M2M and US PRISM revelations: a German view

For a few days now, the news about the PRISM program (involving data collection from the US National Security Agency) has terrified us and delivered the confirmation of some long-held suspicions. Suspicions that we in the M2M industry have mostly repressed.

At first glance, PRISM revolves around a comprehensive monitoring of communications between people, and therefore really shouldn’t involve M2M – or machines – at all.

For a few days now, the news about the PRISM program (involving data collection from the US National Security Agency) has terrified us and delivered the confirmation of some long-held suspicions. Suspicions that we in the M2M industry have mostly repressed.

At first glance, PRISM revolves around a comprehensive monitoring of communications between people, and therefore really shouldn’t involve M2M – or machines – at all.

It would therefore be correct to think that data from Google Mail, Facebook or Dropbox that is sucked up by the NSA mostly involves people. That’s just about right, but at least one point from the press coverage coming out of this situation should make us think …

Bloomberg reports: “Thousands of technology, finance and manufacturing companies are working closely with US national security agencies, providing sensitive information and in return receiving benefits that include access to classified intelligence.”

What the companies bring to the table (for the NSA) is information about security gaps (so called 0-days) or “backdoors” – what the companies get paid in return is wonderful fodder for speculation.

If this report is only marginally correct (and Bloomberg is surely to be taken seriously), then we will all clearly need to have a lot less trust in US technology in the future. Eventually, backdoors will not be used only by the spies of the NSA.

A quote from Mr Weasley in the novel “Harry Potter and the Chamber of Secrets”, seems very appropriate here: “Never trust something that can think for itself, if you can’t see where it keeps its brain.”

Perhaps we should keep this quote in the back of our minds when we look at components – be it software or hardware – for an M2M project. Can we see behind the facade (for example, is it Open Source?), or do we really, fundamentally trust that this component is only “working for us”.

In this context, at least, German vendors could gain some surprise advantages in the M2M value chain of the future. Without specific reasons for trust (and with acknowledgement of a few very large exceptions), M2M will remain primarily a national phenomenon.

PS: anyone that is putting their M2M data in a “cloud” that is managed by a US-firm, given what we know today, is taking on some risk at the very least. If there is personal data involved – and if German Data Protection law isn’t nullified by any kind of a “EU Placebo” – then, in Germany, it is (as it has been) basically illegal.

Jan Behrmann is founder of the German consultancy M2M Concepts, and his blog – m2m-blog.de – is one of the most influential in European M2M circles.