torsdag den 27. oktober 2011

Generic Architecture for Intelligent Systems

Abstract This paper describes a generic architecture that can be applied to complex, intelligent systems that require provisions for 'Privacy by Design'. It describes the challenges for the designers and users of such system, principles for selecting components and a suggestion for a generic standard interface for controlling access and privacy.

Background: Inspired by the current discussion in Denmark concerning the need for 'welfare technology', i.e. the next generation of what used to be called 'Tele Medicine', aiming primarily at elderly and/or people with chronic diseases living in their own homes, and the recent focus on intelligent homes, 'passiv systems' as described by Colin Calder as well as 'smart grids', it is obvious that all three domains represent variations of the same class of problems. The basic inspiration is actually from the founders of Cybernetics- We are focusing on control systems, whether we are discussing welfare/well being of humans, emission of CO2 from our houses, controlling/optimizing the use of the available amount of electric energy in a grid, water consumption etc. As we are also heavily engaged in the challenges with 'the internet of things', as the Danish technology Council is right now trying to cope with in a national analysis, we know that before long we will have more intelligent gadgets connected on the internet than we have human beings on the surface of the Globe. So we are talking of a complex network of 'gadgets' that each have an address on the IPV6 network (whether this is static or dynamic), and not least we are talking of a man-machine network of dimensions we have not yet seen.


So what are the major challenges and how do we cope with them? First of all the Complexity is huge. There is a need for a simple way for human beings to understand this complexity and make it manageable if not intuitive.

There is also a lack of common standards that will lead to development of fractions of systems that will not easily connect to each other. If this is not solved, we will still be in the situation a hundred years from now that we 'think' we have a firm infrastructure, but in fact are using yesterdays technology far beyond applicability. Components have to be replaced as technology progresses. We can hardly believe that the CONTINUA alliance nor ZIGBEE alliance will be sufficient to include also smart grids systems, intelligent cars etc.

The basic example of this kind of backward thinking is that the distance between the rails of a railroad (in UK, US) is exactly the distance between the wheels of the roman war chariots. These chariots dictated the construction of roads - and that is where the railroads where first laid.

Lack of a standardized, simple user interface:

Imagine your own house in 10 years: How many gadgets do you have installed then? Controlling your energy consumption, your heating, your communication with the external world, your car, your dog, your children? Your refrigerator and it's contents? And possibly also your blood pressure, blood sugar, weight, exercise and more if your are elderly, alarm system to warn against intruders, systems to help park your car etc. Now, when your TV got 40 channels, when you connected it to a DVD and later maybe to the internet, you still got the remote control – but where is the standardized remote control for your intelligent house ?

Lack of an intuitive and simple way to control use of your private data.

When all you gadgets, well – most of them – are also connected to the outer World, how do you control that your personal data are not revealed to other than those that you have deliberately chosen as trustworthy partners for those particular data? Your mobile phone today contains Apps that will reveal your whereabouts to a lot of third parties, your car will contain history and log of where you have been, how fast you have been driving, your kids can be located by GPS, your buying habits can be combined with your location – and potentially your insurance company can

be informed, if you have a tendency to forget to close the windows, turn off the water in the bath tub – just to mention a few, before we even touch medical and health data. It is not likely that you will just let go of all this info, leave it to 'big brother' or you benevolent neighbor. But how do you manage all this in a simple way?

Approach – The Basic Control/Feed Back system - Any gadget is either a part of or a complete control/feed back system. It will look like this:

Any type of regulator contains these components: The detector checks the intended target, say room temperature, provides the input to the logic system that decides, according to predefined rules, that it is either too hot or too cold and sends signal to an effector, an actuator, to turn on a heater or turn it off. The result is then measured by the detector etc. The snag here is in the logic and the lag between measuring and controlling, but that's another story. Now, some systems may have only the detector and the logic requiring a human being to act as an effector, but the concept is the same.

The model can then be extended in several ways, the first way is an identifier for each sub-component and an identifier for the system as such. It may or may not be the same as an IPV6 address or it can be linked to the IPV6-address. The purpose of the ID is to keep the system in control and avoid unintended change of components. Yet on the other hand, a component could be exchanged, as it's ID is accepted by the system as such to allow for new technology etc.

Now we need to add something to this model, we need to store program and data, that is produced by the system so we extend the model with 3 types of stored info: 'Rules', PID Data, and Non-PID Data. First we need to have a store for the rules - as we may have to re-program the system - or if we install an 'expert system' that learns from the success of the regulation and changes lags, size of impact, duration of impact etc. Then we need to log data. Either the data is connected with a human being and is personally identifiable or it is 'neutral', for instance concerning environmental data. This is important as we shall see later when we introduce the privacy design in this system.

External partners - Next step is of course to introduce the outer World and the surrounding networks, 'grids', external expert systems, external experts, doctors etc. The simplest case of course is to allow external sources access to non-personal data, as will be the case for intelligent grid systems, where changes in external data like pricing of electricity or availability of water, will allow local appliances to be turned on or off according to the pre- programmed rules. This simple model can be applied to all non-PID items in your house, including your intelligent refrigerator that controls the ordering of fresh milk, expiry dates for meat and eggs etc. as well as your use of dish washing machine at times with low energy costs etc. etc.

In this picture we have added human interven- tion as assistants for the PID-related data.
(One might of course have automatic response systems for some PID-items).
The idea is here that the access rights as well as the data transmission are controlled by an ACL – a so-called Access Control List, which is
a list controlled by the user in exactly the same way as you control which individuals among your friends that belong to which specific group of trusted partners. This is a role based access mechanism, and by using the Facebook/Google+ type of management, it is intuitive for each user, that your house doctor has a need to know about your heart condition, while your neighbor is only allowed to know if you are out of house.

Privacy by Design

Whenever a gadget is installed, it is either immediately configured with access controls defining a 'role' of supporters, that are allowed access, or you are asked to define, which role of supporter you will allow access to this particular class of PID. In a different set up – 'Facebook-like' – you can then maintain the coupling between the actual persons by their digital identity credentials for the persons that should be allowed access acting in the particular role.

In the example above there are more than one home nurse that will visit you, so each is granted data access under the role of home nurse. In some cases – for instance if your life sign indicator signals that you haven't moved or breathed for a defined (short!) period, an alarm immediately goes off at the same time with the doctor and at the alarm centre. Some data are irrelevant for some roles, your therapist may only be interested in your weight, and in some cases the data are not actually sent as an alarm but may be retrieved by a defined role in case of emergency.

Conclusion- By applying basic concepts of control system mechanism and straight forward, Facebook-inspired control of identities (=friends) belonging to a specific group = role, the user can control sharing of personal data, also in complex systems. The components of the total system can be changed if the interfaces are constructed according to defined standards, and all components are equipped with specific identities to ensure tracking and maintenance.

Of course a lot of other considerations has to be added depending on the detailed functions of the gadgets, and also the decision modules, rules, detailed function of expert systems will have to be specified. But the basic architecture, thanks to Norbert Wiener, need not be too complicated.

torsdag den 20. oktober 2011

Åbne Offentlige Data - Hvad skal der til?

(Fra - åbne offentlige data)

En række lande har haft stor opmærksomhed på at gøre offentligt indsamlede og registrerede data tilgængelige for borgere og erhvervsliv. Det gælder primært UK, US, Canada, Australien, Holland, Norge – og i EU er det blevet en del af den strategiske målsætning for den fremtidige udvikling af eGovernment.

Set i international perspektiv ligger Danmark langt efter se f.eks. - - Men på trods af den beskedne placering har man faktisk forsøgt med diverse tiltag at åbne de offentlige danske data, især tidligere Videnskabsminister Charlotte Sahl-Madsen stillede sig i spidsen for at kortlægge de offentlige data, og ikke mindst 25 af de dataset, som den hedengang IT og Telestyrelse havde direkte kontrol med

I indeværende år er Zangenberg og Co. barslet med en rapport om værdien af at åbne offentlige data. Denne rapport er baseret på interviews med en række brancher og organisationer, og peger især på værdien for følgende brancher:

  • Banksektoren, hvor en øget adgang til borgernes indkomstforhold vil kunne medføre besparelser og mulige, undgåede tab på 'mindst 500 mio'

  • Energisektoren, hvor en øget adgang og en bedre kvalitet af offentlige bygningsdata m.v. og viden om energiforbrug og isolering ville kunne give en samfundsmæssig besparelse på måske op mod 4 – 20 mia om året

  • Den Farmaceutiske industri, hvor bedre adgang også til anonymiserede sundhedsdata kan medføre mere effektive lanceringer af nye præparater, ligeledes 'i milliard-klassen'

  • Turisterhvervet peger på mulige bedre skræddersyede data til at tiltrække kulturelle turister eller bedre totalinformation, uden dog at sætte størrelse på mulig indtjenening.

  • Detailhandelen synes ikke umiddelbart at kunne se behovet for adgang til flere data, mens

  • Forsikringsbranchen mener at se et potentiale i bedre rådgivning i forbindelse med ændring i boligforhold, indkomst, familie medens

  • Kommunerne ser 2 områder: Fortsat reduktion af socialt bedrageri og en langt bedre adgang til sundhedsdata til at kunne optimere behandling, pleje m.v.

Hertil kommer ODIS initiativet, der bl.a. har resulteret i oversigten over offentlige datakilder, der er udgivet her:

Problemet med navnlig den sidste oversigt er, at den omfatter revl og krat, virker vanskelig at gå til, og skal sammenholdes med formater (f.eks. OIO, XML m.v.) før den rigtigt kan udnyttes.

Sammenligner man med de erfaringer, man har haft i andre lande, specielt UK, er det klart at grundindstillingen og tilgangen har været en noget anden; for det første har et af hovedformålene i andre lande været 'Open Government' , d.v.s. Man har set det som et middel til at øge regeringens/forvaltningernes troværdighed ved at gøre beslutninger, resultater etc. transparent, medens den danske tilgang i henhold til den tidligere regerings udmeldinger har været at slippe data løs, så de kunne benyttes innovativt og dermed være medvirkende til at skabe ny vækst og beskæftigelse.

Og her kommer Zangenbergs rapport til kort, i den forstand at det er de bestående erhverv og den etablerede industri, der er fokus for hans undersøgelse. Det betyder ikke, at resultatet nødvendigvis er forkert, men kun at erfaringerne fra de andre lande tyder på, at de bedste ideer opstår i et samspil, en 'mash up' mellem forskellige datakilder, som branchens etablerede specialister muligvis overser.

Et punkt, hvor Zangenbergs rapport imidlertid rammer plet, er at sætte fokus på hvor privacy-begrebet sætter grænser – eller rettere: hvor pseudonymisering af data er en væsentlig forudsætning for udnyttelse af data.

Ser vi på tiltag i EU, er det værd at bemærke, at de nuværende måder at sammenligne de enkelte landes eGovernment performance på, er ved at 'løbe tør' – i den forstand, at EU siden 2001 har målt udbud, 'take up' af 20 nøgleapplikationer, og mange lande har nu nået op på tæt på 100%.

Allerede for et par siden advokerede David Osimo for, at næste fase af sammenligninger mellem EU-lande skulle foregå baseret på tilgangen til åbne, offentlige data – både ud fra et vækst synspunkt og ud fra et transparens-synspunkt. (Se hans anbefalinger her.). Han foreslog udvælgelsen af 20 'arketyper' af data, som hver skulle vurderes efter følgende skala:

0 - no information available 1 - description of the procedure to obtain the information through FOI

2 - information available in non reusable, non-machine readable format

3 - information available in reusable and machine readable format such as xml or dbase

4 - information available as per stage 3 and visualizable through predefined tools (georeferencing, histogram etc.

Synspunktet er fortsat validt, men for at komme til en meningsfyldt oversigt og tilgang til de danske, offentlige data kræver det mere end bare en oversigt over hvilke formater, selve databassen er lagret i. Det vil kræve en adgang til en meta-databeskrivelse, så også nye brugere, nye initiativtagere og eksisterende virksomheder kan få en let tilgængelig oversigt over hvilket interface, hvilke datatyper, der kan gives adgang til. (Det er ikke altid en enkel opgave – f.eks. har sundhedsområdet i mange år døjet med at standardisere begreber på tværs af kliniske specialer.)

Det forekommer nærliggende at tage udgangspunkt i de såkaldte domænebestyrelsers arbejde med kortlægningen af arbejdsopgaver og sammenhænge mellem grunddata for at komme skridtet længere. Domænebestyrelsen for boliger og bygninger vil således mere målrettet kunne arbejde med bl.a. de anbefalinger, som Zangenberg er kommet med vedr. energi og isolering. Tilsvarende ville en revurdering af det arbejde, som Erhvervs- og Selskabsstyrelsen laver for domænet 'Erhverv' passende kunne udvides, så det bliver muligt at lave et sammenhængende informationsflow for hele beskæftigelsesområdet: Data fra virksomheder, der planlægger at opsige folk, data om pågældendes skills, erfaring, uddannelse, data fra virksomheder, der søger folk, hvilke skills, erfaringer og uddannelser, der er behov for, match af 'gaps' mellem de to som input for korterevarende efteruddannelser og match med eksisterende udbud af efteruddannelser – og så naturligvis kobling til A-kasser og ledighed, jobkontorer m.v. Desværre fokuserer den netop vedtagne fællesoffentlige IT strategi på effektivisering af de administrative opgaver i forbindelse med ledighed og ikke på at løse det grundlæggende problem.

Som opsummering har vi behov for følgende analyser og anbefalinger vedr. åbne, offentlige data:

  • Pr. domæne (der er kun 4!) en oversigt over grunddata og dynamiske data, ejer, format, metadata

  • Kortlagte arbejdsgange i det offentlige, der føder/benytter disse data (FORM/STORM)

  • Specificerede behov for beskyttelse af private data og behov for samtykkestyring

  • Mulighed for pseudonymisering (f.eks. af medicinske data til forskningsbrug)

  • Potentialer – sammenligning med udlandet

  • Barrierer – hvor kræver det en ekstra indsats for at kunne opstille metadata, åbne databaserne og synliggøre mulighederne for relevante nationale og internationale spillere?

torsdag den 13. oktober 2011

e-Identity - How concerned are You really about privacy?

(Picture from PRISE showing multiple identities for 'John')

This morning the Danish Radio had a new story about the long-delayed travel card, which will provide train and bus passengers with a contact-less card instead of old tickets. The card itself is a bit of a problem as it has been delayed for several years (In spite of other countries that have implemented similar things years ago – Oyster Card in UK was launched in 1999) – but the issue was that the passengers are requested to identify themselves with the personal registration number to get a standard travel card. The card issuer – – at their websites explains that this is because it is a personal token, if you want an anonymized version, which you can use between yourself and your friends and family, you will have to pay extra. Also pensioners and students will have to have a personal photo on the card to ensure nobody is getting a discount they are not entitled to. Further the travel card requires that you link it to your bank account via the Dankort, but claims that this is only used when you are re-filling the card, that is, paying money for your upcoming trips. The identity data kept by the rejsekort-organisation is' stored safely at a central database' and access to this is only granted to ' and it's business partners'. Partners include a number of bus companies, Danish Railroads and others. And even if you cancel the card 'the data logged describing your trips will be kept for 6 months to analyze travel patterns or as a proof if disputes should arise.' And further guarantees that they will stick with the Danish legislation on privacy. (The web page is not even in English, sorry!)

I immediately came to think about this as yet another proof that the Danish population indeed are the most happy people in the World and they have a firm trust in their government as well as in semi-governmental institutions and that nobody will even consider complaining about it, while in other countries this would have aroused protests, strikes and boycotts. (UK, Germany, US ..)

After my participation in the meeting on 'the Internet of Things' it is obvious, that this kind of infrastructure and the logging of the use of it is yet another example of 'Function Creep' in the use of what seems to be an innocent way of identifying persons, the CPR-no. Yet this number and the accompanying name, address and maybe photo may be another source for new ways of identity theft and also a new way of getting money out of people's bank accounts.

In most other European countries the attitude of the citizens would have prevented a thing like this. We have even had several EU-sponsored studies that have been dealing with the concept of having multiple, secure identities, that any citizen has a need to change the e-ID over a life time and across the various sub-domains, where she/he may need an identity. In Denmark we are simply blind to the risks, because we take for granted, that we have secure banks, that our salary system with our employees are safe, that our pension funds are safe so that for instance the tax system works almost without any input from the tax payer, it is close to 'hands free' and has been for some years. Try to explain an Italian why the Government ID should be used for your employer before you can get your salary, or in UK why the insurance company should use the same identifier as you use to receive your social benefits.

This difference in attitudes is also visible in other areas: Denmark has a higher number of CCTV's pr. Capita than any other country in Europe, even including UK. Yet the general attitude is that 'It doesn't matter as long as you have nothing to hide'. But if you look at all the apps for the iPhone or Android that with or without your knowledge register your whereabouts at any given time, the growth of CRM systems capability and tools for analyzing vast amounts of data (Ref. The 'Watson machine' by IBM) then it would become clear, that you need to strengthen the control with who is actually gathering data, what data they gather, how it is protected and how this relates to your 'official e-identity' or is a sub-ID created for just the purpose, for which the data is gathered.

These concerns are getting more weight as hackers, spoofers, fishing attacks etc. are gaining momentum and as more citizens are being exposed to data thefts, not to mention identity thefts.

As I have mentioned other places, the PRISE (Privacy-Security) project funded by EU ended up by a number of recommendations as did the PRIME, later PRIMElife project, that developed prototypes and methods to demonstrate how multiple, yet consistent identities could be maintained and still remain under the user's control. As is clear from the picture above, most people have different identities, and even public ID's need to be changed as technology progresses and as decryption and new, powerful computers demand upgrades of security. But still, an individual will like to shield parts of her/his life from others: Multiple facebook identities? One entity for gmail, one for company correspondence and one for friends and family, one identity and network for people sharing your hobbies etc. If you combine this view with the 'Internet of Things', gadgets, that may or may not contain data about your behavior, whereabouts, messages, pictures etc., then it becomes obvious that whether you trust your government or not, it may not be the brightest idea to use the same, basic and omni-potent e-Identity everywhere you go.

Already in 2005, Kim Cameron developed what he called 'The Laws of Identity', which described the fundamental laws, that any identity management system would have to obey if it should work across domains and survive for a prolonged time. He suggested the following laws:

  1. Technical identity systems must only reveal information identifying a user with the user's consent

  2. The solution which discloses the least amount of identifying information and best limits its use is the most stable long term solution

  3. Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship

  4. A universal identity system must support both 'omni-directional' identifiers for use by public entities and 'unidirectional' identifiers for use by private entities

  5. A universal identity system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers

  6. The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambigous human-machine communication mechanisms offering protection against identity attacks

  7. The unifying identity metasystem must guranatee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.

These criteria were put to a test by PRIME and later by PRIMElife, that made some exceptional demonstrators to prove the feasibility of these principles.

Also ENISA focused on this topic in the report on 'Managing Multiple Identities' which contains a realm of references to other relevant EU studies on this and corresponding issues.

As EU is now moving on to look into further use of cross-border identities it becomes clear that solutions like this are needed, as countries like Denmark cannot continue to be like the sleeping beauty hiding behind a wall of roses, we need to confront the Nordic faithful citizen with the skeptics of UK and non-believers of benevolent government in other countries. We have to help the Danish citizen with a simple, yet consistent way of controlling her/his own data (law no. 7) which will help us to travel across Europe, get our Government services - like pension, social benefits, while studying abroad - or help us with our medical and health record if we by accident or deliberately turn to hospitals in other European countries to assist us. The days of a magnetic strip card are long past, and while we are waiting for a more intelligent Danish ID-card that the semi-paper based NemID, we need to think out of the box and more important, actively participate in the projects that intend to offer capabilities to use and re-use eID's acroos borders. (See for instance the STORK project based on the idea of the European Interoperability Framework)

torsdag den 6. oktober 2011

Tingenes Internet

Teknologirådet inviterede den 4.10 til opstart på et projekt, der har til formål at belyse mulighederne for anvendelsesområder og de særlige sikkerhedskrav, der vil opstå, når 'tingenes internet' meget snart bliver en realitet. Mødet blev indledt at Kim Escherich, IBM, der har ansvar for 'tingenes internet' og 'smart planet' hos IBM. Denne film illustrerer begrebet og IBM's synspunkter på emnet.

Alle IT-firmaer og konsulenthuse er begyndt at interessere sig for emnet – se f.eks. McKinseys blog, Sun's side allerede fra 2003 om 'The Internet of Things' og ikke mindst netværksleverandøren CISCO.

Men kan vi definere begrebet lidt nærmere og lidt mere operationelt? Vi opfatter tingenes internet som de ting – enheder, processorer, lagringsenheder, 'apparater' – der har en IP adresse og som kan kommunikere via internettet. Uanset om det er lukkede, krypterede net, der bruger internetprotokollen eller enheder, der er forbundet i det 'store' internet.

Der er i dag mere end 20 mia af sådanne enhedser, og estimatet for 2020 er 'mindst 50 mia'. Det skal sættes i relatiuon til dagens 2mia registrerede menneskelige internet brugere.

Men allerede i dag har vi 5 milliarder mobil-telefonbrugere, som formodentlig inden længe også vil indgå i det, som IBM kalder 'a system om systems'.

Når vi taler om 'ting' , kan de optræde i principielt 2 forskellige roller: som detektorer eller som 'effektorer'. (Jvfr. Hood & Margett). En detektor er noget, der kan opsamle data, måle, 'se' – og en effektor er en ting, der kan udføre noget: åbne en dør, skifte et signal, starte en motor, manøvrere et køretøj. Men detektorer og effektorer er instrumenter, og for at vi kan anvende dem i et netværk, må der nødvendigvis også være en logik, en intelligens, et program, der baseret på de opsamlede data kan foretag en beregning og ud fra et regelsæt beslutte hvilken effektor, der skal anvendes og hvad den skal gøre. Verden er 'Instrumented, Connected & Intelligent'.

Når man er blevet enige om denne grundlæggende beskrivelse, er det også klart, at 'det semantiske web' spiller en stor rolle i definitionen af data interfaces, snitflader og resultatet af de intelligente processer. Det vil hjælpe os til at sikre, at vidt forskellige 'ting', der er etableret med vidt forskellige formål og med vidt forskellige bruger/kundegrupper potentielt kan kommunikere med hinanden. Eksemplet er f.eks. Velfærdsteknologi, hvor en alliance af producenter af intelligente målesystemer – CONTINUA – har formået at sætte nogle standarder, der sikrer at enhederne kan kobles til f.eks. den samme 'hub' via veldefinerede interfaces. Der er behov for en endnu bredere definition af denne type platform, så den f.eks. også vil kunne tilkoble detektorer og effektorer, der anvendes bredt til overvågning, styring af intelligente huse (Se f.eks. Phillips projekt) , som kan indgå i intelligente grids vaskemaskine, køleskab), åbne garageporten, styre temperatur o.s.v. Se præsentationen om 'intelligent grids' , der beskriver formålet med disse grids og hvilke typer udstyr, man tænker vil blive koblet på dette net. Det ser ovenikøbet ud som om Danmark har en styrkeposition på området, se f.eks. denne præsentation:

Blandt anvendelsesområderne er det naturligvis værd at bemærke, at man f.eks. på fødevareområdet er begyndt at indføre chips, der kan garantere sporbarheden af oprindelsen – ('klap din bøf') – og derved bidrage til større forbrugertryghed, (Se RFID projektet vedr. fisk) - men i en næste version, hvor chippen kan registrere hvad der sker med kødet, hvor frisk det er, om der er giftstoffer eller tilsætningsstoffer, kan man få forbedret fødevaresikkerhed og reducere spild. Man er ikke længere afhængig af en meget grov vurdering stemplet som 'sidste salgsdato', men kan rent faktisk 'se' om kødet er hensigtsmæssigt som menneskeføde. En chip i frosne hindbær vil kunne afsløre forgiftningsrisiko. Undgå spild og effektivisere transport er et stort område, men vi kan også se fremkomsten f.eks. af intelligente betonklodser, der ved præ-fabrikerede byggelementer kan fremskynde byggeprocessen og efterfølgende kontrollere holdbarhed for at effektivisere vedligehold. (Se det nordiske project om sporbarhed og sikre fødevarer)

Intelligent videoovervågning er allerede en realitet, hvor videokameraer kun logger sekvenser, såfremt der optræder overtrædelser af programmerede regler, f.eks. for bilers hastighed, placering på vejen, personers opførsel og adgangsforsøg til specielle arealer, døre el. l.

(Se f.eks. Chigacos intelligente videoovervågningssystem)

Blandt de mere kuriøse er 'intelligent sand', der oprindeligt blev udviklet til militært brug, så et antal små chips, der kan kommunikere med hinanden og som indeholder 'logik' kan bedømme, om en fjendtlig kampvogn eller en deling soldater passerer et område, og herefter via satellit uploade simple måleresultater. De civile anvendelser for dette er f.eks. temperaturovervågning af skove, hvor der er særlig stor risiko for skovbrande, og ved overskridelse af en tærskelværdi uploade GPS-data til en satellit.

Hele transport- og trafikområdet er en klasse af anvendelsesområder for sig – potentielt bruger bilister i en by dobbelt så meget tid på at lede efter parkeringspladser som teoretisk nødvendigt, hvis et system kunne holde styr på ledige parkeringspladser og gelejde søgende biler til pladsen. Det kræver naturligvis at et 'stor' andel af biler og parkertingspladser er udstyret med detektorer , forbundet til en regelmekanisme, der kan styre effektorer i biler.

Man kan forestille sig, at dette system potentielt anvendes til helt at undgå human intervention i biler, der ligesom fly køres automatisk. Se her Google's præsentation af 'driverless cars'.

Hvornår når vi 'the tipping point'? - det tidspunkt, hvor mængden af 'ting' er så stor, at der produceres løsninger ('apps') i en tilstrækkelig kvalitet og med tilstrækkelig lav pris til at sikre den fortsatte udbredelse? ( Der er allerede i dag downloadet 10 milliarder apps!) Er det 'top down' bestemt – som hvor sygehuset eller kommunen beslutter og installerer overvågning af kronikere? Eller det brugeren, der afgør om hun vil ha' de intelligente systemer og enheder? Hvem afgør kvaliteten? Og hvor må man være opmærksom på en potentiel umyndiggørelse af brugeren? Dette er nogle af de spørgsmål, som en kraftig forøgelse af anvendelsen vil rejse.

Det kan i høj grad opfattes som et 'hønen og ægget' problem, at der ikke fremkommer særlig mange løsninger, fordi der ikke er særlig meget efterspørgsel – men at dømme ud fra eksplosionen i antallet af apps til smartphones, vil et mængdemæssigt gennembrud kunne ske når som helst – og især hvis standarder og interfaces er åbne og tilgængelige.

Adgang til data, opsamlet af detektorer, Business Intelligens, data mining og ekspertystemer, der 'forstår' betydning af data og kan træffe automatiserede beslutninger, er en del af web 3.0 konceptet, og jo længere vi når i retning af at kunne lave intelligente tekstananlyser, begrebsanalyser og drage slutninger, jo bedre vil 'tingenes internet' kunne fungere. Men jo mere afgængige bliver vi samtdigt af løsningerne, og det kræver overvejelse, hvorledes vi kan sikre et mere og mere livsvigtigt system. Som Nordahl Grieg sagde: 'Lænker de slaver til dig, lænker de dig til sig'

Crowd sourcing, hvor man i mere community- netværker udvikler og raffinerer løsninger, er også en mulighed. Eksemplet er her fra Japan, hvor Fukushima-katastrofen ikke fra myndighedernes side blev dækket godt nok med præcise målinger om strålingsfare. Her anskaffede en mængde japanerne på privat basis geigertællere, og ved hjælp af et hollandsk web site kunne man nu få aktuelle oplysninger om stråling, vindretning, forecast etc.

Alle disse applikationer stiller krav til indtænkning af beskyttelse af private data. Alle steder, hvor personhenførbare data kan kobles til kritiske målinger, holdninger, handlinger, eller bare geografiske positioner på givne tidspunkter, skal man overveje med henblik på i sin videste konsekvens at lade brugeren selv styre, hvem der kan få adgang til disse data. Sikkerheden i 'tingenes internet' er en udfordring, og 'privacy by design' er et krav. Man kan ikke tilkoble det bagefter, det skal indlejres i løsningen fra starten. Det kan være pseudonym-baseret, det kan være 'trusted 3rd party', der har nøglen. Og det diskuteres i en anden sammenhæng senere i Teknologirådets spændende projekt.