FTC report provides good checklist to design in IoT security and privacy

FTC report on IoT

FTC report on IoT

SEC Chair Edith Ramirez has been pretty clear that the FTC plans to look closely at the IoT and takes IoT security and privacy seriously: most famously by fining IoT marketer TrendNet for non-existent security with its nanny cam.

Companies that want to avoid such actions — and avoid undermining fragile public trust in their products and the IoT as a whole — would do well to clip and refer to this checklist that I’ve prepared based on the recent FTC Report, Privacy and Security in a Connected World, compiled based on a workshop they held in 2013, and highlighting best practices that were shared at the workshop.

  1. Most important, “companies should build security into their devices at the outset, rather than as an afterthought.” I’ve referred before to the bright young things at the Wearables + Things conference who used their startup status as an excuse for deferring security and privacy until a later date. WRONG: both must be a priority from Day One.

  2. Conduct a privacy or security risk assessment during design phase.

  3. Minimize the data you collect and retain.  This is a tough one, because there’s always that chance that some retained data may be mashed up with some other data in future, yielding a dazzling insight that could help company and customer alike, BUT the more data just floating out there in “data lake” the more chance it will be misused.

  4. Test your security measures before launching your products. … then test them again…

  5. “..train all employees about good security, and ensure that security issues are addressed at the appropriate level of responsibility within the organization.” This one is sooo important and so often overlooked: how many times have we found that someone far down the corporate ladder has been at fault in a data breach because s/he wasn’t adequately trained and/or empowered?  Privacy and security are everyone’s job.

  6. “.. retain service providers that are capable of maintaining reasonable security and provide reasonable oversight for these service providers.”

  7. ‘… when companies identify significant risks within their systems, they should implement a defense-in -depth approach, in which they consider implementing security measures at several levels.”

  8. “… consider implementing reasonable access control measures to limit the ability of an unauthorized person to access a consumer’s device, data, or even the consumer’s network.” Don’t forget: with the Target data breach, the bad guys got access to the corporate data through a local HVAC dealer. Everything’s linked — for better or worse!

  9. “.. companies should continue to monitor products throughout the life cycle and, to the extent feasible, patch known vulnerabilities.”  Privacy and security are moving targets, and require constant vigilance.

  10. Avoid enabling unauthorized access and misuse of personal information.

  11. Don’t facilitate attacks on other systems. The very strength of the IoT in creating linkages and synergies between various data sources can also allow backdoor attacks if one source has poor security.

  12. Don’t create risks to personal safety. If you doubt that’s an issue, look at Ed Markey’s recent report on connected car safety.

  13. Avoid creating a situation where companies might use this data to make credit, insurance, and employment decisions.  That’s the downside of cool tools like Progressive’s “Snapshot,” which can save us safe drivers on premiums: the same data on your actual driving behavior might some day be used become compulsory, and might be used to deny you coverage or increase your premium).

  14. Realize that FTC Fair Information Practice Principles will be extended to IoT. These “FIPPs, ” including “notice, choice, access, accuracy, data minimization, security, and accountability,” have been around for a long time, so it’s understandable the FTC will apply them to the IoT.  Most important ones?  Security, data minimization, notice, and choice.

Not all of these issues will apply to all companies, but it’s better to keep all of them in mind, because your situation may change. I hope you’ll share these guidelines with your entire workforce: they’re all part of the solution — or the problem.

The #IoT Can Kill You! Got Your Attention? Car Security a Must

The Internet of Things can kill you.

Got your attention? OK, maybe this is the wake-up call the IoT world needs to make certain that privacy and security are baked in, not just afterthoughts.

Markey_IoT_car_reportI’ve blogged before about how privacy and security must be Job 1, but now it’s in the headlines because of a new report by our Mass. Senator, Ed Markey (Political aside: thanks, Ed, for more than 30 years of leadership — frequently as a voice crying in the wilderness — on the policy implications of telecomm!), “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,” about the dangers of not taking the issues seriously when it comes to smart cars.

I first became concerned about this issue when reading “Look Out, He’s Got an Phone,!” (my personal nominee for all-time most wry IoT headline…), a litany of all sorts of horrific things, such as spoofing the low air-pressure light on your car so you’ll pull over and the Bad Guys can get it would stop dead at 70 mph,  that are proven risks of un-encrypted automotive data.  All too typical was the reaction of Schrader Electronics, which makes the tire sensors:

“Schrader Electronics, the biggest T.P.M.S. manufacturer, publicly scoffed at the Rutgers–South Carolina report. Tracking cars by tire, it said, is ‘not only impractical but nearly impossible.’ T.P.M.S. systems, it maintained, are reliable and safe.

“This is the kind of statement that security analysts regard as an invitation. A year after Schrader’s sneering response, researchers from the University of Washington and the University of California–San Diego were able to ‘spoof’ (fake) the signals from a tire-pressure E.C.U. by hacking an adjacent but entirely different system—the OnStar-type network that monitors the T.P.M.S. for roadside assistance. In a scenario from a techno-thriller, the researchers called the cell phone built into the car network with a message supposedly sent from the tires. ‘It told the car that the tires had 10 p.s.i. when they in fact had 30 p.s.i.,’ team co-leader Tadayoshi Kohno told me—a message equivalent to ‘Stop the car immediately.’ He added, ‘In theory, you could reprogram the car while it is parked, then initiate the program with a transmitter by the freeway. The car drives by, you call the transmitter with your smartphone, it sends the initiation code—bang! The car locks up at 70 miles per hour. You’ve crashed their car without touching it.’”

Hubris: it’ll get you every time….

So now Senator Markey lays out the full scope of this issue, and it should scare the daylights out of you — and, hopefully, Detroit! The report is compiled on responses by 16 car companies (BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen (with Audi), and Volvo — hmm: one that didn’t respond was Tesla, which I suspect [just a hunch] really has paid attention to this issue because of its techno leadership) to letters Markey sent in late 2013. Here are the damning highlights from his report:

“1. Nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.

2. Most automobile manufacturers were unaware of or unable to report on past hacking incidents.

3. Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across all automobile manufacturers, and many manufacturers did not seem to understand the questions posed by Senator Markey.

4. Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most say they rely on technologies that cannot be used for this purpose at all. (my emphasis)

5. Automobile manufacturers collect large amounts of data on driving history and vehicle performance.

6. A majority of automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not describe effective means to secure the data.

7. Manufacturers use personal vehicle data in various ways, often vaguely to “improve the customer experience” and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.

8. Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.”

In short, the auto industry collects a lot of information about us, and doesn’t have a clue how to manage or protect it.

I’ve repeatedly warned before that one of the issues technologists don’t really understand and/or scoff at, is public fears about privacy and security. Based on my prior work in crisis management, that can be costly — or fatal.

This report should serve as a bit of electroshock therapy to get them (and here I’m referring not just to auto makers but all IoT technologists: it’s called guilt by association, and most people tend to confabulate fears, not discriminate between them. Unless everyone in IoT takes privacy and security seriously, everyone may suffer the result [see below]) to realize that it’s not OK, as one of the speakers at the Wearables + Things conference said, that “we’ll get to privacy and security later.” It’s got to be a priority from the get-go (more about this in a forthcoming post, where I’ll discuss the recent FTC report on the issue).

I’ve got enough to worry about behind the wheel, since the North American Deer Alliance is out to get me. Don’t make me worry about false tire pressure readings.


PS: there’s another important issue here that may be obscured: the very connectedness that is such an important aspect of the IoT. Remember that the researchers spoofed the T.P.M.S. system not through a frontal assault, but by attacking the roadside assistance system? It’s like the way Target’s computers were hacked via a small company doing HVAC maintenance. Moral of the story? No IoT system is safe unless all the ones linking to it are safe.  For want of a nail … the kingdom was lost!

My take on the IoT at CES

Here I am languishing in bitterly-cold Massachusetts, while all the cool kids are playing with toys at CES!  I’ll try to get over it and give you my impressions of the Internet of Things new product introductions, as filtered through the lens of my IoT Essential Truths:

  • Perhaps the most important development is Samsung’s whole-hearted embrace of the IoT, building on its acquisition of SmartThings.  In his keynote, Samsung CEO BK Yoon struck exactly the right notes, emphasizing the need for open standards and collaboration.Within 5 years, all new Samsung products will be IoT enabled.Don’t forget that Samsung doesn’t just make consumer products, but also critical IoT tools such as sensors and chips.  Its 3-D range sensors that can detect tiny movements may be a critical IoT components.SmartThings CEO Alex Hawkinson was part of the presentation, and stressed:

    “For the Internet of Things to be a success, it has to be open, Any device, from any platform, must be able to connect and communicate with one another. We’ve worked hard to accomplish this, and are committed to putting users first, giving them the most choice and freedom possible.”

  • If was accurate, the GoBe calorie counter could be a great Quantified Self device. I still find it waaay to time-consuming and laboriously to look up specific foods’ caloric content and enter them into an app. However, The Verge says not so fast…..  What might be feasible is the InBody Bend, to measure the result of those calories — your body fat — and your heart rate. It’s also a pedometer and measures your calories burned. Oh, yeah, the Bend also tells time. Best of all, it will go 7-8 days between charges.
  • The HereO children’s watches seem like a great product for worried parents, allowing them to locate the wee ones via GPS.
  • While I think the key to realizing my “Smart Aging” paradigm shift will primarily be tweaking mainstream IoT Quantified Self and smart home devices for seniors’ special needs, there are some issues, such as hearing loss, that particularly affect seniors. In that category, Siemens’ Smart Hearing Aid looks promising, and an interesting example of enhancing a not-so-great existing product using IoT capabilities. A key is the unobtrusive clip-on easyTek  which complements the in-ear device, and can connect (via Bluetooth) to smartphones, computers or TVs, so that the hearing aides also function as earphones for those devices. As The Verge reports, even those with good hearing might end up using it.
  • However, my two favorite CES intros both enhance a decidedly 19th-century product, the bike.They illustrate the Essential TruthWhat Can You Do Now That You Couldn’t Do Before?
    Smart Pedal

    Smart Pedal

    One is a nifty substitute for a plain-vanilla pedal, from Connected Cycle. On a day-in-day-out basis, the pedal is a Quantified Self device, recording your speed, route, incline, and calories burned.

    However, when some miscreant steals your ride, it’s the two-wheel equivalent of Find My iPhone, telling you and the cops exactly where the bike’s located.

    Ok, that’s nice, but the other bike device introduced at CES can save your life!

    Smart Bike Helmet

    In the spirit of IoT collaboration, Volvo, Ericsson & sporting goods manufacturer POC have worked together on a smart helmet.

    The bike’s and the car’s locations are both uploaded to the cloud.

    If the  helmet is connected to a bike app such as Strava, built-in warning lights warn it there’s a car nearby, while a heads-up display on the dash warns the driver at the same time.

    I can’t see Volvo gaining any competitive advantage from this, and, of course, the technology will really only be effective if every hemet and every car are equipped with it, so I hope the partners will release it for universal adoption. Who would have ever thought that the IoT could peacefully bring bicyclists and motorists together. Just shows you that with the IoT, we’ll have to re-examine a lot of long-held beliefs!

 

Disney MagicBands: as important symbolically for IoT as substantively!

(I’ve been meaning to write about this particular IoT device for a long time — my apologies for the delay)

I have no objective evidence for this, but I suspect that many C-level executives first learned about e-commerce when they placed personal orders during the Christmas season of 1995. Thus, Amazon deserves a disproportionate share of credit for launching the e-commerce era.

Magic Bands play a number of roles at Disney parks

Similarly, I suspect that many C-level executives’ first direct experience with the Internet of Things has come, or may come this holiday season, with their family’s first visit to Disneyworld since Disney began the beta testing of its MagicBands, which are arguably the most high-profile public IoT devices so far.

IMHO, Disney deserves a lot of credit for such a public IoT project, especially many of the initial reviews were decidedly mixed due to technical and management glitches — risking irritating customers. 

The project reportedly cost north of $1 billion.

The major lesson to decision makers in other industries to be gained from the MagicBand is my favorite IoT “Essential Truth“: who else can use this data?

Disney uses the band data, either by itself, or aggregated with other visitors, to improve almost every aspect of park operations, marketing, and the customer experience — illustrating the versatility of IoT devices:

  • control logistics, speeding entry to the park and individual rides
  • coordinate outside transportation
  • balance demand for various rides
  • add new functionality to existing technology such as the Disney app
  • control mechanical systems, such as hotel door locks
  • add a social component (and avoid the stresses of families getting
  • handle and speed in-park financial transactions
  • personalize the park experience and improve customer satisfaction
  • harvest and analyze big data on customer preferences.

The bands, which work because they have RFID chips inside, are worn on your wrist throughout your stay at the parks. When you book the trip, Disney lets you choose your favorite color, and the band comes in a presentation box with your name on it.

Before leaving, you can program it in conjunction with the My Disney Experience app and web page, entering key choices such as hotels, your favorite rides (FastPass+), dinner reservations, etc., and your credit card info so that they can be used to pay for meals and merchandise.

Disney warns visitors not to pack the bracelets in their luggage, because they are even used to board the transportation from the Orlando airport.

Putting aside the programming involved, this had to be a tremendous logistical challenge, changing the hotel locks, installing readers at each ride, putting readers in the restaurants and shops, which probably accounts for many of the glitches that customers reported during the pilot phase.

My future son-in-law, Greg Jueneman, who knows EVERYTHING about Disneyland, weighs in from a customer standpoint:

“I think they take the spontaneity out of a Disney World vacation. Everything has to be planned in advance and a schedule has to be followed. As a technology they are cool, I’m sure Disney had lots of plans for them but so far the only real thing that they do is open your hotel room without a “key” and allow you to pay for things without your cards (I’m sure Disney loves that! – some blogs Ifollow have said that spending with Magic Bands is up 40%, that’s impressive!).”

As you can imagine, there are also important data privacy and security issues: on one hand, it would probably be very cool to have Mickey come up to you and say “happy 5th birthday, Jeremy,” but that could also creep parents out, and you’d be worried about someone running up a tab on your credit card if you mislaid the band.

From my reading of the most recent media coverage, it appears that most of the beta test problems have been worked out, and that Disney is fully-committed to universal use of the bands in the future.

If you’re visiting Disney this holiday season, think about possible IoT strategy lessons for your company from the MagicBand:

  • marketing: how it can personalize the customer experience and increase sales?
  • transactions: how can it streamline transactions (have to think that Apple looked carefully at this in designing Apple Pay)?
  • operations: how can real-time data from many users help streamline operations and reduce congestion?

Maybe you can write off the family vacation as research! Have fun.

 

Live Blogging from IoT Global Summit

I’ll be live-blogging for the next two days from the 2nd Internet of Things Global Summit.

  • Edith Ramirez, FTC chair:
    • potential for astounding benefits to society, transforming every activity
    • risks: very technology that allows this can also gather info for companies and your next employer
    • possible consumer loss of confidence in connected devices if they don’t think privacy w
    • 3 challenges:
      • adverse uses
      • security of the data
      • collection of the data
    • key steps companies should take:
      • security front and center
      • deidentify data
      • transparent policies
    • data will provide “startlingly complete pictures of us” — sensors can already identify our moods, even progression of neurological diseases
    • how will the data be used? will TV habits be shared with potential employers? Will it paint picture of you that others will see, but you won’t
    • will it exacerbate current socio-economic disparities?
    • potential for data breaches such as Target grows as more data is collected
    • FTC found some companies don’t take even most basic protections. Small size and cheap cost of some sensors may inhibit data protections
    • steps:
      • build security in from beginning
      • security risk assessment
      • test security measures before launch
      • implement defense and depth approach
      • encryption, especially for health data.
    • FTC action against TrendNet
    • follow principle of “data minimization,” only what’s needed, and dispose of it afterwards.
  • she’s skeptical of belief that there should be no limits on collection of data (because of possible benefits)
    • de-identified data: need dual approach — commit to not re-identify data
    • clear and simple notice to consumers about possible use of data.
    • Apple touting that it doesn’t sell data from Health App — critical to building consumer trust
    • transparency: major FTC priority. FTC review of mobile apps showed broad and vague standards on data collection & use.
  • Ilkka Lakaniemi, chair, FIWARE Future Internet PPP, EU perspective on IoT:
    • lot easier to start IoT businesses in Silicon Valley because of redundant regulations in EU
    • Open Standard Platform + Sustainable Innovation Ecosystem. “Synergy Platform”
  • Mark Bartolomeo,   vp of integrated solutions, Verizon:
    • Bakken Shale area visit: “landscape of IoT” solutions — pipeline monitoring, water monitoring, etc.
    • concerned about rapid urbanization: 30% of city congestion caused by drivers looking for parking. $120B wasted in time and fuel yearly.
    • cars: “seamless nodes” of system.
    • market drivers & barriers:
      • increased operational efficiency, new revenue streams, better service, comply with regulators, build competitive edge
      • fragmented ecosystem, complex development, significant back end obstacles
    • they want integrated systems.
    • need to remove barriers: aging infrastructure, congestion, public safety, economics
    • remove complexity
    • economies of scale: common services
    • trend to car sharing, smart grid
    • yea: highlighting intellistreets — one of my 1st fav IoT devices!!
    • Verizon working primarily on parking & traffic congestion on the East Coast, and water management in CA.

Smart Cities:

  • Nigel Cameron: nation-state receding, cities and corporations on ascendency
  • Sokwoo Rhee, NIST: Cyber-Physical Systems — emphasis on systems dynamics, data fed back into system, makes it autonomous.  Did Smart America Challenge with White House. Fragmentation on device level. Demonstrate tangible effects through collaborations. Examples: health care systems, transactive energy management, smart emergency response, water distribution, air quality. 24 projects.  Round Two is application of the projects to actual cities. Now 26 teams.
  • Joseph Bradley, VP, IoT Practice, Cisco Consulting: value isn’t in the devices, but the connections. Intersection of people, data, process, and things. Increase City of Nice’s parking revenue 40-60% without raising taxes through smart parking. They project $19 trillion in value over 10 years from combo of public and private innovations. Smart street lighting: reduces crime, property values increase, free wi-fi from the connected street lights. Barcelona is Exhibit A for benefits. Need: comprehensive strategy (privacy is a contextual issue: depends on the benefits you receive), scalability, apps, data analytics, transparency, powerful network foundation, IoT catalyst for breaking down silos, IoT must address people and process.
  • Ron Sege, chair and ceo of Echelon Corp: got started with smart buildings, 25 yrs. old. Why now with IoT: ubiquitous communications, low cost, hyper-competition, cloud. They do outdoor & indoor lighting and building systems. Challenges: move to one infrastructure/multiple use cases, will IT learn about OT & visa-versa?, reliability: critical infrastructure can’t fail & must respond instantly.
  • Christopher Wolf, Future of Privacy Forum: flexible, use-based privacy standards. Industry-wide approach to privacy: auto industry last week told NISTA about uniform privacy standards for connected cars (neat: will have to blog that…).
  • Peter Marx, chief innovation officer, City of LA:  big program to reduce street lights with LEDs: changed whole look of city at night & saves lot of money. 6 rail lines being built there. Adding smart meters for water & power. EV chargers on street lights. Held hackathon for young people to come up with ideas to improve city. Procurement cycles are sooo arcane that he suggests entrepreneurs don’t do business with city — he just tries to enable them.

Outside the City:

  • Darrin Mylet, Adaptrum: Using “TV white space spectrum” in non-urban areas. Spectrum access critical:need mix of spectrum types. Where do we need spectrum? Most need in non-line-of-sight areas such as trees, etc. Examples: not only rural, but also some urban areas (San Jose); Singapore; Africa; redwood forests;
  • Arturo Kuigami, World Bank: examples in developing nations: (he’s from Peru); most of global migration is to smaller cities; look at cities as ecosystems; “maker movement” is important — different business models: they partnered with Intel and MIT on “FabLabs” in Barcelona this year. MoMo — water access point monitoring in Tanzania.  Miroculus: created by a global ad hoc team — cheap way to make cancer diagnosis: have identified 3-4 types of cancers it can diagnose. Spirometer to measure COPD, made by a 15-year old! “IoT can be a global level playing field.”
  • Chris Rezendes, INEX Advisors: Profitable sustainability: by instrumenting the physical world, we can create huge opportunities for a wide range of people outside our companies. Focusing on doing a better job of instrumenting and monitoring our groundwater supplies: very little being done in SW US right now (INEX investing in a startup that is starting this monitoring). If we have better data on groundwater, we can do a better job of managing it. “Embrace complexity upfront” to be successful.
  • Shudong Chen, Chinese Academy of Sciences: talking about the Chinese food security crisis because of milk production without a food production license.  Government launched “Wuxi Food Science & Technology Park.”

Smart Homes:

  • Tobin Richardson, Zigbee Alliance: critical role of open, global standards. Zigbee LCD lights now down to $15.
  • Cees Links, GreenPeak Technologies: Leader in Zigbee-based smart home devices. Smart home waay more complex than wi-fi.  1m chips a week, vs. 1 million for whole year of 2011. “Not scratching the surface.” Small data — many small packets.
  • Todd Green, CEO PubNub: data stream network.
  • no killer app for the smart home..  Controlling by your phone not really that great a method.
  • FTC agrees with me: a few adverse stories (TrendNet baby cam example) can be really bad for an industry in its infancy.
  • always hole in security. For example, you can tell if no one’s home because volume of wi-fi data drops.W
  • FTC: consumer ed critical part of their work. Working now on best practices for home data protection.
  • mitigation after a security breach? Always be open, communicate (but most hunker down!).

DAY TWO

Beyond Cost Savings: Forging a Path to Revenue Generation

  • Eric Openshaw: (had tech problems during his preso: very important one — check the Deloitte The Internet of Things white paper for details) cost savings through IoT not enough for sustainable advantage: need to produce new revenue to do that. Defined ecosystem shaping up, which creates clarity, breaks down silos.
    • areas: smart grid, health care, home automation, cars, industrial automation
    • study the GE jet model for health care: what if doctors were paid to keep us healthy.
    • need comprehensive understanding of the change issues
    • be very specific: singular asset class, etc. — so you get early victories
    • companies will have overarching, finite roadmap
    • security & privacy dichotomy: differentiate between personal health care data and data from your washing machine. Most of us will share all sorts of information if there’s something in return
    • get focused on customer and product life cycle — that’s where the money will be. Focus on operating metric level. This is most far-reaching tech change he’s seen.

Managing Spectrum Needs

  • Julius Knapp, Chief, FCC Office of Engineering & Technology: new opportunity to combine licensed and unlicensed space. Described a number of FCC actions to reconsider role of various types of spectrum. “Hard to predict I0T’s long-term spectrum needs” because industry is new: they’ll watch developments in the field.
  • Prof. H. Nwana, exec. director of Dynamic Spectrum Alliance: most spectrum usually not used in most places at most time.  His group working to use changes to spectrum to end digital divide: (used incredible map showing how much of world, including US, China, India, W. Europe, could be fitted into Africa).
  • Carla Rath, VP for Wireless Policy, Verizon: “in my world, the network is assumed.”  Need for more spectrum — because of growth in mobile demand. Praises US govt. for trying to make more spectrum available. Don’t want to pigeonhole IoT in certain part of spectrum: allow flexibility.  Tension between flexibility and desire for global standards when it comes to IoT.
  • Philip Marnick, group director of spectrum policy, Ofcom UK:  no single solution.  Market determines best use. Some applications become critical (public safety, etc.) — must make sure people using those are aware of chance of interference.
  • Hazem Moakkit, vp of spectrum development for 03b (UK satellite provider for underserved areas of developing world): “digital divide widened by IoT if all are not on board.” Fair allocation of spectrum vital.
  • interesting question: referred to executive of a major farm equipment manufacturer whose products are now sensor-laden (must be John Deere…) and is frustrated because the equipment won’t work in countries such as Germany due to different bands.

Architecting the IoT: Sensing, Networking & Analytics: 

  • Tom Davenport: IoT highly unpredictable. “Great things about standards is there’s so many to choose from” — LOL.  Will IoT revolution be more top down or bottom up?
  • Gary Butler, CEO, Camgian: announcing an edge system for IoT. Driven by sensor info. Need new networking architecture to combine sensing and analytics to optimize business processes, manage risk. Systems now built from legacy equipment, not scalable. They’re announcing new platform: Egburt. Applicable to smart cities, retailing, ifrastructure (I’ll blog more about this soon!!). “Intelligence out of chaos.” Anomaly detection. Real-time analysis at the device level. Focus on edge computing. Must strengthen the ROI.
  • Xiaolin Lu, Texas Instruments fellow & director of IoT Lab: Working in wearables, smart manufacturing, smart cities, smart manufacturing, health care, automotive. TI claims it has all IoT building blocks: nodes, gateway/bridge or router/cloud.  Power needs are really critical, with real emphasis on energy harvesting from your body heat, vibration, etc. Challenges: sensing and data analytics, robust connectivity, power, security, complexity, consolidation of infrastructure and data. Big advocates for standards. They work on smart grid.
  • Steve Halliday, president, RAIN RFID: very involved in standards. 4 BILLION RFID tags shipped last year. Don’t always want IP devices. Power not an issue w/ RFID because they get their power from the reader. Think RFID will be underpinning of IoT for long time. Lot of confusion in many areas about IoT, especially in manufacturing.
  • Sky Mathews, IBM CTO: IBM was one of earliest in the field, with Smarter Planet. Lot of early ones were RFID. A variety of patterns emerging for where and how data is processed. What APIs do you want to expose to the world? “That’s where the real leaps of magnitude will occur” — so design that in from beginning.

‘People’ Side of the IoT: meeting consumer expectations:

  • Mark Eichorn, asst. director, Consumer Protection Bureau, FTC: companies that have made traditional appliances & now web-enable them aren’t always ready to deal with data theft. Security and privacy: a lot don’t have privacy policies at all. At their workshop, talk about people being able to hack your insulin readings.
  • Daniel Castro, sr. analyst, Center for Data Innovation: thinks that privacy issue has been misconstrued: what people really care about is keeping data from government intrusion. Can car be designed so a cop could pull it over automatically (wow: that’s a thought!). Chance for more liability with misuse of #IoT data.
  • Linda Sherry, director of national priorities, Consumer Action: “convenience, expectations and trust.” “What is the IoT doing beside working?” Connecting everything may disenfranchise those who aren’t connected. Need to register those who collect data – hmm. Hadn’t heard that one before. Even human rights risks, stalking, etc. — these issues must be thought about. Can algorithms really be trusted on issues such as insurance coverage? How do you define particularly sensitive personal data? “Hobbling the unconnected” when most are connected? “Saving consumers from themselves.” “Document the harms.” Make sure groups with less $ can really participate in multi-stakeholder negotiations.
  • Stephen Pattison, vp of public affairs, ARM Holdings: disagrees with Linda about slowing things down: we want to speed up IoT as instrument of transformation. We need business model for it. Talks about how smart phone didn’t explode until providers started subsidizing purchase. He suspects that one model might be that a company would provide you whole range of smart appliances in return for your data. “Getting data right matters.” “Freak events” drive concerns about data security & privacy: they generate concern and, sometimes, “heavy-handed” regulation.
    Industry must work together on framework for data that creates confidence by public. Concerns about data are holding back investment in the field. They’re working with AMD on a framework: consumers own their own data — must start with that (if they do, people will cooperate); not all data equally sensitive — need chain of custody to keep data anomyzed; security must be right at the edge; simplify terms and conditions.
    Sometimes thinks that, in talking about IoT, it’s like talking about cars in 1900, but we managed to create a set of standards that allowed it to grow: “rules of the road,” etc.
comments: 2 »

Live-blogging @ Wearables + Things

 

Just arrived @ Wearables + Things conference (I’ll speak on “Smart Aging” tomorrow). Hmm: there’s one noteworthy player absent from the conference: those guys from Cupertino. Wonder why they’re not there (perhaps in stealth mode??)

Conference already underway, about to have 2 new product reveals!

  1. iStrategyLabs, “Dorothy,” connects your shoe to your phone. You’re stuck in a conversation, need way to leave. What if you could click your heels together three times (get it, Dorothy???) and you’d get a bail-out call (or you can trigger an IFTTT recipe or call for a pizza…). “Ruby” goes in shoe.  OK, this ain’t as significant as either the Lechal haptic shoe, but who knows how it might evolve…
  2. Atlas Wearables’ fitness product, Atlas. Their goals is seamless, frictionless experiences. “What if device could recognize specific motions you’re making?” This is really cool: it recognizes and records a wide range of fitness activities, such as push-ups.  I really don’t like fact that my Jawbone can’t do that, so this looks good!

Sony Mobile, Kristian Tarnhed. Challenges:

  1. g data overload. They have a “lifelog” app that tries to make sense of all the data.
  2. too many devices that want your attention. Make them complement smart phone as much as possible.
  3. is it really wearable, usable? 

Very funny: no one mentions Apple. 10-ton gorilla in the room????


Amazing preso by Jim McKeeth: “Is Thought the Future of Wearable Input?”  Guy wearing Google Glass is controlling a drone! Wouldn’t that be an incredible thing for “Smart Aging”  to allow a frail elder to control various household things just by thinking them?


 

Oren Michels, chief strategist, Intel (he was an API pioneer at Mashery):

  • APIs make connections. The Epocrates platform from Athena Health is an example: may save $3.5B.
  • Also working in travel. Example is Sabre, which has switched to an open API.
  • APIs create better customer experiences: Apple Pay! 30% of Starbucks revenue from its phone purchase app.

Quick time to market: Coke was able to restock vending machines instantly during 2012 Olympics through API.

  • Examples:
    • better healthcare monitoring: give small devices processing power through cloud
    • connected car ecosystem (BMW iConnected Services, MyCityWay, TomTom’s WebFleet)
    • Snapshot from Progressive
    • Inrix — “data for planning smart cities”

This, IMHO, is sooo important: open APIs are great example of my Essential Truth of “who else can use this data?” — you don’t have to develop every kewl use for your device yourself: open the API and others will help!


Peter Li, Atlas Wearables (the company that debuted their new device yesterday):

  • iPhone: remember, it was a 3-in-one solution.
  • sensors now commoditized: cheap & tiny
  • he was a biomedical engineer
  • synergistic benefits by combining data streams
  • era of augmentation: making you better without you having to think about it.
  • frictionless actions

“sensors root of the revolution”


Brad Wilkins, Nike science director:

  • he’s exercise physiologist
  • they have whole detailed process to understand physiological phenomena. Role of sensor is the describe the phenomena. Then apply that data to enhance athlete potential

Noble Ackerson, Lynxfit, “Hacking Your Way Through Rehab With Wearables”

  • they let content publishers (they work with Stanford Health, UnderArmour, etc.) in rehab area to push info to devices. Prescribe workouts.  Device agnostic.
  • They’ve imported 65 different activities into program.
  • Track: heart rate, pace, position, speed, endurance, breathing, sentiment.

Panel: Jim Kohlenberger, JK Strategies; Jose Garcia, Samsung; Mark Hanson, BeClose; Alison Remsen, Mobile Future:

  • BeClose is working with seniors!!
  • Samsung working with airports to make flying experience more enjoyable.
  • BeClose: take some of burden off health care system.
  • how government can help: faster networks. “First, do no harm.” — Digital Hypocratic Oath.

DHS (sorry, didn’t get his name):

  • In a crisis,  “data  must inform at the speed of thought” Brilliant
  • To be operational, data must be intuitive, instinctive, interoperable, and wearable.
  • Creating “Next Generation First Responder”
  • Creating fire jackets with sensors built in.

Proximity-aware apps using iBeacon:

  • beacons are Bluetooth v4.0 Low Energy transmitters.
  • mobiles can identify and determine proximity to beacon: usual range is 25 to 40 m, but you can tune it to much shorter range.
  • beacons broadcast unique identifier for the place. Also provide Measured Power Value: what’s signal strength of beacon at specific distance.
  • the beacon only sends out a unique identifier, which triggers the app contains all the info that drives the experience.
  • app is notified whether you’re in immediate range, near, or far range (might even want to present content when person exits the area).
  • beacons protect privacy by being opt-in. They are transmit only: don’t receive or collect signals from mobile devices.
  • Apple requires that the app specifically ask user to allow proximity-aware mobile app to access their location.
  • non iBeacon versions: AltBeacon (Radius Network’s opsolves en source alternative), and other ones that specific companies will introduce, optimized for their products.
  • Radius multi-beacon: solves fragmentation problem or multiple, incompatible beacon ad types. Their RadBeacons handle both types.
  • RadBeacon: USB powered, coin-cell battery powered, AA battery powered.  Most beacons will only last about a month before battery change.
  • Future of beacons: will be split in market: corporate (one of their questions has rolled out more than 16,000 — they won’t powered or long-battery-life versions & remote monitoring) vs. consumers (cheap & disposable). Will be integrated into equipment (wifi access-point hotspots, POS terminals, fuel dispensers, self-service kiosks.

My presentation about “Smart Aging”


 

Privacy & Security Panel:

  • There is real risk of personal data being intercepted. “No perfect solutions.”
  • Data can be stored on smart phone OR uploaded to cloud. What control does user have? What if you have health wearable that sends info on blood pressure, etc., to cloud, where it gets shared with companies, and, for example, it can link data to your Facebook data, could be risk of disclosure.
  • HIPPA and variety of other regulations can come into play.
  • Things moving very quickly, data captured & used. Example of Jawbone data from people who were sleeping during California quake: users upset because the data was disclosed to news media — even though it was just aggregated, was creepy!
  • FTC went after the Android flashlight app that was aggregating data. A no-no.
  • have to make it simple to understand in statements about how your data will be collected & used.
  • Tiles: if the device is gone from home, will send alert to ALL Tile devices. You might be able to modify the software so you (bad guy) could retrieve it it while the owner would think it was still lost.  Stalker might even be able to use this data..

Scott Amyx, Amyx & McKinsey,  “The Internet of Things Will Disrupt Everything”:

  • Example of McLean, the developer of intermodal shipping container. Hmm: does Amyx know about how Freight Farms has created IoT-enhanced food growing in freight containers???
  • future of M2M will allow sensors with embedded processors — smarter than today’s computers.
  • memory: over time, memory will only grow.
  • wifi: most locked networks are idle most of day. Harness them.
  • lifi: 2-way network to turn any light as a network. Higher-speed than wifi.
  • mesh networks (long-time fascination of mine, especially in disasters): every node creates more powerful network. Can’t be controlled by a central gov.
  • Implications:
    • can disrupt telecom (mesh networks)
    • shifting consumer data from cloud to you
  • they’re testing a system that would tell what a person really feels while they’re in store, film companies can test from pilot whether people will really like it. Creepy??
  • working with Element to bring this to fashion show: would gauge reaction.
  • IoT won’t be great leap, but gradual trend (like my argument that companies should begin with IoT by using it to optimize current manufacturing).
  • incredible vision of how you’ll drive to a biz appt. in driverless car, you’ll get briefing on the meeting from your windshield.
  • opportunities at every stage of the IoT development shift.

Why It’s So Hard to Predict Internet of Things’ Full Impact: “Collective Blindness”

I’ve been trying to come up with a layman’s analogy to use in explaining to skeptical executives about how dramatic the Internet of Things’ impact will be on every aspect of business and our lives, and why, if anything, it will be even more dramatic than experts’ predictions so far (see Postscapes‘ roundup of the projections).

See whether you thing “Collective Blindness” does justice to the potential for change?

 

What if there was a universal malady known as Collective Blindness, whose symptoms were that we humans simply could not see much of what was in the world?

Even worse, because everyone suffered from the condition, we wouldn’t even be aware of it as a problem, so no one would research how to end it. Instead, for millennia we’d just come up with coping mechanisms to work around the problem.

Collective Blindness would be a stupendous obstacle to full realization of a whole range of human activities (but, of course, we couldn’t quantify the problem’s impact because we weren’t even aware that it existed).

Collective Blindness has been a reality, because vast areas of our daily reality have been unknowable in the past, to the extent that we have just accepted it as a condition of reality.

Consider how Collective Blindness has limited our business horizons.

We couldn’t tell when a key piece of machinery was going to fail because of metal fatigue.

We couldn’t tell how efficiently an entire assembly line was operating, or how to fully optimize its performance.

We couldn’t tell whether a delivery truck would be stuck in traffic.

We couldn’t tell exactly when we’d need a parts shipment from a supplier, nor would the supplier know exactly when to do a new production run to be read.

We couldn’t tell how customers actually used our products.

That’s all changing now. Collective Blindness is ending, …. and will be eradified by the Internet of Things.

What do you think? Useful analogy?

Wearables: love these new shoes that tell you where to go!

Wow! What if you were blind, and instead of a white cane, your shoes gave you directions? Or, even for people with no disabilities, you were navigating a strange city, and instead of having to constantly check Google Maps, your shoes showed the way? Pretty neat!

Lechal sensor shoe

Check out the snazzy new Lechal shoe from India’s Ducere Technologies.

The shoe, also available as an insert that can go in your own plain-vanilla shoes, was invented by two young US-educated Indian entrepreneurs, Krispian Lawrence and Anirudh Sharma, who had a vision (ooops!) of using technology to help the visually impaired.

It’s billed as the “world’s first interactive haptic footware” (bet your mom would be shocked if she knew you were wearing haptic footware, eh?).  When synched to the Lechal smartphone app, it vibrates to tell you which way to go.

And the water-resistant, breathable and anti-bacterial shoes have other features: “For those with 20/20 vision or near they are still useful – they can also calculate routes, steps taken, distance covered and calories burn to monitor workouts.”

I can see these as a critical tool for seniors as part of my “smart aging” paradigm as well, especially for those with dementia or Alzheimers.

As with other Quantified Self devices, you can share your walking and other data with friends via the device.

Here’s a cool feature: it claims to have the “world’s first interactive charger”: it gives audio feedback if you snap your fingers, and beeps to tell you the progress of charging, and the charger can be used as a fast charger for most phones, cutting down on the number of chargers you have to ride herd on.

Oh, BTW, Ducere gets extra points in my book because they don’t take themselves too seriously. To wit, “The technology that powers the shoe is embedded in its sole (pun intended).”

Why the Internet of Things Will Bring Fundamental Change “What Can You Do Now That You Couldn’t Do Before?”

The great Eric Bonabeau has chiseled it into my consciousness that the test of whether a new technology really brings about fundamental change is to always ask “What can you do now that you couldn’t do before?

Tesla Roadster

That’s certainly the case for the Tesla alternative last winter to a costly, time-consuming, and reputation-staining recall  (dunno: I must have been hiding under a rock at the time to have not heard about it).

In reporting the company’s action, Wired‘s story’s subtitle was “best example yet of the Internet of Things?”

I’d have to agree it was.

Coming at the same time as the godawful Chevy recall that’s still playing out and still dragging down the company, Tesla promptly and decisively response solved another potentially dangerous situation:

 

“‘Not to worry,’ said Tesla, and completed the fix for its 29,222 vehicle owners via software update. What’s more, this wasn’t the first time Tesla has used such updates to enhance the performance of its cars. Last year it changed the suspension settings to give the car more clearance at high speeds, due to issues that had surfaced in certain collisions.”

Think of it: because Tesla has basically converted cars into computers with four wheels, modifying key parts by building in sensors and two-way communications, it has also fundamentally changed its relationship with customers: it can remain in constant contact with them, rather than losing contact between the time the customer drives off the lot and when the customer remembers (hopefully..) to schedule a service appointment, and many modifications that used to require costly and hard-to-install replacement parts now are done with a few lines of code!

Not only can Tesla streamline recalls, but it can even enhance the customer experience after the car is bought: I remember reading somewhere that car companies may start offering customer choice on engine performance: it could offer various software configurations to maximize performance or to maximize fuel savings — and continue to tweak those settings in the future, just as computers get updated operating systems. That’s much like the transformation of many other IoT-enhanced products into services, where the customer may willingly pay more over a long term for a not just a hunk of metal, but also a continuing data stream that will help optimize efficiency and reduce operating costs.

Wired went on to talk about how the engineering/management paradigm shift represented a real change:

  • “In nearly all instances, the main job of the IoT — the reason it ever came to be — is to facilitate removal of non-value add activity from the course of daily life, whether at work or in private. In the case of Tesla, this role is clear. Rather than having the tiresome task of an unplanned trip to the dealer put upon them, Tesla owners can go about their day while the car ‘fixes itself.’
  • Sustainable value – The real challenge for the ‘consumer-facing’ Internet of Things is that applications will always be fighting for a tightly squeezed share of disposable consumer income. The value proposition must provide tangible worth over time. For Tesla, the prospect of getting one’s vehicle fixed without ‘taking it to the shop’ is instantly meaningful for the would-be buyer – and the differentiator only becomes stronger over time as proud new Tesla owners laugh while their friends must continue heading to the dealer to iron out typical bug fixes for a new car. In other words, there is immediate monetary value and technology expands brand differentiation. As for Tesla dealers, they must be delighted to avoid having to make such needling repairs to irritated customers – they can merely enjoy the positive PR halo effect that a paradigm changing event like this creates for the brand – and therefore their businesses.
  • Setting new precedents – Two factors really helped push Tesla’s capability into the news cycle: involvement by NHTSA and the word ‘recall.’ At its issuance, CEO Elon Musk argued that the fix should not technically be a ‘recall’ because the necessary changes did not require customers find time to have the work performed. And, despite Musk’s feather-ruffling remarks over word choice, the stage appears to have been set for bifurcation in the future by the governing bodies. Former NHTSA administrator David Strickland admitted that Musk was ‘partially right’ and that the event could be ‘precedent-setting’ for regulators.”

That’s why I’m convinced that Internet of Things technologies such as sensors and tiny radios may be the easy part of the revolution: the hard part is going to be fundamental management changes that require new thinking and new questions.

What can you do now that you couldn’t do before??

BTW: Musk’s argument that its software upgrade shouldn’t be considered a traditional “recall” meshes nicely with my call for IoT-based “real-time regulation.”  As I wrote, it’s a win-win, because the same data that could be used for enforcement can also be used to enhance the product and its performance:

  • by installing the sensors and monitoring them all the time (typically, only the exceptions to the norm would be reported, to reduce data processing and required attention to the data) the company would be able to optimize production and distribution all the time (see my piece on ‘precision manufacturing’).
  • repair costs would be lower: “predictive maintenance” based on real-time information on equipment’s status is cheaper than emergency repairs. the public interest would be protected, because many situations that have resulted in disasters in the past would instead be avoided, or at least minimized.
  • the cost of regulation would be reduced while its effectiveness would be increased: at present, we must rely on insufficient numbers of inspectors who make infrequent visits: catching a violation is largely a matter of luck. Instead, the inspectors could monitor the real-time data and intervene instantly– hopefully in time to avoid an incident. “

Internet of Things interview I did with Jordan Rich

Didn’t realize this had run several weeks ago, but here’s an introduction to the IoT (based on my SAP “Managing the Internet of Things” i-guide) that I did with Jordan Rich of WBZ Radio, who’s also my voice-over mentor.  The examples include the GE Durathon battery plant, “smart aging,” Shodan, the SAP prototype smart vending machine and Ivee. Enjoy!

comments: 0 » tags: , , , ,