I recently discoveredthe The Cavalry movement’s Hippocratic Oath for Connected Medical Devices, which I believe is of enormous importance not only in terms of its exact formula but also the mapping of the key vectors around data security in the IoT. The Cavalry movement started out of a series of meetings at DEFCOn nd BSides in 2013, concerned with addressing the enormous security issues emerging at the nexus of the IoT, big data, and AI. The oath:
Hippocratic Oath for Connected Medical Devices
I will revere and protect human life, and act always for the benefit of my patients. I recognize that all systems fail; inherent defects and adverse conditions are inevitable. Capabilities meant to improve or save life, may also harm or end life. Where failure impacts patient safety, care delivery must be resilient against both indiscriminate accidents and intentional adversaries. Each of the roles in a diverse care delivery ecosystem shares a common responsibility: As one who seeks to preserve and improve life, I must first do no harm.
To that end, I swear to fulfill, to the best of my ability, these principles.
Cyber Safety by Design: I respect domain expertise from those that came before. I will inform design with security lifecycle, adversarial resilience, and secure supply chain practices.
Third-Party Collaboration: I acknowledge that vulnerabilities will persist, despite best efforts. I will invite disclosure of potential safety or security issues, reported in good faith.
Evidence Capture: I foresee unexpected outcomes. I will facilitate evidence capture, preservation, and analysis to learn from safety investigations.
Resilience and Containment: I recognize failures in components and in the environment are inevitable. I will safeguard critical elements of care delivery in adverse conditions, and maintain a safe state with clear indicators when failure is unavoidable.
Cyber Safety Updates: I understand that cyber safety will always change. I will support prompt, agile, and secure updates.
Importantly, The Cavalry has a similar security manifesto for cars. The Five Star Automotive Cyber Safety Program shares the same key vectors of safety by design, third party collaboration, evidence capture, security updates, and segmentation and isolation.
Nice infographic illustrating the current state of play in the IoT, courtesy of Goldman Sachs investment research. I like how they have organized the developmental vectors into homes, cars, wearables, cities, and industrial. Interestingly, they view the smartphone as the emergent default human interface to the IoT. I think this is already the case, but not for much longer, to be superceded by the body-as-interface. With voice and facial recognition already good enough to around 90-95% the human body is the only logical interface for human-IoT interaction. This is already emerging with the Amazon Echo and Google Home, which are based on voice recognition and are starting to roll out facial recognition based interfaces. Add the spread of clothing-embedded sensors over the next 5 years, following the acceptance trajectory of wearables, to be followed by body-embedded sensors in the next 10 years, and the trend is clear. We are in the computer now.
Here’s a brief treatment I wrote on the concept of an Internet of Garments [IoG] and the notion of provenance which is a key effect of IoG implementation at scale.
Throughout history clothing has played the role of a medium signifying the wearer’s status, identity and group belonging. Clothing often acts as the first, and sometimes only, signifier of the wearer’s socio-economic status, occupation, class position, ethnic group, tribal affiliation, religious denomination, or subculture. As a piece of wearable media, clothes communicate this information through their shape, color, arrangement, pattern, the combination of garments, and even the nature of the fabrics being worn. For example, Mediterranean antiquity associated silk and the purple dye with royalty and high social standing, in the case of purple die due to its rarity and in the case of silk due to its unique provenance.
Similarly, Medieval Europe understood very well the role of clothing as wearable media, with sumptuary laws regulating in detail the clothing appropriate to one’s social status, and prohibiting well-off merchants from wearing clothing associated with the nobility. Even today, from corporate executives, to schoolchildren, soldiers, and prisoners, we rely on uniform clothing and a set pattern of garments to signal status and identity. In that context, our garments should be understood as always already talking about us, relentlessly and incessantly.
Importantly, the ongoing revolution in wearables and Internet of Things (IoT) related objects, is leading to the emergence of smart garments and a paradigm of connected clothing – an Internet of Garments [IoG]. The IoG involves scenarios in which garments might consist of all or some of sensors, advanced materials, antennas, memory, and processing power. Such garments inevitably become uniquely identifiable and capable of communicating with their environment, therefore transitioning from analogue clothing to computational media.
While the IoT ostensibly talks to you, for example through devices such as the Amazon Echo, the IoG primarily talks about you, for example through data stored in your garments. Every physical product in this new paradigm has a digital history, allowing consumers to trace and verify its origins, as well as attributes and ownership. Ubiquitous connectivity allows the precise mapping of production processes and the tracing of materials from animal to distributor and consumer – in other words, establishing provenance.
Provenance
The notion of provenance stands for the process of establishing and authenticating a record of origin, as well as the logistics of production, distribution and usage of a given fabric. In the context of IoG, it stands for the garment’s entire life cycle across the supply chain, from the fabric’s prehistory with a specific animal (in case of wool) or collection of materials (synthetics), through its conversion into a garment, its travels through the logistical chain, its interfacing with a specific customer, and its history afterwards.
In the case of wool garments for example, this involves all available data about the source animal [date and place of birth, conditions of life], all data about the producer [location, labour practices, ethical treatment of animals, supply chain], all data about processor and distributor [location, labour practices, quality of process, supply chain], as well as the consumer [location, wearing patterns, etc]. Moreover, the ability to map and access at will logistical information about a product gives us a level of high provenance granularity acting as a guarantee of ethical and certified location, as well as ethical production processes.
The process can be visualized conceptually as consisting of two distinct phases: establishing provenance and authenticating it. In the context of the wool industry, the establishing phase allows a wool producer to map and follow the entire logistical chain from animal to distributor, while the authentication phase allows distributors and customers to continuously verify the provenance of a fabric or garment. Therefore, when viewed over time in the context of IoG, provenance acts both as an interface between producers and users, and as a marketing/semantic interface between different user groups. Importantly, in both of these roles provenance acts as a dynamic bill of existence or ledger for a garment.
In its role as an IoG interface between producers and users, this ledger offers an animal-to-shop perspective, and a way to inject ethical and sustainable production practices throughout the process. In its role as a marketing/semantic interface between different user groups, the ledger acts as a passport, certifying the provenance of the wearer within the context of an ethical standard and fashion statement/brand identity. Understood this way, when provenance is considered dynamically over a time period, what emerges is a reputation system based on the publicly available supply chain information, the quality and ethical positioning of the source materials, labour practices, etc. In that context, the concept of provenance should be understood in terms of expanding quantification and the emergence of a dataistic paradigm in wearables, as well as specifically in the garment industry and fashion.