Tele-Kiss … hmmm

London haptic researchers have developed a device to add to a cell phone that will allow remote persons kiss. As described in an IEEE Spectrum article. And since “a picture is worth a thousand words”:

A woman kisses a plastic pad attached to her smartphone to send a virtual kiss to the person she's video chatting with.

No doubt a wider range of haptic appliances will follow. A major US phone company used to have the slogan “reach out and touch someone”, perhaps our mobile devices are headed that way.

To GO or Not to GO?

Pokemon Go has become a delightful and disturbing experiment in the social impact of technology. This new “Free” software for smart phones implements an augmented reality, overlaying the popular game on the real world. Fans wander the streets, byways, public, and in some cases private spaces following the illusive characters on their smart phone to capture them, or “in world”, or to collect virtual items.  The uptake has been amazing, approaching Twitter in terms of user-hours in just days after introduction. It has also added $12 billion to Nintendo’s stock value (almost double).

Let’s start with “Free”, and $12 billion dollars. The trick is having a no-holds barred privacy policy. Not surprising, the game knows who you are and where you are. It also can access/use your camera, storage, email/phone contacts, and potentially your full Google account (email contents, Drive contents, etc.)  Them money comes because all of this is for sale, in real time. (“While you track Pokemon, Pokemon Go tracks you”, USA Today, 12 July 16) Minimally you can expect to see “Luremodules” (a game component) used to bring well vetted (via browser history, email, call history, disk content, etc.) customers into stores that then combine ad-promotions with in-store characters. Perhaps offering your favorite flavor ice cream, or draw you into a lawyer’s office that specializes in the issues you have been discussing on email, or a medical office that …well you get the picture, and those are just the legitimate businesses.  Your emails from your bank may encourage less honest folks to lure you into a back alley near an ATM machine .. a genre of crime that has only been rumored so far.

The July 13th issue of USA Today outlines an additional set of considerations. Users are being warned by police, property owners, and various web sites for various reasons. The potential for wandering into traffic is non-trivial while pursuing an illusive virtual target, or a sidewalk obstruction, or over the edge of the cliff (is there a murder plot hiding in here?) Needless to say playing while driving creates a desperate need for self-driving cars. Since the targets change with time of day, folks are out at all hours, in all places, doing suspicious things. This triggers calls to police. Some memorial sites, such as Auschwitz and the Washington DC Holocaust Memorial Museum have asked to be exluded from the play-map. There are clearly educational opportunities that could be built into the game — tracing Boston’s “freedom trail”, and requiring player engagement with related topics is a possible example. However, lacking the explicit consideration of the educational context, there are areas where gaming is inappropriate. Also, some public areas are closed after dark, and the game may result in players trespassing in ways not envisioned by the creators, which may create unhealthy interactions with the owners, residents, etc. of the area.

One USA Today article surfaces a concern that very likely was missed by Nintendo, and is exacerbated by the recent deaths of black men in US cities, and the shooting of police in Dallas. “For the most part, Pokemon is all fun and games. Yet for many African Americans, expecially men, their enjoyment is undercut by fears they may raise suspicion with potentially lethal consequences.”  Change the countries and communities involved and similar concerns may emerge in other countries as well. This particular piece ends with an instance of a black youth approaching a policeman who was also playing the game, with a positive moment of interaction as they helped each other pursue in-game objectives.

It is said every technology cuts both ways.  We can hope that experience, and consideration will lead both players and Nintendo to evolve the positive potential for augmented reality, and perhaps with a bit greater respect for user privacy.

Ethics of Virtual Reality

The Jan. 4, 2016 Wall St Journal has an article “VR Growth Sparks Questions About Effects on Body, Mind” pointing out, as prior publications have, that 2016 is likely to be the Year of VR. The U.S. Consumer Electronics Show is starting this week in Las Vegas, where many neat, new and re-packaged concepts will be strongly promoted.

The article points to issues of physical health – nasua is one well documented potential factor. But work has been taking place on residual effects (how soon should you drive after VR?), how long to remain immersed before you ‘surface’, etc. Perhaps the key consideration is degree to which our bodies/brains accept the experiences of VR as real — altering our thinking and behaviour. (Prof. Jeremy Bailenson, director of Stanford’s Virtual Human Interaction Lab confirms this is one impact.)

All of the pundits point out that every new technology has it’s potential uses/abuses. But that does not excuse the specific considerations that might apply to VR.  A point raised in the article “Scares in VR are borderline immoral”. There is a line of technology from “watching” to “first person” to “immersion” that should be getting our attention.  The dispute over “children impacted by what they watch on TV”, moving to first-person shooter video games, to VR is sure to occur.  But in VR, you can be the victim as well. I first encountered the consideration of the after effects of rape in a video game environment at an SSIT conference some years ago.  Even with the third party perspective in that case, the victim was traumatized. No doubt VR will provide a higher impact.  There are no-doubt lesser acts that can be directed at a VR participant that will have greater impact in VR than they might with less immersive technology.

This is the time to start sorting out scenarios, possible considerations for vendors of technology, aps and content, and also to watch for the quite predictable unexpected effects.  Do you have any ‘predictions’ for 2016 and the Year of VR?

 

Car Reporting Accidents, Violations

In addition to car’s using network connections to call for assistance, here is a natural consequence — your car may notify police of an accident, in this case a driver leaving a hit-and-run situation. My insurance company offered to add a device to my car that would allow them to increase my rates if they go faster than they think I should.  Some insurance companies will raise your rates if you exceed their limit (70 MPH) even in areas where the legal limit is higher (Colorado, Wyoming, etc. have 75+ posted limits).  A phone company is promoting a device to add into your car to provide similar capabilities (presented for safety and comfort rationale.)

So what are the possibilities?

  • Detect accident situations and have emergency response arrive even if you are unable to act — and as noted above this may also detect hit-and-run accidents.
  • Provide a channel for you to communicate situations like “need roadside assistance” or “report roadside problem”.
  • Monitor car performance characteristics and notify user (shop?) of out-of-spec conditions
  • Using this same “diagnostic port”, taking remote control of car
    • Police action – to stop driver from escaping
    • Ill-intended action, to cause car to lose control

So, in line with the season, your car  is making a list, checking it twice and going to report if you are naughty or nice —

====

One additional article from the WSJ Dec. 10th on the Battle between car manufacturers and smartphone companies for control of the car-network environment.  The corporate view, from Don Butler, Ford Motor’s Director of Connected Vehicles: “We are competing for mind-share inside the vehicle.”  Or as the WSJ says, “Car makers are loath to give up key information and entertainment links… and potentially to earn revenue by selling information and mobile connectivity.”  In short, the folks directing the future of connected vehicles are not focusing on the list of possibilities and considerations above.

 

Auto(mobile) hacking – is it just a myth?

Scientific American ran a “Technofiles” piece  trying to debunk the idea that cars can be hacked.  The online version corrects errors made in their November 2015 issue where the variation of the article overstated the time required, understated the number of potentially ‘at risk’ cars, and mis-stated the proximity required to accomplish the feat.

This has been a topic here before – so I won’t repeat that perspective.  However, I will copy my reply to the article posted on the Scientific American web site, since I think that this effort to dismiss the risk does a poor service to both the public, and to the industry that needs to give serious consideration for how they manage software and communications that can affect the health and safety of consumers.

David, et al, are not getting the message.
Yes, some of the details are wrong in David’s article (I guessed they were without being party to the Wired article) … also wrong is the “Internet” connection required assumption — external communications that can receive certain types of data is all that is required. (OnStar does not use the Internet) and the “premium savings” device advocated by my insurance company (“oh no, our folks assure us it can’t be hacked”) connects to the diagnostic port of the car (i.e. ability to control/test all aspects of operation) and is cell-phone connected to whomever can dial the number.
This is not model specific since all OnStar and after-market components span multiple models and multiple suppliers. This is not internet specific, but truly remote control would require either the cellular or internet connectivity (WiFi and Blue tooth, which are also likely “bells and whistles” are proximity limited.)
This does not require purchasing a car… they do rent cars you know. And to the best of my knowledge no automobile manufacturers have licensed software engineers reviewing and confirming a “can’t be done” — even if they did patch the flaw that the U.S. DoD/DARPA folks exploited for Sixty Minutes. — Until 9/11 no one had hijacked a commercial jet to destroy a major landmark before, so the lack of examples is not a valid argument. We have multiple proofs of concept at this point, that significantly reduces the cost and time required to duplicate this. There are substantial motives, from blackmail to terrorism (a batch of cars, any cars – terrorists don’t need to select, going off the road after a short prior notice from a terrorist organization would get the front page coverage that such folks desire.) The issues here, including additional considerations on privacy, etc. are ongoing discussions in the IEEE Society for the Social Implications of Technology … the worlds largest technical professional society (IEEE)’s forum for such considerations. see http://ieeessit.org/?p=1364 for related postings”

I’m not sure the editors will “get it” … but hopefully our colleagues involved in developing the cars and after-market devices can start implementing some real protections.

A question for a broader audience: “How do cell phone or internet based services (such as On-Star) affect your potential car buying?”

Employee Cell Phone Tracking

An employee in California was allegedly fired for removing a tracking APP from her cell phone that was used to track her on-the-job and after-hours travel and locations.  The APP used was XORA (now part of Clicksoft).
Here are some relevant, interesting points.

  • Presumably the cell phone was provided by her employer.  It may be that she was not required to have it turned on when she was off hours.
    (but it is easy to envision jobs where 24 hour on-call is expected)
  • There are clear business uses for the tracking app, which determined time of arrival/departure from customer sites, route taken, etc.
  • There are more intrusive aspects, which stem into the objectionable when off-hours uses are considered: tracking locations, time spent there, routes, breaks, etc. — presumably such logs could be of value in divorce suits, legal actions, etc.

Consider some variations of the scenario —

  1. Employee fired for inappropriate after hours activities
  2. Detection of employees interviewing for other jobs,
    (or a whistle blower, reporting their employer to authorities)
  3. Possible “blackmail” using information about an employees off hour activities.
  4. What responsibility does employer have for turning over records in various legal situations?
  5. What are the record retention policies required?  Do various privacy notifications, policies, laws apply?
  6. What if the employer required the APP to be on a personal phone, not one that was supplied?

When is this type of tracking appropriate, when is it not appropriate?

I’ve marked this with “Internet of Things” as a tag as well — while the example is a cell phone, similar activities occur with in-car (and in-truck) monitoring devices, medical monitoring devices, employer provided tablet/laptop, and no doubt new devices not yet on the market.

FTC, NoMi and opting out

The U.S. Federal Trade Commission (FTC) settled charges with Nomi Technologies over it’s opt-out policy on April 23rd. Nomi’s business is putting devices in retail stores that track MAC addresses.  A MAC unique MAC address is associated with every device that can use WiFi –it is the key to communicating with your device (cell phone, tablet, laptop, etc.) as opposed to someone elses device.  Nomi apparently performs a hash ‘encryption’ on this (which is still unique, just not usable for WiFi communications) and tracks your presence near or in participating retail stores world wide.

The question the FTC was addressing is does Nomi adhere to it’s privacy policy, which indicates you can opt out in store, and would know what stores are using the technology. Nomi’s privacy policy (as of April 24) indicates they will never collect any personally identifiable information without a consumer’s explicit opt in — of course since you do not know where they are active, nor that they even exist it would appear that they have no consumer’s opting in.  Read that again closely — “personally identifiable information” … it is a MAC address, not your name, and at least one dissenting FTC commissioner asserted that “It is important to note that, as a third party contractor collecting no personally identifiable information, Nomi had no obligation to offer consumers an opt out.”  In other words, as long as Nomi is not selling something to the public, they should have no-holds-barred ability to use your private data anyway they like. The second dissenting commissioner asserts “Nomi does not track individual consumers – that is, Nomi’s technology records whether individuals are unique or repeat visitors, but it does not identify them.” Somehow this commissioner assumes that the unique hash code for a MAC address that can be used to distinguish if a visitor is a repeat, is less of a individual identifier than the initial MAC address (which he notes is not stored.) This is sort of like saying your social security number backwards (a simplistic hash) is not an identifier whereas the number in normal order is.  Clearly the data is a unique identifier and is stored.  Nomi offers the service (according to their web site) to “increase customer engagement by delivering highly relevant mobile campaigns in real time through your mobile app” So, with the data the store (at it’s option) chooses to collect from customers (presumably by their opting in via downloading an app) is the point where your name, address, and credit card information are tied into the hashed MAC address.  Both dissenting commissioners somehow feel that consumers are quite nicely covered by the ability to go to the web site of a company you never heard of, and enter all of your device MAC addresses (which you no doubt have memorized) to opt-out of a collecting data about you that you do not know is being collected for purposes that even that company does not know (since it is the retailer that actually makes use of the data.)  There may be a need to educate some of the folks at the FTC.

If you want to opt out of this one (of many possible) vendors of individual tracking devices you can do so at http://www.nomi.com/homepage/privacy/ .Good Luck.

 

Who is Driving Your Car?

A recent CBS Sixty Minutes program interviewed folks at DARPA, including a demonstration of how a recent computer-laden car could be hacked and controlled.

Computers in cars are not a new thing, even the dozens that we see in new models, and they have been interconnected for some time as well.  Connecting your car to the network is a more recent advance — “On Star” is one variation that has been on-board for a while.  The ads for this have suggested the range of capabilities — unlock your car for you, turn on your ignition, detect that you may have been in an accident (air bag deployed, but maybe  monitoring capabilities) and of course, they know where your car is — if it is stolen they can disable it. Presumably a hacker can do all of these as well — and the DARPA demonstration shows some of the implications of this — stopping the car, acceleration, etc.  Criminals have already acquired armies of zombie computers to use in attacking their targets, blackmail, etc.  Imagine having a few hundred zombie cars in a major city like LA — enabling both terror or blackmail.

An additional sequence on SIxty Minutes shows the hacking of a drone.  And perhaps equally important, a re-programmed drone that is not (as easily) accessed/hacked.  Behind this is an issue of software engineering and awareness.   The folks making drones, cars, and other Internet of Things (IoT) objects are not ‘building security in’.  What is needed is an awareness for each IoT enabled device of the security risks involved — not just for abuse o f that particular device, but also how that might impact other devices in the network or the health and safety of the user and public.

A recent dialog with some IEEE-USA colleagues surfaced a question of where software engineering licensing (professional engineers) might be required … and we used video games as an example of a point where it did not seem appropriate … of course, that all breaks down if your video game can take over your car or your pace maker.

 

 

Phony Cell Towers (who, why, …)

Popular Science Magazine had an article on “Who is running the phony cell phone towers” along with a map of some 20 plus that had been located.  These “towers” look like a local service tower to all cell phones in range and can capture some “meta data” (phone #, ID, location info) without any need to decrypt actual calls, but could also do that with some additional effort.

Variations of this technology, “Stingray” and “Triggerfish” are available for sale, perhaps with some limitations on buyers — at least for major manufactures like Harris.   How these are being used in the U.S. is being carefully protected according to a 2011 Wall Street Journal article. Popular Science indicates that a unit could be constructed for as little as $2000 by a knowledgeable hacker (at a maker-space near you no doubt), but did not point to any kits, plans or software available on the net at this time.

While the question posed by Popular Science and some other publications related to this recent survey of phony towers is “who is doing it?” — a more relevant observation is that any entity with resources and interest can do so in any country.  It is probably illegal in most if not all countries, at least for non-governmental agencies, but with a low cost, low profile and difficult to detect characteristics you can bet it is being done.  There are phones that can detect, and reject these tower connections, which is what the really bad guys might use (or disposable phones that they trash after every use which might be cheaper.)

While the “NSA” data collection revelations have sparked a lot of interest, and apparent “surprise” from foreign country officials — this potentially more “democratic” capability (everyone can do it) has not gotten the same press.  Of course the opportunity for abuse is much greater with a comprehensive program managed by government entities, but the opportunity is there for unscrupulous actors to monitor our cellular presence (note just having your phone “on” provides for this tracking, no calls required.)

Technology has addressed the “how, what, when and where” issues, the “who and why” answers will vary from country to country and perhaps a new form of paparazzi as well.

Enslaved by Technology?

A recent “formal” debate in Australia, We are Becoming Enslaved by our Technology addresses this question (90 min).  A look at the up side and down side of technological advances with three experts addressing both sides of the question.

One key point made by some of the speakers is the lopsided impact that technology may have towards government abuse.  One example is captured in the quote “a cell phone is a surveillance device that also provides communications”  (quoted by Bernard  Keene)  In this case one who benefits from continuous location, connectivity, app and search presence.

Much of the discussion focuses on the term “enslave” … as opposed to “control”.  And also on the question of choice … to what degree do we have “choice”, or perhaps are trying to absolve our responsibility by putting the blame on technology.

Perhaps the key issue is the catchall “technology”.  There are examples of technology, vaccines for example, where the objectives and ‘obvious’ uses are beneficial (one can envision abuse by corporations/countries creating vaccines.) And then the variations in weapons, eavesdropping, big-data-analysis vs privacy, etc.  Much of technology is double-edged – with impacts both “pro and con” (and of course individuals have different views of what a good impact.)

A few things are not debatable (IMHO):
1. the technology is advancing rapidly on all fronts
2. the driving interests tend to be corporate profit, government agendas and in some cases inventor curiosity and perhaps at times altruistic benefits for humanity.
3. there exists no coherent way to anticipate the unintended consequences much less predict the abuses or discuss them in advance.

So, are we enslaved? …. YOU WILL RESPOND TO THIS QUESTION! (Oh, excuse me…)