Read my lips: new requirements on privacy approaching

December 17, 2016

dataprivacy_218266510-1200x545I never miss an opportunity to make the point that Security and Privacy are the two big challenges for IoT, and that privacy is the bigger one. Security problems can be fixed since we accept apologies and forget rapidly. Was it billions of accounts Yahoo? Privacy issues are different since it is about trust and without a proper architecture no service can cope with new requirements on privacy.

Most people respond along the lines of “I have nothing to hide” or “that’s the way people are these days”. But people living in countries where they don’t trust the government have a completely different point of view. In most western countries we have quite tough policies about what you can ask people in interviews for employment. But given the data available to employers today (provided from users by signature!) combined with data analytics, they already know much more than you can imagine, so they don’t need to ask.

This is the naive era and it will come to an end, soon! Your personal data is yours and you should only give it away if you think it is a good idea! And many organisations are equally naive today! Critical data has to be kept safe! Web services for IPR management might not be a good idea for example. At least not unless you know where the servers (and their backups) are.

The only architecture I know of today which can support future requirements on privacy, is that users own their data and opt in to share it. I’m working with Springworks in the automotive industry today. In our company, enabling mobile operators to connect cars, the owners of the cars own the data generated in the car and they opt in to insurance companies, road side assistance companies etc to get some of their data. Car manufacturers typically argue that they own the data.

Here is a good example of what will drive new requirements on privacy – a report from Democratic Media on how wearables are used to collect and sell health data. Is this something we want? I don’t think so. Consumers and enterprises will raise new requirements, and governments will follow with legislation. Proper architectures for privacy and trusted partners will be kings.


The perfect role for operators in IoT?

July 17, 2016

goldThe telecom industry got a head start in the early days of IoT aka M2M. Ericsson took the lead with the 50B connected devices mantra which translated well into an obvious role for huge operators with millions of connected users and massive investments in wireless networks. And it went without saying that the obvious providers of technology and solutions would be the telecom vendors already in the family. This was a clever and well executed plan by primarily Ericsson since the operators were looking for the next massive growth opportunity after having connected most people and given them data buckets. Operators went for it with one primary caveat – we will not only provide connectivity.

Now, only few years later IoT has gone from a connectivity focused baby to a data centric young adult. IoT is only a new phase of Internet – we’re adding things to people and businesses already connected – which explains the speed of development. From a usage point of view, Internet including IoT and the enabled services and solutions will remain customer focused and very fragmented and the operators will continue working hard to figure out their role beyond connectivity.

Here’s what I would do. The two major challenges for IoT are security and privacy. The smaller one is security since we are used to repair and plug holes as we go, and since we tend to have a very short memory. But privacy is really challenging since nobody knows how the requirements will develop over time. When your data is out you can never get it back why any service will need a solid privacy architecture to cope with future requirements without having to rebuild from scratch. The user must own his or her data and decide who should get hold of it.

But privacy is not only a technical issue why we need trusted partners to help us manage our data. Today most of us trust serious banks to manage our financial data as an example. Our trusted partner needs big muscles to force and enforce proper agreements and obviously have to walk the talk themselves. Operators already manage a lot of our private data and provided they do that well, this is a great position to build the trusted partner role on. The trusted partner role can also be required to build and orchestrate a fair and robust sub-eco system in a specific market like smart homes or connected cars.

So why is privacy of importance anyway? Today most users of internet applications sign up without even reading the agreements. One often hear “I’ve nothing to hide” as the key argument to avoid the hassles of reading and thinking. But with today’s capabilities in data analytics, all digital traces and information we leave behind can quite easily be used to picture an individual, understand how a product is designed, see patterns, understand security procedures and arrangements and so on. In the wrong hands this can be really bad and this type of information is already very useful for burglars to know when people are away and industrial espionage for example. A small example of what could, technically, be in use today is recruiters knowing without asking that a female candidate is pregnant, don’t exercise or have a heart problem.

I am absolutely convinced neither consumers nor policymakers will let this development continue as today. And this is where I believe operators with a relevant brand can find their role in IoT beyond connectivity. A role which will be increasingly important and valuable as far out as I can see. Two good examples of operators I see moving in this direction today are Telefonica and Telia Company (see FAQ 6 and 7).

%d bloggers like this: