“All of Us:” THE model for IoT privacy and security!

pardon me in advance:this will be long, but I think the topic merits it!

One of my fav bits of strategic folk wisdom (in fact, a consistent theme in my Data Dynamite book on the open data paradigm shift) is, when you face a new problem, to think of another organization that might have one similar to yours, but which suffers from it to the nth degree (in some cases, even a matter of literal life-or-death!).

That’s on the likelihood that the severity of their situation would have led these organizations to already explore radical and innovative solutions that might guide your and shorten the process. In the case of the IoT, that would include jet turbine manufacturers and off-shore oil rigs, for example.

I raise that point because of the ever-present problem of IoT privacy and security. I’ve consistently criticized many companies’ lack of attention to seriousness and ingenuity, and warned that this could result not only in disaster for these companies, but also the industry in general due to guilt-by-association.

This is even more of an issue since the May roll-out of the EU’s General Data Protection Regulation (GDPR), based on the presumption of an individual right to privacy.

Now, I have exciting confirmation — from the actions of an organization with just such a high-stakes privacy and security challenge — that it is possible to design an imaginative and effective process alerting the public to the high stakes and providing a thorough process to both reassure them and enroll them in the process.

Informed consent at its best!

It’s the NIH-funded All of Us, a bold effort to recruit 1 million or more people of every age, sex, race, home state, and state of health nationwide to speed medical research, especially toward the goal of “personalized medicine.” The researchers hope that, “By taking into account individual differences in lifestyle, environment, and biology, researchers will uncover paths toward delivering precision medicine.”

All of Us should be of great interest to IoT practitioners, starting with the fact that it might just save our own lives by leading to creation of new medicines (hope you’ll join me in signing up!). In addition, it parallels the IoT in allowing unprecedented degrees of precision in individuals’ care, just as the IoT does with manufacturing, operating data, etc.:

“Precision medicine is an approach to disease treatment and prevention that seeks to maximize effectiveness by taking into account individual variability in genes, environment, and lifestyle. Precision medicine seeks to redefine our understanding of disease onset and progression, treatment response, and health outcomes through the more precise measurement of molecular, environmental, and behavioral factors that contribute to health and disease. This understanding will lead to more accurate diagnoses, more rational disease prevention strategies, better treatment selection, and the development of novel therapies. Coincident with advancing the science of medicine is a changing culture of medical practice and medical research that engages individuals as active partners – not just as patients or research subjects. We believe the combination of a highly engaged population and rich biological, health, behavioral, and environmental data will usher in a new and more effective era of American healthcare.” (my emphasis added)


But what really struck me about All of Us’s relevance to IoT is the absolutely critical need to do everything possible to assure the confidentiality of participants’ data, starting with HIPP protections and extending to the fact that it would absolutely destroy public confidence in the program if the data were to be stolen or otherwise compromised.  As Katie Rush, who heads the project’s communications team told me, “We felt it was important for people to have a solid understanding of what participation in the program entails—so that through the consent process, they were fully informed.”

What the All of Us staff designed was, in my estimation (and I’ve been in or around medical communication for forty years), the gold standard for such processes, and a great model for effective IoT informed consent:

  • you can’t ignore it and still participate in the program: you must sign the consent form.
  • you also can’t short-circuit the process: it said at the beginning the process would take 18-30 minutes (to which I said yeah, sure — I was just going to sign the form and get going), and it really did, because you had to do each step or you couldn’t join — the site was designed so no shortcuts were allowed!:
    • first, there’s an easy-to-follow, attractive short animation about that section of the program
    • then you have to answer some basic questions to demonstrate that you understand the implications.
    • then you have to give your consent to that portion of the program
    • the same process is repeated for each component of the program.
  • all of the steps, and all of the key provisions, are explained in clear, simple English, not legalese. To wit:
    • “Personal information, like your name, address, and other things that easily identify participants will be removed from all data.
    • Samples—also without any names on them—are stored in a secure biobank”
    • “We require All of Us Research Program partner organizations to show that they can meet strict data security standards before they may collect, transfer, or store information from participants.
    • We encrypt all participant data. We also remove obvious identifiers from data used for research. This means names, addresses, and other identifying information is separate from the health information.
    • We require researchers seeking access to All of Us Research Program data to first register with the program, take our ethics training, and agree to a code of conduct for responsible data use.
    • We make data available on a secure platform—the All of Us research portal—and track the activity of all researchers who use it.
    • We enlist independent reviewers to check our plans and test our systems on an ongoing basis to make sure we have effective security controls in place, responsive to emerging threats.”

The site emphasizes that everything possible will be done to protect your privacy and anonymity, but it is also frank that there is no way of removing all risk, and your final consent requires acknowledging that you understand those limits:

“We are working with top privacy experts and using highly-advanced security tools to keep your data safe. We have several  steps in place to protect your data. First, the data we collet from you will be stored on=oyters with extra security portection. A special team will have clearance to process and track your data. We will limit who is allowed to see information that could directly identy you, like your name or social security number. In the unlikely event of a data breach, we will notify you. You are our partner, and your privacy will always be our top priority.”

The process is thorough, easy to understand, and assures that those who actually sign up know exactly what’s expected from them, what will be done to protect them, and that they may still have some risk.

Why can’t we expect that all IoT product manufacturers will give us a streamlined version of the same process? 


I will be developing consulting services to advise companies that want to develop common-sense, effective, easy-to-implement IoT privacy and security measures. Write me if you’d like to know more.

Why IoT Engineers Need Compulsory Sensitivity Training on Privacy & Security

Posted on 4th April 2018 in AI, data, Essential Truths, Internet of Things, privacy, security

OK, you may say I’m over-sensitive, but a headline today from Google’s blog that others may chuckle about (“Noodle on this: Machine learning that can identify ramen by shop“) left me profoundly worried about some engineers’ tone-deaf insensitivity to growing public concern about privacy and security.

This is not going to be pleasant for many readers, but bear with me — IMHO, it’s important to the IoT’s survival.

As I’ve written before, I learned during my work on corporate crisis management in the 80’s and 90’s that there’s an all-too-frequent gulf between the public and engineers on fear.  Engineers, as left-brained and logical as they come (or, in Myers-Briggs lingo, ISTJs, “logical, detached and detailed” and the polar opposite of ENFP’s such as me, ” caring, creative, quick and impulsive” ) are ideally-suited for the precision needs of their profession — but often (but not always, I’ll admit…) clueless about how the rest of us respond to things such as the Russian disruption of our sacred political institutions via Facebook or any of the numerous violations of personal privacy and security that have taken place with IoT devices lacking in basic protections.

The situation is bad, and getting worse. In one Pew poll, 16% or less of Americans felt that a wide range of institutions, from companies to government, were protecting their information.

Engineers are quick to dismiss the resulting fear because it isn’t logical.  But, as I’ve written before, the fact fear isn’t logical doesn’t mean it isn’t really real for many people, and can cloud their thought processes and decision-making.

Even worse, it’s cumulative and can ensnare good companies as well as bad.  After a while, all the privacy and security violations get conflated in their minds.

Exhibit A for this insensitivity? The despicable memo from Facebook VP Andrew Bosworth:

““Maybe someone dies in a terrorist attack coordinated on our tools. And still we connect people. The ugly truth is that we believe in connecting people so deeply that anything that allows us to connect more people more often is *de facto* good.”

Eventually he, begrudgingly, apologized, as did Mark Zuckerberg, but, IMHO that was just facesaving. Why didn’t anyone at Facebook demand a retraction immediately, and why did some at Facebook get mad not at Bosworth but instead at anyone who’d leak such information?  They and the corporate culture are as guilty as Bosworth in my mind.

So why do I bring up the story about identifying the source of your ramen using AI, which was surely written totally innocently by a Google engineer who thought it would be a cute example of how AI can be applied to a wide range of subjects? It’s because I read it — with my antennae admittedly sharpened by all the recent abuses — as something that might have been funny several years ago but should have gone unpublished now in light of all the fears about privacy and security. Think of this little fun project the way a lot of the people I try to counsel on technology fears every day would have: you mean they now can and will find out where I get my noodles? What the hell else do they know about me, and who will they give that information to???

Again, I’m quite willing to admit I may be over-reacting because of my own horror about the nonchalance on privacy and security, but I don’t think so.

That’s why I’ll conclude this screed with a call for all IoT engineers to undergo mandatory privacy and security training on a continuing basis. The risk of losing consumer confidence in their products and services is simply too great for them to get off the hook because that’s not their job. If you do IoT, privacy and security is part of the job description.

End of sermon. Go about your business.

 

 

comments: Comments Off on Why IoT Engineers Need Compulsory Sensitivity Training on Privacy & Security tags: , , , ,

Great Podcast Discussion of #IoT Strategy With Old Friend Jason Daniels

Right after I submitted my final manuscript for The Future is Smart I had a chance to spend an hour with old friend Jason Daniels (we collaborated on a series of “21st Century Homeland Security Tips You Won’t Hear From Officials” videos back when I was a homeland security theorist) on his “Studio @ 50 Oliver” podcast.

We covered just about every topic I hit in the book, with a heavy emphasis on the attitude shifts (“IoT Essential Truths” needed to really capitalize on the IoT and the bleeding-edge concept I introduce at the end of the book, the “Circular Corporation,” with departments and individuals (even including your supply chain, distribution network and customers, if you choose) in a continuous, circular management style revolving around a shared real-time IoT hub.  Hope you’ll enjoy it!

comments: Comments Off on Great Podcast Discussion of #IoT Strategy With Old Friend Jason Daniels tags: , , , , , ,

IoT Design Manifesto 1.0: great starting point for your IoT strategy & products!

Late in the process of writing my forthcoming IoT strategy book, The Future Is Smart, I happened on the “IoT Design Manifesto 1.0” site. I wish I’d found it earlier so I could have featured it more prominently in the book.

The reason is that the manifesto is the product (bear in mind that the original team of participants designed it to be dynamic and iterative, so it will doubtlessly change over time) of a collaborative process involving both product designers and IoT thought leaders such as the great Rob van Kranenburg. As I’ve written ad nauseam, I think of the IoT as inherently collaborative, since sharing data rather than hoarding it can lead to synergistic benefits, and collaborative approaches such as smart cities get their strength from an evolving mishmash of individual actions that gets progressively more valuable.

From the names, I suspect most of the Manifesto’s authors are European. That’s important, since Europeans seem to be more concerned, on the whole, about IoT privacy and security than their American counterparts, witness the EU-driven “privacy by design” concept, which makes privacy a priority from the beginning of the design process.

At any rate, I was impressed that the manifesto combines both philosophical and economic priorities, and does so in a way that should maximize the benefits and minimize the problems.

I’m going to take the liberty of including the entire manifesto, with my side comments:

  1. WE DON’T BELIEVE THE HYPE. We pledge to be skeptical of the cult of the new — just slapping the Internet onto a product isn’t the answer, Monetizing only through connectivity rarely guarantees sustainable commercial success.
    (Comment: this is like my “just because you can do it doesn’t mean you should” warning: if making a product “smart” doesn’t add real value, why do it?)*
  2. WE DESIGN USEFUL THINGS. Value comes from products that are purposeful. Our commitment is to design products that have a meaningful impact on people’s lives; IoT technologies are merely tools to enable that.
    (Comment: see number 1!)
  3. “WE AIM FOR THE WIN-WIN-WIN. A complex web of stakeholders is forming around IoT products: from users, to businesses, and everyone in between. We design so that there is a win for everybody in this elaborate exchange.
    (Comment:This is a big one in my mind, and relates to my IoT Essential Truth #2 — share data, don’t hoard it — when you share IoT data, even with competitors in some cases [think of IFTTT “recipes”] — you can create services that benefit customers, companies, and even the greater good, such as reducing global warming).
  4. WE KEEP EVERYONE AND EVERYTHING SECURE. With connectivity comes the potential for external security threats executed through the product itself, which comes with serious consequences. We are committed to protecting our users from these dangers, whatever they may be.
    (Comment: Amen! as I’ve written ad nauseum, protecting privacy and security must be THE highest IoT priority — see next post below!).
  5. WE BUILD AND PROMOTE A CULTURE OF PRIVACY. Equally severe threats can also come from within. Trust is violated when personal  information gathered by the product is handled carelessly. We build and promote a culture of integrity where the norm is to handle data with care.
    (Comment:See 4!).
  6. WE ARE DELIBERATE ABOUT WHAT DATA WE COLLECT. This is not the business of hoarding data; we only collect data that serves the utility of the product and service. Therefore, identifying what those data points are must be conscientious and deliberate.
    (Comment: this is a delicate issue, because you may find data that wasn’t originally valuable becomes so as new correlations and links are established. However, just collecting data willy-nilly and depositing it in an unstructured “data lake” for possible use later is asking for trouble if your security is breeched.).
  7. WE MAKE THE PARTIES ASSOCIATED WITH AN IOT PRODUCT EXPLICIT. IoT products are uniquely connected, making the flow of information among stakeholders open and fluid. This results in a complex, ambiguous, and invisible network. Our responsibility is to make the dynamics among those parties more visible and understandable to everyone.
    (Comment: see what I wrote in the last post, where I recommended companies spell out their privacy and usage policies in plain language and completely).
  8. WE EMPOWER USERS TO BE THE MASTERS OF THEIR OWN DOMAIN. Users often do not have control over their role within the network of stakeholders surrounding an IoT product. We believe that users should be empowered to set the boundaries of how their data is accessed and how they are engaged with via the product.
    (Comment: consistent with prior points, make sure that any permissions are explicit and  opt-in rather than opt-out to protect users — and yourself (rather avoid lawsuits? Thought so…)
  9. WE DESIGN THINGS FOR THEIR LIFETIME. Currently physical products and digital services tend to be built to have different lifespans. In an IoT product features are codependent, so lifespans need to be aligned. We design products and their services to be bound as a single, durable entity.
    (Comment: consistent with the emerging circular economy concept, this can be a win-win-win for you, your customer and the environment. Products that don’t become obsolete quickly but can be upgraded either by hardware or software will delight customers and build their loyalty [remember that if you continue to meet their needs and desires, there’s less incentive for customers to check out competitors and possibly be wooed away!). Products that you enhance over time and particularly those you market as services instead of sell will also stay out of landfills and reduce your pduction costs.
  10. IN THE END, WE ARE HUMAN BEINGS. Design is an impactful act. With our work, we have the power to affect relationships between people and technology, as well as among people.  We don’t use this influence to only make profits or create robot overlords; instead, it is our responsibility to use design to help people, communities, and societies  thrive.
    Comment: yea designers!!)

I’ve personally signed onto the Manifesto, and do hope to contribute in the future (would like something explicit about the environment in it, but who knows) and urge you to do the same. More important, why start from scratch to come up with your own product design guidelines, when you can capitalize on the hard work that’s gone into the Manifesto as a starting point and modify it for your own unique needs?


*BTW: I was contemptuous of the first IoT electric toothbrush I wrote about, but since talked to a leader in the field who convinced me that it could actually revolutionize the practice of dentistry for the better by providing objective proof that  patient had brushed frequently and correctly. My bad!

comments: Comments Off on IoT Design Manifesto 1.0: great starting point for your IoT strategy & products! tags: , , , , ,

“The House That Spied on Me”: Finally Objective Info on IoT Privacy (or Lack Thereof)

Posted on 25th February 2018 in data, Essential Truths, Internet of Things, privacy, security, smart home

Pardon a political analogy, Just as the recent indictment of 13 Russians in the horrific bot campaign to undermine our democracy (you may surmise my position on this! The WIRED article about it is a must read!) finally provided objective information on the plot, so too Kasmir Hill’s and Surya Matu’s excruciatingly detailed “The House That Spied on Me”  finally provides objective information on the critical question of how much personal data IoT device manufacturers are actually compiling from our smart home devices.

This is critical, because we’ve previously had to rely on anecdotal evidence such as the Houston baby-cam scandal, and that’s not adequate for sound government policy making and/or advice to other companies on how to handle the privacy/security issue.

Last year, Hill (who wrote one of the first articles on the danger when she was at Forbes) added just about every smart home you can imagine to her apartment (I won’t repeat the list: I blush easily…) . Then her colleague, Matu, monitored the outflow of the devices using a special router he created to which she connected all the devices:

“… I am basically Kashmir’s sentient home. Kashmir wanted to know what it would be like to live in a smart home and I wanted to find out what the digital emissions from that home would reveal about her. Cybersecurity wasn’t my focus. … Privacy was. What could I tell about the patterns of her and her family’s life by passively gathering the data trails from her belongings? How often were the devices talking? Could I tell what the people inside were doing on an hourly basis based on what I saw?”

The answer was: a lot (I couldn’t paste the chart recording the numbers here, so check the article for the full report)!

As Matu pointed out, with the device he had access to precisely the data about Hill’s apartment that Comcast could collect and sell because of a 2017 law allowing ISPs to sell customers’ internet usage data without their consent — including the smart device data.  The various devices sent data constantly — sometimes even when they weren’t being used! In fact, there hasn’t been a single hour since the router was installed in December when at least some devices haven’t sent data — even if no one was at home!

BTW: Hill, despite her expertise and manufacturers’ claims of ease-of-setup, found configuring all of the devices, and especially making them work together, was a nightmare. Among other tidbits about how difficult it was: she had to download 14 different apps!  The system also directly violated her privacy, uploading a video of her walking around the apartment nude that was recorded by the Withings Home Wi-Fi Security (ahem…) Camera with Air Quality Sensors. Fortunately the offending video was encrypted. Small comfort.

Hill came to realize how convoluted privacy and security can become with a smart home:

“The whole episode reinforced something that was already bothering me: Getting a smart home means that everyone who lives or comes inside it is part of your personal panopticon, something which may not be obvious to them because they don’t expect everyday objects to have spying abilities. One of the gadgets—the Eight Sleep Tracker—seemed aware of this, and as a privacy-protective gesture, required the email address of the person I sleep with to request his permission to show me sleep reports from his side of the bed. But it’s weird to tell a gadget who you are having sex with as a way to protect privacy, especially when that gadget is monitoring the noise levels in your bedroom.”

Matu reminds us that, even though most of the data was encrypted, even the most basic digital exhaust can give trained experts valuable clues that may build digital profiles of us, whether to attract us to ads or for more nefarious purposes:

“It turns out that how we interact with our computers and smartphones is very valuable information, both to intelligence agencies and the advertising industry. What websites do I visit? How long do I actually spend reading an article? How long do I spend on Instagram? What do I use maps for? The data packets that help answer these questions are the basic unit of the data economy, and many more of them will be sent by people living in a smart home.”

Given the concerns about whether Amazon, Google, and Apple are constantly monitoring you through your smart speaker (remember when an Echo was subpoenaed  in a murder case?), Matu reported that:

“… the Echo and Echo Dot … were in constant communication with Amazon’s servers, sending a request every couple of minutes to http://spectrum.s3.amazonaws.com/kindle-wifi/wifistub-echo.html. Even without the “Alexa” wake word, and even when the microphone is turned off, the Echo is frequently checking in with Amazon, confirming it is online and looking for updates. Amazon did not respond to an inquiry about why the Echo talks to Amazon’s servers so much more frequently than other connected devices.”

Even the seemingly most insignificant data can be important:

“I was able to pick up a bunch of insights into the Hill household—what time they wake up, when they turn their lights on and off, when their child wakes up and falls asleep—but the weirdest one for me personally was knowing when Kashmir brushes her teeth. Her Philips Sonicare Connected toothbrush notifies the app when it’s being used, sending a distinctive digital fingerprint to the router. While not necessarily the most sensitive information, it made me imagine the next iteration of insurance incentives: Use a smart toothbrush and get dental insurance at a discount!”

Lest you laugh at that, a dean at the BU Dental School told me much the same thing: that the digital evidence from a Colgate smart brush, in this case, could actually revolutionize dentistry, not only letting your dentist how well, or not, you brushed, but perhaps lowering your dental insurance premium or affecting the amount your dentist was reimbursed. Who woulda thunk it?

Summing up (there’s a lot of additional important info in the story, especially about the perfidious Visio Smart TV, that had such a company-weighted privacy policy that the FTC actually forced it to turn it off the “feature” and pay reparations, so do read the whole article), Hill concluded:

“I thought the house would take care of me but instead everything in it now had the power to ask me to do things. Ultimately, I’m not going to warn you against making everything in your home smart because of the privacy risks, although there are quite a few. I’m going to warn you against a smart home because living in it is annoying as hell.”

In addition to making privacy and security a priority, there is another simple and essential step smart home (and Quantified Self) device companies must take.

When you open the box for the first time, the first thing you should see must be a prominently displayed privacy and security policy, written in plain (and I mean really plain) English, and printed in large, bold type. It should make it clear that any data sharing is opt-in, and that you have the right to not agree, and emphasize the need for detailed, unique passwords (no,1-2-3-4 or the ever-popular “password” are not enough.

Just to make certain the point is made, it needs to be at the very beginning of the set-up app as well. Yes, you should also include the detailed legalese in agate type, but the critical points must be made in the basic statement, which needs to be reviewed not just by the lawyers, but also a panel of laypeople, who must also carry out the steps to make sure they’re really easily understood and acted on. This is not just a suggestion. You absolutely must do it or you risk major penalties and public fury. 


Clearly, this article gives us the first objective evidence that there’s a lot more to do to assure privacy and security for smart homes (and that there’s also a heck of a lot of room for improvement on how the devices play together!), reaffirming my judgement that the first IoT Essential Truth remains “make privacy and security your highest priority.” If this doesn’t get the focus it deserves, we may lose all the benefits of the IoT because of legitimate public and corporate concern that their secrets are at risk. N.B.!

comments: Comments Off on “The House That Spied on Me”: Finally Objective Info on IoT Privacy (or Lack Thereof) tags: , , , , ,

Apple Watch 85% Accuracy in Detecting Diabetes May Be Precursor of Early Diagnoses

Permit me to (re-)introduce myself, LOL.

I haven’t posted since the end of October, because I was totally absorbed in writing The Future is Smart, my book about IoT strategy, which will be released in August by AMACOM, the publishing wing of the American Management Association. A major theme of the book is that the IoT lifts what I term the condition of  “Collective Blindness” that used to plague us before the advent of real-time data from sensors and the analytical software to interpret that data. Collective Blindness meant that we were frequently operating in figurative darkness, having to guess about how things worked or didn’t without direct observational data, which meant that we frequently didn’t learn about problems inside things until after the fact, which could mean costly (and sometimes fatal) corrective maintenance was all that was possible.

Those “things” unfortunately included the human body.

Usually the only way to uncover a problem inside our bodies pre-IoT was through costly pre-arranged tests at the doctor’s or a hospital. They could only provide a snapshot in time, documenting your body’s state at that precise moment (when, after all, you might be flat on your back wearing a johnny — not exactly representative of your actual condition as you go about your daily routine!). If you had no complaint warranting such a test, the condition might go undiagnosed until it was significantly worse (remember the contrast between prompt predictive maintenance of a jet turbine and costly emergency repairs when a disaster loomed?).

That’s why the news from Brandon Ballinger, the Google alum who was co-founder of the Cardiogram app (get it! I did! and I joined their Artificial Intelligence-driven Health eHeart Study as well!) is so important. In a clinical study released last week, the research team found that the Apple Watch is 85% accurate in detecting diabetes in those previously diagnosed with the disease. The paper was presented at the AAAI Conference on Artificial Intelligence last week in New Orleans.

Results from heart monitoring with Apple Watch and Cardiogram app

The study analyzed data from 14,000 Apple Watch users, finding that 462 participants through the heart rate sensor, the same type of sensor.

The investigation tested a 2015 finding by our famous local Framingham Heart Study that resting heart rate and heart rate variability significantly predicted incident diabetes and hypertension.

According to TechCrunch,  Ballinger’s team had previously used the Watch “to detect an abnormal heart rhythm with up to a 97 percent accuracy, sleep apnea with a 90 percent accuracy and hypertension with an 82 percent accuracy when paired with Cardiogram’s AI-based algorithm.”

This is important for several reasons.

We’ve read for several years about single-purpose devices that might be able to diagnose diabetes and determine the need for insulin without painful pinpricks, but the Cardiograph research might show that simply harvesting enough data with a multi-purpose fitness device such as the Watch and being able to interpret it creatively with Artificial Intelligence would be enough. That’s the logical next step with the Health eHeart Study.

It reminds me of the example I’ve mentioned several times before of neonatologists from Toronto’s Hospital for Sick Children and IBM data scientists combining to analyze the huge amount of sensor data harvested from preemies’ bassinettes and being able to diagnose a potentially-lethal neonatal sepsis infection a full day before any visible sign of the infection.

Given these two examples, one must ask, how many other health problems might be diagnosed in their earliest stages, which cures are most likely and least expensive, if routine monitoring through devices such as the Apple Watch become commonplace and the results are crunched with AI? In particular, this could be a key part of my SmartAging concept.

Exciting!

 

NB: I work part-time for The Apple Store, but am not privy to any strategy or inside information. These opinions are purely my own as an Apple Watch user.

 

comments: Comments Off on Apple Watch 85% Accuracy in Detecting Diabetes May Be Precursor of Early Diagnoses tags: , , , , , , , ,

iQ handheld ultrasound: another game-changing IoT health device

As the Red Sox’ Joe Castiglione might say, “Can you believe it?” (I should add a few more question marks to underscore exactly how unbelievable this IoT device is).

That’s my reaction to the latest astounding IoT medical device, the iQ handheld ultrasound, which attaches to a smartphone.

I was mesmerized by the headline on a story about the Butterfly iQ: “Doctor says he diagnosed his own cancer with iPhone ultrasound machine.” (spoiler alert: he was operated on to remove the tumor, and is OK).

Then there’s the marketing pitch: “Whole body imaging. Under $2K.” (that’s as opposed to $115,000 for the average conventional machine).

Oh.

The video is a must watch: the doctors seem truly amazed by its versatility and ease-of-use — not to mention it can be accessed instantly in a life-or-death situation. As one is quoted saying, “This blows up the entire ultrasound playing field.”

It won’t be on the market until next year, but the FDA has already approved the iQ for diagnosis in 13 applications.  Even more amazing, due to advanced electronics, it uses a single probe instead of three, and can document conditions from the superficial to deep inside the body. The system fits in a pants pocket and simply attaches to the doctor’s smartphone.

As incredible as the iQ will be in the US, think of how it will probably bring ultrasound to developing nations worldwide for the first time!

Another video discusses the engineering, which reduced the entire bulky ultrasound machine to a far-less costly chip, (including a lot of signal processing and computational power) and capitalizes on technologies developed for consumer electronics. The approach doesn’t just equal the traditional piezioelectric technology, but surpasses it. with power that would cost more than $100,000 with a conventional machine.

In terms of manufacturing, Butterfly can use the same chip machines used to produce consumer goods such as smartphones, and can print nearly 100 ultrasound machines on less than one disk.

I thought instantly of my go-to “what can you do with the IoT that you couldn’t do before” device, the Kardia EKG on the back of my iPhone (I met a woman recently who said her Mass General cardiologist prescribes it for all of his patients). Both are absolute game changers, in terms of ease of access, lower cost, allowing on-the-spot monitoring and even potentially empowering patients (Yet another tool to make my SmartAging concept possible).

Oh, and did I mention that the iQ’s Artificial Intelligence will guide even inexperienced personnel to do high quality imaging within a few seconds?

Bottom line: if you talk to someone who doesn’t believe the IoT’s potential to make incredible changes in every aspect of our lives, just say: iQ. Wow!

comments: Comments Off on iQ handheld ultrasound: another game-changing IoT health device tags: , , , , , , , ,

Mycroft Brings Open-Source Revolution to Home Assistants

Brilliant!  Crowd-funded (even better!) Mycroft brings the rich potential of open-source to the growing field of digital home assistants.   I suspect it won’t be long until it claims a major part of the field, because the Mycroft platform can evolve and grow exponentially by capitalizing on the contributions of many, many people, not unlike the way IFTTT has with its crowd-sourced smart home “recipes.”

According to a fascinating ZD Net interview with its developer, Joshua Montgomery, his motivation was not profit per se, but to create a general AI intelligence system that would transform a start-up space he was re-developing:

“He wanted to create the type of artificial intelligence platform that ‘if you spoke to it when you walked in the room, it could control the music, control the lights, the doors’ and more.”

                         Mycroft

Montgomery wanted to do this through an open-source voice control system but for there wasn’t an open source equivalent to Siri or Alexa.  After building the natural language, open-source AI system to fill that need (tag line, “An Artificial Intelligence for Everyone”) he decided to build a “reference device” as the reporter terms it (gotta love that techno speak. In other words, a hardware device that could demonstrate the system). That in turn led to a crowdsourced campaign on Kickstarter and Backerkit to fund the home hub, which is based on the old chestnut of the IoT, Raspberry Pi. The result is a squat, cute (looks like a smiley face) unit, with a high-quality speaker.  

Most important, when the development team is done with the AI platform, Mycroft will release all of the Mycroft AI code under GPL V3, inviting the open-source community to capitalize and improve on it.  That will place Mycroft squarely in the open-source heritage of Linux and Mozilla.

Among other benefits, Mycroft will use natural language processing to activate a wide range of online services, from Netflix to Pandora, as well as control your smart home devices.

Mycroft illustrates one of my favorite IoT Essential Truths: we need to share data, not hoard it. I don’t care how brilliant your engineers are: they are only a tiny percentage of the world population, with only a limited amount of personal experience (especially if they’re callow millennials) and interests. When you go open source and throw your data open to the world, the progress will be greater as will be the benefits — to you and humanity.

comments: Comments Off on Mycroft Brings Open-Source Revolution to Home Assistants tags: , , , , ,

Liveblogging from Internet of Things Global Summit

Critical Infrastructure and IoT

Robert Metzger, Shareholder, Rogers Joseph O’Donnell 

  • a variety of constraints to direct government involvement in IoT
  • regulators: doesn’t trust private sector to do enough, but regulation tends to be prescriptive.
  • NIST can play critical role: standards and best practices, esp. on privacy and security.
  • Comparatively, any company knows more about potential and liabilities of IoT than any government body. Can lead to bewildering array of IoT regulations that can hamper the problem.
  • Business model problem: security expensive, may require more power, add less functionality, all of which run against incentive to get the service out at lowest price. Need selective regulation and minimum standards. Government should require minimum standards as part of its procurement. Government rarely willing to pay for this.
  • Pending US regulation shows constant tension between regulation and innovation.

             2017 IoT Summit

Gary Butler, CEO, Camgian 

  • Utah cities network embedding sensors.
  • Scalability and flexibility needed. Must be able to interface with constantly improving sensors.
  • Expensive to retrofit sensors on infrastructure.
  • From physical security perspective: cameras, etc. to provide real-time situational awareness. Beyond human surveillance. Add AI to augment human surveillance.
  • “Dealing with ‘data deluge.'”  Example of proliferation of drones. NIST might help with developing standards for this.
  • Battery systems: reducing power consumption & creating energy-dense batteries. Government could help. Government could also be a leader in adoption.

 

Cyber-Criminality, Security and Risk in an IoT World

John Carlin, Chair, Cybersecurity & Technology Program, Aspen Institute

  • Social media involved in most cyberwar attacks & most perps under 21.  They become linked solely by social media.
  • offensive threats far outstrip defenses when it comes to data
  • now we’re connecting billions of things, very vulnerable. Add in driverless cars & threat even greater. Examples: non-encrypted data from pacemakers, and the WIRED Jeep demo.

Belisario Contreras, Cyber Security Program Manager, Organization of American States

  • must think globally.
  • criminals have all the time to prepare, we must respond within minutes.
  • comprehensive approach: broad policy framework in 6 Latin American countries.

Samia Melhem, Global Lead, Digital Development, World Bank

  • projects: she works on telecommunications and transportation investing in government infrastructure in these areas. Most of these governments have been handicapped by lack of funding. Need expert data integrators. Integrating cybersecurity.

Stephen Pattison, VP Public Affairs, ARM

  • (yikes, never thought about this!) cyberterrorist hacks self-driving car & drives it into a crowds.
  • many cyber-engineers who might go to dark side — why hasn’t this been studied?
  • could we get to point where IoT-devices are certified secure (but threats continually evolve. Upgradeability is critical.
  • do we need a whistleblower protection?
  • “big data starts with little data”

Session 4: Key Policy Considerations for Building the Cars of Tomorrow – What do Industry Stakeholders Want from Policymakers?

Ken DiPrima, AVP New Product Development, IoT Solutions, AT&T

  • 4-level security approach: emphasis on end-point, locked-down connectivity through SIM, application level …
  • deep in 5-G: how do you leverage it, esp. for cars?
  • connecting 25+ of auto OEMs. Lot of trials.

Rob Yates, Co-President, Lemay Yates Associates

  • massive increase in connectivity. What do you do with all the data? Will require massive infrastructure increase.

Michelle Avary, Executive Board, FASTR, VP Automotive, Aeris

  • about 1 Gig of data per car with present cars. Up to 30 with a lot of streaming.
  • don’t need connectivity for self-driving car: but why not have connectivity? Also important f0r the vehicle to know and communicate its physical state. Machine learning needs data to progress.
  • people won’t buy vehicles when they are really autonomous — economics won’t support it, will move to mobility as a service.

Paul Scullion, Senior Manager, Vehicle Safety and Connected Automation, Global Automakers

  • emphasis on connected cars, how it might affect ownership patterns.
  • regulatory process slow, but a lot of action on state level. “fear and uncertainty” on state level. Balance of safety and innovation.

Steven Bayless, Regulatory Affairs & Public Policy, Intelligent Transportation Society of America

  • issues: for example, can you get traffic signals to change based on data from cars?
  • car industry doesn’t have lot of experience with collaborative issues.

How Are Smart Cities Being Developed and Leveraged for the Citizen?

Sokwoo Rhee, Associate Director of Cyber-Physical Systems Program, National Institute of Standards and Technology (NIST)

  • NIST GCTC Approach: Smart and Secure Cities. Partnered with Homeland Security to bring in cybersecurity & privacy at the basis of smart city efforts “Smart and Secure Cities and Communities Challenge”

Bob Bennett, Chief Innovation Officer, City of Kansas, MO

  • fusing “silos of awesomeness.”
  • 85% of data you need for smart cities already available.
  • “don’t blow up silos, just put windows on them.”
  • downtown is 53 smartest blocks in US
  • can now do predictive maintenance on roads
  • Prospect Ave.: neighborhood with worst problems. Major priority.
  • great program involving multiple data sources, to predict and take care of potholes — not only predictive maintenance but also use a new pothole mix that can last 12 years 
  • 122 common factors all cities doing smart cities look at!
  • cities have money for all sorts of previously allocated issues — need to get the city manager, not mayor, to deal with it
  • privacy and security: their private-sector partner has great resoures, complemented by the city’s own staff.

Mike Zeto, AVP General Manager, IoT Solutions, AT&T

  • THE AT&T Smart Cities guy. 
  • creating services to facilitate smart cities.
  • energy and utilities are major focus in scaling smart cities, including capital funding. AT&T Digital Infrastructure (done with GE) “iPhone for cities.”
  • work in Miami-Dade that improved public safety, especially in public housing. Similar project in Atlanta.
  • privacy and security: their resources in both have been one of their strengths from the beginning.

Greg Toth, Founder, Internet of Things DC

  • security issues as big as ever
  • smart city collaboration booming
  • smart home stagnating because early adopter boom over, value not sure
  • Quantified-Self devices not really taking hold (yours truly was one of very few attendees who said they were still using their devices — you’d have to tear my Apple Watch off).
  • community involvement greater than ever
  • looming problem of maintaining network of sensors as they age
  • privacy & security: privacy and security aren’t top priorities for most startups.

DAY TWO:

IoT TECH TALKS

  • Dominik Schiener, Co-Founder , IOTA speaking on blockchain
    • working with IoT version of blockchain for IoT — big feature is it is scaleable
    • why do we need it?  Data sets shared among all parties. Each can verify the datasets of other participants. Datasets that have been tampered are excluded.
    • Creates immutable single source of truth.
    • It also facilitates payments, esp. micropayments (even machine to machine)
    • Allows smart contracts. Fully transparent. Smart and trustless escrow.
    • Facilitates “machine economy”
    • Toward “smart decentralization”
    • Use cases:
      • secure car data — VW. Can’t be faked.
      • Pan-European charging stations for EVs. “Give machines wallets”
      • Supply chain tracking — probably 1st area to really adopt blockchain
      • Data marketplace — buy and sell data securely (consumers can become pro-sumers, selling their personal data).
      • audit trail. https://audit-trail.tangle.works
  • DJ Saul, CMO & Managing Director, iStrategyLabs IoT, AI and Augmented Reality
    • focusing on marketing uses.

Raising the bar for federal IoT Security – ‘The Internet of Things Cybersecurity Improvement Act’

  • Jim Langevin, Congressman, US House of Representatives
    • very real threat with IoT
    • technology outpacing the law
    • far too many manufacturers don’t make security a priority. Are customers aware?
    • consumers have right to know about protections (or lack thereof)
    • “failure is not an option”
    • need rigorous testing
  • Beau Woods, Deputy Director, Cyber Statecraft Initiative, Atlantic Council
    • intersection of cybersecurity & human condition
    • dependence on connected devices growing faster than our ability to regulate it
    • UL developing certification for medical devices
    • traceability for car parts
  • John Marinho, Vice President Cybersecurity and Technology, CTIA
    • industry constantly evolving global standards — US can’t be isolated.
    • cybersecurity with IoT must be 24/7. CTIA created an IoT working group, meets every two weeks online.
    • believe in public/private partnerships, rather than just regulatory.

Session 9: Meeting the Short and Long-Term Connectivity Requirements of IoT – Approaches and Technologies

  •  Andreas Geiss, Head of Unit ‘Spectrum Policy’, DG CONNECT, European Commission
    • freeing up a lot of spectrum, service neutral
    • unlicensed spectrum, esp. for short-range devices. New frequency bands. New medical device bands. 
    • trying to work with regulators globally to allow for globally-usable devices.
  • Geoff Mulligan, Chairman, LoRa Alliance; Former Presidential Innovation Fellow, The White House
    • wireless tradeoffs: choose two — low power/long distance/high speed.
    • not licensed vs. unlicensed spectrum. Mix of many options, based on open standards, all based on TCP/IP
    • LPWANs:
      • low power wide area networks
      • battery operated
      • long range
      • low cost
      • couple well with satellite networks
    • LoRaWAN
      • LPWAN based on LoRa Radio
      • unlicensed band
      • open standards base
      • openly available
      • open business model
      • low capex and opex could covered entire country for $120M in South Korea
      • IoT is evolutionary, not revolutionary — don’t want to separate it from other aspects of Internet
  • Jeffrey Yan, Director, Technology Policy, Microsoft
    • at Microsoft they see it as critical for a wide range of global issues, including agriculture.
  • Charity Weeden, Senior Director of Policy, Satellite Industry Association
    • IoT critical during disasters
    • total architecture needs to be seamless, everywhere.
  • Andrew Hudson, Head of Technology Policy, GSMA
    • must have secure, scalable networks

Session 10: IoT Data-Ownership and Licencing – Who Owns the Data?

  • Stacey Gray, Policy Lead IoT, Future Privacy Forum 
    • consumer privacy right place to begin.
    • need “rights based” approach to IoT data
    • at this point, have to show y0u have been actually harmed by release of data before you can sue.
  • Patrick Parodi, Founder, The Wireless Registry
    • focus on identity
    • who owns SSID identities? How do you create an identity for things?
  • Mark Eichorn, Assistant Director, Division of Privacy and Identity Protection, Federal Trade Commission 
    • cases involving lead generators for payday loan. Reselling personal financial info.
  • Susan Allen, Attorney-Advisor, Office of Policy and International Affairs, United States Patent & Trademark Office 
    • focusing on copyright.
    • stakeholders have different rights based on roles
  • Vince Jesaitis, Director, US Public Affairs, ARM
    • who owns data depends on what it is. Health data very tough standards. Financial data much more loose.
    • data shouldn’t be treated differently if it comes from a phone or a browser.
    • industrial side: autonomous vehicle data pretty well regulated.  Pending legislation dealing with smart cities emphasis open data.
comments: Comments Off on Liveblogging from Internet of Things Global Summit tags: , , , ,

Human Side of IoT: Local Startup Empowers Forgotten Shop Floor Workers!

Let’s not forget: human workers can and must still pay a role in the IoT!

Sure, the vast majority of IoT focus is on large-scale precision and automated manufacturing (Industrie 4.0 as it is known in Germany, or the Industrial Internet here). However, an ingenious local startup, Tulip, is bringing IoT tools to the workbench and shop floor, empowering individual industrial engineers to create no-code, low-code apps that can really revolutionize things in the factory.  Yes, many jobs will be replaced by IoT tech, but with Tulip, others will be “enabled” — workers will still be there to make decisions, and they’ll be empowered as never before.

Um, I’m thinking superhuman factory Transformers, LOL!

The Tulip IoT gateway allows anyone to add sensors, tools, cameras and even “pick to light bins” (never heard that bit of shop lingo, but they looked cool in video) to the work station, without writing a line of code, because of the company’s diverse drivers support factory floor devices. It claims to “fill the gap between rigid back-end manufacturing IT systems and the dynamic operations taking place on the shop floor.”

Rony Kubat, the young MIT grad who’s the company’s co-founder is on a mission “to revolutionize manufacturing software,” as he says, because people who actually have to play a hands-on roll in product design and production on  shop floor have been ignored in the IoT, and many processes such as training are still paper-based:

“Manufacturing software needs to evolve. Legacy applications neglect the human side of manufacturing and therefore suffer from low adoption. The use of custom, expensive-to-maintain, in-house solutions is rampant. The inability of existing solutions to address the needs of people on the shop floor is driving the proliferation of paper-based workflows and the use of word processing, spreadsheet and presentation applications as the mainstay of manufacturing operations. Tulip aims to change all this through our intuitive, people-centric platform. Our system makes it easy for manufacturers to connect hands-on work processes, machines and backend IT systems through flexible self-serve manufacturing apps”.

While automation in factory floors continues to grow, manufacturers often find their hands-on workforce left behind, using paper and legacy technology. Manufacturers are seeing an enormous need to empower their workforce with intuitive digital tools. Tulip is a solution to this problem. Front-line engineers create flexible shop-floor apps that connect workers, machines and existing IT systems. These apps guide shop-floor operations enabling real-time data collection and making that data useful to workers on factory floors. Tulip’s IoT gateway integrates the devices, sensors and machines on the shop floor, making it easy to monitor and interact with previously siloed data streams (you got me there: I HATE siloed data). The platform’s self-serve analytics engine lets manufacturers turn this data into actionable insights, supporting continuous process improvement.

The company has grown quickly, and has dozens of customers in fields as varied as medical devices, pharma, and aerospace. The results are dramatic and quite varied:

  • Quality: A Deloitte analysis of Tulip’s use at Jabil, a global contract manufacturer, documented 10+% production increases. It reduced quality issues in manual assembly by more than 10%. found production yield increased by more than 10 percent, and manual assembly quality issues were reduced by 60 percent in the initial four weeks of operation.
  • Training: Other customers reduced the amount of time to train new operators by  90 percent, in a highly complicated, customized and regulated biopharmaceutical training situation: “Previously, the only way to train new operators was to walk them repeatedly through all the steps with an experienced operator and a process engineer. Tulip quickly deployed its software along with IoT gateways for the machines and devices on the process, and managed to cut training time almost by half.”
  • Time to Market: They reduced a major athletic apparel maker’s time to market by 50% for hundreds of new product variations. That required constantly evaluating the impact of dozens of different quality drivers to isolate defects’ root causes — including both manual and automated platforms. Before Tulip, it could take weeks of analysis until a process was ready for production. According to the quality engineer on the project, “I used Tulip’s apps to communicate quality issues to upstream operators in real-time. This feedback loop enabled the operators to take immediate corrective action and prevent additional defects from occurring.”

Similar to my friends at Mendix, the no-code/low-code aspect of Tulip’s Manufacturing App Platform lets process engineers without programming backgrounds create shop floor apps through interactive step-by-step work instructions. “The apps give you access through our cloud to an abundance of information and real-time analytics that can help you measure and fine-tune your manufacturing operations,” Tulip Co-Founder Natan Linder says (the whiz-kid is also chairman of 3-D printer startup Formlabs). 

Linder looked at analytics apps that let users create apps through simple tools and thought why not provide the same kind of tools for training technicians on standard operating procedures or for building product or tracking quality defects? “This is a self-service tool that a process or quality engineer can use to build apps. They can create sophisticated workflows without writing code…. Our cloud authoring environment basically allows you to just drag and drop and connect all the different faucets and links to create a sophisticated app in minutes, and deploy it to the floor, without writing code,” he says. Tulip enables sharing appropriate real-time analytics with each team member no matter where they are and to set up personal alerts for the data that’s relevant to each.

IMHO, this is a perfect example of my IoT “Essential Truth” of “empowering every worker with real-time data.”  Rather than senior management parceling out (as they saw fit) the little amount of historical data that was available in the past, now workers can share (critical verb) that data instantly and combine it with the horse sense that can only be gained by those actually doing the work for years. Miracles will follow!

Writ large, the benefits of empowering shop floor workers are potentially huge.  According to the UK Telegraph, output can increase 8-9 %, while cutting costs 7-8%, cutting costs approximately 7-8 percent. The same research estimates that industrial companies “could see as much as a 300 basis point boost to their bottom line.”

Examples of the relevant shop-floor analytics include:

  • “Show real-time metrics from the shop floor
  • Report trends in your operations
  • Send customized alerts based on user defined triggers
  • Inform key stakeholders with relevant data”

IDC Analyst John Santagate neatly sums up the argument for empowering workers through the IoT thusly:

“With all of the talk and concern around the risk of losing the human element in manufacturing, due to the increasing use of robotics, it is refreshing to see a company focus on improving the work that is still done by human hands.  We typically hear the value proposition of deploying robots and automation of improvements to efficiency, quality, and consistency.  But what if you could achieve these improvements to your manufacturing process by simply applying analytics and technology to the human effort?  This is exactly what they are working on at Tulip.  

“Data analytics is typically thought about at the machine level. Manufacturers measure things such as throughput, efficiency, and quality by applying sensors to their manufacturing equipment, capturing the data signals, and conducting analytics.  The analytics provide an understanding of the health of the manufacturing process and enable them to make any necessary changes to improve the process.  Often, such efforts are top down driven.  Management drives these projects in order to improve the performance of the business.  An alternative approach is to enable the production floor to proactively identify improvement opportunities and take action, a bottom-up approach. For this self-service approach to succeed shop-floor engineers need a flexible platform such as Tulip’s, that allows them to replace paper-based processes with technology and build the applications that enable them to manage hands-on processes.  The real time analytics and visibility of hands-on manufacturing processes from Tulip’s platform puts the opportunity to identify improvement opportunities directly in the hands of people engaged in the work cells.

“Digital transformation in manufacturing is about leveraging advanced digital technology to improve how a company operates.  But, as the manufacturing industry focuses on digital transformation it must not forget the value of the human element.  Indeed, we don’t often think about digital transformation in relation to human effort, but this is exactly the sort of thinking that can deliver some of the early wins in digital transformation. “ 

Well said — and thanks to Tulip for filling a critical and often overlooked aspect of the IoT!

I’m reminded of my old friend Steve Clay-Young, who managed the BAC’s shop in Boston, and first alerted me to the “National Home- workshop Guild” which Popular Science started in the Depression and then played a critical part in the war effort. Craftsmen who belonged all got plans and turned out quality products on their home lathes.  I can definitely see a rebirth of the concept as the cost of 3-D printers from Kubat’s other startup, Formlabs drops, and we can have the kind of home (or at least locally-based production that Eric Drexler dreamed of in his great Engines of Creation (which threw in another transformational production technology, nanotech). 

I’m clearing space in my own workshop so I can begin production on IoT/nanotech/3-D printed products. Move over, GE.

comments: Comments Off on Human Side of IoT: Local Startup Empowers Forgotten Shop Floor Workers! tags: , , , , , ,
http://www.stephensonstrategies.com/">Stephenson blogs on Internet of Things Internet of Things strategy, breakthroughs and management