Purpose creep by design: Transforming the face of surveillance through the Internet of Things

Tijmen Wisman


As the economy of Europe is crumbling, politicians are desperate to grab on to anything that might save society. Companies are more than willing to provide a panacea for all the problems that are perceived, a vision to be trusted and to be invested in. Society should be safer, cleaner, more comfortable, more efficient and more secure! To realize efficiency in society, up-to-date information about the processes that are vital to it is indispensable. The more detailed this information is and the more parties have access to it, the more accurate decisions can be taken. So what would be more attractive than a society that provides ways to realize these wishes, and through their realization spreads the means of gathering data on an unprecedented scale and takes decisions that are necessary to improve the process? Although the skeptic, or realist for that matter, might deem this a bit optimistic, the fact is that the EU is and has been actively collaborating with industry to get this vision airborne. There is no one common denominator for this utopian vision, but the EU uses the term ‘the Internet of Things (hereafter the IoT)’  to formulate and build a specific part of their ICT-policy around. The central idea is to weave ICT into the fabric of everyday things, connect them to the Internet and thus create an intelligent network that, according to EU-reports, “will stimulate economic growth, improve individuals’ well-being and address some of today’s societal problems”.[1] According to expectations expressed by the European Commission (hereafter the Commission) 50 billion things will be online by 2020, creating a vast web of things that are connected to the Internet and can be accessed anywhere.[2]  According to the Head of Unit Internet of Things from the European Commission, Gérald Santucci, the IoT even has the potential of connecting the 100 000 billion things that are deemed to exist on earth.[3]


The IoT might sound far away, but according to Cisco it became a reality when the number of machines connected to the Internet exceeded the number of people in 2008-2009. A very broad definition of the IoT is given by CASAGRAS (Coordination And Support Action for Global RFID-related Activities and Standardisation)  as "a global network infrastructure, linking physical and virtual objects through the exploitation of data capture and communication capabilities. This infrastructure includes existing and involving Internet and network developments. It will offer specific object-identification, sensor and connection capability as the basis for the development of independent cooperative services and applications. These will be characterised by a high degree of autonomous data capture, event transfer, network connectivity and interoperability."[4]


The shadow side of the IoT vision is that it only takes a few tweaks to turn this tailored-service-society [5]into an unprecedented surveillance-society. The same data that is used to offer services can be used to gain control over a data subject. Objects in the IoT can not only be accessed, but also “read, recognised, addressed, located  and/or controlled remotely through the internet”.[6] This use of data for a different goal than it was collected for is commonly known as function creep. This term originated  in the world of technology to indicate inventions that were intended to serve a certain goal, that later were used for a different function. Therefore I will use the more accurate purpose creep.  

[1] ‘Internet of Things – An action plan for Europe’, p. 4 (Brussels: Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of theRegions, 2009) http://ec.europa.eu/information_society/policy/rfid/documents/commiot2009.pdf, last seen December 1th, 2011.

[2] See http://www.wired.com/beyond_the_beyond/2011/02/spime-watch-the-internet-of-things-a-window-to-our-future/, last seen November 27th, 2012.

[3] Gérald Santucci is Head of Unit Internet of Things and Future Internet Enterprise Systems, European Commission, see http://www.digitalarti.com/files/Digitalarti-5_UK-site-internet-MD.pdf, last seen November 27th, 2012.

[4] Casagras Final report page 10. See http://bit.ly/XFaEXX, last seen January 24th, 2013.

[5] Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions, Radio Frequency Identification (RFID) in Europe: steps towards a policy framework, Brussels 15.3.2007, COM (2007) 96 final, p. 3.

[6] European Parliament resolution of 15 June 2010 on the Internet of Things, paragraph E.

Full Text: