FTC report provides good checklist to design in IoT security and privacy

FTC report on IoT

FTC report on IoT

SEC Chair Edith Ramirez has been pretty clear that the FTC plans to look closely at the IoT and takes IoT security and privacy seriously: most famously by fining IoT marketer TrendNet for non-existent security with its nanny cam.

Companies that want to avoid such actions — and avoid undermining fragile public trust in their products and the IoT as a whole — would do well to clip and refer to this checklist that I’ve prepared based on the recent FTC Report, Privacy and Security in a Connected World, compiled based on a workshop they held in 2013, and highlighting best practices that were shared at the workshop.

  1. Most important, “companies should build security into their devices at the outset, rather than as an afterthought.” I’ve referred before to the bright young things at the Wearables + Things conference who used their startup status as an excuse for deferring security and privacy until a later date. WRONG: both must be a priority from Day One.

  2. Conduct a privacy or security risk assessment during design phase.

  3. Minimize the data you collect and retain.  This is a tough one, because there’s always that chance that some retained data may be mashed up with some other data in future, yielding a dazzling insight that could help company and customer alike, BUT the more data just floating out there in “data lake” the more chance it will be misused.

  4. Test your security measures before launching your products. … then test them again…

  5. “..train all employees about good security, and ensure that security issues are addressed at the appropriate level of responsibility within the organization.” This one is sooo important and so often overlooked: how many times have we found that someone far down the corporate ladder has been at fault in a data breach because s/he wasn’t adequately trained and/or empowered?  Privacy and security are everyone’s job.

  6. “.. retain service providers that are capable of maintaining reasonable security and provide reasonable oversight for these service providers.”

  7. ‘… when companies identify significant risks within their systems, they should implement a defense-in -depth approach, in which they consider implementing security measures at several levels.”

  8. “… consider implementing reasonable access control measures to limit the ability of an unauthorized person to access a consumer’s device, data, or even the consumer’s network.” Don’t forget: with the Target data breach, the bad guys got access to the corporate data through a local HVAC dealer. Everything’s linked — for better or worse!

  9. “.. companies should continue to monitor products throughout the life cycle and, to the extent feasible, patch known vulnerabilities.”  Privacy and security are moving targets, and require constant vigilance.

  10. Avoid enabling unauthorized access and misuse of personal information.

  11. Don’t facilitate attacks on other systems. The very strength of the IoT in creating linkages and synergies between various data sources can also allow backdoor attacks if one source has poor security.

  12. Don’t create risks to personal safety. If you doubt that’s an issue, look at Ed Markey’s recent report on connected car safety.

  13. Avoid creating a situation where companies might use this data to make credit, insurance, and employment decisions.  That’s the downside of cool tools like Progressive’s “Snapshot,” which can save us safe drivers on premiums: the same data on your actual driving behavior might some day be used become compulsory, and might be used to deny you coverage or increase your premium).

  14. Realize that FTC Fair Information Practice Principles will be extended to IoT. These “FIPPs, ” including “notice, choice, access, accuracy, data minimization, security, and accountability,” have been around for a long time, so it’s understandable the FTC will apply them to the IoT.  Most important ones?  Security, data minimization, notice, and choice.

Not all of these issues will apply to all companies, but it’s better to keep all of them in mind, because your situation may change. I hope you’ll share these guidelines with your entire workforce: they’re all part of the solution — or the problem.

Gartner study confirms senior managers don’t understand IoT

Posted on 21st February 2015 in Internet of Things, M2M, management, manufacturing, marketing, strategy

The “Managing the Internet of Things Revolution” e-guide I wrote for SAP was aimed at C-level executives. Even though it’s proven popular enough that the company is translating it into several languages, it appears we need to redouble our efforts to Managing_the_Internet_of_Things_Revolutionbuild IoT awareness among executives.

I say that because Gartner has just come out with a survey confirming my suspicions: even though a lot of companies now think the IoT will have a major effect on them, they’re clueless about how to manage it and most have yet to launch major IoT initiatives.

In fact, “many survey respondents felt that the senior levels of their organizations don’t yet have a good understanding of the potential impact of the IoT.” (my emphasis)

 

That’s despite the fact that a key conclusion of my guide was that (even though the IoT is a long way from full maturity) companies can and should begin their IoT strategies and implementation now, because they can already achieve significant savings in operating costs, improve marketing, and create new revenue streams with the current early stage sensors and analytical tools. Getting started will also build their confidence and familiarity with IoT tools and strategy before they begin more dramatic transformational strategies.

Consider these findings from the survey of 463 business and IT leaders:

  • 40% of companies think the IoT will at least bring new short-term revenue and cost reduction opportunities in the next three years — or perhaps even transform them. More than 60% think that will be true over 5 years or more.
  • Fewer than 25% said their company had “established clear business leadership for the IoT,” — even among the companies predicting a significant  – this includes those who said they expect the IoT to have a significant or transformational impact, says Gartner (however, 35% of them came from this group).
  • Yet, few have delegated specific responsibility for IoT strategy and management: “… less than one-quarter of survey respondents has established clear business leadership for the IoT, either in the form of a single organizational unit owning the issue or multiple business units taking ownership of separate IoT efforts.”
  • “attitudes toward the IoT vary widely by industry. For example, board of directors’ understanding of the IoT was rated as particularly weak in government, education, banking and insurance, whereas the communications and services industries scored above-average ratings for senior executive understanding of the IoT.”

Gartner concluded most companies have yet to really create IoT strategies:

“‘The survey confirmed that the IoT is very immature, and many organizations have only just started experimenting with it,’ said Nick Jones, vice president and distinguished analyst at Gartner. ‘Only a small minority have deployed solutions in a production environment. However, the falling costs of networking and processing mean that there are few economic inhibitors to adding sensing and communications to products costing as little as a few tens of dollars. The real challenge of the IoT is less in making products ‘smart’ and more in understanding the business opportunities enabled by smart products and new ecosystems.’ However, a lack of clear business or technical leadership is holding back investment in the technology.” (my emphasis)

In line with my current preoccupation, privacy and security, the survey did show companies are concerned with both issues, as well as with finding talented new staff who understand the IoT and how to benefit from it. According to Steve Kleyhans, Gartner’s research vp:

 “While a single leader for the IoT is not essential, leadership and vision are important, even in the form of several leaders from different business units. We expect that over the next three years, more organizations will establish clear leadership, and more will recognize the value of some form of an IoT center of excellence because of the need to master a wide range of new technologies and skills.”

If you haven’t launched any IoT projects or begun to create a strategy, the writing’s on the wall: get going!


Carpe diem: I take this survey as an omen that there’s a desperate need for When Things Can Talk: profiting from the Internet of Things revolution,” my proposed full-length book on IoT corporate strategy. Let me know if you can suggest a possible publisher!

The #IoT Can Kill You! Got Your Attention? Car Security a Must

The Internet of Things can kill you.

Got your attention? OK, maybe this is the wake-up call the IoT world needs to make certain that privacy and security are baked in, not just afterthoughts.

Markey_IoT_car_reportI’ve blogged before about how privacy and security must be Job 1, but now it’s in the headlines because of a new report by our Mass. Senator, Ed Markey (Political aside: thanks, Ed, for more than 30 years of leadership — frequently as a voice crying in the wilderness — on the policy implications of telecomm!), “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,” about the dangers of not taking the issues seriously when it comes to smart cars.

I first became concerned about this issue when reading “Look Out, He’s Got an Phone,!” (my personal nominee for all-time most wry IoT headline…), a litany of all sorts of horrific things, such as spoofing the low air-pressure light on your car so you’ll pull over and the Bad Guys can get it would stop dead at 70 mph,  that are proven risks of un-encrypted automotive data.  All too typical was the reaction of Schrader Electronics, which makes the tire sensors:

“Schrader Electronics, the biggest T.P.M.S. manufacturer, publicly scoffed at the Rutgers–South Carolina report. Tracking cars by tire, it said, is ‘not only impractical but nearly impossible.’ T.P.M.S. systems, it maintained, are reliable and safe.

“This is the kind of statement that security analysts regard as an invitation. A year after Schrader’s sneering response, researchers from the University of Washington and the University of California–San Diego were able to ‘spoof’ (fake) the signals from a tire-pressure E.C.U. by hacking an adjacent but entirely different system—the OnStar-type network that monitors the T.P.M.S. for roadside assistance. In a scenario from a techno-thriller, the researchers called the cell phone built into the car network with a message supposedly sent from the tires. ‘It told the car that the tires had 10 p.s.i. when they in fact had 30 p.s.i.,’ team co-leader Tadayoshi Kohno told me—a message equivalent to ‘Stop the car immediately.’ He added, ‘In theory, you could reprogram the car while it is parked, then initiate the program with a transmitter by the freeway. The car drives by, you call the transmitter with your smartphone, it sends the initiation code—bang! The car locks up at 70 miles per hour. You’ve crashed their car without touching it.’”

Hubris: it’ll get you every time….

So now Senator Markey lays out the full scope of this issue, and it should scare the daylights out of you — and, hopefully, Detroit! The report is compiled on responses by 16 car companies (BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen (with Audi), and Volvo — hmm: one that didn’t respond was Tesla, which I suspect [just a hunch] really has paid attention to this issue because of its techno leadership) to letters Markey sent in late 2013. Here are the damning highlights from his report:

“1. Nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.

2. Most automobile manufacturers were unaware of or unable to report on past hacking incidents.

3. Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across all automobile manufacturers, and many manufacturers did not seem to understand the questions posed by Senator Markey.

4. Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most say they rely on technologies that cannot be used for this purpose at all. (my emphasis)

5. Automobile manufacturers collect large amounts of data on driving history and vehicle performance.

6. A majority of automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not describe effective means to secure the data.

7. Manufacturers use personal vehicle data in various ways, often vaguely to “improve the customer experience” and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.

8. Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.”

In short, the auto industry collects a lot of information about us, and doesn’t have a clue how to manage or protect it.

I’ve repeatedly warned before that one of the issues technologists don’t really understand and/or scoff at, is public fears about privacy and security. Based on my prior work in crisis management, that can be costly — or fatal.

This report should serve as a bit of electroshock therapy to get them (and here I’m referring not just to auto makers but all IoT technologists: it’s called guilt by association, and most people tend to confabulate fears, not discriminate between them. Unless everyone in IoT takes privacy and security seriously, everyone may suffer the result [see below]) to realize that it’s not OK, as one of the speakers at the Wearables + Things conference said, that “we’ll get to privacy and security later.” It’s got to be a priority from the get-go (more about this in a forthcoming post, where I’ll discuss the recent FTC report on the issue).

I’ve got enough to worry about behind the wheel, since the North American Deer Alliance is out to get me. Don’t make me worry about false tire pressure readings.


PS: there’s another important issue here that may be obscured: the very connectedness that is such an important aspect of the IoT. Remember that the researchers spoofed the T.P.M.S. system not through a frontal assault, but by attacking the roadside assistance system? It’s like the way Target’s computers were hacked via a small company doing HVAC maintenance. Moral of the story? No IoT system is safe unless all the ones linking to it are safe.  For want of a nail … the kingdom was lost!

“Enchanted Objects” — adding delight to the IoT formula

Posted on 21st January 2015 in design, Essential Truths, Internet of Things, marketing, smart home

For good reason, most discussions of opportunities with the Internet of Things focus on the potential to improve businesses’ operating efficiency or creating new revenue streams.

But what if the IoT could also bring out the hidden 6-yr. old in each of us? What if it could allow us to invent — enchanted objects?

That’s the premise of IoT polymath David Rose’s Enchanted Objects: Design, Human Desire, and the Internet of Things.

Enchanted Objects: Design, Human Desire, and the Internet of Things

Rose is both a stalwart of the MIT Media Lab and a pioneering, serial IoT entrepreneur. Oh, and he’s got an impish grin that shows you he is still as delighted at tinkering with things as he was as a little boy in his grandfather’s workshop:

“Grandfather’s tools were constructed and used with a respect for human capabilities and preferences. They fit human bodies and minds. They were a pleasure to work with and to display. They made us feel powerful, more skilled and capable than we were without them. They hung or nestled quietly, each in its place, and never made us feel stupid or overwhelmed. They were, in a word, enchanting.”

Rose fears that’s not the path we’re heading down with most current techno-products, dismissing them as “cold, black slabs … [resulting in a ] colder, more isolated, less humane world. Perhaps it is more efficient, but we are less happy.”  Yea!

By contrast, enchanted objects resonate with our deepest desires:

“The experiences that do enchant us reach into our hearts and souls. They come from the exotic place of  ‘once upon a time.’ They help us realize fundamental human desires. The fantastic technologies we have invented over the centuries , the ones of ancient tales and science fiction, enable us to do things that human beings earnestly want to do but cannot do without a little (or a lot) of help from technology. They make it possible to fly, communicate without words, be invisible, live forever, withstand powerful forces, protect ourselves from any harm, see farther and travel faster than the greatest athletes. They are tools that make us incredible, supercapable versions of ourselves. These are the visions and stories of our most beloved authors of fiction and fantasy — Tolkien and C. S. Lewis and J. K. Rowling and the Grimms — and the realities of fantastic characters such as Cinderella, Dick Tracy, James Bond, Superman, and Wonder Woman. The designers creating enchanted objects must, therefore, think of themselves as something more than manipulators of materials and masters of form. They must think beyond pixels, connectivity, miniaturization , and the cloud. Our training may be as engineers and scientists, but we must also see ourselves as wizards and artists, enchanters and storytellers, psychologists and behaviorists.”(my emphasis).

Rose discusses a number of the products he’s designed, such as the Ambient Orb, which can be hacked to unobtrusively (the physiological phenomenon that makes them work is called “pre-attentive processing” in case you’re looking for a term to throw around at a cocktail party…) display all sorts of information, from stock market trends to energy consumption and the Ambient Umbrella, whose handle glows if rain is predicted (that one hasn’t been a big success, which I predicted — it’s as easy to lose an expensive, “smart” umbrella as a $10 one. I prefer the IFTTT recipe that has your HUE lights blink blue if rain is predicted, reminding you to take your utterly conventional, cheap umbrella…), as well as one of my favorites, the Vitality Glow Cap, which can reduce the billions in wasted medical spending attributable to people not taking their prescriptions.

Skype Cabinet

And then there’s one that every child or grandparent will love, the Skype Cabinet, a square that sits in your living room, and, when the door is opened, shazaam, there is your grandchild or grandparent, instantly connected with you via Skype. Enchantment indeed!

However, the real meat of the book is his methodology for those of us to whom enchantment doesn’t come as naturally. First, Rose lists seven basic human drives that designers should try to satisfy: omniscience, telepathy (human-to-human communication), safekeeping, immortality, teleportation (that’s high on my personal list after my recent up-close-and-personal encounters with rogue deer.), and expression.

Then Rose explains how technology, especially sensors, will allow meeting these desires through products that sense their surroundings and can interact with us.  In terms of my IoT “Essential Truths,” I’d classify enchanted objects as exemplifying “What Can You Do Now That You Couldn’t Do Before,” because we really couldn’t interact with products in the past.  Other examples in this category that I’ve cited before range from the WeMo switches that helped me make peace with my wife and the life-saving Tell-Spec that lets you find food allergies.

Other thought-provoking sections of the book include “Seven Abilities of Enchantment,  “Five Steps on the Ladder of Enchantment,” and “Six Future Fantasies,” the latter of which is must reading for product designers and would-be entrepreneurs who want to come up with fundamentally new products that will exploit the IoT’s full potential for transformation.

The other day I finally met with Mahira Kalim, the SAP IoT marketing director who whipped my thinking into shape for the “Managing the Internet of Things Revolution” i-guide.  She asked me for examples of the kind of radical transformation through the IoT that are already in existence.  I suspect that some of Rose’s inventions fall into that category, but, more important, Enchanted Objects provides the roadmap and checklist for those who want to create the next ones!  Get it, devour it, and profit from it!

Resolved: That 2015 Is When Privacy & Security Become #IoT Priority!

I’m a right-brained, intuitive type (ENFP, if you’re keeping Myers-Briggs score…), and sometimes that pays off on issues involving technology & the general public, especially when the decidedly non-technical, primal issue of FEAR comes into the equation.

I used to do a lot of crisis management work with Fortune 100 companies, and usually worked with engineers, 95% of whom are my direct opposite: ISTJ.  Because they are so left-brained, rational and analytical, it used to drive them crazy that the public would be so fearful of various situations, because peoples’ reaction was just so darned irrational!

I’m convinced that same split is a looming, and extremely dangerous problem for the Internet of Things: the brilliant engineers who bring us all these great platforms, devices and apps just can’t believe that people could be fraidy cats.

Let me be blunt about it, IOT colleagues: get used dealing with peoples’ fears. Wise up, because that fear might just screw the IoT before it really gains traction. Just because a reaction is irrational doesn’t mean it isn’t very, very real to those who feel it, and they might just shun your technology and/or demand draconian regulations to enforce privacy and security standards. 

That’s why I was so upset at a remark by some bright young things at the recent Wearables + Things conference. When asked about privacy and security precautions (a VERY big thing with people, since it’s their very personal bodily data that’s at risk) for their gee-whiz device, they blithely said that they were just a start-up, and they’d get to security issues after they had the device technology squared away.

WRONG, KIDS: security and privacy protections have to be a key priority from the get-go.

That’s why I was pleased to see that CES asked FTC Chair Edith Ramirez to give opening remarks at a panel on security last week, and she specifically focused on “privacy by design,” where privacy protections are baked into the product from the get-go. She emphasized that start-ups can’t get off the hook:

“‘Any device that is connected to the Internet is at risk of being hijacked,’ said Ms. Ramirez, who added that the large number of Internet-connected devices would ‘increase the number of access points’ for hackers.

Ms. Ramirez seemed to be directing her remarks at the start-ups that are making most of the products — like fitness trackers and glucose monitors — driving the so-called Internet of Things.

She said that some of these developers, in contrast to traditional hardware and software makers, ‘have not spent decades thinking about how to secure their products and services from hackers.'”

I yield to no one in my love of serendipitous discoveries of data’s value (such as the breakthrough in early diagnosis of infections in neonates by researchers from IBM and Toronto’s Hospital for Sick Children, but I think Ms. Ramirez was on target about IoT developers forcing themselves to emphasize minimization of data collection, especially when it comes to personal data:

“Beyond security, Ms. Ramirez said that technology companies needed to pay more attention to so-called data minimization, in which they collect only the personal data they need for a specific purpose and delete it permanently afterward. She directly challenged the widespread contention in the technology industry that it is necessary to collect large volumes of data because new uses might be uncovered.

‘I question the notion that we must put sensitive consumer data at risk on the off chance a company might someday discover a valuable use for the information,’ she said.

She also said that technology companies should be more transparent about the way they use personal data and should simplify their terms of use.”

Watch for a major IoT privacy pronouncement soon from the FTC.

It’s gratifying that, in addition to the panel Ms. Ramirez introduced, that CES also had an (albeit small…) area for privacy vendors.  As the WaPo reported, part of the reasons for this area is that the devices and apps are aimed at you and me, because “consumers are finding — thanks to the rise in identity theft, hacks and massive data breaches — that companies aren’t always good stewards for their information.” Dealing with privacy breaches is everyone’s business: companies, government, and you and me!

As WaPo reporter   concluded: “The whole point of the privacy area, and of many of the products being shown there, is that technology and privacy don’t have to fight. They can actually help each other. And these exhibitors — the few, the proud, the private — are happy to be here, preaching that message.”

So, let’s all resolve that 2015 when privacy and security become as big an IoT priority as innovation!


Oh, before I forget, its time for my gratuitous reference whenever I discuss IoT privacy and security, to Gen. David Petraeus (yes, the very General “Do As I Say, Not As I Do” Petraeus who faces possible federal felony charges for leaking classified documents to his lover/biographer.), who was quite enamored of the IoT when he directed the CIA. That should give you pause, no matter whether you’re an IoT user, producer, or regulator!

Disney MagicBands: as important symbolically for IoT as substantively!

(I’ve been meaning to write about this particular IoT device for a long time — my apologies for the delay)

I have no objective evidence for this, but I suspect that many C-level executives first learned about e-commerce when they placed personal orders during the Christmas season of 1995. Thus, Amazon deserves a disproportionate share of credit for launching the e-commerce era.

Magic Bands play a number of roles at Disney parks

Similarly, I suspect that many C-level executives’ first direct experience with the Internet of Things has come, or may come this holiday season, with their family’s first visit to Disneyworld since Disney began the beta testing of its MagicBands, which are arguably the most high-profile public IoT devices so far.

IMHO, Disney deserves a lot of credit for such a public IoT project, especially many of the initial reviews were decidedly mixed due to technical and management glitches — risking irritating customers. 

The project reportedly cost north of $1 billion.

The major lesson to decision makers in other industries to be gained from the MagicBand is my favorite IoT “Essential Truth“: who else can use this data?

Disney uses the band data, either by itself, or aggregated with other visitors, to improve almost every aspect of park operations, marketing, and the customer experience — illustrating the versatility of IoT devices:

  • control logistics, speeding entry to the park and individual rides
  • coordinate outside transportation
  • balance demand for various rides
  • add new functionality to existing technology such as the Disney app
  • control mechanical systems, such as hotel door locks
  • add a social component (and avoid the stresses of families getting
  • handle and speed in-park financial transactions
  • personalize the park experience and improve customer satisfaction
  • harvest and analyze big data on customer preferences.

The bands, which work because they have RFID chips inside, are worn on your wrist throughout your stay at the parks. When you book the trip, Disney lets you choose your favorite color, and the band comes in a presentation box with your name on it.

Before leaving, you can program it in conjunction with the My Disney Experience app and web page, entering key choices such as hotels, your favorite rides (FastPass+), dinner reservations, etc., and your credit card info so that they can be used to pay for meals and merchandise.

Disney warns visitors not to pack the bracelets in their luggage, because they are even used to board the transportation from the Orlando airport.

Putting aside the programming involved, this had to be a tremendous logistical challenge, changing the hotel locks, installing readers at each ride, putting readers in the restaurants and shops, which probably accounts for many of the glitches that customers reported during the pilot phase.

My future son-in-law, Greg Jueneman, who knows EVERYTHING about Disneyland, weighs in from a customer standpoint:

“I think they take the spontaneity out of a Disney World vacation. Everything has to be planned in advance and a schedule has to be followed. As a technology they are cool, I’m sure Disney had lots of plans for them but so far the only real thing that they do is open your hotel room without a “key” and allow you to pay for things without your cards (I’m sure Disney loves that! – some blogs Ifollow have said that spending with Magic Bands is up 40%, that’s impressive!).”

As you can imagine, there are also important data privacy and security issues: on one hand, it would probably be very cool to have Mickey come up to you and say “happy 5th birthday, Jeremy,” but that could also creep parents out, and you’d be worried about someone running up a tab on your credit card if you mislaid the band.

From my reading of the most recent media coverage, it appears that most of the beta test problems have been worked out, and that Disney is fully-committed to universal use of the bands in the future.

If you’re visiting Disney this holiday season, think about possible IoT strategy lessons for your company from the MagicBand:

  • marketing: how it can personalize the customer experience and increase sales?
  • transactions: how can it streamline transactions (have to think that Apple looked carefully at this in designing Apple Pay)?
  • operations: how can real-time data from many users help streamline operations and reduce congestion?

Maybe you can write off the family vacation as research! Have fun.

 

Perhaps Most Important Internet of Things Essential Truth: Everything’s Linked

PROCEED WITH CAUTION!

You see, I’m thinking out loud (that accounts for that sound of gears grinding….) — I really am writing this post as I mull over the subject for the first time, so you’re forewarned that the result may be a disaster — or insightful. Bear with me…

I’m working on a book outline expanding on “Managing the Internet of Things Revolution,” the introduction to IoT strategy for C-level executives that I wrote for SAP. One of the things I’ve been looking for is a theme that would bring together all of the book’s parts, which include product design, manufacturing, marketing and corporate organization, among other topics.

I think I’ve got that theme, and I think it may be the most Essential Truth of all the ones I’ve written about regarding the IoT:

Everything’s Linked!

When you think about it, there have been a lot of dead-ends in business in the past:

  • we haven’t been able to know how customers used our products. We’ve actually got a lot more information about the ones that failed, because of warrantee claims or complaints, than we have about the ones that worked well, because that information was impossible to gather.
  • data that could help workers do their work better has always come from top down, filtered by various levels of management and only delivered after the fact.
  • customers can’t get the full value of our products because they operate in isolation from each other, and often were slow to react to changing conditions.
  • assembly-line machinery has frequently been hard to optimize, because we really didn’t know how it was operating — until it broke down.
  • key parts of the operation, such as supply chain, manufacturing, and distribution, have been largely independent, without simultaneous access to each other’s status.

With the Internet of Things, by contrast, everything will be linked, and that will change everything:

  • we’ll get real-time data about how customers are using our products. Most radically, that data may even allow us, instead of selling products and then severing our ties to the customer as in the past, to instead lease them the products, with the pricing dependent on how they actually use the products and the value they obtain from them.
  • everyone in the company can (if your management practices allow!) have real-time access to data that will help them improve their decision making and daily operations (hmm: still looking for an example of this one: know any companies that are sharing data on a real-time basis??).
  • products will work together, with synergistic results (as with the Jawbone UP turning on the NEXT), with their operation automatically triggered and coordinated by services such as IFTTT.
  • the assembly line can be optimized because we’ll be able to “see” into massive equipment to learn how it is operating — or if it needs repairs in time to avoid catastrophic failure.
  • access to that same data may even be shared with your supply chain and distribution network — or even with customers (again, looking for a good example of that transformation).

There’s won’t be dead ends or one-way streets where information only flows one way. Instead, they’ll be replaced by loops (in fact, I thought loops might be an alternative theme): in many cases, data will be fed back through M2M systems so things can be optimized.

If that’s the case, we’ll be able to increase the use and value of tools such as systems dynamics software, that would help us model and act on these links and loops. Instead of massive oscillations where we’re forced to make sudden, major corrections when data finally becomes available, machinery will be largely self-regulating, based on continuous feedback. We’ll delight customers because products will be more dependable and we’ll be able to fine-tune them by adding features based on actual knowledge of how the products work.  Workers will be more efficient, and happier, because they’ll be empowered. We’ll tread lightly on the earth, because we’ll use only what we need, precisely when we need it.

By George, I think I’ve got it! I’m excited about this vision of the Internet of Things linking everything. What do you think?? Please let me know! 

IoT ideal example of “recombinant innovation”!

I’m currently reading Erik Brynjolfsson (say that one fast three times…) and Andy McAfee’s brilliant The Second Machine Age, which I highly recommend as an overview of the opportunities and pitfalls of what they call “brilliant technologies.”

While they don’t specifically mention the IoT, I was riveted by one section in which they contrasted current digital innovation with past technologies, using economist Paul Romer‘s term “recombinant innovation”:

Economic growth occurs whenever people take resources and rearrange them in ways that make them more valuable…. Every generation has perceived the limits to growth that finite resources and undesirable side effects would pose if no new … ideas were discovered. And every generation has underestimated the potential for finding new … ideas. We consistently fail to grasp how many ideas remain to be discovered… Possibilitities do not merely add up, they multiply.” (my emphasis)

I felt like Dr. Pangloss, who was surprised to learn he’d been speaking prose all his life: I realized Romer’s term and definition was a more elegant version of what I’ve written before, especially about IFTTT, about an Essential Truth of the IoT — that sharing data is critical to achieving the IoT’s full potential. IFTTT is a great example of Romer’s argument in practice: individuals are “taking resource and rearrang(ing) them in ways that make them more valuable.” As Brynjolfsson and McAfee write:

“.. digital innovation is recombinant innovation in its purest form. Each development becomes a building block for future innovations. Progress doesn’t run out; it accumulates. And the digital world doesn’t respect any boundaries. It extends into the physical one, leading to cars and planes that drive themselves, printers that make parts, and so on….We’ll call this the ‘innovation-as-building-block’ view of the world..” (again, my emphasis)

This is such a powerful concept. Think of Legos — not those silly ones that dominate today, where they are so specialized they can only be used in making a specific kit — but the good ol’ basic ones that could be reused in countless ways. It’s why I happen to believe that all the well-thought-out projections on the IoT’s potential size probably are on the low side: there’s simply no way that we can predict now all the creative, life-saving, money-saving, or quality-of-life-enhancing ways the IoT will manifest itself until people within and outside of organizations take new IoT devices and use them in IFTTT-like “Recipes” that would never have occurred to the devices’ creators.  But beware: none of this will happen if companies use proprietary standards or don’t open their APIs and other tools to all those who can benefit.

How exciting!

Apple Watch: killer app for IoT and lynchpin for “smart aging”

Wow: glad I put up with all of the tech problems during the Apple product launch today: the Apple Watch was worth it! It really seems as if it will be the killer device/app for the Internet of Things consumer market, and I think it may also be the lynchpin for my vision of “smart aging,” which would link both wearable health devices and smart home devices.

The elegant, versatile displays (it remains to be seen how easy it will be for klutzes like me to use the Digital Crown and some of the other navigation tools) plus the previously announced Health and Home Apps that are part of iOS 8 could really be the glue that brings together Quantified Self and smart home devices, making “smart aging” possible.

Activity AppIt will take some time to learn all about the watch and to see what apps the “Watch Kit” spawns, but here are some immediate reactions:

  • sorry, but I think it could kill the Lechal haptic shoes before they get off the ground: why have to pay extra for shoes that will vibrate to tell you where to go when your watch can do the same thing with its “Taptic Engine”?
  • I think I’ll also ditch my Jawbone UP, as much as I love it, for the Apple Watch: the video on how the Activity and Workout apps will work makes it look incredibly simple to view your fitness data instantly, vs. having to open an app on your phone.
  • (Just dreaming here): if they can pull off that neat “Milanese Loop” band on one of the versions that clamps to itself, what about not just a heart beat monitor, but a band that converts into a blood-pressure cuff? Guess that wouldn’t be accurate on the wrist, anyway, huh?

Why It’s So Hard to Predict Internet of Things’ Full Impact: “Collective Blindness”

I’ve been trying to come up with a layman’s analogy to use in explaining to skeptical executives about how dramatic the Internet of Things’ impact will be on every aspect of business and our lives, and why, if anything, it will be even more dramatic than experts’ predictions so far (see Postscapes‘ roundup of the projections).

See whether you thing “Collective Blindness” does justice to the potential for change?

 

What if there was a universal malady known as Collective Blindness, whose symptoms were that we humans simply could not see much of what was in the world?

Even worse, because everyone suffered from the condition, we wouldn’t even be aware of it as a problem, so no one would research how to end it. Instead, for millennia we’d just come up with coping mechanisms to work around the problem.

Collective Blindness would be a stupendous obstacle to full realization of a whole range of human activities (but, of course, we couldn’t quantify the problem’s impact because we weren’t even aware that it existed).

Collective Blindness has been a reality, because vast areas of our daily reality have been unknowable in the past, to the extent that we have just accepted it as a condition of reality.

Consider how Collective Blindness has limited our business horizons.

We couldn’t tell when a key piece of machinery was going to fail because of metal fatigue.

We couldn’t tell how efficiently an entire assembly line was operating, or how to fully optimize its performance.

We couldn’t tell whether a delivery truck would be stuck in traffic.

We couldn’t tell exactly when we’d need a parts shipment from a supplier, nor would the supplier know exactly when to do a new production run to be read.

We couldn’t tell how customers actually used our products.

That’s all changing now. Collective Blindness is ending, …. and will be eradified by the Internet of Things.

What do you think? Useful analogy?

http://www.stephensonstrategies.com/">Stephenson blogs on Internet of Things Internet of Things strategy, breakthroughs and management