To GO or Not to GO?

Pokemon Go has become a delightful and disturbing experiment in the social impact of technology. This new “Free” software for smart phones implements an augmented reality, overlaying the popular game on the real world. Fans wander the streets, byways, public, and in some cases private spaces following the illusive characters on their smart phone to capture them, or “in world”, or to collect virtual items.  The uptake has been amazing, approaching Twitter in terms of user-hours in just days after introduction. It has also added $12 billion to Nintendo’s stock value (almost double).

Let’s start with “Free”, and $12 billion dollars. The trick is having a no-holds barred privacy policy. Not surprising, the game knows who you are and where you are. It also can access/use your camera, storage, email/phone contacts, and potentially your full Google account (email contents, Drive contents, etc.)  Them money comes because all of this is for sale, in real time. (“While you track Pokemon, Pokemon Go tracks you”, USA Today, 12 July 16) Minimally you can expect to see “Luremodules” (a game component) used to bring well vetted (via browser history, email, call history, disk content, etc.) customers into stores that then combine ad-promotions with in-store characters. Perhaps offering your favorite flavor ice cream, or draw you into a lawyer’s office that specializes in the issues you have been discussing on email, or a medical office that …well you get the picture, and those are just the legitimate businesses.  Your emails from your bank may encourage less honest folks to lure you into a back alley near an ATM machine .. a genre of crime that has only been rumored so far.

The July 13th issue of USA Today outlines an additional set of considerations. Users are being warned by police, property owners, and various web sites for various reasons. The potential for wandering into traffic is non-trivial while pursuing an illusive virtual target, or a sidewalk obstruction, or over the edge of the cliff (is there a murder plot hiding in here?) Needless to say playing while driving creates a desperate need for self-driving cars. Since the targets change with time of day, folks are out at all hours, in all places, doing suspicious things. This triggers calls to police. Some memorial sites, such as Auschwitz and the Washington DC Holocaust Memorial Museum have asked to be exluded from the play-map. There are clearly educational opportunities that could be built into the game — tracing Boston’s “freedom trail”, and requiring player engagement with related topics is a possible example. However, lacking the explicit consideration of the educational context, there are areas where gaming is inappropriate. Also, some public areas are closed after dark, and the game may result in players trespassing in ways not envisioned by the creators, which may create unhealthy interactions with the owners, residents, etc. of the area.

One USA Today article surfaces a concern that very likely was missed by Nintendo, and is exacerbated by the recent deaths of black men in US cities, and the shooting of police in Dallas. “For the most part, Pokemon is all fun and games. Yet for many African Americans, expecially men, their enjoyment is undercut by fears they may raise suspicion with potentially lethal consequences.”  Change the countries and communities involved and similar concerns may emerge in other countries as well. This particular piece ends with an instance of a black youth approaching a policeman who was also playing the game, with a positive moment of interaction as they helped each other pursue in-game objectives.

It is said every technology cuts both ways.  We can hope that experience, and consideration will lead both players and Nintendo to evolve the positive potential for augmented reality, and perhaps with a bit greater respect for user privacy.

Ethics and Entrepreneurs

The Wall St. Journal outlined a series of the ethical issues facing start-up, and even larger tech companies: “The Ethical Challenges Facing Entrepreneurs“.  Having done time in a few similar situations, I can attest to the temptations that exist.  Here are a few of the key issues:

  • The time implications of a startup – many high-tech firms expect employees to be “there” far more than 40 hours per week. Start-ups are even more demanding, with the founders likely to have a period of their lives dominated by these necessities – families, relationships and even individual health can suffer.  What do you owe your relationships, or even yourself?
  • Not in the article, but in the news: in the U.S. many professional employees are “exempt” from overtime pay.  This means they can be expected to work “when needed” but often it seems to be needed every day and every week, yielding 60 hour work weeks (and 50% fewer employees needed to accomplish the work.)  I did this for most of my life, but also got stock options and bonus pay that allowed me to retire early … I see others in low paying jobs, penalized for not being “part of the team” as an exempt employee even when they have no work to actually perform.  Start-ups can project the “founder’s passion” onto others who may not have anywhere near the same share of potential benefit from the outcome.  This parallels a point in the article on “Who is really on the team?” — how do you share the pie when things take off?  Do you ‘stiff’ the bulk of the early employees and keep it to yourself? Or do you have some millionaire administrative assistants? It sets the personality of your company, trust me, I’ve seen it both ways.
  •  Who owns the “IP”? — it would be easy if we were talking patents and copyrights (ok, maybe not easy, technologists often get short-changed when their inventions are the foundation of corporate growth and they find they are looking for a new job.) — But there are lots of grey areas — was a spin-out idea all yours, or did it arise from the lunch table discussion? And what do you do when the company rejects your ideas (often to maintain their own focus, which is laudable).  So is your new start-up operation really free and  clear of legacy IP?
  • Mis-representation is a non-trivial temptation.  Entrepreneurs are looking for venture capital, for customers, for ongoing investors, and eventually to the business press (“xyz corporation fell short of expectations by 13% this quarter”.)  On one hand, if you are not optimistic and filled with hopeful expectations you can’t get off the ground. But ultimately, a good story will meet the test of real data, and along with this your reputation with investors, suppliers, customers, and in the worst case, the courts.  There is a difference between “of course our product has ‘abc'” (when you know it doesn’t), and “if that’s what it takes, we will make it with ‘abc'”. I’ve seen both – it’s a pain to do those overtime hours to make it do ‘abc’ because the sales person promised it. It is more of a pain to deal with the lawyers when it wasn’t ever going to be there. Been there, done that, got the t-shirt (but not the book I’m glad to say.)
  • What do you do with the data?  A simple example – I worked for a company developing semi-conductor design equipment, we often had the most secret designs from customers to work out some bug they discovered. While one aspect of this is clear (it’s their’s), there are more subtle factors like some innovative component, implicit production methods or other pieces that a competitor or even your own operation may find of value.
  • What is the company role in the community? Some startups are 24/7 focused on their own operation. Some assume employees, and even the corporation should engage beyond the workplace.  Again, early action in this area sets the personality of an organization.  Be aware that technologists are often motivated by purpose as much as money – so being socially conscious may be a winning investment.
  • What is the end game? — Now that you have yours, what do you do with it? — Here I will quote one of the persons mentioned in the article: “The same drive that made me an entrepreneur now drives me to try to save the world.”

I will suggest that this entrepreneur will apply the same ethical outlook at the start of the game as he/she does at the end of the game.

 

Internet 3.0?

Steve Case, founder of AOL, has a new book out “The Third Wave: An Entrepreneur’s Vision of the Future“.  As a leader in the “First Wave” (remember dial up modems?… and getting a floppy disk from AOL every month in the mail? — that was SO last millennium) — Steve has some perspective on the evolution of the net.   His waves are:

  1. Building the Internet – companies such as AOL creating infrastructure, peaking circa 2000 (remember the dot-com bubble?)
  2. Apps and Services on top of the net. (the currently declining wave)
  3. Ubiquitous, integrated in our everyday lives — touching everything

This seems to ignore a few major ‘game-changers’ as I see it, including the introduction of the Web and Browsers, Altavista/Google for search, and Amazon for retail. But, that does not diminish the reality of the social impact of whatever Internet Wave we are on at this point.  You might tend to align his assertion with the “Internet of Things”, where very light bulb (or other device) has an IP address and can be managed over the net.  But Steve points to much broader areas of impact:
education, medical care, politics, employment and as promised in his title, entrepreneurial success.

Another way to look at this is “what fields, if any, are not being transformed by networked computing devices?” Very few, even technology that does not incorporate these devices (genetically modified whatever), they depend on networked computer technology at many points in their invention and production.

Steve suggests we need a “new play book” for this emerging economic reality.  I suspect he is only half right.  This was the mantra of the Internet Bubble, where generating income was subservient to new ideas, market growth, mind-share, etc.  What is clear is that it will be increasingly difficult for existing corporations to recognize, much less invest in the innovations that will disrupt or destroy their business. AOL and my past employer, Digital Equipment, are both examples of companies that had failed transitions, in part due to their momentum in “previous generations” of technology. (AOL continues as a visible subsidiary of Verizon, Digital has been subsumed into HP.)  What is happening is that the rate of change is increasing, The challenges associated with this were documented in the 1970’s by Alan Toffler in his book “Future Shock” and it’s sequels, “The Third Wave“, “Powershift” and most recently in “Revolutionary Wealth” (2006).  Toffler’s short form of Future Shock is: “too much change in too short a period of time” — a reality that has traction 50 years later.

What examples of disruption do you see coming? (But beware, it’s the ones we don’t see that can get us.)

Health App Standards Needed

Guest Blog from: John Torous MD, Harvard

Last year, the British National Health Service (NHS) thought it was showing the world how healthcare systems can best utilize smartphone apps – but instead provided a catastrophic example of a failure to consider the social implications of technology. The demise of the NHS ‘App Library’ now serves as a warning of the perils of neglecting the technical aspects of mobile healthcare solutions – and serves as a call for the greater involvement of IEEE members at the this evolving intersection of healthcare and technology.

The NHS App Library offered a tool where patients could look online to find safe, secure, and effective smartphone apps to assist with their medical conditions. From major depressive disorder to diabetes, app developers submitted apps that were screened, reviewed, and evaluated by the NHS before being either approved or rejected for inclusion in the App Library. Millions of patients came to trust the App Library as a source for high quality and secure apps. Until one day in October 2015 the App Library was gone. Researchers had uncovered serious privacy and security vulnerabilities, with these approved apps actually leaving patient data unprotected and exposed. Further data highlighting that many approved apps also lacked any clinical evidence added to the damage. Overnight the NHS quietly removed the website (http://www.nhs.uk/pages/healthappslibrary.aspx) although the national press caught on and there was a public outcry.

As an IEEE member and a MD, I see both the potential and peril of mobile technologies like apps for healthcare. Mobile technologies like smartphone apps offer the promise of connecting millions of patients to immediate care, revolutionizing how we collect real time symptom data, and in many cases offering on the go and live health monitoring and support. But mobile technologies also offer serious security vulnerabilities, leaving sensitive patient medical information potentially in the public sphere. And without standards to guide development, the world of medical apps has become a chaotic and treacherous space. Simply go to Apple or Android app stores and type in ‘depression’ and observe what that search returns. A sea of snake oils, apps that have no security or data standards as well as no clinical evidence are being marketed directly to those who are ill.

The situation is especially concerning for mental illnesses. Many mental illnesses may be thought of in part as behavioral disorders and mobile technologies like smartphones have the potential to objectively record these behavioral symptoms. Smartphones also have to potential to offer real time interventions via various forms of e-therapy. Thus mobile technology holds the potential to transform how we diagnose, monitor, and even treat mental illnesses. But mental health data is also some of the most sensitive healthcare data that can quickly ruin lives if improperly disclosed or released. And the clinical evidence for the efficacy of smartphone apps for mental illness is still nascent. Yet this has not held back a sea of commercial apps that are today directly available for download and directly marketed to those whose illness may at times impair clear thinking and optimal decision making.

If there is one area where the societal and social implications of technology are actively in motion and needing guidance, mobile technology for mental healthcare is it. There is an immediate need for education and standards regarding consumer facing mobile collection, transmission, and storage of healthcare data. There is also a broader need for tools to standardize healthcare apps so that data is more unified and there is greater interoperability. Apple and Android each have their own healthcare app / device standards via Apple’s ReseachKit and Android’s Research Stalk – but there is a need for more fundamental standards. For mobile mental health to reach its promised potential of transforming healthcare, it first needs an internal transformation. A transformation led in part by the IEEE Society on Social Implications of Technology, global mental health campaigns (changedirections.org), forward thinking engineers, dedicated clinicians, and of course diverse patients.

If you are interested in tracking standards and developments in this area, please join the LinkedIn Mobile Mental Health App Standards group at: http://is.gd/MHealthAppGroup


 

John Torous MD is an IEEE member and currently a clinical fellow in psychiatry at Harvard Medical School. He has a BS in electrical engineering and computer sciences from UC Berkeley and medical degree from UC San Diego. He serves as editor-in-chief for the leading academic journal on technology and mental health, JMIR Mental Health (http://mental.jmir.org/), currently leads the American Psychiatric Association’s task force on the evaluation of commercial smartphone apps, co-chairs the Massachusetts Psychiatric Society’s Health Information Technology Committee.

Toys, Terrorism and Technology

Recent attacks on citizens in all too many countries have raised the question of creating back-doors in encrypted communications technology.  A November 22 NY Times article by Zeynep Tufekci: “The WhatsApp Theory of Terrorism“, does a good job of explaining some of the flaws in the “simplistic” – government mandated back-doors. The short take: bad guys have access to tools that do not need to follow any government regulations, and bad guys who want to hack your systems can use any backdoor that governments do mandate — no win for protection, big loss of protection.

Toys? The Dec. 1 Wall Street Journal covered: “Toy Maker Says Hack Accessed Customer Information“.  While apparently no social security or credit card data was obtained, there is value in having names – birthdates – etc for creating false credentials.  How does this relate to the Terrorist Threat?  — two ways actually:

  1. there are few, if any, systems that hackers won’t target — so a good working assumption is someone will try to ‘crack’ it.
  2. technologists, in particular software developers, need to be aware, consider and incorporate appropriate security requirements into EVERY online system design.

We are entering the era of the Internet of Things (IoT), with many objects now participating in a globally connected environment.  There are no doubt some advantages (at least for marketing spin) with each such object.  There will be real advantages for some objects.  New insight may be discovered though the massive amount of data available  – for example, can we track global warming via the use of IoT connected heating/cooking devices? However, there will be potential abuses of both individual objects (toys above), and aggregations of data.  Software developers and their management need to apply worst case threat-analysis to determine the risks and requirements for EVERY connected object.

Can terrorists, or other bad guys, use toys? Of Course!  There are indications that X-Box and/or Playstations were among the networked devices used to coordinate some of the recent attacks. Any online environment that allows users to share data/objects can be used as a covert communications channel.  Combining steganography and ShutterFly,  Instagram, Minecraft,  or any other site where you can upload or manipulate a shareable image is a channel.  Pretending we can protect them all is a dangerous delusion.

Is your employer considering IoT security?  Is your school teaching about these issues?

 

Employee Cell Phone Tracking

An employee in California was allegedly fired for removing a tracking APP from her cell phone that was used to track her on-the-job and after-hours travel and locations.  The APP used was XORA (now part of Clicksoft).
Here are some relevant, interesting points.

  • Presumably the cell phone was provided by her employer.  It may be that she was not required to have it turned on when she was off hours.
    (but it is easy to envision jobs where 24 hour on-call is expected)
  • There are clear business uses for the tracking app, which determined time of arrival/departure from customer sites, route taken, etc.
  • There are more intrusive aspects, which stem into the objectionable when off-hours uses are considered: tracking locations, time spent there, routes, breaks, etc. — presumably such logs could be of value in divorce suits, legal actions, etc.

Consider some variations of the scenario —

  1. Employee fired for inappropriate after hours activities
  2. Detection of employees interviewing for other jobs,
    (or a whistle blower, reporting their employer to authorities)
  3. Possible “blackmail” using information about an employees off hour activities.
  4. What responsibility does employer have for turning over records in various legal situations?
  5. What are the record retention policies required?  Do various privacy notifications, policies, laws apply?
  6. What if the employer required the APP to be on a personal phone, not one that was supplied?

When is this type of tracking appropriate, when is it not appropriate?

I’ve marked this with “Internet of Things” as a tag as well — while the example is a cell phone, similar activities occur with in-car (and in-truck) monitoring devices, medical monitoring devices, employer provided tablet/laptop, and no doubt new devices not yet on the market.

FTC, NoMi and opting out

The U.S. Federal Trade Commission (FTC) settled charges with Nomi Technologies over it’s opt-out policy on April 23rd. Nomi’s business is putting devices in retail stores that track MAC addresses.  A MAC unique MAC address is associated with every device that can use WiFi –it is the key to communicating with your device (cell phone, tablet, laptop, etc.) as opposed to someone elses device.  Nomi apparently performs a hash ‘encryption’ on this (which is still unique, just not usable for WiFi communications) and tracks your presence near or in participating retail stores world wide.

The question the FTC was addressing is does Nomi adhere to it’s privacy policy, which indicates you can opt out in store, and would know what stores are using the technology. Nomi’s privacy policy (as of April 24) indicates they will never collect any personally identifiable information without a consumer’s explicit opt in — of course since you do not know where they are active, nor that they even exist it would appear that they have no consumer’s opting in.  Read that again closely — “personally identifiable information” … it is a MAC address, not your name, and at least one dissenting FTC commissioner asserted that “It is important to note that, as a third party contractor collecting no personally identifiable information, Nomi had no obligation to offer consumers an opt out.”  In other words, as long as Nomi is not selling something to the public, they should have no-holds-barred ability to use your private data anyway they like. The second dissenting commissioner asserts “Nomi does not track individual consumers – that is, Nomi’s technology records whether individuals are unique or repeat visitors, but it does not identify them.” Somehow this commissioner assumes that the unique hash code for a MAC address that can be used to distinguish if a visitor is a repeat, is less of a individual identifier than the initial MAC address (which he notes is not stored.) This is sort of like saying your social security number backwards (a simplistic hash) is not an identifier whereas the number in normal order is.  Clearly the data is a unique identifier and is stored.  Nomi offers the service (according to their web site) to “increase customer engagement by delivering highly relevant mobile campaigns in real time through your mobile app” So, with the data the store (at it’s option) chooses to collect from customers (presumably by their opting in via downloading an app) is the point where your name, address, and credit card information are tied into the hashed MAC address.  Both dissenting commissioners somehow feel that consumers are quite nicely covered by the ability to go to the web site of a company you never heard of, and enter all of your device MAC addresses (which you no doubt have memorized) to opt-out of a collecting data about you that you do not know is being collected for purposes that even that company does not know (since it is the retailer that actually makes use of the data.)  There may be a need to educate some of the folks at the FTC.

If you want to opt out of this one (of many possible) vendors of individual tracking devices you can do so at http://www.nomi.com/homepage/privacy/ .Good Luck.

 

ISTAS 2015 – Nov 11, 12; Dublin Ireland

The International Symposium on Technology and Society (ISTAS), held annually.

Papers (5,000 – 6,000 words) using the ISTAS2015 Template must be registered on the conference portal by the deadline of 31 May 2015.  Workshop proposals have a 8 June 2015 deadline (see site for details)

 

 

Smart Government: ICT Enabled Social Engagement in Public Organizations

An SSIT Guest Blog provided by: Carlos E. Jiménez; Open & Smart Gov Specialist, IEEE SSIT Sr. Member; Barcelona, Spain.

In a broad sense, we usually use e-Government concept as the ICT adoption by public organizations as helpful tool in order to improve the way they achieve their goals. Key elements in these organizations are elements like efficiency, effectiveness, transparency and citizen-centric oriented.

However, it is important to say that in a more specific sense, there are important differences when we talk about its degrees and elements within this field. Then, we could talk on 4 distinct concepts: e-Administration, e-Government (in a more specific sense), Open Government and Smart Government. These stages are incremental where ICT transform the public organizations at the same time as they produce better services to citizens.

In the table, we can see that e-Administration started with the ICT adoption addressed to automatize workflows in public organizations (1st stage, -Bureaucratic organization) and, later, the e-Government stage (2nd stage, -Professional organization) includes interaction between citizens through the use of electronic tools, as well as bi-directional flows of information allowing citizens to use e-services. Next, technologies contribute and facilitate the move to a 3rd stage (Relational organization) where -Open Government- is achieved, allowing a high degree of the governance paradigm and not only through the use of e-services. In this stage there is a participation of the society in decisions and processes that before, were mainly done exclusively by the organization. A 4th stage and type of public organization (Intelligent organization) after the Relational one, would be based in the optimized IT adoption degree, and how it can transform the public organization as well as society.

Organization  Modernization Level ICT Role
1. Bureaucratic Begin Automatized Workflows  (e-Administration)
Benefit: increased internal efficency
2. Professional Middle Citizenship Interaction (e-Government).
Benefit: efficient public services (filing forms…)
3. Relational Advanced Citizenship participating in governance (Open Government).Benefit: Paradigm of governance
4. Intelligent Optimal:
Adopted completely Interoperability principle and Open Innovation as tool
Interconnected Ecosystem (Smart Government)Benefits: real time, data driven – integration of information, Public-Private-People Partnership…

This 4th “refined” public organization level, would be achieved as a result of ICT as tool that is being used in perfect harmony with: a) Open Government b) the Social & Open Innovation in public organizations and c) a maximized Interoperability Principle [this concept is expanded in a special issue of IEEE Computer Magazine, Oct 2014]. The concept of Smart Government, then, will have all these factors, and the social implications of technology are being key here.

Indeed, we have to understand that territories and cities only will be smarter if and only if are more social, through thinking in the best options for their citizens, specially, avoiding negative impacts of technology. To get a sense for how this looks in practice see, in the case of Barcelona, https://smartcitizen.me/.

What areas of government in your territory are starting to move towards the “Smart Government” level?

 

Google Drive and the Titanic — UnSyncable

I have a number of files I want to share across my three primary computers, and have backed up in the cloud — “Just in case”. So when Google lowered the price for 100GB of cloud storage, I took them up on the offer … BUT …

Apparently they made a change in the last few days (Circa Feb 1, 2015) and now refuses to sync MP3 files.  Since the Drive APP does not correctly display large numbers of unsyncable files, I had to catch it in the act (with just 700+ of my 1900+ MP3 files.  The message is”Download error: You do not have the  permission to sync this file“. This apparently was applied to ALL MP3 files since it includes recordings of my wife, niece, and cousins as well as CDs and Vinyl “rips” I have done to allow me to listen to that music on my computer(s) — and for which I still have the original media (and I do not sell or share). So it appears that Google (perhaps under pressure from the music industry) has decided to ban MP3 files from Drive. (If you are a musical artist, you obviously need another supplier.) — [A later observation, after more experience and some useful feedback — while it is not clear what triggers Drive to make decisions about Permission to Sync, it is not the .MP3 characteristic alone — following guidance from  Google support, I completely reinstalled it on my Windows8 system and now things sync alright … hmm]

There is a valid copyright concern from IP owners related to sharing of their content.  Google has some experience with this with Google Books. They have argued “fair use” for wholesale capture, storage and indexing of libraries full of books.   Which was upheld in a 2013 court ruling. It is also worth noting that besides copyright for books and MP3 files, every item on Google Drive has an implicit or explicit copyright.  This Blog entry will have an implicit copyright as soon as I post it, actually I think it gains that status as soon as I type it in.  Every email, document, home movie or picture you take, etc. has applicable copyright law — and I can’t envision Google being able to sort out who has what permissions. And with a transition from “first sale” protections to licensing for works, things get more difficult.  If I buy a book, I can re-sell it (or a DVD, CD, etc) … but if I buy a license for something (software, ebook, etc.) …. my rights are limited by the license, not copyright law.  (Which is why Amazon could ‘take back’ copies of Orwell’s “1984” from Kindel devices.)

While seeking to understand the problems I encountered with Drive I  discovered an interesting variation on the problems.  A user reported a system infected with ransomware that encrypted his files and demanded payment to restore access.  The encrypted files  replaced the unencrypted files on Google Drive, which means his “backup” was no longer available (and apparently Google cannot restore prior versions of files.)

Cloud computing in it’s variations opens a batch of new Social Implications … Copyright, protection of content, loss of content, etc. What other challenges do you see for the Cloud?