物联网在安全和隐私方面的新挑战_物联网的安全与隐私

物联网在安全和隐私方面的新挑战由刀豆文库小编整理，希望给你工作、学习、生活带来方便，猜你可能喜欢“物联网的安全与隐私”。

英文文献

Internet of Things–New security and privacy challenges

Rolf H.Weber University of Zurich, Zurich, Switzerland, and University of Hong Kong, Hong Kong

abstract

The Internet of Things,an emerging global Internet-based technical architecture facilitating the exchange of goods and services in global supply chain networks has an impact on the security and privacy of the involved stakeholders.Measures ensuring the architecture’s resilience to attacks, data authentication, acce control and client privacy need to be established.An adequate legal framework must take the underlying technology into account and would best be established by an international legislator, which is supplemented by the private sector according to specific needs and thereby becomes easily adjustable.The contents of the respective legislation must encompa the right to information, provisions prohibiting or restricting the use of mechanisms of the Internet of Things, rules on IT-security-legislation, provisions supporting the use of mechanisms of the Internet of Things and the establishment of a task force doing research on the legal challenges of the IoT.a 2010 Prof Rolf H.Weber.Published by Elsevier Ltd.All rights reserved.Keywords:Data protection,Internet of Things,Privacy,RFID,Security 1.Internet of Things: notion and technical background The Internet of Things(IoT)is an emerging global Internet-based information architecture facilitating the exchange of goods and services in global supply chain networks.1Forexample, the lack of certain goods would automatically be reported to the provider which in turn immediately causes electronic or physical delivery.From a technical point of view,the architecture is based on data communication tools,primarily RFID-tagged items(Radio-Frequency Identification).The IoT has the purpose of providing an IT-infra-structure facilitating the exchanges of ‘‘things’’ in a secure and reliable manner.The most popular industry proposal for the new IT-infra-structure of the IoT is based on an Electronic Product Code(EPC), introduced by EPC global and GS1.The ‘‘things’’ are physical objects carrying RFID tags with a unique EPC;the infrastructure can offer and query EPC Information Services(EPCIS)both locally and remotely to subscribers.The information is not fully saved on an RFID tag, but a supply of the information by distributed servers on the Internet is made available through linking and cro-linking with the help of an Object Naming Service(ONS).The ONS is authoritative(linking meta data and services)in the sense that the entity having – centralized – change control over the information about the EPC is the same entity that aigned the EPC to the concerned item.8Thereby, the architecture can also serve as backbone for ubiquitous computing,enabling smart environments to recognize and identify objects, and receive information from the Internet to facilitate their adaptive functionality.The central ONS root is operated by the(private)company VeriSign, a provider of Internet infrastructure services.The ONS is based on the well-known Domain Name System(DNS).Technically, in order to use the DNS to find information about an item, the item’s EPC must be converted into a format that the DNS can understand, which is the typical, ‘‘dot’’ delimited, left to right form of all domain names.Since EPC is encoded into syntactically correct domain name and then used within the existing DNS infra-structure, the ONS can be considered as subset of the DNS.For this reason, however, the ONS will also inherit all of the well-documented DNS weaknees, such as the limited redundancy in practical implementations and the creation of single points of failure.2.Security and privacy needs 2.1.Requirements related to IoT technology

The described technical architecture of the IoT has an impact on the security and privacy of the involved stakeholders.Privacy includes the concealment of personal information aswell as the ability to control what happens with this information.12The right to privacy can be considered as either a basic and inalienable human right, or as a personal right or poeion.The attribution of tags to objects may not be known tousers, and there may not be an acoustic or visual signal to draw the attention of the object’s user.Thereby, individuals can be followed without them even knowing about it and would leave their data or at least traces thereof in cyberspace.Further aggravating the problem, it is not anymore only the state that is interested in collecting the respective data, but also private actors such as marketing enterprises.15Since busine procees are concerned, a high degree of reliability is needed.In the literature, the following security and privacy requirements are described: Resilience to attacks: The system has to avoid single points of failure and should adjust itself to node failures.Data authentication: As a principle, retrieved addre and object information must be authenticated.Acce control: Information providers must be able to implement acce control on the data provided.Client privacy: Measures need to be taken that only the information provider is able to infer from observing the use of the lookup system related to a specific customer;at least,inference should be very hard to conduct.Private enterprises using IoT technology will have to include these requirements into their risk management concept governing the busine activities in general.2.2.Privacy enhancing technologies(PET)The fulfilment of customer privacy requirements is quite difficult.A number of technologies have been developed in order to achieve information privacy goals.These Privacy Enhancing Technologies(PET)can be described in short as follows: Virtual Private Networks(VPN)are extranets established by close groups of busine partners.As only partners have acce, they promise to be confidential and have integrity.However, this solution does not allow for a dynamic global information exchange and is impractical with regard to third parties beyond the borders of the extranet.Transport Layer Security(TLS), based on an appropriate global trust structure, could also improve confidentiality and integrity of the IoT.However, as each ONS delegation step requires a new TLS connection, the search of information would be negatively affected by many additional layers.DNS Security Extensions(DNSSEC)make use of public-key cryptography to sign resource records in order to guarantee origin authenticity and integrity of delivered information.However, DNSSEC could only aure global ONS information authenticity if the entire Internet community adopts it.Onion Routing encrypts and mixes Internet traffic from many different sources, i.e.data is wrapped into multiple encryption layers, using the public keys of the onion routers on the transmiion path.This proce would impede matching a particular Internet Protocol packet to a particular source.However, onion routing increases waiting times and thereby results in performance iues.Private Information Retrieval(PIR)systems conceal which customer is interested in which information, once the EPCIS have been located.However, problems of scalability and key management, as well as performance iues would arise in a globally acceible system such as the ONS, which makes this method impractical.A further method to increase security and privacy are Peer-to-Peer(P2P)systems, which generally show good scalability and performance in the applications.These P2P systems could be based on Distributed Hash Tables(DHT).Acce control,however, must be implemented at the actual EPCIS itself, not on the data stored in the DHT, as there is no encryption offered by any of these two designs.20Insofar, the aumption is reasonable that encryption of the EPCIS connection and authentication of the customer could be implemented without major difficulties, using common Internet and web service security frameworks.In particular, the authentication of the customer can be done by iuing shared secrets or using public-key cryptography.It is important that an RFID tag having been attached to an object can – at a later stage – be disabled in order to allow for customers to decide whether they want to make use of the tag.RFID tags may either be disabled by putting them in a protective mesh of foil known as a ‘‘Faraday Cage’’ which is impenetrable by radio signals of certain frequencies

or

by‘‘killing’’

them,i.e.removing

and

destroying them.However,both options have certain disadvantages.While putting tags in a special cage is relatively safe, it requires that every tag from every single product is put in that cage if a customer desires so.Chances are that certain tags will be overlooked and left with the client and that he/she could still be traced.Sending a ‘‘kill’’ command to a tag leaves room to the poibility of reactivation or that some identifying information could be left on the tag.Furthermore, businees may be inclined to offer clients incentives for not destroying tags or secretly give them tags.Instead of killing tags, the diolution of the connection between the tag and the identifiable object could be envisaged.The information on ONS is deleted to protect the privacy of the owner of the tagged object.While the tag can still be read, further information with potential information concerning the respective person, however, are not retrievable.Moreover, transparency is also needed for non-personally identifiable information retrieved by RFID.An active RFID can for example trace movements of visitors of an event real time without identifying the persons as such who remain anonymous;neverthele, the question remains whether such information not covered by traditional privacy laws might be collected without any restriction.2.3.Legal course of action The European Commiion is aware of the security and privacy iues related to the RFID and the IoT.In a Recommendation of May 12, 2009 on the implementation of privacy and data protection principles in applications supported by radio-frequency identification27the European Commiion invites the Member States to provide for guidance on the design and operation of RFID applications in a lawful, ethical and socially and politically acceptable way, respecting the right to privacy and ensuring protection of personal data(No.1).In particular, the Recommendation outlines measures to betaken for the deployment of RFID application to ensure that national legislation is complying with the EU Data Protection Directives 95/46, 99/5 and 2002/58(No.2).Member States should ensure that industry in collaboration with relevant civil society stakeholders develops a framework for privacy and data protection impact aements(PIA;No.4);this framework should be submitted to the Article 29 Data Protection Working Party within 12 months.Industry and civil society stakeholders are in the proce of establishing the requested framework PIA until late 2009.The objectives of the PIA are designed to identify the implications of the application on privacy and data protection, to determine whether the operator has taken appropriate technical and organizational measures to ensure respective protection, to document the measures implemented with respect to the appropriate protection, and to serve as a basis for a PIA report that can be submitted to the competent authorities before deployment of the application.Presumably, the framework should serve to determine a common structure and content of reports.In particular, RFID application description and scope, RFID application governing practices, accountability and analysis and resolution seem to be of importance.Furthermore, operators are asked to conduct an aement of the implications of the application implementation for the protection of personal data and privacy and take appropriate technical and organizational measures to ensure the protection of personal data and privacy(No.5), and a person within a busine needs to be designated for the review of the aements and the continued appropriatene of the technical and organizational measures.In addition, Member States are invited to support the EU Commiion in identifying those applications that might raise information security threats with implications for the general public(No.6).Additional provisions of the Recommendation concern the information and transparency on RFID use, the RFID applications used in the retail trade, the awarene raising actions, research and development as well as follow-up actions(Nos.7–18).In its specific Communication to the European Parliament,the Council, the European Economic and Social Committee and the Committee of the Regions on the Internet of Things(an Action Plan for Europe), the EU Commiion again points to the importance of security and privacy in the IoT frame-work.The particular Line of Action 2 encompaes the continuous monitoring of the privacy and the protection of personal data questions;as part of Line of Action 3 the EU Commiion is envisaging to launch a debate on the technical and the legal aspects of the ‘‘right to silence of the chips’’ and exprees the idea that individuals should be able to disconnect from their networked environment at any time.3.Milestones of an adequate legal framework The implementation of the IoT architecture and the use of RFID pose a number of legal challenges;the basic questions of the agenda can be phrased as follows: Is there a need for(international or national)state law or are market regulations of the concerned businees sufficient? If legislation is envisaged: Would existing/traditional legislation be sufficient or is there a need for new laws? If new laws are to be released: Which kind of laws are required and what is the time frame for their implementation? These legal challenges need to be embedded into the human rights and constitutional framework.Insofar, the decision of the German Supreme Court of 27 February 2008 constituting an independent fundamental right of confidentiality and integrity related to info-technical systems merits attention.3.1.Systematic approach The establishment and implementation of an appropriate legal framework31calls for a systematic approach in relation to the legislative proce.Thereby, the following aspects should be taken into account: Facts about RFID using scenarios are to be systematically developed;only under the condition that the facts are sufficiently known, adequate legal provisions can be drafted.A systematization of the legal problems potentially occur-ring can be done by coordination along the below discued four technical axes, namely globality, verticality, ubiquity and technicity.The legal challenges of security and privacy iues related to the IoT and RFID are to be qualitatively claified.In particular, the question must be addreed how much privacy the civil society is prepared to surrender in order to increase security.Solutions should be looked for allowing considering privacy and security not as opposites, but as principles affecting each other.In light of the manifold factual scenarios, it appears to be hardly poible to come to a homogenous legal framework governing all facets of the IoT and RFID.Moreover, a heterogeneous and differentiated approach will have to be taken into account.Thereby, the technical environment can be crystallized along the four axes, representing the most important challenges to the establishment of regulation: Globality is based on the fact that goods and services in the IoT context will be globally marketed and distributed.The RFID technology is also ‘‘global’’ in the sense that the same technical procees are applied all over the world.Consequently, busine and trade would be heavily complicated if differing national laws would be in place.If the RFID-tagged products are available on a global level, the legal systems need to be synchronized.Verticality means the potential durability of the technical environment.In particular, it is important for the life of the IoT that RFID-tagged products are lasting long enough to not only use them in the supply chain until the final customer, but also for example in the waste management.For the time being,this requirement is not sufficiently met in the EPC traffic.Ubiquity refers to the extent of the RFID-tagged environment;technically, RFID could indeed be used ubiquitously encompaing persons, things, plants, and animals.Technicity is an important basis for the development of rules protecting privacy objectives.Several differentiations can be taken into account, namely(i)the complexity of the tag(active and paive, rewritable, proceing and sensor provided products),(ii)the complexity of background devices(reader or other linked media)and the maximum reading range which is particularly designed to cover transparency demands.These four requirements have to be taken into account when establishing a legal framework binding all participants of the IoT.Resulting from these four requirements, the framework to be established has to be global, i.e.Established by an international legislator, and applicable to every object on earth from its becoming until its destruction.The ubiquity needs to be addreed in particular if various objects are put together to form a new ‘‘thing’’.This new ‘‘thing’’ can either be attributed with a new tag, or the creation can carry multiple tags.While the first scenario is more practical, this solution may leave businees with the problem that individual parts cannot be traced back to their origin.A solution may be that the one tag attached to the object makes reference to the different sources of all individual parts.A global consensus needs to be found, which is then generally applied.The question raised is also connected to the fourth requirement, technicity.If composed objects keep all the tags of integrated parts, tracing all relevant information concerning that object becomes extremely complex and difficult.As this discuion demonstrates,determining an appropriate legal framework raises various technical questions.Therefore, the inclusion of technical experts in the proce-making seems inevitable.Furthermore,the discuion also shows that the framework needs to be established at an international level and addre all fundamental iues.Otherwise, the IoT becomes impractical and cannot be used efficiently.The following conclusion for a potential legislation can be drawn from the mentioned systematic approach: A unique strategy will not be suitable to satisfactorily cope with the privacy challenges of the IoT.Inevitably, legislators have to make good use of several of them.In particular, due consideration of technicity seems to be of major importance.Furthermore, data protection and privacy need communication strategies establishing an effective platform for dialogue between state legislators, non-governmental organizations,public interest groups and the international private sector.3.2.State law or self-regulation The establishment of an adequate legal framework for the protection of security and privacy in the IoT is a phenomenon giving rise to the question of the appropriate legal source.Various regulatory models are available in theory: Apart from the poibility of no regulation at all, which cannot be considered as a real ‘‘solution’’, the choice is principally between traditional national regulation, international agreements and self-regulation.As mentioned, national regulation has the disadvantage of not meeting the globalization needs of an adequate legal framework in view of the fact that transactions through the IoT are usually of a cro-border nature.(i)So far, the regulatory model in the IoT is based on self-regulation through manifold busine standards, starting from technical guidelines and leading to fair information practices.In particular, the EPC-Guidelines rely on components like ‘‘Consumer Notice’’, ‘‘Consumer Education’’ and ‘‘Retention and IT-Security Policy’’.Consequently, the compliance with the EPC-Guidelines is driven by a self-control strategy.This self-regulatory model follows the well-known principle of subsidiarity,meaning that the participants of a specific community try to find suitable solutions(structures, behaviors)them-selves as long as government intervention has not taken place.The legitimacy of self-regulation is based on the fact that private incentives lead to a need-driven rule-setting proce.Furthermore, self-regulation is le costly and more flexible than State law.In principle, self-regulation is justified if it is more efficient than state law and if compliance with rules of the community is le likely than compliance with self-regulation.The theoretical approaches to the self-regulatory model show a multifaceted picture: In many cases, self-regulation is not more than a concept of a private group, namely a concept occurring within a framework that is set by the government(directed self-regulation or audited self-regulation).This approach has gained importance during the last decade: if the government provides for a general framework which can be substantiated by the private sector often the term ‘‘co-regulation’’ is used.The state legislator does not only set the legal yardsticks or some general pillars of the legal framework, but eventually the government remains involved in the self-regulatory initiatives at least in a monitoring function supervising the progre and the effectivene of the initiatives in meeting the perceived objectives.In this context, the legal doctrine has developed the notion‘‘soft law’’ for private commitments expreing more than just policy statements, but le than law in its strict sense, also poeing a certain proximity to law and a certain legal relevance.Neverthele, the term ‘‘soft law’’ does not yet have a clear scope or reliable content.Particularly in respect to the enforceability of rules, law is either in force(‘‘hard law’’)or not in force(‘‘no law’’), meaning that it is difficult to distinguish between various degrees of legal force.Generally, it can only be said that soft law is a social notion close to law and that it usually covers certain forms of expected and acceptable.codes of conduct.This concept of self-regulation cannot overcome the lack of an enforcement strategy if compliance is not done voluntarily.Therefore, the involvement of the legislator seems to be inevitable.While self-regulation has gained importance during the last years, there are still critics thereof, pointing out that self-regulatory mechanisms only regulate those motivated or principled enough to take part in them as market preure is not yet strong enough to oblige everyone to adopt the respective rules.Furthermore, it is argued that self-regulation is only adopted by stakeholders to satisfy their own interests and is therefore not effective in the protection of privacy.(ii)Therefore, even if the manifold merits of self-regulation are to be honoured, some pillars of the legal framework in the context of security and privacy need to be set by the legislator.Such law would have to be introduced on an international level.Contemporary theories addreing international law aspects tend to acknowledge a wide definition of international law, according to which this field is no longer limited merely to relations between nation states but generally accepts the increasing role of other international players such as individual human beings, international organizations and juridical entities.Since customary rules can hardly develop in a fast moving field such as the IoT, the main legal source is to beseen in the general principles of law, such as good will,equal treatment, fairne in busine activities, legal validity of agreements etc.These general principles can be illustrated as ‘‘abstractions form a ma of rules’’which have been ‘‘so long and so generally accepted as tobe no longer directly connected with state practice’’.To some extent, basic legal principles are considered to be an expreion of ‘‘natural law’’;practically, general legal principles may be so fundamental that they can be found in virtually every legal system.The specific problem in view of security and privacy,however, consists in the appreciation that privacy concerns are not identical in the different regions of the world which makes the application of general principles difficult in cro-border busine activities.Therefore, a basic legal framework should be introduced by an international legislator;however,the details of the legal rules for the protection of security and privacy needs are to be developed by the private sector.The IoT being a new system itself, the idea of entrusting a body with its legislation and governing that is new, too, is not far-fetched.A new body would be in the position to take into account all the characteristics of the IoT.Furthermore,considering the complexity of the IoT, this body could be construed in a way to dispose of the neceary capacities.The alternative to the creation of a new body is to integrate the task of international legislator for the IoT in an existing organization.Bearing in mind the globality of the IoT, this organization has to have a certain scope of territorial application.Furthermore, the organization should have a structure that allows for the inclusion of a body only responsible for the IoT.Finally, legislation and governing of the IoT should be encompaed by the overhead responsibilities of the organization to be appointed.When considering these requirements, the World Trade Organization(WTO)and the Organization for Economic Co-Operation and Development(OECD)come to mind.A special Committee responsible for rule-setting and supervision in the IoT could be established as an answer to the question of an international legislator.This Committee would be made up of representatives of WTO or OECD member States, thereby auring an international approach.The Committee could,after deliberations, iue formal agreements, standards and models, recommendations or guidelines on various iues of the IoT.This evaluation coincides with the experiences made in the field of Internet governance in general.An internationally binding agreement covering privacy and data protection does not yet exist.Even if international human rights instruments usually embody the eence of privacy, at least to a certain extent, the protection cannot be considered as being sufficient;only ‘‘extreme’’ warranties are legally guaranteed, such as the respect for private life or the avoidance of exposure to arbitrary or unlawful interference.Therefore, it is widely accepted that co-regulation is needed to secure the implementation of effective principles of privacy in the online world.Poible elements of a self-regulatory scheme may include codes of conduct containing rules for best practices worked out in accordance with substantive data protection principles, the establishment of internal control procedures(compliance rules), the setting-up of hotlines to handle complaints from the public, and transparent data protection policies.Many international instruments, such as the Guidelines of the OECD and Art.27 of the EC Directive on the Protection of Personal Data(1995),mention self-regulation as an appropriate tool.Neverthele, security and the protection of privacy is nota matter to be addreed exclusively by a legislator.Research and development in the field of information technology should also consider ethical consequences of new inventions.3.3.Legal categories and scenarios Future legislation encompaing privacy and data protection iues of the IoT and RFID could have five different goals: Right-to-know-legislation;Prohibition-legislation;IT-security-legislation;Utilization-legislation;Task-force-legislation.The different categories of future legislation should be evaluated in the light of the objectives of privacy and personal data protection depending upon the use of RFID which can concern the following aspects, namely: Monitoring products(EPC), Monitoring animals(real-time authentication and monitoring of animals), Monitoring persons(real-time authentication and monitoring of persons), Collecting data for profiling purposes(aggregation).In the context of the IoT, the EPC scenario concerning products is practically the most important application.Theoretically, EPC does not directly trace relational personal data, however, a person carrying an RFID-tagged item discloses to the organization using the RFID system certain data or gives at least the opportunity to collect information.A specific legislative aspect concerns the term ‘‘person’’.The EU Directives as well as many national laws only consider individuals(‘‘natural persons’’)as objects of privacy laws.In particular, in the context of the IoT, this understanding is too narrow.Legal persons(e.g.corporations)do also have privacy interests;as for example in the Swi legislation, the scope of application of data protection law needs to be extended to legal persons.(i)The right-to-know-legislation has the purpose to keep the customer informed about the applied RFID scenarios.In other words, the customer should know which data are collected and should also have the poibility to deactivate the tags after a purchase.In the United States,several attempts have been take to realize such kind of legislation.(ii)The prohibition-legislation introduces provisions which envisage to forbid or at least to restrict the use of RFID incertain scenarios.Such an approach is traditional instate legislation if the public community dislikes a certain behavior;enforcement of prohibition is poible(at least in the books).Self-regulatory mechanisms rather tend to introduce incentives(if at all)instead of prohibition.(iii)IT-security-legislation encompaes initiatives that demand the establishment of certain IT-security standards which should protect that application of RFID from unauthorized reading and rewriting.63Such kind of provisions can be introduced by the state legislator, but also by self-regulatory mechanisms;typically, industry standards are developed by the concerned market participants, having therefore the chance to be observed by the respective developers.Technologically, a new‘‘fourth generation’’ framework of data protection proto-cols should be developed allowing the setting-up of stringent safeguards as to reporting and frequent audits of the measures.(iv)Utilization-legislation intends to support the use of RFID in certain scenarios.Insofar, this approach stands contrary to the prohibition-legislation;it envisages making the RFID available in the relevant identification documents.Therefore, the legislative approach has to fine-tune an appropriate balance between prohibited and utilizable approaches.(v)The task-force-legislation covers legal provisions supporting the technical community to invest into the research of the legal challenges of RFID;the purpose of this approach consists in a better understanding of the relevant problems.3.4.Evaluation of the European legislative approach The Recommendation of May 12, 2009, of the European Commiion is a framework approach to legislate in the field of Internet security.The Recommendation provides guidance to Member States which then have to enact specific rules.While the Recommendation makes reference to EU Data Protection Directives, it does not stipulate any specific provisions itself.The European Commiion furthermore introduces a framework privacy and impact aement,established by the industry and the relevant civil society stakeholders, and the publication of an information policy for applications should also be ensured by Member States.EPCglobal and industry are currently establishing the requested framework(Private Impact Aement, PIA).Even if its details are not known as of early November 2009, it can be said that the objectives of the PIA are designed to identify the implications on privacy and data protection, to determine whether the operator has taken appropriate technical and organizational measures to ensure respective protection, to document the implemented measures, and to serve as a basis for a PIA report to the competent authorities.Important aspects concern the RFID application description and scope,the RFID application governing practices, the accountability challenges, as well as analysis and resolution aspects.Finally,while the European Commiion provides for this framework,Member States are strongly encouraged to support the Commiion in identifying threats to information security.The regulatory approach of the European Commiion consists in vague framework guidelines which addre many aspects without considering the merits of the self-regulatory models and industry standardization.The framework is formulated in an open way and thereby ensures that technical principles such as verticality, ubiquity and technicity can be taken into account.However, being established by the Euro-pean Commiion, it is only applicable for Member States in Europe and not globally.Moreover, the fact that it is up to Member States should establish more detailed regulation is even more prejudicial to the principle of globality.Neverthele, the recent Recommendation and Communication by the European Commiion attest that privacy and data protection problems in the field of the Internet of Things are taken seriously and that there is a strong will to establish mechanisms to ensure that those do not become accurate once the Internet of Things operates large-scale.4.Outlook With the emergence of an Internet of Things, new regulatory approaches to ensure its privacy and security become neceary.In particular, attacks have to be intercepted, data authenticated, acce controlled and the privacy of customers(natural and legal persons)guaranteed.The nature of the IoT asks for a heterogeneous and differentiated legal framework that adequately takes into account the globality, verticality,ubiquity and technicity of the IoT.Geographically limited national legislation does not seem appropriate in this context.However, self-regulation as it has been applied up to now may not be sufficient to ensure effective privacy and security, either.Therefore, a framework of substantive key principles set by a legislator at the inter-national level, complemented by the private sector with more detailed regulation seems to be the best solution.Through such a framework, general pillars of regulation could be set for everyone, which are then suitable to be supplemented by the individuals concerned in a way that suits their current needs.Furthermore, the inclusion of an international legislator in the proce also ensures the continued involvement of the public sector, contributing at least by monitoring the proce.The approach chosen by the European Commiion goes in that direction.However, it would be preferable to have an international(not European)legislator setting the framework;such an approach would better adapt to the needs stemming from the globality of the IoT.Furthermore, if a more detailed regulation should be established by the private sector, leons can be drawn from Internet governance in general, where the private sector has already marked presence in the rule-setting.The content of the respective legislation has to cover the right to information, provisions prohibiting or restricting the use of mechanisms of the Internet of Things, rules on IT-security-legislation, provisions supporting the use of mechanisms of the Internet of Things and the establishment of a task force doing research on the legal challenges of the IoT.While according mechanisms still need to be developed,the early recognition of eventual problems and suggestions for their encounter leaves hope that effective regulation can be established before the Internet of Things is in full operation.Prof.Dr.Rolf H.Weber(rolf.weber@rwi.uzh.ch)is profeor at the University of Zurich and a visiting profeor at the University of Hong Kong.Rolf H.Weber studied at the University of Zurich and at the Harvard Law School.Since 1995 he is chair profeor at the University of Zurich and since 2006 a visiting profeor at the University of Hong Kong, teaching and publishing in civil, commercial and European law with special topics in Internet, media and competition law, international finance and trade regulation.He is director of the European Law Institute and the Center for Information and Communication Law at the University of Zurich;in addition he is member of the directory of the Postgraduate Studies in International Busine Law and the MBA-Program at the University of Zurich.Since 2008 Prof.Dr.Rolf H.Weber is member of the Steering Committee of the Global Internet Governance Academic Network(GigaNet)and since 2009 he is member of the High-level Panel of Advisers of the Global Alliance for Information and Communication Technologies and Development(GAID).Besides, he is engaged as an attorney-at-law and as a member of the editorial board of several Swi and international legal periodicals.A first version of this contribution has been published in Sylvia M.Kierkegaard(ed.), Legal Discourse in Cyberlaw and Trade, 2009, 1–14.The author exprees his gratitude to lic.iur.Romana Weber for her valuable research support.物联网在安全和隐私方面的新挑战

罗尔夫·H·韦伯

瑞士，苏黎世，苏黎世大学与香港，香港大学

摘要

物联网，一种新兴的以互联网为基础的技术体系结构，为全球商品和服务的交流提供便利的供应链网络，其对所涉及的利益相关者的安全和隐私方面产生一定的影响。我们需要确保架构的抵御攻击性，必须建立数据验证，访问控制和客户隐私保护等措施。底层技术必须采取适当的法律框架，最好是建立一个国际的立法委员会，根据具体的需求辅之以私营部门，从而容易调节。有关法例的内容必须包含信息的正确性，规定禁止或限制使用的物联网机制，按照IT安全立法的规定，使用配套的物联网机制，并成立一个专责小组，研究物联网在法律方面的挑战。

2010罗尔夫·H·韦伯教授。由Elsevier公司出版。保留所有权利。

关键词：数据保护 物联网 隐私 RFID 安全

1、物联网：概念和技术背景

物联网（IOT）是一个新兴的以全球互联网为基础的信息架构，为全球商品和服务的交流提供便利的供应链网络。例如，在缺乏某些商品的时候会自动报告给供应商，然后立即产生电子或实物交付。从技术角度来看，该体系结构是基于数据通信的工具，主要是RFID标签的物品（无线射频识别）。物联网的目的是在IT基础设施结构上，促进“物”在安全和可靠的方式下交流。

最热门的行业建议物联网的新IT基础结构要基于产品电子代码（EPC）来介绍全球EPC和GS1的。“物”是一个含有唯一EPC 的RFID标签；在该基础设施可以提供和查询EPC信息服务（EPCIS）给本地和远程用户。一个RFID标签上保存的信息是不完整的，而供应信息是由互联网上的分布式服务器和对象命名服务（ONS）连接和交叉连接提供的。

在某种意义上，国家统计局就是权威，有关EPC信息的实体具有集中、变化、控制相同的实体分配在EPC的有关资料。因此，对于无处不在的计算，体系结构也可以作为骨干，从而实现环境的智能认识和识别物体，并接收来自互联网的信息，以方便他们的自适应功能。中央ONS的基础是由（私人）公司威瑞信构造的，它是一个互联网基础设施服务提供商。

国家统计局是知名的域名系统（DNS）。在技术上，为了使用DNS来寻找有关的项目，该项目的EPC必须被转换成一种DNS可以理解的格式，这是典型的“点”分隔符，所有域名的形式从左到右。由于EPC编码成域名语法上是正确的，那么在现有的DNS基础结构内，ONS可以视为该域名系统（DNS）的一个子集。不过，由于这个原因，国家统计局也将承认被所有的证据充分证明的DNS弱点，如在实际的实现和创造中单点故障的有限的冗余。

2、安全和隐私需求

2.1 相关物联网技术的要求

物联网技术架构所涉及的利益相关者在安全和隐私方面的影响。隐私包括个人信息的隐蔽性，以及有能力控制这个信息会发生什么。私隐权可以被认为是一个基本的不可剥夺的权利，或作为个人的权利或财产。标签对象的归属可能不被用户知道，并有可能是不能吸引用户注意的声音或视觉信号。因此，个体可以追寻而他们甚至不知道它将在其网络空间中留下自己的数据或痕迹的。事件的进一步发展，使它已不再是只有国家所感兴趣，也有私人角色在收集相应的数据，如销售企业。

对于业务流程来说，高度的可靠性是必要的。以下是本文对安全性和保密性要求的说明：

抵抗攻击：系统可以避免单一点的失败和调节节点的失败； 数据验证：作为一项原则，检索地址和目标信息必须经过认证； 访问控制：信息提供商必须能够实现所提供数据的访问控制；

客户隐私：需要采取措施使只有信息提供者可以从观察到查找特定客户系统的使用；至少，推断应该是很困难地从事。

民营企业使用物联网技术时，在一般管理业务活动中必须要他们拥有这些风险管理理念的要求。

2.2增强隐私的技术（PET）

满足客户的隐私要求是相当困难的。一些技术已经被开发，以实现信息隐私的目的。这些增强隐私的技术（PET）可以简短地描述为以下几个：

虚拟专用网（VPN）是外联网建立的密切的业务合作伙伴团体。由于合作伙伴的访问，所以他们要保证信息机密性和完整性。但是，这个方案并不允许全球信息的动态交流，而且是不切实际的对于超越国界的第三方外联网。

传输层安全性（TLS），基于一个相应的全球信托机构也可以提高物联网的保密性和完整性。然而，由于各ONS授权需要一个新的TLS连接，搜索的信息将受到许多附加层的负面影响。

DNS安全扩展（DNSSEC）使用公钥加密签署的资源记录，以保证原产地传递信息的真实性和完整性。然而，如果整个互联网界都采用DNSSEC，则只能保证全球ONS信息的真实性。

洋葱路由加密和融合了许多不同来源的互联网流量。即，洋葱路由器在传输路径上使用公共密钥把数据包裹成多个加密层。这个过程会阻碍一个特定的互联网协议数据包发送到一个相匹配的特定源。然而，洋葱路由增加等待时间，从而导致性能问题。

当EPCIS已被设置时，私人信息检索系统（PIR）会隐瞒客户感兴趣的信息。然而，全局可访问系统（如ONS）的可扩展性问题和密钥管理，以及性能问题的出现，使这种方法是不切实际的。

另一种提高安全性和隐私的方法是对等（P2P）系统，该系统在应用程序中通常表现出良好的可扩展性和性能。这些P2P系统可以基于分布式哈希表（DHT）。然而，访问控制必须在实际的EPCIS本身实施，而不是对在DHT的数据存储，因为没有为这两个设计所服务的任何加密。在假设是合理的情况下，对于EPCIS连接的加密和认证，客户使用普通的互联网和Web服务安全框架没有大的困难。特别地，认证的客户可以发布共享机密或使用公共密钥加密。

重要的是，为了让客户来决定是否要使用该标签，附在物体上的RFID标签被可以在较后阶段被禁用。RFID标签可以被它们称为“法拉第笼”的金属箔防护网禁用，这是令人费解的，一定频率的无线电信号可以“杀死”他们，即消除并摧毁他们。然而，这两种选择有一定的缺点。把标签放在一个特殊的笼子里，是比较安全的，如果客户希望如此，它需要把每一个产品的每一个标签都放在笼中。有可能特定的标签被忽略后，客户端和他/她仍然可以被追踪。发送“杀”命令使标签离开空间不能被激活，或使一些识别信息离开标签。此外，企业可能会倾向于不破坏标签而为客户提供激励，或暗中给他们标签。可以设想，解散标签和识别物体之间的连接而不是杀死标签。删除ONS上的信息，以保护标签对象所有者的隐私。虽然标签仍然可以被读取，然而相应的人的潜在信息和进一步资料是不会被检索出来的。

此外，透明度也需要检索非个人身份识别信息的RFID。例如有源RFID没有确定这个人时会保持实时跟踪匿名游客的运动；然而，是否收集这些未涉及传统隐私权法律的资料可以不受任何限制的问题仍然存在。

2.3法律方面的方针

欧盟委员会也意识到有关于RFID和物联网的安全及隐私问题。在2009年5月12日的建议书中把无线射频识别应用到隐私和数据保护的原则中。欧盟委员会邀请会员国提供和指导RFID应用在法律、道德、社会和政治上以可以接受的方式设计和经营，尊重隐私和权利，同时确保个人数据的保护（第1号）。特别地，建议书概述了RFID应用的部署应采取的措施，以确保国家立法符合欧盟数据保护指令95/46，99/5，2002/58（第2号）。会员国应确保该行业与相关的民间社会利益攸关方合作开发一个框架关于隐私和数据保护的影响及评估（PIA第4号）；该数据保护工作小组应在12个月内提交该框架的29条。直到2009年年底，工业和民间社会利益相关者还在建立PIA框架这个过程中。建立PIA的目标是识别应用程序关于隐私和数据保护的影响，以确定是否该公司已采取适当的技术和组织措施以确保相应的保护，对计量检定文件实施适当的保护，作为一个PIA的应用程序，在部署前向主管机关提交报告的依据。据推测，该框架应成为以决定一个通用结构和内容的报告。特别地，RFID关于应用程序描述和范畴，RFID的应用管理实践、问责制分析和解决，有重要意义。此外，运营商要求对个人数据和隐私保护应用程序的执行进行评估，并采取适当的技术和组织措施，以确保个人资料和隐私的保护（第5号），和指定一个人在企业中技术和组织的评估和审查措施的持续适宜性。此外，请各会员国支持欧盟委员会在确定这些应用程序可能引发广大市民信息安全威胁的影响（第6号）。建议在使用RFID时关注关于信息和透明度上的其他规定，在零售贸易中使用RFID的应用时，要提高对行动的认识，研究和发展后续行动（第7-18）。

根据欧洲在其特定通讯的议会，理事会，欧洲经济和社会委员会和地区委员会在物联网（欧洲）的行动计划，欧盟委员会再次指出，物联网框架的安全性和保密性的重要性。特别是行动2线包括连续监测隐私和个人数据保护问题；欧盟委员会设想行动3线的一部分用来开展高科技技术和法律方面“沉默权芯片”的辩论，并提出在任何时候的网络环境中能够让其断开的想法。

3、在法律框架方面的里程碑

物联网体系结构和RFID使用的实施构成了法律上的挑战；议程的基本问题可以表述为如下：

是否需要国家法律（国际或国内）或市场法规有关业务的肯定？

如果设想要立法：现有的/传统的法律是可以用的或新的法律是否有必要制定？

如果新的法律将被制定：哪一种法律是必需的，其实施在何时进行？ 这些法律上的挑战需要被嵌入到人权和宪法框架。2008年2月27日关于德国最高法院决定，关于基本的独立的机密性和完整性相关的信息技术系统值得关注。

3.1系统的方法

适当的法律框架的建立和实施要求有关立法进程的系统方法。因此，应从以下几个方面加以考虑：

系统地发展RFID的使用状况；只有在充分了解事实的情况下，才可以起草适当的法律规定。

法律问题的系统化通过协调正沿着下面讨论四个技术轴，即全球性、垂直度、普遍性和城市技术潜在的发生。

有关物联网和RFID的安全和隐私问题的法律挑战是在质量上予以分类的。特别是，在提高安全性的时候，社会公民有多少隐私正在被侵犯，是必须解决的问题。应寻找解决方案，使隐私和安全的研究不是作为对立的，而是互相影响的原则。

在多方面的事实情况下，这似乎是不可能的在物联网和RFID的各个方面来一个统一的法律框架的。此外，要加以考虑方法的不平衡和差异化。因此，沿轴线集中的技术环境，是建立调控最重要的挑战：

基于事实的全球性，可以在全球范围内销售和分布物联网方面的商品和服务。基于RFID是“全球”技术的意义上，相同的技术工艺可以被应用在世界各地。因此，将会在各国不同的法律下进行大量复杂的商业和贸易。如果RFID标签的产品可在全球范围内流通，则需要同步法律体系。

垂直度指技术环境耐久性的潜力。特别地，它是物联网重要的生命，不仅在供应链中使用RFID标签，而且产品要在最终客户要长时间的使用，比如在废物管理方面。就目前而言，这一要求并不充分满足EPC交通。普遍性指的是RFID标签环 境的范围；从技术上来说，RFID确实可以被用来无处不在包罗万象。

城市技术是一个以保护隐私为目标的重要基础规则的发展。可以考虑划分几个分区，即（i）复杂性的标签（主动和被动的，可重写的，处理和传感器提供的产品），（ⅱ）复杂的后台设备（阅读器或其它链接的媒体）和特别设计的最大读数范围透明度的覆盖要求。

建立法律框架约束所有物联网的参与者时，必须考虑这四个方面的要求。由于这四个方面的要求，要建立的框架必须是全球性的，即被国际立法者建立的一个适用于地球上的每一个对象，直至其被破坏。普遍性问题需要加以解决，特别是把不同的对象放在一起形成一个新的“东西”。

这个新的“东西”可以归结为一个新的标签，或创建可携带多个的标签。虽然第一种情况是比较实用的，该解决方案可将企业的各个部分问题追溯到其起源。该解决方案可以把所有的不同来源各个部分的信息附加到对象的一个标签上。需要找到一个普遍适用的全球性共识。对于城市技术提出的问题也被要求四个方面。如果组成的对象保持所有标签的综合部分，追查有关该对象的所有相关信息变得非常复杂和困难的。正如本文所述，确定一个适当的法律框架要解决各种技术问题。因此，在这个过程中列入技术专家似乎是不可避免的。此外，讨论还表明，需要建立国际层面上的框架并处理所有基本问题。否则，该物联网变得不切实际并不能被有效地使用。

从上述系统化的方法可以得出关于立法的一个潜在结论：一个独特的战略将不能做到令人满意的物联网隐私挑战。不可避免的是，立法者必须用好几个方法。特别是，城市技术方面的考虑也是非常重要的。此外，数据保护和隐私需要建立一个有效的沟通策划平台，为州议员、非政府组织、公众利益团体和国际私营部门之间的对话。

3.2国家法律或自我调节

为物联网在安全性和隐私保护方面建立适当的法律框架，从而解决相应的合法来源问题。在理论上属于不同的监管模式：主要是在传统的国家规定，国际协定和自我调节中选择，在没有任何调节的可能的情况下，这不能被视为一个真正的“解决方案”。如前所述，国家调节的缺点是不符合全球化的事实，通过物联网的交易通常是具有跨国界性质，所以需要一个适当的法律框架。

（一）到目前为止，在物联网监管模式的基础上从技术准则和公平信息的做法自我规管的企业标准。特别是EPC-指引依赖的组件，如“消费者注意事项”，“消费者教育和“持有和IT安全政策”。因此，符合EPC指南要有一个自我控制的策略。这种自我监管模式遵循著名的辅助性原则，这意味着一个特定的社会参与者在没有政府干预的情况下，试图找到合适的解决方案（结构，行为）。自我调节的合法性是基于个人的积极性制定规则的过程。此外，自律比国家法律成本更低，更灵活。原则上，自我调节是有道理的，它比国家法律更有效并且自我调节比遵守社会规则更符合。

自我规管模式的理论方法有很多场景：在许多情况下，自我调节不超过一个概念，一个民间团体，即是在政府（指导性的法规或经审核的自我调节能力）的框架内发生的一个概念。在过去的十年中，这种方法已产生了重要的作用：若政府提供一个总体框架，往往可以由私营部门长期的“共同调控”。州议员不只是制定法律的标准，或一些一般性法律框架的支柱，最终也是政府参与自我监管措施，至少是在对监控目标的进展和成效方面的举措。

在这种情况下，法律学说发展的“软法律”概念表达不仅仅是对私下承诺的政策声，虽低于严格意义上的法律，但也接近一定的法律，拥有一定的法律意义。然而，短期的“软法律”也尚未有明确的范围或可靠的内容。特别是在规则的可执行性方面，法律不是有效（“硬法”）就是不生效（“没有法律”），这意味着它很难区分不同程度的法律效力。一般情况下，只能说软法是一种社会概念密切的法律，它通常包括某种形式的期望和可接受的行为准则。如果不是自愿这样做，这个自我调节的概念不能克服执法策略的不足。因此，立法者的参与似乎是不可避免的。

在过去几年里自我调节的重要性已经获得了认可，但仍然有批评者指出，自律机制只规管那些参加者的积极性和原则性，市场压力尚未强大到足以迫使每个人都采用相关规则。此外，只有通过自我调节利益相关者来满足自己的利益，不是有效的隐私保护。

（二）因此，即使自我调节可以兑现多方面的优点，法律框架背景下安全和隐私的一些支柱也需要设置立法者。这些法律都必须在国际上推出。当代国际法往往承认一个广泛国际法方面理论的定义，根据该领域不再仅局限于民族国家之间的关系的，但接受其他国际成员，比如人类个体、国际组织和法人实体的作用日益重要。由于在一个快速发展的领域习惯规则很难，如物联网发展的主要法律来源表现在法律的一般原则，如良好的意愿、平等相待、在经营活动中的公平性、法律效力的协议等。这些一般原则可以说明“大量的规则是抽象出来的”，所以“不再直接与国家惯例相连而且被很长时间普遍接受”。在一定程度上，“自然法”被认为是基本的法律原则；实际上，一般的法律原则是如此基本，几乎所有的法律制度都可以找到他们。

具体问题的安全性和保密性。由于在世界不同的地区看待隐私问题的一般原则是不相同的，这使得应用程序在跨境业务活动十分困难。因此，一个基本的法律框架应引入国际立法者，然而，保护安全及隐私需求的详细法律规则由私营部门开发。

物联网本身是一个新的系统，它的立法和执政委托一个机构进行，是新的想法，并不牵强。一个新机构要考虑到物联网所在地位的所有特点。此外，考虑到物联网的复杂性，这个机构可以在某种程度上拥有处理问题所必要的能力。另一种方法是创建一个新的整合国际立法者任务的机构，为物联网现有的组织。考虑到物联网的全球性，该组织有一定的领土适用范围。此外，该组织应该有一个只负责物联网的机构。最后，物联网的立法和管理应包含被委任组织的解雇。在考虑这些要求的时候，会想到世界贸易组织（WTO）和经济合作与发展组织（OECD）。可以设立一个特别委员会，作为国际立法者问题的答案，负责物联网的制定规则和监督。该委员会由世界贸易组织和经济合作与发展组织成员国的代表组成，从而确保国际态度。委员会经商议后，发出正式的协议、标准和模式，建议或指引物联网的各种问题。

在该领域的经验和在互联网治理方面的评价不谋而合。由于尚不存在具有国际约束力的涵盖隐私和数据保护的协议。即使隐私是国际人权文书的本质体现，保护在一定程度上也是不够的；只有“极端”的法律保障，如尊重私人生活或避免随意暴露或非法干涉。因此，共同监管是必要的，它已被广泛接受，以确保在网络世界中的隐私可以实施有效的原则。自我规管制度的要素包括按照行为代码的规则实施最佳做法，按照实质性的保障资料原则，建立内部控制程序（遵照规则），设置热线电话公开的处理投诉，透明的数据保护政策。如经济合作与发展组织和艺术指导方针等许多国际文书。EC管理中关于保护个人资料（1995年）的27条，提及自律也是适当的工具。

然而，安全和隐私的保护不完全是由立法者要解决的问题。在信息技术领域的研发也应考虑新发明的道德后果。

3.3法律分类和方案

未来涵盖物联网和RFID的隐私和数据保护问题的立法可能有五种不同的目标：

指引性立法； 禁止性立法； IT安全立法； 应用性立法； 目的性立法。

在未来制定不同类别的法律应以隐私和个人数据保护的目标评估，这取决于使用RFID可涉及到的以下几个方面，即： 产品监控（EPC）；

动物监测（实时验证和监测动物）； 人员监测（实时验证和监控人员）； 收集分析的数据（搜集）。

物联网的背景下，有关产品的EPC方案几乎是最重要的应用。从理论上讲，EPC和个人数据并没有直接的跟踪关系。然而，一个带着RFID标签的人会给使用RFID系统的组织透漏某些数据或收集一些信息。

具体的立法会涉及术语“人”的方面。欧盟的法规以及许多国家的法律，只考虑个人隐私保护法的对象（“自然人”）。特别地，在物联网的范围内，这种认识太过于狭窄。法律人士（如公司）也有这样的隐私利益；例如瑞士的立法，把数据保护法的应用范围扩大到了法人。

（一）指引性立法的宗旨，让顾客了解RFID方案的应用。换句话说，客户应知道哪些数据被收集并也应该在购买后有停用标签的能力。在美国，曾多次努力实现这样的立法。

（二）禁止性立法引入了预期禁止或限制在某些情况下使用RFID的规定。如果社会公众不喜欢某种行为，执行禁止性立法这种做法在传统国家是可能的（至少在书上）。自我监管的机制，倾向于引入激励机制（如果有的话），而不是禁止。

（三）IT安全立法包括要求建立一定的IT安全保护标准，应该保护RFID应用的未经授权的读取和重写。这种规定可以通过自律机制引入国家立法者，而且通常情况下，有关市场参与者会制定行业标准，因此有机会观察到各自的开发商。从技术上说，一个可以设置严格保障措施和频繁报告、审计措施的“第四代”数据保护协议的新框架应当制定。

（四）应用性立法计划在某些情况下以支持RFID的使用。在这种做法违反了禁止性立法时，它设想RFID提供的有关证明文件。因此，立法的方法有微调禁止和应用方法之间的适当平衡。

（五）目的性立法包括法律规定，加强RFID技术在法律挑战研究的社会投入；这种做法的目的在于更好地了解有关问题。

3.4对欧洲立法方式的评价

2009年5月12日，欧盟委员会建议，在互联网安全领域，以一个框架的方式立法。本建议为各成员国制定具体的规则提供了指导。而建议参考的欧盟数据保护指令，它本身并没有规定任何具体的条文。此外，欧盟委员会还引入了一个隐私和影响评估框架，由业界和有关的民间社会的利益相关者建立，确保各成员国发布信息政策的应用。全球的EPC行业正在建立要求建立的框架（私人影响评估，PIA）。即使在2009年11月初也不知道其详细信息，可以说PIA的目标旨在确定对隐私和数据保护的影响，确定该公司是否已经采取了适当的技术和组织措施，以确保各自的保护，记录实施的措施，并作为一个PIA的基础向主管机关报告。涉及RFID的应用有许多重要的描述和范围，RFID应用的治国实践，问责制的挑战，以及分析和解决方面。最后，成员国强烈鼓励支持该欧盟委员会提供的这个对信息安全威胁识别的框架。

欧盟委员会的监管模式，由模糊的框架指引，涉及许多不考虑自我监管模式和行业标准化优劣的方面。该框架以开放的方式被配制，从而确保技术原理如垂直度，普遍性和城市技术等可以实施。然而，由欧盟委员会正在建立的措施，它只适用于在欧洲的成员国，而不是全球。此外，在事实上，它详细的规定是应成员国要求建立的，更是损害了全球性的原则。

然而，欧盟委员会最近提出的建议和沟通证明，在物联网领域的隐私和数据保护问题得到了重视，并对于建立机制有坚强的意志，以确保一旦物联网大规模经营业务那些保证的准确性。

4、前景

物联网的兴起，为确保其保密性和安全性而实行新的监管办法以成为必要。特别是，截获攻击，数据身份验证，访问控制和保证客户的隐私（自然人和法人）。物联网的本质要求有异质性和差异化的法律框架，充分考虑物联网的全球性、垂直度、普遍性和城市技术。

在这种情况下，国家对于地域限制的立法似乎并不合适。然而，到现在为止已被应用的自我调节机制可能不足以确保有效的隐私和安全。因此，由国际层面上的立法者制定实质性的框架为主要原则，私营部门提供补充更详细的规定，似乎是最好的解决方案。通过这样一个框架，可满足每个人一般的要求，然后加以补充的方式来适合有关人士目前的需求。此外，被列入的国际立法者在这个过程中也确保了公共部门继续参与，至少有助于监测过程。

向欧洲委员会选择的那个方向发展。这将是有国际（欧洲）立法者设定的最好框架；这种方法能更好地适应全球性物联网所带来的需求。此外，可以由私营部门建立更详细的规定，私营部门已经把从互联网治理得出的一般经验教训标记在制定的规则里。

有关法例的内容，包括获得信息的权利，禁止或限制使用物联网的规定，对IT安全立法的机制，物联网机制配套使用的规定，并建立一个工作小组进行物联网法律挑战的研究。

而机制仍然需要发展，通过最终问题和建议的早期认识，希望在物联网全面运作之前，可以为他们的遭遇建立有效的监管。

罗尔夫·H·韦伯博士，教授（rolf.weber@ rwi.uzh.ch）是苏黎世大学的教授和香港大学的客座教授。

罗尔夫·H.·韦伯曾在苏黎世大学和哈佛大学法学院学习。自1995年以来，他是苏黎世大学的讲座教授，自2006年以来香港大学的客座教授，教学和出版了在民事、商事和欧洲法律与互联网，媒体和竞争法、国际金融和贸易监管的专题。他是欧洲法律研究中心和苏黎世大学信息与通信法律中心的主任；此外，他的研究生课程是国际商业法及苏黎世大学的MBA项目中的一员。自2008年以来，罗尔夫·H·韦伯博士，教授是全球互联网治理学术网络（你好）督导委员会成员，自2009年他成为信息和通信技术与发展（GAID）全球联盟高级别小组顾问的成员。此外，他所从事的是法律律师和几个瑞士和国际法律期刊的编辑委员会成员。这方面的第一个贡献是在西尔维亚·克尔凯郭尔出版的《网络法律和贸易的法律论述》（主编），2009年1月14日。作者感谢酒精。感谢罗马纳·韦伯为她研究价值的支持。