Privacy and Security

Guest Post from: Marvi Islam

Let me start it with privacy and link it to security. Well, all of us know about the privacy settings on Facebook and we like them so much as we can hide from our family members, the things we do and the people we’re with. But wait, what about security? How is privacy linked to security?

Let’s leave the digital platform and move our focus towards our daily lives. We need security in our banks, schools, public places and even in our homes and parks. But have you ever wondered what price we pay for this non-existent blanket of security? Privacy.  Let me reiterate –  security at the price of privacy. Those cute little things we see on the ceilings of our school corridors; we call them “CCTV” –  they are installed for our security. But security from? No one bothers to ask. Maybe they (the authorities) want to tape everything in case something bad happens so that they can go through the tapes and catch perps red-handed. But they are taping every single thing and we don’t take this as them breaching our privacy?

A number of times these tapes have been misused causing niggling unpleasantries and yet it’s ok. There’s a famous proverb in Hindi that translates to this,“You have to sacrifice one thing to get another”. Here we sacrifice our privacy to get security. With self-driving cars grabbing all the attention, there goes more data to stay connected and apparently, “secure”.

Similarly, some companies check what their employees are up to and what they are doing on their computers while they are at work. This, from the company’s perspective is to avoid plausible breach of sensitive data but is such constant monitoring even ethical? So, does it really have to be a tradeoff? Security for privacy and vice versa?

Marvi Islam is from Islamabad, Pakistan and studies at Capital University of Science and Technology, Islamabad. https://www.facebook.com/marvi.islam

Internet 3.0?

Steve Case, founder of AOL, has a new book out “The Third Wave: An Entrepreneur’s Vision of the Future“.  As a leader in the “First Wave” (remember dial up modems?… and getting a floppy disk from AOL every month in the mail? — that was SO last millennium) — Steve has some perspective on the evolution of the net.   His waves are:

  1. Building the Internet – companies such as AOL creating infrastructure, peaking circa 2000 (remember the dot-com bubble?)
  2. Apps and Services on top of the net. (the currently declining wave)
  3. Ubiquitous, integrated in our everyday lives — touching everything

This seems to ignore a few major ‘game-changers’ as I see it, including the introduction of the Web and Browsers, Altavista/Google for search, and Amazon for retail. But, that does not diminish the reality of the social impact of whatever Internet Wave we are on at this point.  You might tend to align his assertion with the “Internet of Things”, where very light bulb (or other device) has an IP address and can be managed over the net.  But Steve points to much broader areas of impact:
education, medical care, politics, employment and as promised in his title, entrepreneurial success.

Another way to look at this is “what fields, if any, are not being transformed by networked computing devices?” Very few, even technology that does not incorporate these devices (genetically modified whatever), they depend on networked computer technology at many points in their invention and production.

Steve suggests we need a “new play book” for this emerging economic reality.  I suspect he is only half right.  This was the mantra of the Internet Bubble, where generating income was subservient to new ideas, market growth, mind-share, etc.  What is clear is that it will be increasingly difficult for existing corporations to recognize, much less invest in the innovations that will disrupt or destroy their business. AOL and my past employer, Digital Equipment, are both examples of companies that had failed transitions, in part due to their momentum in “previous generations” of technology. (AOL continues as a visible subsidiary of Verizon, Digital has been subsumed into HP.)  What is happening is that the rate of change is increasing, The challenges associated with this were documented in the 1970’s by Alan Toffler in his book “Future Shock” and it’s sequels, “The Third Wave“, “Powershift” and most recently in “Revolutionary Wealth” (2006).  Toffler’s short form of Future Shock is: “too much change in too short a period of time” — a reality that has traction 50 years later.

What examples of disruption do you see coming? (But beware, it’s the ones we don’t see that can get us.)

Car Reporting Accidents, Violations

In addition to car’s using network connections to call for assistance, here is a natural consequence — your car may notify police of an accident, in this case a driver leaving a hit-and-run situation. My insurance company offered to add a device to my car that would allow them to increase my rates if they go faster than they think I should.  Some insurance companies will raise your rates if you exceed their limit (70 MPH) even in areas where the legal limit is higher (Colorado, Wyoming, etc. have 75+ posted limits).  A phone company is promoting a device to add into your car to provide similar capabilities (presented for safety and comfort rationale.)

So what are the possibilities?

  • Detect accident situations and have emergency response arrive even if you are unable to act — and as noted above this may also detect hit-and-run accidents.
  • Provide a channel for you to communicate situations like “need roadside assistance” or “report roadside problem”.
  • Monitor car performance characteristics and notify user (shop?) of out-of-spec conditions
  • Using this same “diagnostic port”, taking remote control of car
    • Police action – to stop driver from escaping
    • Ill-intended action, to cause car to lose control

So, in line with the season, your car  is making a list, checking it twice and going to report if you are naughty or nice —

====

One additional article from the WSJ Dec. 10th on the Battle between car manufacturers and smartphone companies for control of the car-network environment.  The corporate view, from Don Butler, Ford Motor’s Director of Connected Vehicles: “We are competing for mind-share inside the vehicle.”  Or as the WSJ says, “Car makers are loath to give up key information and entertainment links… and potentially to earn revenue by selling information and mobile connectivity.”  In short, the folks directing the future of connected vehicles are not focusing on the list of possibilities and considerations above.

 

Auto(mobile) hacking – is it just a myth?

Scientific American ran a “Technofiles” piece  trying to debunk the idea that cars can be hacked.  The online version corrects errors made in their November 2015 issue where the variation of the article overstated the time required, understated the number of potentially ‘at risk’ cars, and mis-stated the proximity required to accomplish the feat.

This has been a topic here before – so I won’t repeat that perspective.  However, I will copy my reply to the article posted on the Scientific American web site, since I think that this effort to dismiss the risk does a poor service to both the public, and to the industry that needs to give serious consideration for how they manage software and communications that can affect the health and safety of consumers.

David, et al, are not getting the message.
Yes, some of the details are wrong in David’s article (I guessed they were without being party to the Wired article) … also wrong is the “Internet” connection required assumption — external communications that can receive certain types of data is all that is required. (OnStar does not use the Internet) and the “premium savings” device advocated by my insurance company (“oh no, our folks assure us it can’t be hacked”) connects to the diagnostic port of the car (i.e. ability to control/test all aspects of operation) and is cell-phone connected to whomever can dial the number.
This is not model specific since all OnStar and after-market components span multiple models and multiple suppliers. This is not internet specific, but truly remote control would require either the cellular or internet connectivity (WiFi and Blue tooth, which are also likely “bells and whistles” are proximity limited.)
This does not require purchasing a car… they do rent cars you know. And to the best of my knowledge no automobile manufacturers have licensed software engineers reviewing and confirming a “can’t be done” — even if they did patch the flaw that the U.S. DoD/DARPA folks exploited for Sixty Minutes. — Until 9/11 no one had hijacked a commercial jet to destroy a major landmark before, so the lack of examples is not a valid argument. We have multiple proofs of concept at this point, that significantly reduces the cost and time required to duplicate this. There are substantial motives, from blackmail to terrorism (a batch of cars, any cars – terrorists don’t need to select, going off the road after a short prior notice from a terrorist organization would get the front page coverage that such folks desire.) The issues here, including additional considerations on privacy, etc. are ongoing discussions in the IEEE Society for the Social Implications of Technology … the worlds largest technical professional society (IEEE)’s forum for such considerations. see http://ieeessit.org/?p=1364 for related postings”

I’m not sure the editors will “get it” … but hopefully our colleagues involved in developing the cars and after-market devices can start implementing some real protections.

A question for a broader audience: “How do cell phone or internet based services (such as On-Star) affect your potential car buying?”

Matt Barth

Homebase location * Riverside, California
Email barth@ee.ucr.edu
SSIT Roles (and years) * IEEE Intelligent Transportation System delegate on the SSIT Board of Governors
Relevant IEEE Roles 2016 IEEE ITSS Past President
2014 – 2015 IEEE ITSS President
2013 IEEE ITSS President Elect
Other Related Activities/Interests Social impacts of intelligent transportation, automated vehicles, and connected vehicles

 

Philip Hall

Homebase location *
Ann Arbor, Michigan USA
Email philip@faerberhall.com
SSIT Roles (and years) *
2013-15 DL
2013-17 BoG Member
2015 Chair, Conferences & Events
2014-15 DL Program Chair
2014 Chapters Chair
2013-14 Chair, Australia Chapter
Relevant IEEE Roles
2014-15 SSIT Rep, IEEE-USA Committee on Transportation & Aerospace Policy (CTAP)
2015 Member, AESS & Vice Chair, AESS UAV Technical Panel

Other Related Activities/Interests
Interested in (1) National Security and societal implications of emerging technologies; (2) impact of climate variability on water, energy and food security; and (3) technologies for sustainability.
What Category/Topic TAGs should include you?
(Comma Separated)
education, policy, security, privacy, aerospace, emerging technologies, autonomous vehicles