Tag: trust

Trust, security and the internet of things

It may prove impossible to secure the Internet of Things. If so, we’re going to have to develop new trust mechanisms.

I’ve spent the last week in Las Vegas attending the Black Hat and DefCon security conferences. Among much of the discussion about protecting oneself against the misuse of technology, one thing that stood out was the focus on the Internet of Things.

Listening to some of the discussions and speaking to various people, it’s increasingly clear the consensus is the IoT is effectively unsecurable – the range of devices connected to the internet is just too great to be protected.

Compounding the problem are the plethora of poorly designed devices where security is, at best, a vague afterthought along with an older generation of equipment that was never intended to be connected to the public facing internet.

Given many of these devices are going to be critical to business and individual lifestyles, their reliability and quality of the data gathered by them is going to increasingly come into question and the systems that rely upon them are going to need ways to validate the information they receive.

Perhaps this is where machine learning and artificial intelligence are going to be valuable in watching for anomalies in the information and flagging where problems are happening within networks.

As those networks become more essential to society, we’re going to have build more  redundancy and robustness into our systems, the key component though may be trust.

Social Media’s celebrity obsession

A constant with social media companies is their fascination with celebrities. This hurts their credibility.

A constant with social media companies is their fascination with celebrities. At the first opportunity they’ll trash their credibility and burn their credibility with users to curry favour with a b-list celebrity.

The most damaging example of this was Google making an exception of its ‘real names’ policy for celebrity Google+ accounts. In making an exception for pop stars, the company destroyed any argument it had for insisting users had to use their birth names in order to use their service.

In their quest to be relevant Twitter’s management has consistently made itself look like a simpering bunch of star struck groupies in pandering to celebrities. Which they’ve done one again with their Moments service as Josh Dickson point out.

Probably one of the worst examples though is the story of Andrés Iniesta and his Instagram account.

One morning last week Iniesta found his Instagram account had been suspended for breaching the ‘terms of use.’

Iniesta was baffled and couldn’t find how he’s breached the terms, three times he tried to reach out to Instagram and was ignored. In the meantime his Instagram account started posting pictures of his namesake, a Spanish soccer star.

Only after posting his story on Medium did Iniesta get a response – and an apology – from Instagram’s PR people.

It turned out the only breach Iniesta had committed was to be born with the same name as a FC Barcelona star.

Despite having not actually breached Instagram’s terms and conditions, Iniesta had his account taken with no notice and certainly no process.

For the thousands of ‘social media influencers’ and the brands trying to use these service as channels to connect to a fragmented audience Instagram’s actions are a reminder that all their efforts are built on sand – years of work can be wiped out at the whim of a faceless and unaccountable bureaucrat.

Ultimately it’s the social media services who lose the most from their high handed treatment of their users, as it becomes apparent to both advertisers and ordinary account holders that everything they post is impermanent then the trust in the service is gone.

The greatest hypocrites in today’s business world are the social media services – Twitter, Facebook and a host of others which want you to share your intimate details with them for their own commercial use.

As Andrés Iniesta found, the social media service’s commitment to openness and transparency vanishes the moment a user has a problem.

For celebrities, or those well-connected, no such problems exist. One instant message or phone call to their contact within Facebook, Twitter or Google and the problem is fixed.

Ultimately though that insider game and obsession with celebrity will undo the social media services. For the moment though, all their pretences of being identity services or journals of records should be taken with a lot of scepticism.

Developing the world of trustworthy data

Recent security problems start focusing the minds of those designing the Internet of Things and connected cars

Last month’s remote hacking of Jeeps through their entertainment systems was a wake up call to the technology industry as it underscored the risks of connected devices and now a series of initiatives are looking at improving the security landscape.

One of the benefits of the new top level domain regime, despite its reeking of rent seeking by the ICANN names agency, is larger companies and industry groups can improve management of their online identities and those of the services and devices their operations rely upon.

Top level security

Having their own top level domains and being able to issue security certificates for devices and services within their own walled gardens means financial institutions, hardware vendors and service providers can have more confidence in the identities of those they are dealing with.

Bloomberg Business examines how corporations are applying for domains to enhance and while the focus is on guaranteeing the veracity of their websites, the scope in having done that expands to a range of other application, particularly that of ensuring everything from bank point of sale equipment through to connected cars and kettles are authenticated.

A top level domain is only part of the answer though and for the systems to work effectively there has to be more sophisticated ways for systems to ensure they are talking to trusted parties. This need becomes particularly acute with automated systems making business decisions in milliseconds where corrupt or incorrect data can cause havoc with financial markets or supply chains.

Blockchain’s potential

Some of the work being done around Bitcoin, particularly with the use of Blockchain technology to ensure transactions are valid, is one intriguing area where researchers are looking at ensuring all parties in a connected society are genuine and trustworthy.

It’s early days yet in the development of these services and there will be many mistakes as businesses and consumers adopt services where security hasn’t been properly thought through or implemented.

As Chrysler found with the Jeep hack, the risks of getting it wrong are real and potentially fatal and it’s notable Uber has hired the researchers who discovered that vulnerability to design security for their driverless car project.

Trustworthy data

With autonomous vehicles authentication is essential, not just for the passengers or operator starting the car but for all the devices and services communicating from outside and within. As the Jeep hack showed, the braking system needs to have confidence the instructions its receiving are genuine and not coming from a malicious outsider.

Outside the car other services will be communicating, the vehicle’s navigation system needs to be confident the mapping information it’s receiving is reliable and from the genuine provider. Similarly plans to reduce the road toll using roadside devices and other cars needs to ascertain the data being transmitted about highway conditions is trustworthy.

It’s often said computers are only as smart as the data going into them – garbage in, garbage out is the classic saying of the computer industry. As we move into a world where more decisions are being made by machines, those systems are going to become more demanding that information is trustworthy.

Dispelling the internet of snoops

For the Internet of Things industry the task now is to convince the public their devices are trustworthy, stories like the Samsung TV snooping on people isn’t going to help their efforts.

Last October New York lawyer Michael Price bought a new TV and what he read in the accompanying paperwork disturbed him.

In “I’m terrified of my new TV: Why I’m scared to turn this thing on” Price described how Samsung’s privacy policy worried him, particularly the way the voice recognition data was handled, “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”

Disgraced former CIA director David Petraeus told a venture capital conference in 2012 that security agencies will track people through their dishwashers and Price pointed out a smart TV listening to a room’s conversations fits Petraeus’ vision nicely.

At the time of its publication at the end of October Price’s story received some coverage among the information security, privacy and internet of things community then sank until last weekend when a tech site picked it up.

At that stage, the story took on a new life with media outlets around the world running stories on how Samsung TVs are spying on customers.

For Samsung the story is was major embarrassment and they were quick to point out they don’t actually collect data.

To be fair to Samsung, they aren’t alone in having products that can listen to their users; almost every voice activated device has this capability and we can expect everything from smartphones to TVs and connected cars to be able to record voice and, through cameras, our movements.

The marketing and social media industries, like General Petraeus, are enthusiastic about the surveillance opportunities of these devices; Facebook’s  Share and Discover feature for instance opens the microphone when a user starts typing an update to determine what music is being played.

In the internet of things, it’s not just a smart TVs microphone that’s a potential problem as pretty much every connected device is generating information that can be used by government agencies, insurance companies and plaintiffs to track hapless users.

Collecting this data also presents a range of risks beyond subpoenas from government agencies and angry litigants, for the vendors of smart devices there is also the problem of complying with various privacy rules, securely storing customers data and ensuring their business partners also respect user information.

Samsung tried to manage this risk by adding a ‘don’t say stuff near our TV’ clause in the term and conditions, something that backfired dramatically and illustrates the impossibility of managing risk out of your business.

While companies will struggle with the legalities of capturing massive amounts of customer data, the public in general have to face the risks of allowing everything from their kettles to their cars collecting information on them.

The predicament for users is that turning off the ‘smart’ functions – assuming that is possible – remove much of the device’s functionality so the trade off between convenience, security will be a difficult compromise for many people.

For the Internet of Things industry the task now is to convince the public their devices are trustworthy, stories like the Samsung TV snooping on people isn’t going to help their efforts.

Building trust in an age of suspicion

How can businesses regain public confidence in a time of declining trust?

The world’s trust in business, government and innovation is falling reports global PR giant Edelman in its 2015 Trust Barometer.

Surveying 27,000 participants around the world, Edelman follows up with questions to what they call ‘informed publics’; 6,000 college-educated followers of business and news media with a household income in their country’s and age group’s top 25%.

Across the board trust in institutions have fallen with nearly 60% of countries falling into the ‘distruster’ category and the news isn’t good for businesses and governments.

That decline in trust is a striking result given the ‘informed publics’ cohort are their country’s middle class and it shows the stresses being felt in affluent groups.

“There has been a startling decrease in trust across all institutions driven by the unpredictable and unimaginable events of 2014,” the company’s release quotes CEO Richard Edelman“The spread of Ebola in West Africa; the disappearance of Malaysian Airlines Flight 370, plus two subsequent air disasters; the arrests of top Chinese Government officials; the foreign exchange rate rigging by six global banks; and numerous data breaches, most recently at Sony Pictures by a sovereign nation, have shaken confidence.”

Whether the events of 2014 are responsible for the erosion in trust as Edelman claims is up for debate, the decline of trust in innovation indicates the general atmosphere of mistrust is a much bigger issue.

Trusting innovation

Particularly notable is the Australian result where over half the respondents believe innovation is happening too quickly and that it is being driven by greed. Only some, a piddling 14 percent, see innovation as making the world a better place.

Those results are a concern for a country looking at dealing with a high cost economy. At this stage of Australia’s development it’s necessary for industry and society to be implementing new ways of doing business, not looking back to the past.

One shift that marks a change in society is that online search engines are now more trusted than the media outlets that provide the news, that  the population trusts algorithms more than journalists is something that should concentrate the minds of newspaper and magazine proprietors.

Regaining trust

Towards the end of the survey Edelman suggests ways businesses and governments can regain the trust of their communities through ethical business behaviour, taking responsibility to address issues, along with having transparent and open business practices

Other opportunities for building trust include listening to customer needs and feedback, treating employees well, placing customers ahead of profit and communicating frequently on the state of the business.

Clearly building trust is the task of all staff but it starts with an organisation’s leaders to ensure ethics and openness are rewarded. In that light it’s not surprising that trust is declining given the way unethical financiers and opaque politicians have been the main beneficiaries of the post crisis economy.

While a time of declining trust means our institutions are under great stress, it also means there are great opportunities as well for smart businesses and leaders. The challenge is to show the ethics and openness that the public is calling for.

In tech we trust

How much can we trust technology? A World Economic Forum panel discusses the issues.

“There is a big problem with trust today,” says cable operator Liberty Global’s Micheal T. Fries.

He was sitting on a fascinating panel at the World Economic Forum this week with Yahoo! CEO Marissa Mayer, Salesforce founder Marc Benioff and World Wide Web creator Tim Berners-Lee looks at the issue of trust in the tech world.

In a world where everyone wants access to our data, it’s a pertinent and timely discussion from people at the front line of where these issues of ethics and privacy are being dealt with.

Has Facebook peaked?

Facebook is losing marketshare and trust among younger social media users, is this a trend?

Could Facebook have reached its peak? A report in Bloomberg Businessweek suggests the service may have passed it maximum popularity.

In a survey by consulting firm Frank N. Magid Associates, the proportion of 13- to 17-year-old social-media users in the U.S. on Facebook slipped to 88 percent this year from 94 percent in 2013 and 95 percent in 2012.

What would really concern Facebook are concerns that the service is not safe, “One reason for the decline in teen Facebook usage is due to concerns that the service may not be trustworthy. Just 9 percent of those surveyed described the website as “safe” or “trustworthy,” while almost 30 percent of people said they would use those words to describe Pinterest.”

For Facebook that loss of trust among younger users is it’s biggest threat. Once you lose the trust of a generation, you’ve lost your business. This trend is one that Facebook will need to address quickly.

Hiding Hollywood

Changing maps devalues the trust in location services

What it comes maps, trust is everything. If you’re uncertain about what a map tells you then it’s pretty close to useless.

Gizmodo has an interesting story of how tourism and residents clash underneath the Hollywood sign in Los Angeles with the resultant changes to Google Maps and Garmin GPS systems.

It’s surprising that Google, Garmin and other mapping services have agreed to create misleading maps as this devalues the trust in their services.

That’s their business choice though, although in the long term this going to deeply hurt trust in their maps.

Burning user trust

How Whisper burned its users trust with false security and privacy promises

The Guardian today has a stunning expose on the Whisper social media network and its practice of tracking users.

In trying to sell its services to the Guardian, the company showed that it was betraying their promises of anonymity to its users.

Whisper’s behaviour is particularly disgraceful given the service’s promise of user confidentiality and their changing of their terms of service only shows the company’s struggle to understand ethics.

No social media service can afford to burn user trust in the way Whisper has.

If you’re going to promise users anonymity and security then you better deliver. Whisper has failed

 

A land of grace and favors

The quiet abandonment of Google Authorship once again shows why businesses and creative workers shouldn’t trust online services to reward their work.

Yesterday the Search Engine Land website broke the news that Google Authorship is dead.

The quiet abandonment of Google Authorship once again shows why businesses and creative workers shouldn’t trust online services to reward their work.

Google Authorship was a subset of the company’s Google Plus service that let writers and journalist claim their work.

For authors Google Authorship was a useful tool in the battle against the verminous ‘content scrapers’ whose business lies in stealing other peoples’work. It was also a good way of building an online portfolio.

Google benefited from a huge improvement in the quality of its data as its algorithms authorship made it easier for the algorithm to identify original sources.

Using Google’s Authorship tool wasn’t easy, like many of the company’s services it was cumbersome to setup, opaque and subject to arbitrary rules.

Many journalists, bloggers and writers went through the process however as they saw the benefits and trusted Google to maintain the service.

Trusting Google to maintain any service is risky with the company’s well deserved reputation of axing services the moment management’s attention turns to the next shiny thing.

Which is exactly what’s happened to those who’ve invested their time in Google Authorship and they join the disillusioned masses who’ve been burned by the company previously with services like Google Wave.

The lessons from Google’s dropping of Authorship shouldn’t be lost on those working hard to build Google Plus profiles.

Right now, despite the propaganda for those with a lot invested in the service, Google Plus is not travelling well and it’s in a dangerous zone within the company with the departure of its internal management champion Vic Gundotra earlier this year.

The risk of investing too much time on Google Plus is clear, however it would be unfair to single Google out as being alone in presenting this risk.

Every social media service and publishing platform carries the same risk.

Those spending hours creating Facebook communities or carefully crafting LinkedIn or Medium posts need to remember they are only their by the grace and favor of the service.

Nothing replaces your own website as an online property. Your mission is to drive as much traffic to it as possible. Social media platforms can help you do this, but they are not your friends or business partners.

Don’t forget this.

Facebook’s experiment with the limits of public trust

We may soon find out the limits of trust in social media

The revelation that a Facebook research team lead by Alan Kramer experimented with users’ emotional states is a disturbing story on many levels, the immediate consequence is a further erosion in the public trust of social media services.

Facebook, like many social media services, has received a lot of criticism in recent times as the company tries to make enough money to justify its $160 billion valuation.

Most of that criticism has been around the re-arranging of users’ feeds with Facebook’s algorithm deciding what information should be displayed based upon a user’s history with a liberal sprinkling of advertising thrown in.

The Kramer research though takes Facebook’s manipulation of users’ information to another level, along with raising a range of ethical issues.

One of the most concerning issues is the claim that the experiment’s subjects had given informed consent by agreeing to Facebook’s Terms of Service. This is dangerous ground.

The dangerous ground, apart from the gross overreach of customer terms of service this behaviour risks losing the market’s trust; once Facebook or other social media and cloud computing services are viewed as untrustworthy, they are doomed.

For Facebook it might be that the abuse of user trust is the biggest social experiment of all: How far can the company push the public?

We may soon find out.

Fear in the cloud – the loss of trust in online business

Should online businesses, particularly cloud services and social media platforms, begin to worry they’ve lost the trust of the community?

Today I spoke about online safety to the Australian Seniors’ Computer Clubs Association about staying safe online.

Hopefully I’ll have a copy of the presentation up tomorrow but what was notable about the morning was the concern among the audience about security and safety of cloud services.

The ASCCA membership are a computer savvy bunch – anyone who disparages older peoples’ technology nous would be quickly put in their place by these folk – but it was notable just how concerned they are about online privacy. They are not happy.

Another troubling aspect were my answers to the questions, invariably I had to fall back on the lines “only do what you’re comfortable with”  and “it all comes down to a question of trust.”

The problem with the latter line is that it’s difficult to trust many online companies, particularly when their business models relies upon trading users’ data.

Resolving this trust issue is going to be difficult and it’s hard to see how some social media platforms and online businesses can survive should users flee or governments enact stringent privacy laws.

It may well be we’re seeing another transition effect happening in the online economy.