A couple years back, in 2014, Ward Cunningham wrote a piece on wiki called “Internet of Broken Things”. After dealing with the failure of a home sensor network he wrote:
This is how the internet of things will work. All the things will be interesting. We will think we own them because we will have bought them. But we won’t own all the pieces that give them utility.
The pieces will include some service that promised to provide value unless you read the fine print. Companies will be bought and sold. Databases will accumulate mistakes. Things will stop working. The compounding of complexity will make it in no ones interest to go fix the thing, even if it is just one line missing.
I’ve been asked why I run wires throughout my house to connect together sensors. Wouldn’t radio be better? Yes, but those sensors (and radios) still need power. I’d rather do without the weak link of anything that needs routine attention, even if just once a year. I need to replace ruby with something that will last.
It’s worth thinking about this on the day the internet ground to a halt due to what appears to be a IoT-based DDOS botnet.
Today, the company that sold you an IoT security cam may still be around, may still put out a patch (maybe).
But what happens two years down the road after buyouts and mergers? What happens when the free-for-life service that connects or manages your scale or mood lighting or runs your boiler is sold to a company that wants to re-monetize the service? Or shut it down without notice?
When it comes to security, where will this sea of abandoned devices get security patches from? Who will write them, and how will they get paid?
Like Ward, I worry that it’s not just an internet of things, but a proprietary mess of interdependent services built on the shifting sands of unstable business models. Unless we develop standards and protocols that reduce that proprietary interdependency we’re eventually going to have a lot bigger problem on our hands than Twitter outages.