Read my lips: new requirements on privacy approaching

December 17, 2016

dataprivacy_218266510-1200x545I never miss an opportunity to make the point that Security and Privacy are the two big challenges for IoT, and that privacy is the bigger one. Security problems can be fixed since we accept apologies and forget rapidly. Was it billions of accounts Yahoo? Privacy issues are different since it is about trust and without a proper architecture no service can cope with new requirements on privacy.

Most people respond along the lines of “I have nothing to hide” or “that’s the way people are these days”. But people living in countries where they don’t trust the government have a completely different point of view. In most western countries we have quite tough policies about what you can ask people in interviews for employment. But given the data available to employers today (provided from users by signature!) combined with data analytics, they already know much more than you can imagine, so they don’t need to ask.

This is the naive era and it will come to an end, soon! Your personal data is yours and you should only give it away if you think it is a good idea! And many organisations are equally naive today! Critical data has to be kept safe! Web services for IPR management might not be a good idea for example. At least not unless you know where the servers (and their backups) are.

The only architecture I know of today which can support future requirements on privacy, is that users own their data and opt in to share it. I’m working with Springworks in the automotive industry today. In our company, enabling mobile operators to connect cars, the owners of the cars own the data generated in the car and they opt in to insurance companies, road side assistance companies etc to get some of their data. Car manufacturers typically argue that they own the data.

Here is a good example of what will drive new requirements on privacy – a report from Democratic Media on how wearables are used to collect and sell health data. Is this something we want? I don’t think so. Consumers and enterprises will raise new requirements, and governments will follow with legislation. Proper architectures for privacy and trusted partners will be kings.



December 10, 2016

volvo-productionTechnology driven innovation continues to challenge and change our world. Internet is the single most important enabler and the last big thing is the smart phone, which gave us new ways of using the Internet including apps. The iPhone is about 10 years old now and it’s time for the next big thing: connecting things to Internet, where we already have people, organisations and services. This will once again change lives, organisations, industries, companies, cities and governments in the same way and magnitude that the arrival of Internet made last time. But this time it will happen much faster since most of the bits and pieces already are in place. We call this IoT right now but soon it will just be Internet again. 

I always think that everything is a science. Regardless of what you look into in more details, it proves to be very complicated. I love the massive opportunities Internet brought and believe these will be even bigger now when we add things to it. But Internet has created a trend which I dislike: by leaving out the physical part of the equation (like running a taxi business without taxis or hotel business without hotels) we are dependent on others doing the hard “physical” part which is connected to places, people, boarders, re-cycling, communities, manufacturing etc. Not that there is anything wrong with entrepreneurs executing on these opportunities, not at all, but we all have to think a little further before celebrating or investing in these initiatives. I see a whole range of challenges, including the vulnerability of these businesses when it comes to policymakers and not the least when the incentives to provide the underlying activities or assets disappear. The Internet part alone also tends to become global leaving only one or few companies in the market (Facebook, Twitter, Google…). Put differently, we simply have to think about the type of society we want to live in.

With Internet of Things this becomes quite obvious. Data is the gold of IoT and a lot of companies are focusing on building business on that data. But without anyone connecting the things, the T in IoT, there will be no data. And when companies make the effort, I don’t think it is obvious that they will share all their gold with anyone anyway. At least not for free. On top of that I’m convinced human beings as well as organisations will become much more cautious with their data and how it is shared and used. Security and privacy are the two big challenges to IoT!

Another dimension of this is that the opportunity to disrupt using Internet has made a lot of people completely lose the respect for the underlying assets or activities. A good example of that is all IT/Internet companies announcing plans to build a car. There is nothing wrong with that, if you have funds to buy all skills and other assets it takes. But I have still to see a car manufacturer announcing that they will start make fridges, shoes, smartphones or Internet search engines. Maybe traditional companies have more respect for the complexity of other industries. 

I believe we all would benefit from a little bit more respect for how difficult it actually is to do different things. A hackathon with youngsters to innovate healthcare over a weekend is great education and fun but makes no sense from a healthcare point of view. An app to keep track on parking spaces is easy to do compared to building the infrastructure to provide all the information needed. The how of IoT is about collaboration and eco-systems, where all relevant players have an important role bringing their experience and know-how to the solution.

The perfect role for operators in IoT?

July 17, 2016

goldThe telecom industry got a head start in the early days of IoT aka M2M. Ericsson took the lead with the 50B connected devices mantra which translated well into an obvious role for huge operators with millions of connected users and massive investments in wireless networks. And it went without saying that the obvious providers of technology and solutions would be the telecom vendors already in the family. This was a clever and well executed plan by primarily Ericsson since the operators were looking for the next massive growth opportunity after having connected most people and given them data buckets. Operators went for it with one primary caveat – we will not only provide connectivity.

Now, only few years later IoT has gone from a connectivity focused baby to a data centric young adult. IoT is only a new phase of Internet – we’re adding things to people and businesses already connected – which explains the speed of development. From a usage point of view, Internet including IoT and the enabled services and solutions will remain customer focused and very fragmented and the operators will continue working hard to figure out their role beyond connectivity.

Here’s what I would do. The two major challenges for IoT are security and privacy. The smaller one is security since we are used to repair and plug holes as we go, and since we tend to have a very short memory. But privacy is really challenging since nobody knows how the requirements will develop over time. When your data is out you can never get it back why any service will need a solid privacy architecture to cope with future requirements without having to rebuild from scratch. The user must own his or her data and decide who should get hold of it.

But privacy is not only a technical issue why we need trusted partners to help us manage our data. Today most of us trust serious banks to manage our financial data as an example. Our trusted partner needs big muscles to force and enforce proper agreements and obviously have to walk the talk themselves. Operators already manage a lot of our private data and provided they do that well, this is a great position to build the trusted partner role on. The trusted partner role can also be required to build and orchestrate a fair and robust sub-eco system in a specific market like smart homes or connected cars.

So why is privacy of importance anyway? Today most users of internet applications sign up without even reading the agreements. One often hear “I’ve nothing to hide” as the key argument to avoid the hassles of reading and thinking. But with today’s capabilities in data analytics, all digital traces and information we leave behind can quite easily be used to picture an individual, understand how a product is designed, see patterns, understand security procedures and arrangements and so on. In the wrong hands this can be really bad and this type of information is already very useful for burglars to know when people are away and industrial espionage for example. A small example of what could, technically, be in use today is recruiters knowing without asking that a female candidate is pregnant, don’t exercise or have a heart problem.

I am absolutely convinced neither consumers nor policymakers will let this development continue as today. And this is where I believe operators with a relevant brand can find their role in IoT beyond connectivity. A role which will be increasingly important and valuable as far out as I can see. Two good examples of operators I see moving in this direction today are Telefonica and Telia Company (see FAQ 6 and 7).

Trusted partners are key to IoT

February 7, 2016

trusted partnerIoT will make major impact on how we do things and what can be done, across industries and borders. Adding things to the Internet creates a massive opportunity in pair with what Internet have done to us to date. The major challenges are as always to be found in organisations and processes, rarely in the technology as such. However, if we cut the cake differently, and look at it from people making bets on creating and implementing IoT products and services, I would argue that the two biggest challenges are security and privacy. And security is the smaller of these two big ones! We have always had security challenges, but they can be mitigated and fixed on the go. Fixing bugs and problems are part of the development so to speak. If someone finds a back-door and steal our jewels, we will install a lock on the door and hope people will forget it, if you see what I mean. The vendor of the door takes a hit but people have a tendency to forget quite rapidly.

But with privacy it’s a matter of architecture and trusted partners. If data that at some point in the future is considered sensitive is “out there”, it’s too late to take it back. In the digital world nobody knows how many copies there are, who has them, what they use it for, and so on. Most countries have laws and policies for this already, sure, but the first issue is that policymakers probably will shape up rules and policies down the road. Nobody will be badly punished for data that is made available before the changes, obviously, but it might take fundamental changes of systems and services to meet the new policies if the architecture isn’t there already. The second, and much more difficult challenge is that people themselves might change their views over time on what is acceptable and not. Such changed requirements are neither planned nor managed within countries or companies. They might come and go, spread across by social media and gather less or many people behind. And policy makers are always influenced by public trends, media etc. so these “unmanaged public policies” can force rapid legal changes as well.

If your clients suddenly believe that the data they “produce” in their homes or when they shop belongs to them, it will be hard to keep them happy if you don’t let them control it. And even more so if you sell the data to third parties. And to let users be in control of their data requires an architecture supporting that – it’s not something hard to add on the go.

I believe connected cars, homes, cities, cloths, pets, shops, bikes, gardens, etc. sooner or later will meet privacy requirements from policymakers and people that will be necessary to meet and very challenging for those without an architecture to supporting. The role of a trusted partner will be absolutely key and for those being trusted it will be a fantastic foundation for creating brand value and profitable business. The jury is out who can take this important and valuable role. I believe it is a national player and I put my bet on a responsible mobile operator with a solid brand.

%d bloggers like this: