Read my lips: new requirements on privacy approaching

December 17, 2016

dataprivacy_218266510-1200x545I never miss an opportunity to make the point that Security and Privacy are the two big challenges for IoT, and that privacy is the bigger one. Security problems can be fixed since we accept apologies and forget rapidly. Was it billions of accounts Yahoo? Privacy issues are different since it is about trust and without a proper architecture no service can cope with new requirements on privacy.

Most people respond along the lines of “I have nothing to hide” or “that’s the way people are these days”. But people living in countries where they don’t trust the government have a completely different point of view. In most western countries we have quite tough policies about what you can ask people in interviews for employment. But given the data available to employers today (provided from users by signature!) combined with data analytics, they already know much more than you can imagine, so they don’t need to ask.

This is the naive era and it will come to an end, soon! Your personal data is yours and you should only give it away if you think it is a good idea! And many organisations are equally naive today! Critical data has to be kept safe! Web services for IPR management might not be a good idea for example. At least not unless you know where the servers (and their backups) are.

The only architecture I know of today which can support future requirements on privacy, is that users own their data and opt in to share it. I’m working with Springworks in the automotive industry today. In our company, enabling mobile operators to connect cars, the owners of the cars own the data generated in the car and they opt in to insurance companies, road side assistance companies etc to get some of their data. Car manufacturers typically argue that they own the data.

Here is a good example of what will drive new requirements on privacy – a report from Democratic Media on how wearables are used to collect and sell health data. Is this something we want? I don’t think so. Consumers and enterprises will raise new requirements, and governments will follow with legislation. Proper architectures for privacy and trusted partners will be kings.

 

Advertisements

Respect!

December 10, 2016

volvo-productionTechnology driven innovation continues to challenge and change our world. Internet is the single most important enabler and the last big thing is the smart phone, which gave us new ways of using the Internet including apps. The iPhone is about 10 years old now and it’s time for the next big thing: connecting things to Internet, where we already have people, organisations and services. This will once again change lives, organisations, industries, companies, cities and governments in the same way and magnitude that the arrival of Internet made last time. But this time it will happen much faster since most of the bits and pieces already are in place. We call this IoT right now but soon it will just be Internet again. 

I always think that everything is a science. Regardless of what you look into in more details, it proves to be very complicated. I love the massive opportunities Internet brought and believe these will be even bigger now when we add things to it. But Internet has created a trend which I dislike: by leaving out the physical part of the equation (like running a taxi business without taxis or hotel business without hotels) we are dependent on others doing the hard “physical” part which is connected to places, people, boarders, re-cycling, communities, manufacturing etc. Not that there is anything wrong with entrepreneurs executing on these opportunities, not at all, but we all have to think a little further before celebrating or investing in these initiatives. I see a whole range of challenges, including the vulnerability of these businesses when it comes to policymakers and not the least when the incentives to provide the underlying activities or assets disappear. The Internet part alone also tends to become global leaving only one or few companies in the market (Facebook, Twitter, Google…). Put differently, we simply have to think about the type of society we want to live in.

With Internet of Things this becomes quite obvious. Data is the gold of IoT and a lot of companies are focusing on building business on that data. But without anyone connecting the things, the T in IoT, there will be no data. And when companies make the effort, I don’t think it is obvious that they will share all their gold with anyone anyway. At least not for free. On top of that I’m convinced human beings as well as organisations will become much more cautious with their data and how it is shared and used. Security and privacy are the two big challenges to IoT!

Another dimension of this is that the opportunity to disrupt using Internet has made a lot of people completely lose the respect for the underlying assets or activities. A good example of that is all IT/Internet companies announcing plans to build a car. There is nothing wrong with that, if you have funds to buy all skills and other assets it takes. But I have still to see a car manufacturer announcing that they will start make fridges, shoes, smartphones or Internet search engines. Maybe traditional companies have more respect for the complexity of other industries. 

I believe we all would benefit from a little bit more respect for how difficult it actually is to do different things. A hackathon with youngsters to innovate healthcare over a weekend is great education and fun but makes no sense from a healthcare point of view. An app to keep track on parking spaces is easy to do compared to building the infrastructure to provide all the information needed. The how of IoT is about collaboration and eco-systems, where all relevant players have an important role bringing their experience and know-how to the solution.


%d bloggers like this: