saw a report today on the first tests that will take place in London. The hon. Member for Newcastle upon Tyne Central spoke about her experience of the roll-out of such technology in Africa. I am aware of parts of Africa—Rwanda, for example—where drones are used to deliver medicine and medical devices. That all relies on the technology of the internet of things.

There are undoubted challenges, to which I will return, but I want to reflect briefly on the position in Scotland. Notwithstanding the challenges and the importance of getting regulation right—the United Kingdom Government and devolved Administrations need to co-operate in doing so—the Scottish Government welcome many of the opportunities presented by these technologies. Last year they announced a £6 million project to develop the internet of things across the country. To support businesses to develop new and innovative applications, IoT Scotland provides a wireless sensor network for applications and services to collect and send data from devices without the need for 3G, 4G or wi-fi. Examples include installing smart bins in local high streets that can indicate to local authorities when they require emptying; making the best use of bin lorries through the correct collection cycle, which in turns helps to reduce carbon emissions; and monitoring office environments to lower costs by saving energy. That three-year project includes investment from both the public and private sector, with the Scottish Government investing almost £2.7 million.