Boston Crowdsourced Campaign to Give City 1st Citywide Free IoT Data Network in US

You’ll remember I got quite excited while blogging the new citywide free IoT data network in Amsterdam, and decided on the spot to make Boston the first US city with such a network.  Here’s our release!

Crowdsourced Campaign to Create Free Citywide IoT-Data Network in Boston
would be first city in US to share Internet of Things’ benefits citywide

(Boston, September 21, 2018) — A crowdsourced campaign will make Boston the first US city with a free, citywide Internet of Things (IoT) data network, facilitating entrepreneurial, municipal, and neighborhood innovations in everything from traffic reduction to public health.

The Boston campaign is based on one in Amsterdam that built a similar network in a month (although not penetrating all neighborho0ds), and activists there are helping the Boston effort. While being built, the Amsterdam system already spawned uses such as a water detector to canal boat owner a text that a boat is filling with water and a system for the Port of Amsterdam using sensors to create real-time information to help manage boat traffic more efficiently. The campaign complements opening of the INEX IoT Impact Lab in New Bedford, President Obama’s $160 million fund for “smart cities” projects, and the Amsterdam group’s effort to spread the approach to 5 continents.

The network will use new LoRaWAN gateways, which  let things exchange data without 3G or Wi-Fi, and feature low battery usage and a range of up to 7 miles.  Several companies have already donated units to the Boston campaign before the launch.

According to IoT thought leader W. David Stephenson of Stephenson Strategies, who also founded the 1,500 member Boston IoT Meetup (which will form the core of the crowd-sourced campaign), “We hope to gain wide public and private support because this will not only spark profitable innovation, but also other efforts that will make Boston, especially the neighborhoods, a better place to live. Think of what your companies — and the city as a whole — could do if we had such a network: the entire city of Boston would become an IoT lab/sandbox, encouraging incredible innovation in use of IoT. But we must move quickly if we are to be the first US city with such a network.”

IoT entrepreneur Chris Rezendes of INEX Advisors, co-chair of the IoT Meetup and creator of the New Bedford IoT Impact Lab, said “the IoT will prove its real value when people and companies can see the tangible results improving their daily lives and corporate efficiency. From New Bedford to Boston, we’re a world leader in making the IoT a tangible reality for companies and cities alike.”

Wish us luck: if we’re successful, look forward to working with The Things Network to spread the concept worldwide — the sooner the better!

Give It Up, People: Government Regulation of IoT Is Vital

Could this be the incident that finally gets everyone in the IoT industry to — as I’ve said repeatedly in the past — make privacy and security Job 1 — and to drop the lobbying groups’ argument that government regulation isn’t needed? 

I hope so, because the IoT’s future is at stake, and, frankly, not enough companies get it.

I’m referring to the Chrysler recall last week of 1.4 million Jeeps for a security patch after WIRED reported on an experiment in which two white-hat hackers remotely disabled a Jeep on an Interstate from miles away, exploiting a vulnerable link between its entertainment and control systems.  Put yourself in the place of reporter Andy Greenberg, then tell me with a straight face that you wouldn’t be out of your mind if this happened to you:

“As the two hackers remotely toyed with the air-conditioning, radio, and windshield wipers, I mentally congratulated myself on my courage under pressure. That’s when they cut the transmission.

Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.

At that point, the interstate began to slope upward, so the Jeep lost more momentum and barely crept forward. Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror. I hoped its driver saw me, too, and could tell I was paralyzed on the highway.

“You’re doomed!” Valasek [one of the hackers] shouted, but I couldn’t make out his heckling over the blast of the radio, now pumping Kanye West. The semi loomed in the mirror, bearing down on my immobilized Jeep.”

OK: calm down, get a cool drink, and, when your Apple Watch says your heart beat has returned to normal, read on….

But, dear reader, our industry’s leaders, assumedly knowing the well-publicized specifics of the Chrysler attack, had the hubris to still speak at a hearing of the Internet Subcommittee of the House of Representatives Judiciary Committee last week and claim (according to CIO) that that government regulation of the IoT industry wasn’t needed.

CEA CEO Gary Shapiro said in calling for government “restraint”:

“It’s up to manufacturers and service providers to make good decisions about privacy and security, or they will fail in the marketplace….. Industry-driven solutions are best to promote innovation while protecting consumers.”

Sorry, Gary: if someone dies because their Jeep got spoofed, the survivors’ attorneys won’t be content with the company’s failure in the marketplace.

There are some important collaborative efforts to create privacy and security standards for the IoT, such as the AllSeen Alliance. However, as I’ve written before, there are also too many startups who defer building in privacy and security protections until they’ve solved their technology needs, and others, most famously TRENDnet, who don’t do anything at all, resulting in a big FTC fine.  There are simply too many examples of hackers using the Shodan site to hack into devices, not to mention academics and others who’ve showed security flaws that might even kill you if exploited.

One local IoT leader, Paddy Srinivasan of LoMein, gets it, as reported today by the Boston Globe‘s Hiawatha Bray:

“‘I think it is a seminal moment…. These new devices need a fresh approach and a new way of thinking about security, and that is the missing piece.'”

But it’s too late to just talk about self-policing.

Massachusetts’ own Ed Markey and his Connecticut counterpart, Richard Blumenthal, have called the associations’ bluff, and filed legislation, The Security and Privacy in Your Car Act (AKA SPY Car, LOL)  that would require the National Highway Traffic Safety Administration (NHTSA) and the Federal Trade Commission (FTC) to establish federal standards to secure cars and protect drivers’ privacy. It would also create a rating system — or “cyber dashboard”— telling drivers about how well the vehicle protects drivers’ security and privacy beyond those minimum standards. This comes in the wake of the Markey study I reported on last Winter documenting car companies’ failure to build in adequate cyber-hacking protections.

Guess what, folks?  This is only the beginning.  Probably the only thing I’ve ever agreed with Dick Cheney on (ok, we agree it’s cool to have been born in Wyoming and that Lynne Cheney is a great writer), is that it wouldn’t be cool for the Veep to have his pacemaker hacked, so you can bet there will be legislation and regulations soon governing privacy and security for wearables as well.

As I’ve said before, I come at this issue differently from a lot of engineers, having earned my keep for many years doing crisis management for Fortune 100 companies that bet the farm by doing dumb things that could destroy public trust in them overnight. Once lost, that trust is difficult, if not impossible, to regain.  Even worse, in this case, cavalier attitudes by even one IoT company, if the shock value of the results is great enough, could make everyone in the industry suffer.

So, if you’re arguing for no regulation of the IoT industry, I have just one suggestion: shut up,clean up your act and take a positive role in shaping regulations that would be performance-based, not prescriptive: the horse has already left the barn.

Now I have to check my Apple Watch to see when my heart rate will get back to normal.

 

LOL: The Boston Olympics that Will Not Be: How the IoT MIGHT Have Pulled It Off!

Well, there go the billions my wife and I were going to make from renting our house through Airbnb for the Boston 2024 Olympics….   The US Olympic Committee pulled their support for the bid several hours ago based on the lack of public support for the proposal, which comes as NO surprise to those of us who know and (sometimes) love the local sport of choice in Boston: not the modern pentathalon, but debating any issue ad nauseum and eating our own.

Oh well!  I’d been planning a special meeting of our Boston IoT MeetUp for September about how the IoT really might make it possible that we could both build the Olympic infrastructure on time and on budget through creative use of the IoT AND also build a positive legacy that would endure after the games were over.

I’d also just written an op-ed on the subject. Since the chances of getting one of the local rags to publish that now are also zero, I thought I’d post it here, in hopes that it may inspire the other cities still bidding for the Games to adopt this approach, and that Boston and Massachusetts will also make the IoT a critical part of any major construction projects and smart city strategies.


 

What if a single approach could meet both of Boston 2024’s main challenges: building the venues on-time and under budget, AND assuring a positive legacy for the city, region and state?

There is: the Internet of Things (IoT), the concept of linking not just people, but also devices, via the Internet so they can be coordinated and activated automatically and in real time.  The IoT is already a reality, as demonstrated by examples ranging from “smart” thermostats you can adjust from your smartphone to fitness devices that let you track your vital signs.

While most are still unaware of the IoT, Boston was recently ranked as the world’s fourth-leading city in terms of numbers of IoT companies, and the Boston IoT MeetUp that I co-chair has grown to 1400 members in less than two years.

Every Olympics faces serious questions because of the history of cost overruns and construction delays, but our bid faces the extra burden of the botched Big Dig.

Construction sites are inherently chaotic because of so much equipment and so many subcontractors, resulting in an astounding 70-80% idle time, but the IoT changes that.  My client, SAP, and SK Solutions have collaborated in Dubai (which is on a construction binge dwarfing anything the Olympics might bring), putting sensors on all of the construction equipment, trucks, etc., so that the managers can visualize, in real-time, who is where, and make sure the right ones are in place and ready to go exactly when needed. Everyone who needs it, from operators to maintenance, shares the same data at the same time, building collaboration and efficiency.

The IoT can also make the games run smoothly and efficiently. After last Winter, we know how poorly the MBTA operates currently. The IoT can dramatically improve operations because sensors will report real-time data about the condition of every piece of rolling stock, so issues can be dealt with quickly and cheaply ( “predictive maintenance”) before they become critical. Ports and airports, such as Logan, are also inherently chaotic, but the Port of Hamburg has increased its operating efficiency through IoT coordination of every vehicle.  Clever IoT transportation projects already underway by the Mayor’s Office of the New Urban Mechanics can also help the games operate efficiently.

Believe it or not, even the most prosaic parts of our urban landscape can and must be reinvented to make the games run smoothly.  You’ve already seen the ultra-modern Big Belly Solar trash compactors (from Needham) that now dot downtown, which compact trash and collect recycling to make our streets cleaner. But did you know that each of them also houses a wireless system that creates a free “mesh network” that gives us free wi-fi access on the streets as well (and, in a post-Olympics disaster, could provide real-time response information)? Why not deploy them region-wide? Or, why have conventional streetlights when there are ones that not only cut electric use with LED bulbs, but also have banner-like LED panels that could have constantly-changing panels about that day’s events and would switch instantly to showing real-time detours because of data about traffic jams just ahead?

The Olympics will also stress our electricity infrastructure, and the IoT can help there as well. Two-way real-time data flow will allow a electric “smart grid” to dispatch power exactly when, where, and in the amount needed. What if we also had the world’s best network of neighborhood electric car chargers, and if Zip Car, one of our home-bred IoT innovations, became the preferred way of getting around not just downtown, but also the whole region?

A smart grid and efficient, reliable mass transit wouldn’t be the only positive legacy from the IoT.  If the Olympic Village to house the athletes was made up of “smart buildings” with built-in sensors, after the Olympics they would become economical, user-friendly and affordable apartments.

You may not have heard much about the Internet of Things so far, but the technology is already here, and the cost is plummeting.  Major orders for sensors, operating software and other components for the Olympics would create more jobs in our local IoT industry and further drive down the IoT’s cost.

Experts agree that the IoT will bring about as radical a transformation in our lives and economy as the Internet did, and making it the centerpiece of Boston’s Olympics construction, operations and legacy planning could make us again the Hub of the (Internet of Things) Universe.


 

Oh well!

McKinsey IoT Report Nails It: Interoperability is Key!

I’ll be posting on various aspects of McKinsey’s new “The Internet of Things: Mapping the Value Beyond the Hype” report for quite some time.

First of all, it’s big: 148 pages in the online edition, making it the longest IoT analysis I’ve seen! Second, it’s exhaustive and insightful. Third, as with several other IoT landmarks, such as Google’s purchase of Nest and GE’s divestiture of its non-industrial internet division, the fact that a leading consulting firm would put such an emphasis on the IoT has tremendous symbolic importance.

McKinsey report — The IoT: Mapping the Value Beyond the Hype

My favorite finding:

“Interoperability is critical to maximizing the value of the Internet of Things. On average, 40 percent of the total value that can be unlocked requires different IoT systems to work together. Without these benefits, the maximum value of the applications we size would be only about $7 trillion per year in 2025, rather than $11.1 trillion.” (my emphasis)

This goes along with my most basic IoT Essential Truth, “share data.”  I’ve been preaching this mantra since my 2011 book, Data Dynamite (which, if I may toot my own horn, I believe remains the only book to focus on the sweeping benefits of a paradigm shift from hoarding data to sharing it).

I was excited to see that the specific example they zeroed in on was offshore oil rigs, which I focused on in my op-ed on “real-time regulations,” because sharing the data from the rig’s sensors could both boost operating efficiency and reduce the chance of catastrophic failure. The paper points out that there can be 30,000 sensors on an rig, but most of them function in isolation, to monitor a single machine or system:

“Interoperability would significantly improve performance by combining sensor data from different machines and systems to provide decision makers with an integrated view of performance across an entire factory or oil rig. Our research shows that more than half of the potential issues that can be identified by predictive analysis in such environments require data from multiple IoT systems. Oil and gas experts interviewed for this research estimate that interoperability could improve the effectiveness of equipment maintenance in their industry by 100 to 200 percent.”

Yet, the researchers found that only about 1% of the rig data was being used, because it rarely was shared off the rig with other in the company and its ecosystem!

The section on interoperability goes on to talk about the benefits — and challenges — of linking sensor systems in examples such as urban traffic regulation, that could link not only data from stationary sensors and cameras, but also thousands of real-time feeds from individual cars and trucks, parking meters — and even non-traffic data that could have a huge impact on performance, such as weather forecasts.  

While more work needs to be done on the technical side to increase the ease of interoperability, either through the growing number of interface standards or middleware, it seems to me that a shift in management mindset is as critical as sensor and analysis technology to take advantage of this huge increase in data:

“A critical challenge is to use the flood of big data generated by IoT devices for prediction and optimization. Where IoT data are being used, they are often used only for anomaly detection or real-time control, rather than for optimization or prediction, which we know from our study of big data is where much additional value can be derived. For example, in manufacturing, an increasing number of machines are ‘wired,’ but this instrumentation is used primarily to control the tools or to send alarms when it detects something out of tolerance. The data from these tools are often not analyzed (or even collected in a place where they could be analyzed), even though the data could be used to optimize processes and head off disruptions.”

I urge you to download the whole report. I’ll blog more about it in coming weeks.

Incredible example of rethinking “things” with Internet of Things

Ladies and gentlemen, I give you the epitome of the IoT-enabled product: the trash can!

My reader statistics do not indicate this blog has a heavy readership among trash cans, but let me apologize in advance to them for what I’m about to write: it’s not personal, just factual.

I’m sorry, but you municipal trash cans are pathetic!

Dented. Chipping paint. Trash overflowing. Smelly. Pests (ever seen any of those prize city rats? Big!!!) Sometime even knocked over. And, worst of all, you are so…. DUMB. You just sit there and don’t do anything.

BigBelly trash compactor and recycling center

But that was then, and this is now.

I have seen the future of trash cans, and, equally important, perhaps the best example I’ve seen of how smart designers and company strategists can –and must — totally rethink products’ design and how they are used because of the Internet of Things! 

At last week’s Re-Work Internet of Things Summit there were many exciting new IoT examples (I’ll blog others in coming weeks) but perhaps the one that got more people talking was the BigBelly trash compactor & recycling system, high-tech successor to the lowly trash can.

The company’s motto is that they are “transforming waste management practices and contributing to the Smart Cities of tomorrow.” Indeed!

I was first attracted to the BigBelly systems because of my alternative energy and environmental passions: they featured PV-powered trash compactors, which can quintuple the amount a trash container can hold, eliminating overflowing containers and the need to send trucks to empty them as frequently. Because the containers are closed, there’s no more ugly banana peels and McDonald’s wrappers assaulting your delicate eyes — or noses! Equally important, each is paired with a recycling container, which are almost never seen on city streets, dramatically reducing the amount of recyclables that go into regular trash simply because no recycling containers are accessible downtown.  These features alone would be a noteworthy advance compared to conventional trash cans.

But BigBelly wasn’t content to just improve the efficiency of trash and recyclable collection: they decided to make the containers smart.

The company worked with Digi to add wireless communications to the bins. This is a critical part of BigBelly’s broader significance: when the IoT first started to creep into corporate consciousness, of course designers thought about smart versions of high-value products such as cars, but lowly trash cans? That deserves real praise, because they fundamentally re-examined not only the product as it existed, but also realized that an IoT-based version that could also communicate real-time data would become much more versatile and much more valuable.

Here’s what has resulted so far (and I suspect that as the BigBellys are more widely deployed and both city administrators and others become aware of their increased functionality, other features will be added: I see them as “Smart City Hubs!”):

  • heatmap of trash generation in Lower Manhattan using real-time data from BigBellys and CLEAN dashboard

    instead of traditional pickup routes and schedules that were probably based on sheer proximity (or, as BigBelly puts it a little more colorfully, “muscle memory and gut instincts”), they now offer a real-time way to monitor actual waste generation, through the “CLEAN Management Console,” which allows DPW personnel to monitor and evaluate bins’ fullness, trends and historical analysis, for perspective. Collections can now be dynamic and driven by current needs, not historical patterns.

  • For those cities that opt for it, the company offers a Managed Services option where it does the analysis and management of the devices — not unlike the way jet turbine manufacturers now offer their customers value-added data that allows them to optimize performance — and generates new revenue streams for the manufacturers.
  • You may remember that I blogged a while ago about the “Collective Blindness” analogy: that, until the IoT, we humans simply couldn’t visualize much about the inner workings of the material world, so we were forced to do klugy work-arounds.  That’s not, strictly speaking, the case here, since trash in a conventional can is obviously visible, but the actual volume of trash was certainly invisible to those at headquarters. Now they can see — and really manage it.
  •  They can dramatically increase recycling programs’ participation rate and efficiency. As BigBelly says, the system provides “intelligent infrastructure to support ongoing operations and free up staffing and resources to support new and expanded recycling programs. Monitoring each separate stream volumes, days to fullness, and other activities in CLEAN enables you to make changes where needed to create a more effective public recycling program. Leverage the stations’ valuable sidewalk real estate to add messaging of encouraging words to change your users’ recycling behaviors.”Philadelphia is perhaps the best example of how effective the system can be. The city bought 210 of the recycling containers in 2009. On average, each collected 225 pounds of recyclables monthly, resulting in 23.5 tons of material diverted from landfills. Philly gets $50 per ton from the recycling — and avoiding $63 in landfill tipping fees, with a total benefit to the city of $113 per ton, or $2599 per month.

Here’s where it really gets neat, in my estimation.

Because the BigBellys are connected in real time, the devices can serve a number of real-time communication functions as well (enabled by an open API and an emphasis by BigBelly on finding collaborative uses). That includes making them hubs for a “mesh network” municipal wi-fi system (which, by the way, means that your local trash container/communications hub could actually save your life in a disaster or terror attack, when stationary networks may be disrupted, as I explained years ago in this YouTube video).

The list of benefits goes on (BigBelly lists all of them, right down to “Happy Cities,” on its web site). Trust me: if my premise is right that we can’t predict all of the benefits of the IoT at this point because we simply aren’t accustomed to thinking expansively about all the ways connected devices can be used, there will be more!

So here’s my take-away from the BigBelly:

If something as humble and ubiquitous as a municipal trashcan can  be transformed into a waste-reduction, recycling collection, municipal communication hub, then to fully exploit the Internet of Things’ full potential, we need to take a new, creative look at every material thing we interact with, no longer making assumptions about its limited role, and instead looking at it creatively as part of an interconnected network whose utility grows the more things (and people!) it’s connected with!

Let me know your ideas on how to capitalize on this new world of possibilities!

Smart Cities: opportunity … and danger if security isn’t a priority

Smart cities are one of the Internet of Things’ most promising areas — as well as one of the most potentially dangerous.

As this list of smart city initiatives shows, The IoT can reduce energy consumption, cut operating costs, and improve the quality of life. However, if hacked, it could also potentially paralyze an entire city and plunge it into darkness and/or create traffic gridlock.

As in so many other IoT areas, which scenario wins out will rest increasingly on making security and privacy in smart cities an absolute priority from Day 1, not an afterthought.

A recent New York Times article brings the issue to the foreground again, through the work of Cesar Cerrudo, an Argentine security researcher and chief technology officer at IOActive Labs, who showed what happens when idiots (so sue me…) decide not to make security a priority:

” (he) demonstrated how 200,000 traffic control sensors installed in major hubs like Washington; New York; New Jersey; San Francisco; Seattle; Lyon, France; and Melbourne, Australia, were vulnerable to attack. Mr. Cerrudo showed how information coming from these sensors could be intercepted from 1,500 feet away — or even by drone — because one company had failed to encrypt its traffic.

“Just last Saturday, Mr. Cerrudo tested the same traffic sensors in San Francisco and found that, one year later, they were still not encrypted.”

Even worse, Cerrudo found the same failure to bake in obvious security measures such as encryption in a wide range of other smart city devices and software.

The article goes on to cite a variety of very real cybersecurity threats to cities and critical infrastructure (don’t forget that about 85% of the nation’s critical infrastructure is in private ownership) including a break-in at a utility’s control network by a “sophisticated threat actor” that just guessed a password.

Among the measures Cerrudo suggests that cities take to reduce their vulnerability:

  • think of cities “as vast attack surfaces that require security protection just as a corporate network might.”
  • encrypt data, use strong passwords, and patch security holes
  • create computer emergency response teams (CERTs), for rapid response
  • restrict data access and monitor who does have it.
  • “Finally, he suggests that cities prepare for the worst, as they would for a natural disaster.”

He concluded:

“When we see that the data that feeds smart city systems is blindly trusted and can be easily manipulated — that the systems can be easily hacked and there are security problems everywhere — that is when smart cities become dumb cities.” (my emphasis)

Let me be blunt about it: whether in smart cities or any other aspect of the Internet of Things, if your attitude is “we’ll get around to security” after concentrating on product development, you’re irresponsible and deserve to fail — before your irresponsibility harms others.


BTW, here’s a great way for you to have a role in shaping tomorrow’s smart cities. IBM (who would have thunk it?  I suspect this is reflects Ginni Rometty’s change in direction and attitude at the top) has created People for Smarter Cities, a new site to crowdsource ideas for how to make cities smarter. It’s a great example of democratizing innovation, one of my IoT Essential Truths. I plan to contribute and hope you will as well!

Apple & IBM partnership in Japan to serve seniors a major step toward “Smart Aging”

As Bob Seger and I prepare to turn 70 (alas, no typo) on Wednesday (as long as he’s still singing “Against the Wind” I know I’m still rockin’) my thoughts turn to my “Smart Aging” paradigm, which combines Quantified Self devices that can change our relationships with doctors into a partnership and give us encouragement to do more fitness activities and smart home devices that make it easier for seniors to run their homes and avoid institutionalization.

That’s why I was delighted to read this week about Apple (obligatory disclaimer: I work part-time at The Apple Store, especially with “those of a certain age,” but am not privy to any of their strategy, and my opinions are solely my own) and IBM teaming with Japan Post (hmm: that’s one postal service that seems to think creatively. Suspect that if one B. Franklin still ran ours, as he did in colonial days, we’d be more creative as well…) to provide iPads to Japan’s seniors as part of Japan Post’s “integrated lifestyle support group” (the agency will actually go public later this year, and the health services will be a key part of its services).

Apple and IBM announced, as part of their “enterprise mobility” partnership that will also increase iPads’ adoption by businesses, that they will provide 5 million iPads with senior-friendly apps to Japanese seniors by 2020.  IBM’s role will be to develop app analytics and cloud services and “apps that IBM built specifically for elderly people .. for medication adherence … exercise and diet, and … that provide users with access to community activities and supporting services, including grocery shopping and job matching.”

The overall goal is to use the iPads and apps to connect seniors with healthcare services and their families.  I can imagine that FaceTime and the iPads’ accessibility options will play a critical role, and that current apps such as Lumosity that help us geezers stay mentally sharp will also be a model.

According to Mobile Health News, the partnership will offer some pretty robust services from the get-go:

“If seniors or their caregivers choose, they can take advantage of one of Japan Post Groups’ post office services, called Watch Over where, for a fee, the mail carriers will check in on elderly customers and then provide the elderly person’s family with an update. 

“In the second half of this year, customers can upgrade the service to include iPad monitoring as well.After Japan Post Group pilots the iPads and software with 1,000 seniors for six months, the company will expand the service in stages.”

Lest we forget, Japan is THE harbinger of what lies ahead for all nations as their populations age. 20% of the population was already over 65 in 2006,  38% will be in 2055.  As I’ve said before in speeches, the current status quo in aging is simply unsustainable: we must find ways for seniors to remain healthy and cut the governmental costs of caring for them as they grow as a percentage of the population.  As Japan Post CEO Taizo Nishimuro (who looks as if he’s a candidate for the new services — y0u go, guy!) said, the issue is “most acute in Japan — we need real solutions.”

IBM CEO Ginni Rometty said her company will take on a 3-part mission:

“First, they’ll be working on ‘quality of life apps,’ both by building some themselves and by integrating others, all of which will be aimed at accessibility first. The key target will be iOS, since it’s a mobile-first strategy in keeping with our changed computing habits. Second, they’re working on developing additional accessibility features not yet available, and third they’re helping Japan Post with the service layer required to deliver this to the elderly.”

Sweet! — and it reminds me of the other recently announced IBM/Apple announcement, in that case with J & J, to build a robust support structure for Apple’s new open-source ResearchKit and HealthKit platform to democratize medical research.  The IoT ain’t nothin’ without collaboration, after all.

Cook, according to TechCrunch, put the initiative in a global context (not unlike his environmental initiatives, where, IMHO, he’s become THE leading corporate change agent regarding global warming):

“Tim Cook called the initiative ‘groundbreaking,’ saying that it is ‘not only important for Japan, but [also] has global implications. Together, the three of us and all the teams that work so diligently behind us will dramatically improve the lives of millions of people.’

“…. The Apple CEO talked about how the company aims to ‘help people that are marginalized in some way, and empower them to do the things everyone else can do.” He cited a UC Irvine study which details how remote monitoring and connection with loved ones via iPad help instill a sense of confidence and independence in seniors. He added that he believes what the companies are doing in Japan is also scalable around the world.”

It will be interesting to see exactly how the partnership addresses the challenge of creating those senior-friendly “quality of life” apps: as someone who’s on the front-lines of explaining even Apple’s intuitive devices to older customers, I can tell you that many seniors begin are really frightened by these technologies, and it will take a combination of great apps and calm, patient hand-holding to put them at ease.

As I enter my 7th decade, I’m pumped!

FTC report provides good checklist to design in IoT security and privacy

FTC report on IoT

FTC report on IoT

SEC Chair Edith Ramirez has been pretty clear that the FTC plans to look closely at the IoT and takes IoT security and privacy seriously: most famously by fining IoT marketer TrendNet for non-existent security with its nanny cam.

Companies that want to avoid such actions — and avoid undermining fragile public trust in their products and the IoT as a whole — would do well to clip and refer to this checklist that I’ve prepared based on the recent FTC Report, Privacy and Security in a Connected World, compiled based on a workshop they held in 2013, and highlighting best practices that were shared at the workshop.

  1. Most important, “companies should build security into their devices at the outset, rather than as an afterthought.” I’ve referred before to the bright young things at the Wearables + Things conference who used their startup status as an excuse for deferring security and privacy until a later date. WRONG: both must be a priority from Day One.

  2. Conduct a privacy or security risk assessment during design phase.

  3. Minimize the data you collect and retain.  This is a tough one, because there’s always that chance that some retained data may be mashed up with some other data in future, yielding a dazzling insight that could help company and customer alike, BUT the more data just floating out there in “data lake” the more chance it will be misused.

  4. Test your security measures before launching your products. … then test them again…

  5. “..train all employees about good security, and ensure that security issues are addressed at the appropriate level of responsibility within the organization.” This one is sooo important and so often overlooked: how many times have we found that someone far down the corporate ladder has been at fault in a data breach because s/he wasn’t adequately trained and/or empowered?  Privacy and security are everyone’s job.

  6. “.. retain service providers that are capable of maintaining reasonable security and provide reasonable oversight for these service providers.”

  7. ‘… when companies identify significant risks within their systems, they should implement a defense-in -depth approach, in which they consider implementing security measures at several levels.”

  8. “… consider implementing reasonable access control measures to limit the ability of an unauthorized person to access a consumer’s device, data, or even the consumer’s network.” Don’t forget: with the Target data breach, the bad guys got access to the corporate data through a local HVAC dealer. Everything’s linked — for better or worse!

  9. “.. companies should continue to monitor products throughout the life cycle and, to the extent feasible, patch known vulnerabilities.”  Privacy and security are moving targets, and require constant vigilance.

  10. Avoid enabling unauthorized access and misuse of personal information.

  11. Don’t facilitate attacks on other systems. The very strength of the IoT in creating linkages and synergies between various data sources can also allow backdoor attacks if one source has poor security.

  12. Don’t create risks to personal safety. If you doubt that’s an issue, look at Ed Markey’s recent report on connected car safety.

  13. Avoid creating a situation where companies might use this data to make credit, insurance, and employment decisions.  That’s the downside of cool tools like Progressive’s “Snapshot,” which can save us safe drivers on premiums: the same data on your actual driving behavior might some day be used become compulsory, and might be used to deny you coverage or increase your premium).

  14. Realize that FTC Fair Information Practice Principles will be extended to IoT. These “FIPPs, ” including “notice, choice, access, accuracy, data minimization, security, and accountability,” have been around for a long time, so it’s understandable the FTC will apply them to the IoT.  Most important ones?  Security, data minimization, notice, and choice.

Not all of these issues will apply to all companies, but it’s better to keep all of them in mind, because your situation may change. I hope you’ll share these guidelines with your entire workforce: they’re all part of the solution — or the problem.

The #IoT Can Kill You! Got Your Attention? Car Security a Must

The Internet of Things can kill you.

Got your attention? OK, maybe this is the wake-up call the IoT world needs to make certain that privacy and security are baked in, not just afterthoughts.

Markey_IoT_car_reportI’ve blogged before about how privacy and security must be Job 1, but now it’s in the headlines because of a new report by our Mass. Senator, Ed Markey (Political aside: thanks, Ed, for more than 30 years of leadership — frequently as a voice crying in the wilderness — on the policy implications of telecomm!), “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,” about the dangers of not taking the issues seriously when it comes to smart cars.

I first became concerned about this issue when reading “Look Out, He’s Got an Phone,!” (my personal nominee for all-time most wry IoT headline…), a litany of all sorts of horrific things, such as spoofing the low air-pressure light on your car so you’ll pull over and the Bad Guys can get it would stop dead at 70 mph,  that are proven risks of un-encrypted automotive data.  All too typical was the reaction of Schrader Electronics, which makes the tire sensors:

“Schrader Electronics, the biggest T.P.M.S. manufacturer, publicly scoffed at the Rutgers–South Carolina report. Tracking cars by tire, it said, is ‘not only impractical but nearly impossible.’ T.P.M.S. systems, it maintained, are reliable and safe.

“This is the kind of statement that security analysts regard as an invitation. A year after Schrader’s sneering response, researchers from the University of Washington and the University of California–San Diego were able to ‘spoof’ (fake) the signals from a tire-pressure E.C.U. by hacking an adjacent but entirely different system—the OnStar-type network that monitors the T.P.M.S. for roadside assistance. In a scenario from a techno-thriller, the researchers called the cell phone built into the car network with a message supposedly sent from the tires. ‘It told the car that the tires had 10 p.s.i. when they in fact had 30 p.s.i.,’ team co-leader Tadayoshi Kohno told me—a message equivalent to ‘Stop the car immediately.’ He added, ‘In theory, you could reprogram the car while it is parked, then initiate the program with a transmitter by the freeway. The car drives by, you call the transmitter with your smartphone, it sends the initiation code—bang! The car locks up at 70 miles per hour. You’ve crashed their car without touching it.’”

Hubris: it’ll get you every time….

So now Senator Markey lays out the full scope of this issue, and it should scare the daylights out of you — and, hopefully, Detroit! The report is compiled on responses by 16 car companies (BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen (with Audi), and Volvo — hmm: one that didn’t respond was Tesla, which I suspect [just a hunch] really has paid attention to this issue because of its techno leadership) to letters Markey sent in late 2013. Here are the damning highlights from his report:

“1. Nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.

2. Most automobile manufacturers were unaware of or unable to report on past hacking incidents.

3. Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across all automobile manufacturers, and many manufacturers did not seem to understand the questions posed by Senator Markey.

4. Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most say they rely on technologies that cannot be used for this purpose at all. (my emphasis)

5. Automobile manufacturers collect large amounts of data on driving history and vehicle performance.

6. A majority of automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not describe effective means to secure the data.

7. Manufacturers use personal vehicle data in various ways, often vaguely to “improve the customer experience” and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.

8. Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.”

In short, the auto industry collects a lot of information about us, and doesn’t have a clue how to manage or protect it.

I’ve repeatedly warned before that one of the issues technologists don’t really understand and/or scoff at, is public fears about privacy and security. Based on my prior work in crisis management, that can be costly — or fatal.

This report should serve as a bit of electroshock therapy to get them (and here I’m referring not just to auto makers but all IoT technologists: it’s called guilt by association, and most people tend to confabulate fears, not discriminate between them. Unless everyone in IoT takes privacy and security seriously, everyone may suffer the result [see below]) to realize that it’s not OK, as one of the speakers at the Wearables + Things conference said, that “we’ll get to privacy and security later.” It’s got to be a priority from the get-go (more about this in a forthcoming post, where I’ll discuss the recent FTC report on the issue).

I’ve got enough to worry about behind the wheel, since the North American Deer Alliance is out to get me. Don’t make me worry about false tire pressure readings.


PS: there’s another important issue here that may be obscured: the very connectedness that is such an important aspect of the IoT. Remember that the researchers spoofed the T.P.M.S. system not through a frontal assault, but by attacking the roadside assistance system? It’s like the way Target’s computers were hacked via a small company doing HVAC maintenance. Moral of the story? No IoT system is safe unless all the ones linking to it are safe.  For want of a nail … the kingdom was lost!

Resolved: That 2015 Is When Privacy & Security Become #IoT Priority!

I’m a right-brained, intuitive type (ENFP, if you’re keeping Myers-Briggs score…), and sometimes that pays off on issues involving technology & the general public, especially when the decidedly non-technical, primal issue of FEAR comes into the equation.

I used to do a lot of crisis management work with Fortune 100 companies, and usually worked with engineers, 95% of whom are my direct opposite: ISTJ.  Because they are so left-brained, rational and analytical, it used to drive them crazy that the public would be so fearful of various situations, because peoples’ reaction was just so darned irrational!

I’m convinced that same split is a looming, and extremely dangerous problem for the Internet of Things: the brilliant engineers who bring us all these great platforms, devices and apps just can’t believe that people could be fraidy cats.

Let me be blunt about it, IOT colleagues: get used dealing with peoples’ fears. Wise up, because that fear might just screw the IoT before it really gains traction. Just because a reaction is irrational doesn’t mean it isn’t very, very real to those who feel it, and they might just shun your technology and/or demand draconian regulations to enforce privacy and security standards. 

That’s why I was so upset at a remark by some bright young things at the recent Wearables + Things conference. When asked about privacy and security precautions (a VERY big thing with people, since it’s their very personal bodily data that’s at risk) for their gee-whiz device, they blithely said that they were just a start-up, and they’d get to security issues after they had the device technology squared away.

WRONG, KIDS: security and privacy protections have to be a key priority from the get-go.

That’s why I was pleased to see that CES asked FTC Chair Edith Ramirez to give opening remarks at a panel on security last week, and she specifically focused on “privacy by design,” where privacy protections are baked into the product from the get-go. She emphasized that start-ups can’t get off the hook:

“‘Any device that is connected to the Internet is at risk of being hijacked,’ said Ms. Ramirez, who added that the large number of Internet-connected devices would ‘increase the number of access points’ for hackers.

Ms. Ramirez seemed to be directing her remarks at the start-ups that are making most of the products — like fitness trackers and glucose monitors — driving the so-called Internet of Things.

She said that some of these developers, in contrast to traditional hardware and software makers, ‘have not spent decades thinking about how to secure their products and services from hackers.'”

I yield to no one in my love of serendipitous discoveries of data’s value (such as the breakthrough in early diagnosis of infections in neonates by researchers from IBM and Toronto’s Hospital for Sick Children, but I think Ms. Ramirez was on target about IoT developers forcing themselves to emphasize minimization of data collection, especially when it comes to personal data:

“Beyond security, Ms. Ramirez said that technology companies needed to pay more attention to so-called data minimization, in which they collect only the personal data they need for a specific purpose and delete it permanently afterward. She directly challenged the widespread contention in the technology industry that it is necessary to collect large volumes of data because new uses might be uncovered.

‘I question the notion that we must put sensitive consumer data at risk on the off chance a company might someday discover a valuable use for the information,’ she said.

She also said that technology companies should be more transparent about the way they use personal data and should simplify their terms of use.”

Watch for a major IoT privacy pronouncement soon from the FTC.

It’s gratifying that, in addition to the panel Ms. Ramirez introduced, that CES also had an (albeit small…) area for privacy vendors.  As the WaPo reported, part of the reasons for this area is that the devices and apps are aimed at you and me, because “consumers are finding — thanks to the rise in identity theft, hacks and massive data breaches — that companies aren’t always good stewards for their information.” Dealing with privacy breaches is everyone’s business: companies, government, and you and me!

As WaPo reporter   concluded: “The whole point of the privacy area, and of many of the products being shown there, is that technology and privacy don’t have to fight. They can actually help each other. And these exhibitors — the few, the proud, the private — are happy to be here, preaching that message.”

So, let’s all resolve that 2015 when privacy and security become as big an IoT priority as innovation!


Oh, before I forget, its time for my gratuitous reference whenever I discuss IoT privacy and security, to Gen. David Petraeus (yes, the very General “Do As I Say, Not As I Do” Petraeus who faces possible federal felony charges for leaking classified documents to his lover/biographer.), who was quite enamored of the IoT when he directed the CIA. That should give you pause, no matter whether you’re an IoT user, producer, or regulator!