Good Paper by Mercatus on IoT Privacy and Security

Posted on 12th September 2013 in privacy, security

I’m politically on the liberal, not the libertarian side, but I’ve come to respect the libertarian Mercatus Center, in large part because of the great work Jerry Brito has done there on governmental transparency.

As part of my preparation to moderate a panel on security and privacy at the IoT Summit on October 1st in DC, I just read a great paper on the issue by Mercatus’ Adam Thierer.

In comments submitted to the FTC for its November workshop on these issues titled “Privacy and Security Implications of the Internet of Things,” Thierer says “whoa” to those who would have the FTC and others quickly impose regulations on the IoT in the name of protecting privacy and security.

Opposing pre-emptive, “precautionary” regulations, he instead argues for holding back:

“…. an “Anti-Precautionary Principle” is the better default here and would generally hold that:

“1. society is better off when technological innovation is not preemptively restricted;

“2. accusations of harm and calls for policy responses should not be premised on hypothetical worst-case scenarios; an

“3. remedies to actual harms should be narrowly tailored so that beneficial uses of technology are not derailed.”

He reminds us that, when introduced, such everyday technologies as the phone (you know, the old  on-the-wall kind..) and photography were opposed by many as invasions of privacy, but social norms quickly adapted to embrace them. He quotes Larry Downes, who has written, “After the initial panic, we almost always embrace the service that once violated our visceral sense of privacy.”

Rather than imposing limits in advance, Thierer argues for a trial-and-error approach to avoid unnecessary limits to experimentation — including learning from mistakes.

He points out that social norms often emerge that can substitute for regulations to govern acceptable use of the new technology.

In conclusion, Thierer reminds us that there are already a wide range of laws and regulations on the book that, by extension, could apply to some of the recent IoT outrages:

“…  many federal and state laws already exist that could address perceived harms in this context. Property law already governs trespass, and new court rulings may well expand the body of such law to encompass trespass by focusing on actual cases and controversies, not merely imaginary hypotheticals. State ‘peeping Tom’ laws already prohibit spying into individual homes. Privacy torts—including the tort of intrusion upon seclusion—may also evolve in response to technological change and provide more avenues of recourse to plaintiffs seeking to protect their privacy rights.”

Along the lines of my continuing screed that IoT manufacturers had better take action immediately to tighten their own privacy and security precautions, Thierer isn’t letting them off the hook:

“The public will also expect the developers of IoT technologies to offer helpful tools and educational methods for controlling improper usages. This may include ‘privacy-by-design’ mechanisms that allow the user to limit or intentionally cripple certain data collection features in their devices. ‘Only by developing solutions that are clearly respectful of people’s privacy, and devoting an adequate level of resources for disseminating and explaining the technology to the mass public’ can industry expect to achieve widespread adoption of IoT technologies.”

So get cracking, you lazy IoT developers (yes, you smirking over there in the corner…) who think that security and privacy are someone else’s business: if you don’t act, regulators may step in, and stiffle innovation in the name of consumer protection. You’ll have no one to blame but yourselves.

It’s a good read — hope you’ll check it out!

 

comments: 2 » tags: , , , , , , , ,

The Hill Publishes Op-Ed on IoT Security and Privacy

Posted on 11th September 2013 in privacy, security, US government

Earlier this week, The Hill, the highly-respected Capitol Hill newspaper, published an op-ed co-authored by Chris Rezendes of INEX Advisors and me on the ever-important topic of IoT privacy and security (or lack thereof!).

In it, we warned that “on the heels of the NSA scandal, news of security problems’ threat to privacy may cripple the IoT before it achieves its promise.”

We went on to explain that:

“The record on security and privacy is not reassuring.

“The Obama administration has almost entirely ignored the Internet of Things (by contrast, it’s frequently mentioned by the Chinese leadership, which has invested massive amounts in the technology) . The president has never mentioned it, and the FTC is the only federal agency that has begun to protect IoT privacy and security.”

We called for public-private collaboration to make IoT security and privacy a priority:

“Individual companies must make privacy and security a priority. Opaque user agreements such as Facebook’s letting the service provider remarket or redeploy user data won’t be acceptable. A recent INEX study of one multi-billion industrial market revealing 96 percent of industrial equipment owner/operators believe they own data from their machines, and access to it is theirs to determine — not the machine’s builder or service providers that connect it. Customers must legally own their online data, determine who has rights to what, and sharing must be “opt in”, with ZERO sharing as the default.

“As for security, companies should explore Resilient Networking, a concept developed for the Department of Homeland Security framing new approaches to network/cyber security in more connected, distributed, automated, and dynamic digital networks.

“But individual efforts aren’t as important as collaborative ones, again, because of the data-sharing that is central to the IoT’s transformative power. We’re encouraged by formation of the IPSO Alliance and the IoT Consortium, which make security and privacy a priority.

“The president must also become involved in this issue. One reason is that the IoT will benefit government: cities worldwide are already applying the IoT, and it can make government in general more effective and responsive. Working closely with the private sector is a priority because 85 percent of the nation’s critical infrastructure, including the electric grid, pipelines and chemical plants, is in private hands, and is the focus of IoT initiatives such as a the “smart grid” to make them more interconnected and reliable – but also more vulnerable to a coordinated attack.”

That’s our opinion on this crucial issue. What’s yours?

P.S. A reminder that these issues will be front and center in  the panel on security and privacy that I will moderate at the IoT Summit, to be held October 1st and 2nd at the National Press Club in DC. Don’t miss it!

comments: Comments Off on The Hill Publishes Op-Ed on IoT Security and Privacy tags: , ,

I’ll moderate D.C. panel on IoT privacy and security!

Posted on 5th September 2013 in privacy, security, Uncategorized

Huzzah!  As you know, I’ve been repeating the mantra that, as technological barriers such as battery size disappear, the most important obstacle threatening full development of the Internet of Things is the linked issues of privacy and security.

That’s why I’m quite honored to announce I’ll be hosting a panel on those issues at the 2013 M2M and Internet of Things Global Summit, to be held October 1 and 2 at the National Press Club in DC! 

It’s an impressive panel:

Other panels at the summit will discuss a related issue, device security; actualizing the IoT’s benefits; financing the IoT; IoT devices in the 4G era; and global standards.

Major speakers include:

  •  Edith Ramirez, Chairwoman, FTC
  • Chris Vein, Chief Innovation Officer, The World Bank
  • Kevin Petersen, Senior Vice President, Digital Life, AT&T
  • Ed Tiedemann, Fellow and Head of Standards, Qualcomm
  • David Hoffman, Director of Security Policy and Global Privacy Officer, Intel Corporation
  • Alicia Asín, Co-Founder and CEO, Libelium
  • Chad Jones, VP Product Strategy, Xively
  • Chris Rezendes, President, INEX Advisors
  • Doug Merritt, Senior Vice President, Product, Solutions & Industry Marketing, Cisco

It should be a great conference. Sign up now! See you there!

PS: What questions do you think I should ask the panelists?

comments: 3 » tags: , ,

Why collaboration must replace zero-sum game for IoT profitability

Posted on 3rd September 2013 in collaboration, Essential Truths, Internet of Things, strategy

I guest blogged today @ INEX Advisors today on one of my favorite Internet of Things principles: how thinking collaboratively has to replace I-win-you-lose-zero-sum-game thinking if companies want to really profit from the IoT.

As before, I cited GE as one of the few big companies that’s seizing a strategic advantage in the IoT world by practicing this approach.

comments: Comments Off on Why collaboration must replace zero-sum game for IoT profitability tags: , , , , ,

Usage-based Insurance: Preview of Radical Industry Change Through IoT

Posted on 22nd August 2013 in automotive, Internet of Things, M2M, management, marketing, strategy, transportation

Holy Clayton Christensen! Another wave of “disruptive innovation” is on its way, and this time the Internet of Things is responsible!

I’m confident that the IoT is going to bring about radical change throughout a wide range (if not all…) of vertical markets in the near future, through new realities such as giving everyone who needs it access to real-time information or by making preventive maintenance simple through real-time data from products such as jet turbines (General Electric is, again, a leader…).

However, for concrete evidence of how the IoT will change things, perhaps the best industry to look at is auto insurance, where the IoT is facilitating a fundamental shift in marketing, from the prior practice of basing premiums on proxy indicators such as a student’s grades or a person’s credit rating (leading to the heinous — and expensive — crime of “driving while poor,” LOL).

Progressive Snapshot

Progressive Snapshot

Instead, what is emerging worldwide (especially in Europe) is “usage-based insurance” (UBI), where the rates are based not on guestimates, but the driver’s actual behavior!

Insurance & Technology reports that the transition will only accelerate in the future.

“‘In five or ten years, all insurers will have dynamic driving data, so all will be able to offer discounts,’ says George Ayres, vice president of global sales for Verizon Telematics. ‘There will be no more asymmetry in terms of what they know about customers, so price alone won’t be as effective [for acquiring and retaining customers]. …The insurers who are out front on this idea are realizing [that soon] all will [have to] start to provide much wider breadth of services to keep those captured through price.’

“These services can be as simple as sending additional driving data to the driver’s smartphone, or as complex as auto insurance bundled with a customer relationship solution that sends alerts for scheduled maintenance.”

What a transformation!

Smart business leaders will start paying close attention to the features of the Internet of Things, and begin planning now on how to get ahead of the curve on making certain they are the beneficiaries of disruptive innovation — not the victims!

 

 

comments: 6 » tags: , , ,

IoT will streamline supply chain, reduce environmental impact

Posted on 21st August 2013 in energy, environmental, Internet of Things, M2M, manufacturing, supply chain

There’s a new Deloitte white paper that echoes a theme I’ve been repeating since 1990: smart businesses eliminate inefficiency by eliminating environmental waste.

I predict that the Internet of Things will speed that trend by allowing real-time data sharing throughout the supply chain, further increasing its efficiency.

The white paper, “The Evolving Supply Chain: Lean and Green,” says that:

“Leading companies are now finding that a green supply chain doesn’t just improve the public’s perception of their company and brand; it can save money by using resources more efficiently and reducing waste. It can also help to manage risk by insulating a company from shortages and price shocks, and by reducing the chances that a supplier will do something that gets them in hot water.”

It continues by identifying five key factors to reduce:

“Leading companies create value by modifying their supply chains to manage five key inputs and outputs: energy, carbon, water, materials and waste. These five resources are ubiquitous throughout the supply chain and thus offer vast potential for improved efficiency and cost reduction. Energy is expensive to use; carbon, in the form of emissions, represents dollars gone up in smoke; scarcity and commodity inflation are driving up the price of water and materials; and waste is a potential profit thrown away.”

In my speeches on the “Zero-Waste Economy,” I used to suggest that executives that were contemptuous of tree-hugging environmentalists and could care less about generating wastes should just substitute the work inefficiencies for waste. What hard-nosed company could justify inefficiency?

It’s great to see that the message is finally getting mainstream acceptance, and I really do think that the IoT will boost supply chain efficiency and thereby reduce environmental impacts by allowing everyone in the supply chain who needs operating data to share it simultaneously and in real time.

So there’s really no excuse any more for not practicing smart environmentalism, is there?

PS: To get the specifics about how to translate smart environmentalism into profits, check out Gil Friend’s Natural Logic. He’s got the operating manual.

comments: 1 » tags: , , , , ,

IoT Breakthrough: Ambient Backscatter Allows Battery-less Wireless!

Posted on 20th August 2013 in energy, home automation, Internet of Things, M2M

(BTW: thanx to @TheloT, always a great source of IoT info, for Tweeting this!)

I was impressed when a Harvard research team created a 3-d printed battery the size of a grain of sand, but this is a REAL gamechanger!

CIO reports that  a team of University of Washington researchers have created a new technique, ambient backscatter, which:

“…leverag[es] existing TV and cellular transmissions, rather than generating their own radio waves. This novel technique enables ubiquitous communication where devices can communicate among themselves at unprecedented scales and in locations that were previously inaccessible.”

Thus, existing wireless signals are transformed into a source of power and a communication medium.

You can imagine the implications for the Internet of Things!

Among other applications, the researchers say ambient backscatter could be used for wearable devices, smart home systems, and sensor networks such as ones embedded in bridges to give advance warning of maintenance problems. It could also be used for NFC payments.

CIO reports that:

“Groups of the devices were tested in a variety of settings in the Seattle area, including inside an apartment building, on a street corner and on the top level of a car park. These locations ranged from less than half a mile away from a TV tower to about 6.5 miles away.

“They found that the devices were able to communicate with each other, even the ones farthest from a TV tower. The receiving devices picked up a signal from their transmitting counterparts at a rate of 1 kilobit per second when up to 2.5 feet apart outdoors and 1.5 feet apart indoors. This is enough to send information such as a sensor reading, text messages and contact information.

“The researchers were able to demonstrate how one payment card can transfer funds to another card by leveraging the existing wireless signals around them.”

The U of Washington team won the prize for the top paper at the Association for Computing Machinery’s Special Interest Group on Data Communication 2013 conference in Hong Kong.

What a breakthrough! It looks like Kris Pister’s “smart dust” vision will be a reality soon!

comments: 3 » tags: , , , ,

BABY MONITOR HACKED: MAKE-IT-OR-BREAK IT MOMENT FOR #IoT!!

Posted on 15th August 2013 in health, home automation, Internet of Things, privacy, security

I’m hitting on the same subject, privacy and security, for two posts in a row because now there’s been an incident that really could jeopardize the future of the IoT!

Call me an alarmist if you will, but I say ignore it at your peril…

As blogged by GigaOm, ABC News reported this week on an incident where a hacker got access to a — this is getting repetitious — IoT product with laughable security.

This time, it wasn’t the main-stream media reporting just a friendly wake-up call

Foscam Baby Monitor

(literally and figuratively…) from a reporter about a vulnerability, or a general warning about possible threats to home and car: it was a story guaranteed to strike a primal fear in the heart of every parent: a threat to their infant!

 

Here’s what happened, according to ABC:

“A Houston couple is still shaken after saying they heard the voice of a strange man cursing and making lewd comments in the bedroom of their 2-year-old daughter.

“When Marc Gilbert and his wife Lauren entered the room, the voice cursed them as well.

“The creepy voice — which had a British or European accent — was coming from the family’s baby monitor that was also equipped with a camera. A hacker apparently had taken over the monitor.”

Are you a parent? If so, don’t tell me that wouldn’t have your blood boiling!

Oh, BTW, ABC tossed in a reminder that baby monitors can be used by potential burglars

Once again, I’ll harken back to my days as a corporate crisis consultant to warn that this is precisely the kind of incident that is going to be repeated ad nauseum by privacy advocates and others to warn about the dangers of the IoT.

Even worse, those of who are immersed in the IoT 24/7 may not realize it, but I’d bet the majority of people worldwide still haven’t heard of the IoT. Is this the way we want them to find out about it???

So my parting advice would be to go out today and buy a Foscam baby monitor (heck, they’re probably giving them away now — who the heck would buy one?) and put it in a place of prominence on your CEO’s desk as a reminder that if you don’t take privacy and security seriously, the media will be quick to remind you…

 

comments: Comments Off on BABY MONITOR HACKED: MAKE-IT-OR-BREAK IT MOMENT FOR #IoT!! tags: , ,

CRUCIAL: more media coverage underscores need for IoT emphasis on privacy & security

Posted on 12th August 2013 in privacy, security

Sorry to keep harping on it, but two recent articles in high-visibility publications — The NY Times and Forbesunderscore my contention that security and privacy issues threaten to derail the IoT revolution before it really gets going.

I say that because I spent a decade as an award-winning corporate crisis communicator — on more than one occasion saving the corporate bacon of Fortune 100 firms that didn’t understand that the public isn’t always scrupulously logical when it comes to their fears. Illogical linkages are nonetheless real ones.

The current example of that is the flap over NSA surveillance. The most recent comprehensive public opinion survey, by Pew, shows that a majority of Americans are now concerned that the surveillance has gone too far:

“Among other things, Pew finds that ‘a majority of Americans – 56% – say that federal courts fail to provide adequate limits on the telephone and internet data the government is collecting as part of its anti-terrorism efforts.’ And ‘an even larger percentage (70%) believes that the government uses this data for purposes other than investigating terrorism.’ Moreover, ‘63% think the government is also gathering information about the content of communications.” That demonstrates a decisive rejection of the US government’s three primary defenses of its secret programs: there is adequate oversight; we’re not listening to the content of communication; and the spying is only used to Keep You Safe™.”

So what’s that have to do with the IoT?

Plenty!

Consider the beginning of Forbes reporter Kashmir Hill’s article on the security vulnerabilities of home automation systems, with the eye-catching title “When ‘Smart Homes’ Get Hacked: How I Haunted a Complete Stranger’s Home Via the Internet“:

“‘I can see all of the devices in your home and I think I can control them,’ I said to Thomas Hatley, a complete stranger in Oregon who I had rudely awoken with an early phone call on a Thursday morning.

“He and his wife were still in bed. Expressing surprise, he asked me to try to turn the master bedroom lights on and off. Sitting in my living room in San Francisco, I flipped the light switch with a click, and resisted the Poltergeist-like temptation to turn the television on as well.

“’They just came on and now they’re off,’he said. ‘I’ll be darned.'”

I’m convinced that people who are already alarmed about the NSA surveillance will not be enthusiastic about home automation, or the IoT in general, when they read that! If not overt, their minds will at least make a subliminal connection between the two stories, and they’re going to be afraid!

Add in former CIA Director David Petraeus’ enthusiasm for the IoT as a new arrow in the quiver of spycraft, and you’ve got the potential for a really-spooked public.

Here’s a major part of the problem, based on my crisis management background: engineers, more likely than not, are left-brained and analytical. As a result, their immediate reaction will be to demonstrate — very logically — why the two issues are completely different, and the IoT shouldn’t be tarred with the NSA’s abuses.

Hogwash.

The majority of Americans aren’t engineers, and they’re scared, so deal with it, or the IoT will be crippled.

I’ve just drafted an op-ed that I hope to place this week that argues privacy and security must be just as much an #IoT industry priority as is innovative technology. It says that the emphasis of IoT consortia such as the IPSO Alliance and the IoT Consortium on collaborative approaches to security are critical, because the essence of the IoT is on sharing of data, and that the Obama Administration must become active as well.

It concludes:

“The Internet of Things has truly remarkable potential to improve the economy’s efficiency, improve health care, and make our lives more comfortable and enjoyable. But if it’s security and privacy standards aren’t a top priority for government and industry, all of those benefits may be squandered. “

Don’t say I didn’t warn you!

PS: the second article I mentioned at the top was a considerably less provocative one in today’s New York Times. The fact that The Gray Lady of American Journalism is now following this issue should be a significant concern.

 

 

 

comments: 1 » tags: , , , , ,

GE Crowdsourcing Design For 3-D Printing Project

Posted on 1st August 2013 in 3-D printing, Essential Truths, Internet of Things, manufacturing, strategy, transportation

OK, I admit to losing all sense of objectivity on this one! After all, it hits all my sweet spots:

  • Internet of Things (AKA General Electric’s “Internet of Things”)
  • 3-D printing
  • crowdsourcing/collaboration.

As I wrote earlier, about GE’s collaboration with Electric Imp and Quirky, this exemplar of Industrial Age might (what could be more powerful than a GE locomotive???) really seems to get it that the Internet of Things is as much about new attitudes of collaboration and sharing data as it is about Internet technology.

GE jet engine mount

So it’s no surprise that Industry Week reports on a new GE initiative, soliciting crowdsourced designs for a new jet engine bracket that will be produced through 3-D printing.

As Christine Furstoss, technical director of Manufacturing and Material Technologies at GE Global Research, explains:

“‘For any industry to be successful, you really need to develop communities or ecosystems of partners and thought leaders…

‘No sustainable, established industry technology exists without multiple players, multiple styles of thought, multiple ways of growing … We feel like one of the best ways to stimulate that, to find the newest and best ideas, is to start with open collaboration.'”

Bravo!

Contrast that attitude with what is still all too prevalent, as summarized by Paul Horn, former senior vp of research at IBM:

“Horn remembers a time before open innovation — a competitive, suspicious era when innovative and great, transformative ideas were only allowed to grow in a tightly sealed vacuum.

‘When we built the Almaden Laboratory at IBM in the early 1980s, we put it south of Silicon Valley on purpose,’ he recalls. ‘In those days, our biggest fear was the leaking of intellectual property out into the valley.'”

I suspect that one of the biggest obstacles to full realization of the IoT’s promise will be the difficulty of leaving that old zero-sum game, my-gain-is-your-loss mentality behind!

I wasn’t aware that this latest competition, to design a 3-D printed bracket strong enough to support a jet engine on a commercial plane, is part of a 2-year crowdsourcing initiative, with approximately $20 million in prizes for products, designs and processes, especially in 3-D printing:

“‘We’re trying to find thought leaders in this area — people who may know through a technique they’ve devised or a piece of software that they’ve found or just their own experiences what is the best way to design with additive for real industrial parts,’ Furstoss explains. ‘We’re really at the birth of industrial additive technology. This is a way for us to build support for that community of makers.'”

Furstoss says the crowdsourcing competitions are no knock on GE’s own 50,000 engineers: “‘We have a platform in place that can put a student in his dorm on the same plane as our engineers,’ she says. ‘We’re making sure that people who may have ideas, may have skills, may have things to offer have an opportunity to bring them forward, no matter who they are.'”

It’s that kind of openness to not only new technologies, but also new management practices, that will give GE a huge head start over competitors that have yet to come to grips with the new reality: the Internet of Things!

 

comments: 1 » tags: , , , ,
« Previous Next »
http://www.stephensonstrategies.com/">Stephenson blogs on Internet of Things Internet of Things strategy, breakthroughs and management