Purpose creep by design: Transforming the face of surveillance through the Internet of Things
As the economy of Europe is crumbling, politicians are desperate to grab on to anything that might save society. Companies are more than willing to provide a panacea for all the problems that are perceived, a vision to be trusted and to be invested in. Society should be safer, cleaner, more comfortable, more efficient and more secure! To realize efficiency in society, up-to-date information about the processes that are vital to it is indispensable. The more detailed this information is and the more parties have access to it, the more accurate decisions can be taken. So what would be more attractive than a society that provides ways to realize these wishes, and through their realization spreads the means of gathering data on an unprecedented scale and takes decisions that are necessary to improve the process? Although the skeptic, or realist for that matter, might deem this a bit optimistic, the fact is that the EU is and has been actively collaborating with industry to get this vision airborne. There is no one common denominator for this utopian vision, but the EU uses the term ‘the Internet of Things (hereafter the IoT)’ to formulate and build a specific part of their ICT-policy around. The central idea is to weave ICT into the fabric of everyday things, connect them to the Internet and thus create an intelligent network that, according to EU-reports, “will stimulate economic growth, improve individuals’ well-being and address some of today’s societal problems”. According to expectations expressed by the European Commission (hereafter the Commission) 50 billion things will be online by 2020, creating a vast web of things that are connected to the Internet and can be accessed anywhere. According to the Head of Unit Internet of Things from the European Commission, Gérald Santucci, the IoT even has the potential of connecting the 100 000 billion things that are deemed to exist on earth.
The IoT might sound far away, but according to Cisco it became a reality when the number of machines connected to the Internet exceeded the number of people in 2008-2009. A very broad definition of the IoT is given by CASAGRAS (Coordination And Support Action for Global RFID-related Activities and Standardisation) as "a global network infrastructure, linking physical and virtual objects through the exploitation of data capture and communication capabilities. This infrastructure includes existing and involving Internet and network developments. It will offer specific object-identification, sensor and connection capability as the basis for the development of independent cooperative services and applications. These will be characterised by a high degree of autonomous data capture, event transfer, network connectivity and interoperability."
The shadow side of the IoT vision is that it only takes a few tweaks to turn this tailored-service-society into an unprecedented surveillance-society. The same data that is used to offer services can be used to gain control over a data subject. Objects in the IoT can not only be accessed, but also “read, recognised, addressed, located and/or controlled remotely through the internet”. This use of data for a different goal than it was collected for is commonly known as function creep. This term originated in the world of technology to indicate inventions that were intended to serve a certain goal, that later were used for a different function. Therefore I will use the more accurate purpose creep.
 ‘Internet of Things – An action plan for Europe’, p. 4 (Brussels: Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of theRegions, 2009) http://ec.europa.eu/information_society/policy/rfid/documents/commiot2009.pdf, last seen December 1th, 2011.
 See http://www.wired.com/beyond_the_beyond/2011/02/spime-watch-the-internet-of-things-a-window-to-our-future/, last seen November 27th, 2012.
 Gérald Santucci is Head of Unit Internet of Things and Future Internet Enterprise Systems, European Commission, see http://www.digitalarti.com/files/Digitalarti-5_UK-site-internet-MD.pdf, last seen November 27th, 2012.
 Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions, Radio Frequency Identification (RFID) in Europe: steps towards a policy framework, Brussels 15.3.2007, COM (2007) 96 final, p. 3.
 European Parliament resolution of 15 June 2010 on the Internet of Things, paragraph E.
EJLT is an open access journal, aiming to disseminate academic work and perspectives as widely as possible to the benefit of the author and the author’s readers. It is the assumption of the EJLT that authors who publish in the journal wish their work to be available as freely and as widely as possible through the open access publishing channel.
Authors who publish with EJLT will retain copyright and moral rights in the underlying work but will grant all users the rights to copy, store and print for non-commercial use copies of their work. Commercial mirroring may also be carried out with the consent of the journal. The work must remain as published – without redaction or editing – and must clearly state the identity of the author and the originating EJLT url of the article. Any commercial use of the author’s work - apart from mirroring - requires the permission of the author and any aspects of the article which are the property of EJLT (e.g. typographical format) requires permission from EJLT.
Authors can sometimes become no longer contactable (through, for example, death or retirement). If this occurs, any rights in the work will pass to the European Journal of Law and Technology which will continue to make the work available in as wide a manner as possible to achieve the aims of open access and ensuring that an author's work continues to be available. An author - or their estate - can recover these rights from EJLT by providing contact information.
The European Journal of Law and Technology holds rights in format, publication and dissemination.
EJLT, as a non-commercial organisation - which receives donations to allow it to continue publishing – must retain information on reader access to journal articles. This means that we will not give permission to mirror the journal unless we can be provided with full details as to reader access to each and every journal article. We prefer and encourage deep linking rather than mirroring. Encouragement is thus given for all users – commercial and non-commercial – to provide indexes and links to articles in the EJLT where the index or link points to the location of the article on the EJLT server, rather than to stored copies on other servers.
Please contact the European Journal of Law and Technology if you are in any doubt as to what this statement of use covers.