Surprising Benefits of Combining IoT and Blockchain (they go beyond economic ones!)

One final effort to work this blockchain obsession out of my system so I can get on to some exciting other IoT news!

I couldn’t resist summarizing for you the key points in”Blockchain: the solution for transparency in product supply chains,” a white paper from Project Provenance Ltd., a London-based collective  (“Our common goal is to deliver meaningful change to commerce through open and accessible information about products and supply chains.”).

If you’ve followed any of the controversies over products such as “blood diamonds” or fish caught by Asian slaves & sold by US supermarkets, you know supply chains are not only an economic issue but also sometimes a vital social (and sometimes environmental) one. As the white paper warns:

“The choices we make in the marketplace determine which business practices thrive. From a diamond in a mine to a tree in a forest, it is the deepest darkest ends of supply chains that damage so much of the planet and its livelihood.”

Yikes!

Now blockchain can make doing the right thing easier and more profitable:

“Provenance enables every physical product to come with a digital ‘passport’ that proves authenticity (Is this product what it claims to be?) and origin (Where does this product come from?), creating an auditable record of the journey behind all physical products. The potential benefits for businesses, as well as for society and the environment, are hard to overstate: preventing the selling of fake goods, as well as the problem of ‘double spending’ of certifications present in current systems. The Decentralized Application (Dapp) proposed in this paper is still in development and we welcome businesses and standards organizations to join our consortium and collaborate on this new approach to understanding our material world.”

I also love Provenance’s work with blockchain because it demonstrates one of my IoT “Essential Truths,” namely, that we must share data rather than hoard it.  The exact same real-time data that can help streamline the supply chain to get fish to our stores quicker and with less waste can also mean that the people catching it are treated fairly. How cool is that?  Or, as Benjamin Herzberg, Program Lead, Private Sector Engagement for Good Governance at the World Bank Institute puts it in the quote that begins the paper, Now, in the hyper-connected and ever-evolving world, transparency is the new power.

While I won’t summarize the entire paper, I do recommend that you so, especially if blockchain is still new to you, because it gives a very detailed explanation of each blockchain component.

Instead, let’s jump in with the economic benefits of a blockchain and IoT-enabled supply chain, since most companies won’t consider it, no matter what the social benefits, if it doesn’t help the bottom line. The list is long, and impressive:

  • “Interoperable: A modular, interoperable platform that eliminates the possibility of double spending
  • Auditable: An auditable record that can be inspected and used by companies, standards organizations, regulators, and customers alike
  • Cost-efficient:  A solution to drastically reduce costs by eliminating the need for ‘handling companies’ to be audited
  • Real-time and agile:  A fast and highly accessible sign-up means quick deployment
  • Public: The openness of the platform enables innovation and could achieve bottom-up transparency in supply chains instead of burdensome top-down audits
  • Guaranteed continuity:  The elimination of any central operator ensures inclusiveness and longevity” (my emphasis)

Applying it to a specific need, such as documenting that a food that claims to be organic really is, blockchain is much more efficient and economical than cumbersome current systems, which usually rely on some third party monitoring and observing the process.  As I’ve mentioned before, the exquisite paradox of blockchain-based systems is that they are secure and trustworthy specifically because no one individual or program controls them: it’s done through a distributed system where all the players may, in fact, distrust each other:

“The blockchain removes the need for a trusted central organization that operates and maintains this system. Using blockchains as a shared and secure platform, we are able to see not only the final state (which mimics the real world in assigning the materials for a given product under the ownership of the final customer), but crucially, we are able to overcome the weaknesses of current systems by allowing one to securely audit all transactions that brought this state of being into effect; i.e., to inspect the uninterrupted chain of custody from the raw materials to the end sale.

“The blockchain also gives us an unprecedented level of certainty over the fidelity of the information. We can be sure that all transfers of ownership were explicitly authorized by their relevant controllers without having to trust the behavior or competence of an incumbent processor. Interested parties may also audit the production and manufacturing avatars and verify that their “on-chain” persona accurately reflects reality.”

The white paper concludes by also citing an additional benefit that I’ve mentioned before: facilitating the switch to an environmentally-sound “circular economy,” which requires not only tracking the creation of things, but also their usage, trying to keep them out of landfills. “The system proposed in this paper would not only allow the creation (including all materials, grades, processes etc) and lifecycle (use, maintenance etc) to be logged on the blockchain, but this would also make it easy to access this information when products are returned to be assessed and remanufactured into a new item.”

Please do read the whole report, and think how the economic benefits of applying blockchain-enabled IoT practices to your supply chain can also warm your heart.

 

Blockchain might be answer to IoT security woes

Could blockchain be the answer to IoT security woes?

I hope so, because I’d like to get away from my recent fixation on IoT security breaches and their consequences,  especially the Mirai botnet attack that brought a large of the Internet to its knees this Fall and the even scarier (because it involved Philips, a company that takes security seriously) white-hat hackers attack on Hue bulbs.  As I’ve written, unless IoT security is improved, the public and corporations will lose faith in it and the IoT will never develop to its full potential.

Now, there’s growing discussion that blockchain (which makes bitcoin possible), might offer a good IoT security platform.

Ironically — for something dealing with security — blockchain’s value in IoT may be because the data is shared and no one person owns it or can alter it unilaterally (BTW, this is one more example of my IoT “Essential Truth” that with the IoT data should be shared, rather than hoarded as in the past.

If you’re not familiar with blockchain, here’s an IBM video, using an example from the highly security-conscious diamond industry, that gives a nice summary of how it works and why:

The key aspects of blockchain is that it:

  • is transparent
  • can trace all aspects of actions or transactions (critical for complex sequences of actions in an IoT process)
  • is distributed: there’s a shared form of record keeping, that everyone in the process can access.
  • requires permission — everyone has permission for every step
  • is secure: no one person — even a system administrator — can alter it without group approval.

Of these, perhaps the most important aspect for IoT security is that no one person can change the blockchain unilaterally, adding something (think malware) without the action being permanently recorded and without every participant’s permission.  To add a new transaction to the blockchain, all the members must validate it by applying an algorithm to confirm its validity.

The blockchain can also increase efficiency by reducing the need for intermediaries, and it’s a much better way to handle the massive flood of data that will be generated by the IoT.

The Chain of Things think tank and consortium is taking the lead on exploring blockchain’s application to the IoT. The group describes itself as “technologists at the nexus of IoT hardware manufacturing and alternative blockchain applications.” They’ve run several blockchain hackathons, and are working on open standards for IoT blockchains.

Contrast blockchain with the current prevailing IoT security paradigm.  As Datafloq points out, it’s based on the old client-server approach, which really doesn’t work with the IoT’s complexity and variety of connections: “Connection between devices will have to exclusively go through the internet, even if they happen to be a few feet apart.”  It doesn’t make sense to try to funnel the massive amounts of data that will result from widespread deployment of billions of IoT devices and sensor through a centralized model when a decentralized, peer-to-peer alternative would be more economical and efficient.

Datafloq concludes:

“Blockchain technology is the missing link to settle scalability, privacy, and reliability concerns in the Internet of Things. Blockchain technologies could perhaps be the silver bullet needed by the IoT industry. Blockchain technology can be used in tracking billions of connected devices, enable the processing of transactions and coordination between devices; allow for significant savings to IoT industry manufacturers. This decentralized approach would eliminate single points of failure, creating a more resilient ecosystem for devices to run on. The cryptographic algorithms used by blockchains, would make consumer data more private.”

I love it: paradoxically, sharing data makes it more secure!  Until something better comes along and/or the nature of IoT strategy challenges changes, it seems to me this should be the basis for secure IoT data transmission!

 

 

 

When Philips’s Hue Bulbs Are Attacked, IoT Security Becomes Even Bigger Issue

OK, what will it take to make security (and privacy) job #1 for the IoT industry?

The recent Mirai DDoS attack should have been enough to get IoT device companies to increase their security and privacy efforts.

Now we hear that the Hue bulbs from Philips, a global electronics and IoT leader that DOES emphasize security and doesn’t cut corners, have been the focus of a potentially devastating attack (um, just wonderin’: how does triggering mass epileptic seizures through your light bulbs grab you?).

Since it’s abundantly clear that the US president-elect would rather cut regulations than add needed ones (just announcing that, for every new regulation, two must be cut), the burden of improving IoT security will lie squarely on the shoulders of the industry itself. BTW:kudos in parting to outgoing FTC Chair Edith Ramirez, who has made intelligent, workable IoT regulations in collaboration with self-help efforts by the industry a priority. Will we be up to the security challenge, or, as I’ve warned before, will security and privacy lapses totally undermine the IoT in its adolescence by losing the public and corporate confidence and trust that is so crucial in this particular industry?

Count me among the dubious.

Here’s what happened in this truly scary episode, which, for the first time, presages making the focus of an IoT hack an entire city, by exploiting what might otherwise be a smart city/smart grid virtue: a large installed base of smart bulbs, all within communication distance of each other. The weapons? An off-the-shelf drone and an USB stick (the same team found that a car will also do nicely as an attack vector). Fortunately, the perpetrators in this case were a group of white-hat hackers from the Weizmann Institute of Science in Israel and Dalhousie University in Canada, who reported it to Philips so they could implement additional protections, which the company did.

Here’s what they wrote about their plan of attack:

“In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction (my emphasis), provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform.

“The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack (my emphasis). To demonstrate the risks involved, we use results from percolation theory to estimate the critical mass of installed devices for a typical city such as Paris whose area is about 105 square kilometers: The chain reaction will fizzle if there are fewer than about 15,000 randomly located smart lights in the whole city, but will spread everywhere when the number exceeds this critical mass (which had almost certainly been surpassed already (my emphasis).

“To make such an attack possible, we had to find a way to remotely yank already installed lamps from their current networks, and to perform over-the-air firmware updates. We overcame the first problem by discovering and exploiting a major bug in the implementation of the Touchlink part of the ZigBee Light Link protocol, which is supposed to stop such attempts with a proximity test. To solve the second problem, we developed a new version of a side channel attack to extract the global AES-CCM key that Philips uses to encrypt and authenticate new firmware. We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates. This demonstrates once again how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product.”

Again, this wasn’t one of those fly-by-night Chinese manufacturers of low-end IoT devices, but Philips, a major, respected, and vigilant corporation.

As for the possible results? It could:

  •  jam WiFi connections
  • disturb the electric grid
  • brick devices making entire critical systems inoperable
  • and, as I mentioned before, cause mass epileptic seizures.

As for the specifics, according to TechHive, the researchers installed Hue bulbs in several offices in an office building in the Israeli city of Beer Sheva. In a nice flair for the ironic, the building housed several computer security firms and the Israeli Computer Emergency Response Team.  They attached the attack kit on the USB stick to a drone, and flew it toward the building from 350 meters away. When they got to the building they took over the bulbs and made them flash the SOS signal in Morse Code.

The researchers”were able to bypass any prohibitions against remote access of the networked light bulbs, and then install malicious firmware. At that point the researchers were able to block further wireless updates, which apparently made the infection irreversible. ‘There is no other method of reprogramming these [infected] devices without full disassemble (which is not feasible). Any old stock would also need to be recalled, as any devices with vulnerable firmware can be infected as soon as power is applied.’”

Worst of all, the attack was against Zigbee, one of the most robust and widely-used IoT protocols, an IoT favorite because Zigbee networks tend to be cheaper and simpler than WiFi or BlueTooth.

The attack points up one of the critical ambiguities about the IoT. On one hand, the fact that it allows networking of devices leads to “network effects,” where each device becomes more valuable because of the synergies with other IoT devices. On the other hand, that same networking and use of open standards means that penetrating one device can mean ultimately penetrating millions and compounding the damage.


I’m hoping against hope that when Trump’s team tries to implement cyber-warfare protections they’ll extend the scope to include the IoT because of this specific threat. If they do, they’ll realize that you can’t just say yes cyber-security and no, regulations. In the messy world of actually governing, rather than issuing categorical dictums, you sometimes have to embrace the messy world of ambiguity.  

What do you think?

 

2nd day liveblogging, Gartner ITxpo, Barcelona

Accelerating Digital Business Transformation With IoT Saptarshi Routh Angelo Marotta
(arrived late, mea culpa)

  • case study (didn’t mention name, but just moved headquarters to Boston. Hmmmmm).
  • you will be disrupted by IoT.
  • market fragmented now.

Toshiba: How is IoT Redefining Relationships Between Customers and Suppliers, Damien Jaume, president, Toshiba Client Solutions, Europe:

  • time of tremendous transformation
  • by end of ’17, will surpass PC, tabled & phone market combined
  • 30 billion connect  devices by 2020
  • health care IoT will be $117 billion by 2020
  • 38% of indiustry leaders disrupted by digitally-enabled competitors by 2018
  • certainty of customer-supplier relationship disruption will be greatest in manufacturing, but also every other market
    • farming: from product procurement to systems within systems. Smart, connected product will yield to integrated systems of systems.
  • not selling product, but how to feed into whole IoT ecosystem
  • security paramount on every level
  • risk to suppliers from new entrants w/ lean start-up costs.
  • transition from low engagement, low trust to high engagement, high trust.
  • Improving efficiencies
  • ELIMINATE MIDDLEMAN — NO LONGER RELEVANT
  • 4 critical success factors:
    • real-time performance pre-requisite
    • robustness — no downtime
    • scalability
    • security
  • case studies: energy & connected home, insurance & health & social care (Neil Bramley, business unit director for clients solutions
    • increase depth of engagement with customer. Tailored information
    • real-time performance is key, esp. in energy & health
    • 20 million smart homes underway in GB by 2020:
      • digitally empowering consumers
      • engaging consumers
      • Transforming relationships among all players
      • Transforming homes
      • Digital readiness
    • car insurance: real-time telematics.
      • real-time telematics data
      • fleet management: training to reduce accidents. Working  w/ Sompo Japan car insurance:
    • Birmingham NHS Trust for health (Ciaron Hoye, head of digital) :
      • move to health promotion paradigm
      • pro-actively treat patients
      • security first
      • asynchronous communications to “nudge” behavior.
      • avoiding hip fractures
      • changing relationship w/ the patient: making them stakeholders, involving in discussion, strategy
      • use game theory to change relationship

One-on-one w/ Christian Steenstrup, Gartner IoT analyst. ABSOLUTE VISIONARY — I’LL BE INTERVIEWING HIM AT LENGTH IN FUTURE:

  • industrial emphasis
  • applications more ROI driven, tangible benefits
  • case study: mining & heavy industry
    • mining in Australia, automating entire value train. Driverless. Driverless trains. Sensors. Caterpillar. Collateral benefits: 10% increase in productivity. Less payroll.  Lower maintenance. Less damage means less repairs.
    • he downplays AR in industrial setting: walking in industrial setting with lithium battery strapped to your head is dangerous.
    • big benefit: less capital expense when they build next mine. For example, building the town for the operators — so eliminate the town!
  • take existing processes & small improvements, but IoT-centric biz, eliminating people, might eliminate people. Such as a human-less warehouse. No more pumping huge amount of air underground. Huge reduction with new system.  Mine of future: smaller holes. Possibility  of under-sea mining.
  • mining has only had incremental change.
  • BHP mining’s railroad — Western Australia. No one else is involved. “Massive experiment.”
  • Sound sensing can be important in industrial maintenance.  All sorts of real-time info. 
  • Digital twins: must give complete info — 1 thing missing & it doesn’t work.
  • Future: 3rd party data brokers for equipment data.
  • Privacy rights of equipment.
  • “communism model” of info sharing — twist on Lenin.

 

Accelerating Digital Transformation with Microsoft Azure IoT Suite (Charlie Lagervik):

  • value networking approach
  • customer at center of everything: customer conversation
  • 4 imperatives:
    • engage customers
    • transform products
    • empower employees
    • optmize operations
  • their def. of IoT combines things/connectivity/data/analytics/action  Need feedback loop for change
  • they focus on B2B because of efficiency gains.
  • Problems: difficult to maintain security, time-consuming to launch, incompatible with current infrastructure, and hard to scale.
  • Azure built on cloud.
  • InternetofYourThings.com

 

Afternoon panel on “IoT of Moving Things” starts with all sorts of incredible factoids (“since Aug., Singapore residents have had access to self=driving taxis”/ “By 2030, owning a car will be an expensive self-indulgence and will no longer be legal.”

  • vehicles now have broader range of connectivity now
  • do we really want others to know where we are? — privacy again!
  • who owns the data?
  • what challenges do we need to overcome to turn data into information & valuable insight that will help network and city operators maximize efficiency & drive improvement across our transportation network?
  • think of evolution: now car will be software driven, then will become living room or office.
  • data is still just data, needs context & location gives context.
  • cities have to re-engineer streets to become intelligent streets.
  • must create trust among those who aren’t IT saavy.
  • do we need to invest in physical infrastructure, or will it all be digital?
  • case study: one car company w/ engine failures in 1 of 3 cars gave the consultants data to decide on what was the problem.

Don’t Say I Didn’t Warn You: One of Largest Botnet Attacks Ever Due to Lax IoT Security

Don’t say I didn’t warn you about how privacy and security had to be THE highest priority for any IoT device.

On September 19th, Chris Rezendes and I were the guests on a Harvard Business Review webinar on IoT privacy and security. I once again was blunt that:

  • you can’t wait until you’ve designed your cool new IoT device before you begin to add in privacy and security protections. Start on Day 1!
  • sensors are particularly vulnerable, since they’re usually designed for minimum cost, installed, and forgotten.
  • as with the Target hack, hackers will try to exploit the least protected part of the system.
  • privacy and security protections must be iterative, because the threats are constantly changing.
  • responsible companies have as much to lose as the irresponsible, because the result of shortcomings could be held against the IoT in general.

The very next day, all hell broke loose. Hackers used the Mirai malware to launch one of the largest distributed denial-of-service attack ever, on security blogger Brian Krebs (BTW, the bad guys failed, because of valiant work by the good guys here in Cambridge, at Akamai!).

 

The threat was so bad that DHS’s National Cyber Awareness System sent out the first bulletin I ever remember getting from them dealing specifically with IoT devices. As it warned, “IoT devices are particularly susceptible to malware, so protecting these devices and connected hardware is critical to protect systems and networks.”  By way of further explanation, DHS showed how ridiculously simple the attacks were because of inadequate protection:

“The Mirai bot uses a short list of 62 common default usernames and passwords to scan for vulnerable devices. Because many IoT devices are unsecured or weakly secured, this short dictionary allows the bot to access hundreds of thousands of devices. The purported Mirai author claimed that over 380,000 IoT devices  (my emphasis) were enslaved by the Mirai malware in the attack on Krebs’ website.”

A later attack in France during September using Mirai resulted in the largest DDoS attack ever.

The IoT devices affected in the latest Mirai incidents were primarily home routers, network-enabled cameras, and digital video recorders. Mirai malware source code was published online at the end of September, opening the door to more widespread use of the code to create other DDoS attacks.

How’d they do it?

By a feature of the malware that detects and attacks consumer IoT devices that only have default, sometimes hardwired, passwords and usernames (or, as Dark Reading put it in an apocalyptic sub-head, “Mirai malware could signal the beginning of new trend in using Internet of Things devices as bots for DDoS attacks.”

To place the blame closer to home (well, more accurately, in the home!) you and I, if we bought cheap smart thermostats or baby monitors with minimal or no privacy protections and didn’t bother to set up custom passwords, may have unwittingly participated in the attack. Got your attention yet?

 

No responsible IoT inventor or company can deny it any longer: the entire industry is at risk unless corporate users and the general public can be confident that privacy and security are baked in and continuously upgraded. Please watch the HBR webinar if you haven’t already, and pledge to make IoT privacy and security Job #1!


 

PS: According to the DHS bulletin:

“In early October, Krebs on Security reported on a separate malware family responsible for other IoT botnet attacks. This other malware, whose source code is not yet public, is named Bashlite. This malware also infects systems through default usernames and passwords. Level 3 Communications, a security firm, indicated that the Bashlite botnet may have about one million (my emphasis) enslaved IoT devices.”

BTW: thanks for my friend Bob Weisberg for reminding me to give this situation its due!

comments: 6 » tags: , , ,

Alexa and Aging: more on voice as THE interface for “SmartAging”

 Amazon Alexa & services it can trigger!

Amazon Echo & services it can trigger!

I predict every elderly person will soon have a personal home assistant, ready to respond to their every command.

However, that home health aide may not be human, but sit on the kitchen counter, and look suspiciously like Amazon’s breakthough IoT device, The Echo.

The late Mark Weiser, “the father of the Internet of Things,” famously predicted that “the best computer is a quiet, invisible servant,” and that’s certainly the potential with Echo, or the just announced Google Assistant (how sexy is that name? I like the fact it’s so impersonal. Let’s you fire one voice “assistant” and hire another without becoming personally attached, LOL), or the much-rumored Apple version, which might also include a camera (disclaimer: while I work part-time at an Apple Store, I ain’t privy to any inside dope, no way, no how).

That’s particularly the case when it comes to seniors, and my SmartAging vision of an IoT-based future for them combining Quantified Self health monitoring devices that can motivate seniors to improve their fitness levels, and smart home devices that can make it easier to manage their homes as they age, to avoid costly and soul-deadening institutionalization (or, even better, combining the two, as with one of my favorite IFTTT “recipes,”  programming your Jawbone to wake you gently at the best time in your sleep cycle, AND gradually turn on your Hue lights. How better for a senior — or anyone — to start their day on a positive note (OK, I know what you’re thinking: better turn on the coffee maker automatically!).

      KidsMD for Amazon Alexa

What really got me thinking about the advantages of a voice-activated future for seniors was a recent story about a similar app for the other end of the age spectrum, developed by our Children’s Hospital, for Alexa: KidsMD. What better for a harried mom or dad, with his or her hands full, AND a sick child to boot, than to simply ask for advice on temperature, fever and the like? That got me thinking that the same would apply to seniors as well, needing advice with some of the unwanted aspects of aging (I could mention here an example from a senior I care for, but that would be most unpleasant…). As I’ve said before, this would be helpful under any circumstances, but when the person needing help is a frail, tech-averse senior, it would be superb if s/he only had to speak a simple command or request to get needed help, or advice on something such as the proper amount of an over-the-counter drug to take.

There are tons of other life-improving reasons for such an approach for seniors, including:

Of course, and I can’t emphasize this enough, especially since seniors are already victims of so many scamming tricks, because these counter-top devices are always on, listening to you,  and because much of their possible use could be for reporting confidential health or financial data, privacy and security MUST be THE top priority in designing any kind of voice-activated app or device for seniors. Think of them as the canaries in the coal mine in this regard: protecting vulnerable seniors’ privacy and security should be the acid test of all voice-activated apps and devices for people of all ages.

Having said all that, as I noted in a piece last week about what a stunning combination of services Amazon has put together to become the dominant player in the retail IoT sector, one of those offerings is the $100 million Alexa fund to fuel advances in the voice-activated arena.  I’m ready to put their money where my mouth is  (LOL) in this regard, to design voice-activated devices and services for seniors.  If you’d like to partner, E-mail me!!

Zoe: perhaps even better than Echo as IoT killer device?

Zoe smart home hub

I’ve raved before about Echo, Amazon’s increasingly versatile smart home hub, primarily because it is voice activated, and thus can be used by anyone, regardless of tech smarts — or whether their hands are full of stuff.  As I’ve mentioned, voice control makes it a natural for my “SmartAging” concept to help improve seniors’ health and allow them to manage their homes, because you don’t have to understand the underlying technology — just talk.

Now there’s a challenger on the horizon: start-up Zoe, which offers many of Echo’s uses, but with an important difference that’s increasingly relevant as IoT security and privacy challenges mount: your data will remain securely in your home. Or, as their slogan goes:

“So far, smart home meant high convenience, no privacy, or privacy, but no fun. We are empowering you to have both.”

You can still get in on Zoe’s Indegogo campaign with a $249 contribution, which will get you a hub and an extra “voice drop” to use in another room, or the base level, $169 for a single room. Looks kinda cool to me, especially with the easily changed “Art Covers” and backlight coloring (the Che Guevera one looks appropriate for a revolutionary product) …  The product will ship in late 2016.

Don’t get me wrong: I love Echo & will be getting mine soon, but there is that creepy factor given government officials’ fascination with the potential of tapping into smart home data as part of their surveillance. Remember what US Director of Intelligence James Clapper said, ““In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.” Consider then, that Echo sits there on your kitchen counter, potentially hacked and then hoovering up all of your kitchen chit-chat to relay directly to the spooks.  Wouldn’t you rather that data remained totally under your control?

In addition to storing the data on site rather than in the cloud, Zoe also touts that it has advanced voice-recognition so it can learn IFTTT-style “recipes,” or be operated by apps. She comes with 1,500 built-in voice commands, or, if you stump her, (and only if you choose to, preserving that in-house-only option) web-based Advanced Voice Recognition steps in, with a cloud-based voice recognition system. Her recognition capabilities will grow over time.. Zoe will work with WiFi, Bluetooth, Z-Wave, and other standards.

The company will ship the developers’ kit in six months. It will be open source.

Not being cloud based will mean it loses to Echo on two important counts. For many people, the ability to order things from Amazon simply by speaking may be more important than security concerns,. Also, I notice it doesn’t mention any speakers, so it may be lacking the ability to also serve as a music source (obviously it wouldn’t work with Amazon Music or Apple Music if it isn’t cloud-connected, but it would at least be nice to be able to use it to play your own collection — advantage to Echo on that one.

At least this means there’s competition in the field (and, BTW, I’d love to see Apple swoop in and make THE voice-activated device!)


BTW: Thanks to good buddy Bob Weisberg for the tip about Zoe! Follow him!

 

My IoT Day Interview With Sudha Jamthe

Oops: I’ve been preoccupied with all sorts of dreck since returning from my SAP event, so I haven’t been able to post.

Did want to call your attention to a long IoT Day interview I did with the estimable Sudha Jamthe, author of The Internet of Things Business Primer.  We covered a range of topics, including the state of the IoT in Boston (and my enthusiasm about GE’s move here, because of their track record of working with IoT startups and even individuals), how I got involved in my IoT-based “SmartAging” crusade, and how the IoT may make possible “circular enterprises” orbiting around real-time IoT data.  Enjoy!

Digital Twins: the Ultimate in Internet of Things Real-Time Monitoring

Get ready for the age when every product will have a “digital twin” back at the manufacturer, a perfect copy of not just the product as it left the factory floor, but as it is functioning in the field right now. That will be yet another IoT game-changer in terms of my 4th IoT Essential Truth, “rethink products.”

Oh, and did I forget to mention that we’ll each have a personal body twin from birth, to improve our health?

For the first time we’ll really understand products, how they work, what’s needed to improve them, and even how they may be tweaked once they’re thousands of miles from the factory, to add new features, fix problems, and/or optimize efficiency.

Key to circular organizations

Even better, the twin can play a critical role in accomplishing my vision of new circular organizations (replacing obsolete hierarchies and linear processes), in which all relevant departments and functions (and even supply chain members, distribution networks and customers, where relevant) form a continuous circle with real-time IoT data as the hub).  Think of the twin as one of those manifestations of the real-time data to which all departments will have simultaneous access.

GE Digital Twin visualization

               GE Digital Twin visualization

I’ve often remarked how incredible it was that companies (especially manufacturers) were able to function as well as they did and produce products as functional as they were despite the inability to peek inside them and really understand their operations and/or problems. Bravo, industrial pioneers!

However, that’s no longer good enough, and that’s where digital twins come in.  In a WSJ blog post this week, General Electric’s William Ruh, my fav IoT visionary/pragmatist, talked about how the company, as part of its “Industrial Internet” transformation, is making digital twins a key tool:

“Every product out there will have one, and there will be an ability to connect a system, or systems of digital twins, easily. The digital twin is a model of an asset, a product such as a jet engine or a model of the blades in a jet engine. Sensors on those blades pull the data off and feed them into the digital twin. The digital twin is kept current with the data that is run off the sensors. It is in sync with the reality of the blade. Now we can ask what is the best time to change the blade, how the blade performs, options to get greater efficiency.”

Proof of the pudding?

Ruh says they’ve created a wind turbine and twin they call the “Digital Windfarm,” which generates 20% more electricity than a nearby conventional turbine.

PTC is also working on digital twins. According to the company’s Executive VP for Digital Twin, Mike Campbell,:  “It’s a model that uniquely represents a physical occurrence in the real world. This one-­to­one mapping is important. You create a relationship between the digital data and a unique product occurrence from a variety of sources: sensors, enterprise data on how it was made, what its configuration was, its geometry, how it is being used, and how it is being serviced.”

Predix

The key to digital twins is GE’s “Predix” predictive analytics software platform, which the company is extending across its entire product line. As always, the key is a constant stream of real-time data:

“weather, component messages, service reports, performance of similar models in GE’s fleets—a predictive model is built and the data collected is turned into actionable insights. This model can perform advanced planning, such as forecasting a ‘plan of the day’ for turbine operation, determining a highly efficient strategy to execute planned maintenance activities, and providing warnings about upcoming unplanned maintenance events, all of which ultimately generates more output and revenue for the customer.”

Digital doppelgängers

Here’s where the really sci-fi part kicks in: Ruh also predicts (Predix??, LOL) that GE’s medical division will soon create digital twins for you and me — at birth!

“I believe we will have a digital twin at birth, and it will take data off of the sensors everybody is running, and that digital twin will predict things for us about disease and cancer and other things. I believe we will end up with health care being the ultimate digital twin. Without it, I believe we will have data but with no outcome, or value.”

And, frankly, there’s also a spooky aspect to what GE’s doing, working with retailers to create psychographic models of customers based on their buying preferences. I’m dubious on that account: I do appreciate some suggestion about what might interest me, especially books, based on my past purchases. On the other hand, a couple of weeks I shopped for — but didn’t buy — biz cards online. Now, I get AdSense ads for these cards everywhere — even on this homepage (sorry for stuff that isn’t IoT, dear reader) Get over it, OK? Count me out when it get’s down to really granular psychographic profiles — too many risks with privacy and security.

I suspect digital twins will become a staple of the IoT, yielding critical real-time info on product status that will enable predictive maintenance and, as Ruh has written elsewhere, speeding the product upgrade process because, for the first time, designers will know exactly how the products are functioning in the field, as opposed to the total lack of information that used to be the norm. Stay tuned.

IoT’s Future Makes iPhone Privacy Case Even More Important

Yesterday’s NYT had the most thoughtful piece I’ve seen about the long-term implications of the FBI’s attempts to get Apple to add a “backdoor” to the iPhone that would allow the agency to examine the data on the phone of terrorist Syed Farook, who, along with his wife, killed 14 late last year.

The growth and potential impact of the Internet of Things on our lives will only make the significance of this landmark case greater over time, and I stand totally with Apple CEO Tim Cook (“this is not a poll, this is about the future”) on what I think is a decision that every thinking person concerned about the growing role of technology in our lives should support. It’s that important!

First, my standard disclaimer about Apple, i.e., that I work part-time at the Apple Store, but know as much as you do about Apple’s decision-making process and have zero impact on it.  Now for a couple of other personal considerations to establish my bona fides on the issue:

  1. I’m pretty certain I was the first person to suggest (via a Boston Globe op-ed two weeks [“Fight Terrorism With Palm Pilots”] or so after 9/11 that the early mobiles could be used to help the public report possible threats and/or respond to terrorism.  Several years later I wrote the first primitive app for first-generation PDAs (“Terrorism Survival Planner”) on the subject, and did consulting work for both the Department of Homeland Security and the CTIA on how first-generation smart phones could be used as part of terrorism prevention.
    I take this possibility seriously, support creative use of smartphone in terrorism preparation and response, and also realize that cellphone contents can not only help document cases, but also possibly prevent future ones.
  2. As I’ve said before, I used to do corporate crisis management consulting, so I understand how fear can cloud people’s judgment on issues of this sort.
  3. I’m also proud to come from a 300+ year line of attorneys, most particularly my younger brother, Charles, who had an award-winning career defending indigent clients on appeal, including many where it might have been tempting to have abridged their civil rights because of the heinous nature of the crimes they were accused of committing.

I like to think of myself as a civil libertarian as well, because I’ve seen too many instances where civil liberties were abridged for one extremely unlikeable person, only to have that serve as precedent for future cases where good people were swallowed up and unjustly convicted  (yea, Innocence Project!).

And this case comes right on the heels of my recent blog posts about how federal authorities such as James Clapper were already taking far too much (IMHO) interest in obtaining a treasure trove of data from our home IoT devices.

All in all, there’s a very real threat that the general public may become rightly paranoid about the potential threats to their privacy from cell phones and IoT devices and toss ’em in the trash can. 


That’s all by way of introduction to Farhad Manjoo’s excellent piece in the Times exploring the subtleties of Apple’s decision to fight the feds (see Tim Cook’s ABC interview here) — with plenty of emphasis on how it would affect confidence in the IoT.

As his lede said:

“To understand what’s at stake in the battle between Apple and the F.B.I. over cracking open a terrorist’s smartphone, it helps to be able to predict the future of the tech industry.”

Manjoo went on to detail the path we’re heading down, in which the IoT will play an increasingly prominent place (hmm: in my ardor for Amazon’s Echo, I’d totally ignored the potential for the feds or bad guys or both [sometimes in our history, they’ve sadly been one and the same, for more details, consider one J. Edgar Hoover..] to use that unobtrusive little cylinder on your kitchen counter to easily monitor everything you and your family say! Chilling, non?).

Read and weep:

“Consider all the technologies we think we want — not just better and more useful phones, but cars that drive themselves, smart assistants you control through voice or household appliances that you can monitor and manage from afar. Many will have cameras, microphones and sensors gathering more data, and an ever more sophisticated mining effort to make sense of it all. Everyday devices will be recording and analyzing your every utterance and action.

“This gets to why tech companies, not to mention we users, should fear the repercussions of the Apple case. Law enforcement officials and their supporters argue that when armed with a valid court order, the cops should never be locked out of any device that might be important in an investigation.

“But if Apple is forced to break its own security to get inside a phone that it had promised users was inviolable, the supposed safety of the always-watching future starts to fall apart. If every device can monitor you, and if they can all be tapped by law enforcement officials under court order, can anyone ever have a truly private conversation? Are we building a world in which there’s no longer any room for keeping secrets?” (my emphasis)

Ominously, he went on to quote Prof. Neil Richards, an expert prognosticator on the growing threats to privacy from our growing dependence on personal technology:

“’This case can’t be a one-time deal,’ said Neil Richards, a professor at the Washington University School of Law. ‘This is about the future.’

“Mr. Richards is the author of “Intellectual Privacy,” a book that examines the dangers of a society in which technology and law conspire to eliminate the possibility of thinking without fear of surveillance. He argues that intellectual creativity depends on a baseline measure of privacy, and that privacy is being eroded by cameras, microphones and sensors we’re all voluntarily surrounding ourselves with.

“’If we care about free expression, we have to care about the ways in which we come up with interesting things to say in the first place,’ he said. ‘And if we are always monitored, always watched, always recorded, we’re going to be much more reluctant to experiment with controversial, eccentric, weird, ‘deviant’ ideas — and most of the ideas that we care about deeply were once highly controversial.’”

Manjoo also points out that laws on these issues often lag years behind technology (see what Rep. Ted Lieu, one of only four Representatives to have studied computer science, said about the issue).

Chris Sogogian, the ACLU’s chief technologist, brings it home squarely to the IoT’s future:

“’What we really need for the Internet of Things to not turn into the Internet of Surveillance is a clear ruling that says that the companies we’re inviting into our homes and bedrooms cannot be conscripted to turn their products into roving bugs for the F.B.I.,’ he said.”

Indeed, and, as I’ve said before, it behooves IoT companies to both build in tough privacy and security protections themselves, and become actively involved in coalitions such as the Online Trust Alliance.

The whole article is great, and I strongly urge you to read the whole thing.

IMHO, this case is a call to arms for the IoT industry, and the hottest places in hell will be reserved for those who continue to sit at their laptops planning their latest cool app and/or device, without becoming involved in collaborative efforts to find detailed solutions that preserve our personal privacy and civil liberties on one hand, and, on the other, realize there’s a legitimate need to use the same technology to catch bad guys and protect us. It will take years, and it will require really, really hard work.


Oh, and it will also take the wisdom of Solomon for the courts to judge these issues. Sorry to be a partisan, but please feel free to let Sen. McConnell know how you feel about his unilateral decision to keep the Supreme Court deadlocked on this and other crucial issues for well over a year. Yes, even King Solomon couldn’t get past the Senate this year…