Nov 032016
 
the taxi industry is being disrupted by mobile apps

It’s often easy to underestimate the effects of regulation on the development of industries and innovation.

Around the world jurisdictions are struggling with balancing regulation and innovation, last week in the UK Uber lost an employment tribunal case 0ver the employment status of its employees . While in Switzerland the country is struggling with rules over Blockchain as the nation tries to build a ‘Crypto Valley’.

Striking the right balance in regulation isn’t trivial. As the development of Silicon Valley’s finance models shows, government rules were critical to how the venture capital sector has evolved.

The US Small Business Investment Act of 1958 was the first step in the sector’s development with the creation of “Small Business Investment Companies” (SBICs) to fund and manage smaller enterprises in the United States. In 1978 the sector received a greater boost when pension funds were allowed to invest in the sector.

We’re now seeing a similar thing happening in the US where the Digital Millennium Copyright Act – a law passed to protect the Twentieth Century business models of record companies and movie studios – is being softened to allow end users to examine and maintain the software on the devices they own.

If the trial is allowed to become permanent, it will almost certainly see a far freer and innovative software environment which may even help overcome some of the security problems with the Internet of Things.

Often though that balance isn’t correctly struck and recently we’ve seen many poor decisions that have concentrated power, particularly in the financial and airline industries where governments have allowed huge conglomerates to dominate their markets which stifles innovation and growth.

Those innovation stifling regulations though don’t guarantee companies’ survival as the taxi industry discovered. Despite reams of laws and regulations protecting their licenses, Uber effectively blew up the business as they offered travellers a far better option to the often poor services provided by local cab companies.

Regulation is always going to be a balancing act between protecting the community’s interest and allowing business and society to evolve. It’s one reason why as citizens and taxpayers we need to be demanding our governments are open and transparent in their dealings and law making.

Aug 052016
 
Computer security is evolving in a time of social media

One of the sad truths of today’s online world is that dissidents, lawyers and journalists are ripe targets for governments that want to suppress who they perceive to be their enemies.

At the Black Hat security conference in Las Vegas today, the Electronic Frontier Foundation’s Eva Galperin and Cooper Quintin gave a demonstration of just what lengths governments will go in hacking their opponents.

In When Governments Attack, Galperin and Quintin illustrated how Syria, Ethiopia and Vietnam are all countries whose hacking campaigns they’ve encountered but the particular focus was on Operational Menul, which resolved around the Kazakhstan regime’s attacks on its opponents.

The government of Nursultan Nazarbayev is well known for its corruption, intolerance and global harassment of its opponents as Quintin and Galperin showed. What’s of particular interest to them is the use of off the shelf malware tools.

Using cheap commodity tools has the advantage of not leaving distinctive patterns that may give investigators hints to who has developed the malware. The downside of course is that most anti-viruses can detect these tools.

For the regimes this is not such a problem as most of their targets are relatively unsophisticated, as most of the activists, lawyers and journalists targeted by government agencies or their contractors do not have high level tech skills or use advanced security tools.

Another concern is how private contractors are employed by these governments. An interesting tactic used by the EFF is to commence legal proceedings against US based corporation for operations they’ve conducted against dissidents visiting or living in the United States.

Galperin and Quintin have three conclusions from examining these attacks.

  • Attacks don’t need to be sophisticated to work
  • None of this research is sexy
  • The tools and actors are not sophisticated

While the tools and actors in these sad tales are not sophisticated, the costs to the targets are usually high as they and their families can be subject to terrible consequences.

As we increasingly see both simple and sophisticated software tools available to be used against citizens we can expect to see more abuses by governments around the world. The job of organisations like the EFF is not going to get easier any time soon.

We citizens though need to do what we can to demand safeguards and legal protections from our governments. Those of us in democracies should be making that clear at the ballot box.

Mar 292016
 
nest-iot-aquired-by-google-protect-black-pathlight

One of the truisms of modern business is we live in an API economy where open Application Programming Interfaces allow software companies to connect their platforms that builds an ecosystem of developers and extends the functionality of their products.

But what happens when an API shuts down or a company starts applying the web2.0 principles of draconian legal terms and conditions to its data feeds? Pinboard, “the social bookmarking application for introverts” is illustrating how serious legalese can be for developers.

Maciej Cegowski, Pinboard’s founder, decided the terms and conditions imposed by popular automation site If That Then This (IFTTT) were too demanding and pulled his service from the platform.

In a blog post he lays out exactly why, citing IFTTT’s demands for rights over his service along with the option of  the plaftorm being able to assign those rights to third parties.

For developers, IFTTT’s terms are almost impossible as the platform strips them of their intellectual property rights and restrains their trade. It’s a classic case of legal over-reach which is all too common in the control obsessed tech industry.

As we’re seeing software vendors releasing platforms to manage IoT devices through APIs and cloud services making their plethora of APIs a selling point, access to these becomes a serious matter for the software industry.

There is a worrying aspect for users in this as well, as those relying on Pinboard services driven through IFTTT are now effectively stranded and have to look for another site that provides similar functions.

While Pinboard is quite small, a larger service shutting down its APSs could have dramatic effects. This is even truer with Internet of Things devices that could use a service like IFTTT to run key functions.

Designing devices and services to cater for the possibility an API or web service may become unavailable needs to be priority for IoT vendors while for developers and users, the risk a service may stop is something that should never be far from their minds and factored into the business and purchasing decisions they make.

Feb 082016
 
Amazon-dash-one-button-shopping-iot

Who is responsible for the effect of renegade computer programs is going to become a serious legal topic as an increasing number of things become ‘intelligent” and connected to the internet.

Britain’s Financial Conduct Authority (FCA) is one of the first regulators to start looking at how companies’ algorithms. In their just released rules for wholesale traders, the FCA sets out the responsibilities for companies and their managers.

“We are determined to embed a culture of personal responsibility within the banking sector,” says the FCA’s Acting Chief Executive Tracey McDermott. “Clear individual accountability should focus minds, drive up standards, and make firms easier to run and to supervise. And if things go wrong, it will allow senior managers to be held to account for misconduct that falls within their area of responsibility.”

The definition of ‘misconduct’ when an algorithm goes awry will undoubtedly prove contentious, as will the idea of ‘personal responsibility’ in the banking sector.

While it’s too tempting to be dismissive of such move in the financial services industry, the FCA’s regulations are a pointer of what most industries are going to face over the next ten years as the more devices make decisions for themselves or communicate with other equipment over the Internet of Things.

In many areas the question of who is responsible for a rogue computer program will be left to the uncertainties of the legal system with no doubt many surprises, injustices, inconsistencies and unintended consequences so the earlier regulators develop a framework for dealing with mishaps the better.

Should the IoT start delivering on its promise of a connected world a poorly designed algorithm in even what should be relatively trivial devices or services may have the potential to cause massive disruption and damage. It’s hard not to imagine many other regulators in other industries are looking at how to attribute responsibilities, if not minimise risk, in a smart connected world.

Jan 192016
 
censorship on the internet and social media

The Libertarian dream of a free trade zone out of reach of authorities on the Dark Web has come to an end reports Wired.

Ironically it’s not the authorities that have discredited these sites but the untrustworthiness of the various contraband services’ operators that have doomed these illicit marketplaces.

While there’s still potential for these dark web markets to evolve into something more robust their current failure shows that radically changing existing institutions and systems is rarely happens quickly and without cost, as those with stolen Bitcoins are learning.

Jun 302015
 
sense-t-tasmania-iot

What happens when an internet connected device fails?

In The Australian today I have a piece discussing the legal risk of the IoT.

Lawyers warn that manufacturers, distributors and installers all face the possibility of damages should their devices malfunction or not perform as advertised.

This risk is compounded by the data analysis with Michael Stojanovic of international law firm Bird & Bird citing the example of a gas monitoring device accurately detecting and reporting a surge but a company being liable because they didn’t warn their customer something was amiss.

Equally there’s a risk with misreported or lost data. This in itself is presents a problem as many of the software vendors currently looking at supplying the IoT have a ‘best effort’ mentality where they don’t accept responsibility for service interruptions.

While that attitude may have stood up before courts over the last twenty years, it’s unlikely to get much sympathy from judges and juries when critical systems are affected.

Like everything else in life, the lawyers are coming for the IoT.

Apr 042015
 
The law applies online to social media and other web services

Automakers Say You Don’t Really Own Your Car states the Electronic Frontiers Foundation.

In their campaign to amend the US Digital Millenium Copyright Act to give vehicle owners the right to access and modify their automobiles’ software the EFF raises an important point.

Should the software licensing model be applied to these devices then purchasers don’t really own them but rather have a license to use them until the vendor deems overwise.

Cars, of course, are not the only devices where this problem arises. The core of the entire Internet of Things lies in the software running intelligent equipment, not the hardware. If that software is proprietary and closed then no purchaser of a smart device truly owns it.

Locking down the smarthome

This raises problems in smarthomes, offices and businesses where the devices people come to depend upon are ‘black boxes’ that they aren’t allowed to peer into. It’s not hard to see how in industrial or agricultural applications that arrangement will often be at best unworkable.

Four years ago tech industry leader Marc Andreessen pointed out how software is eating the world; that most of the value in an information rich economy lies in the computer programs that processes the data, not the hardware which collects and distributes it.

That shift was flagged decades ago when the initial fights over software patents occurred in the 1980s and 90s and today we’re facing the consequences of poorly thought out laws, court decisions and patent approvals that now challenge the concepts of ownership as we know it.

Is ownership outdated?

However it may well be that ‘ownership’ itself is an outdated concept. We could be entering a period where most of our possessions are leased rather than owned.

If we are in a period where ownership is an antiquated concept then does it matter that our cars, fitness bands, kettles, smoke alarms and phones are in effect owned by a corporation incorporated in Delaware that pays most of its tax in the Dutch Antilles?

Who owns the smartcar’s data?

The next question of course is if the software in our smart devices is secret and untouchable then who owns the data they generate?

Ownership of a smartcar’s data could well be the biggest issue of all in the internet of things and the collection of Big Data. That promises to be a substantial battle.

In the meantime, it may not be a good idea to tinker too much with your car’s software or the data it generates.