Category Archives: Security

National Privacy Day Panel: Driving Privacy and Security in IoT

As part of National Data Privacy Day on January 28th, 2016, we are proud to have been selected to participate in an event sponsored by the California State Governor’s Office of Business and Economic Development, CyberTECH and the Ponemon Institute. Called Securing the Internet of Things: National Data Privacy Day 2016, the event was held in the California State Capitol Building and brought together leaders from the California State Government, educational institutions and private industry to discuss how all can work together to better protect privacy and security in the age of IoT (some of our thoughts on the subject can be found here).

 

Intertrust’s own Vivek Palan participated on a panel discussion entitled, “Security, Privacy and Trust in IoT Platforms.” Moderated by Davis Hake from Palo Alto Networks, the panel also included Lance Cottrell from Ntrepid, also the founder of the well-known privacy tool Anonymizer, Peter Day from Bank of the West, and Ford Winslow from centrexIT. To start with, Vivek stated the breadth of the issue by saying, “Everything you see now from household products to medical devices will be affected by IoT. The only limit is our imagination… Intertrust believes that for IoT to be successful, there is a very strong need for a common security layer with open standards .”

Mr. Cottrell made a very interesting point regarding just how to define IoT. At the heart of things, IoT is really about computers but the difference between IoT and other computing devices such as personal computers and smartphones is more psychological than technical. “The user doesn’t think of a device such as a connected car, smart meter or SCADA system as a computer but as a device that does something. The person who built it doesn’t think about it as a computer either,” (Cotrell). This also affects security since a laptop user is expected to be responsible to a large extent for their security. The same expectation does not exist with IoT devices. Mr. Day put another spin on this, saying “IoT really means a radical loss of control to end users.”

Need to Act Quickly

The panel emphasized the need for quick action to develop trust in IoT. Given the potential ubiquitous nature of these devices and the intimate connections IoT devices will have for both homes and organizations, Mr. Day suggested that the risk environment for IoT is different from other types of computing environments.  With the scope and threats of IoT deployments yet to be determined, he is particularly concerned about unforeseen risks. “The situation is similar to right before 9/11…. Policy planners must think about freely about the possibilities free of what happened in the past,” (Day).

With a reference to the recent past, Intertrust’s Mr. Palan put forth one unnerving potential privacy risk around IoT. In June 2014, it came out in the press that Facebook had been manipulating some of their user’s newsfeed posts to see if it could change their emotional state. With consumer IoT devices potentially having access to very sensitive personal data throughout an individual’s life, “imagine the type of subtle manipulation these devices could do, (Palan).”

According to Mr. Cotrell, the dangers are increasing as many IoT manufacturers are putting out product without any clear guidance on who is liable for privacy and security. “IoT is essentially creating cyber security smog. Everyone can produce it but no one has to take responsibility for it, (Cotrell).”

Building Trust

Much of the discussion was about how to establish trust for IoT devices. Mr. Palan has had some experience working for startups in the past. Noting that many companies active in the IoT space are startups, “I can understand how the pressures of releasing a product quickly can sometimes  lead to skipping non-visible aspects like security and reliability,” (Palan).  According to Mr. Palan, however, this is likely to be just a temporary state of affairs for as time goes on business pressures will make sustainable user trust a competitive advantage.

The panel as a whole saw a real opportunity for open standards, protocols and industry organizations to play a large role in IoT privacy and security. Mr. Cottrell stated that the industry needs to get away from the stance of relying on end-user education. “When you buy a phone charger, you don’t expect to have to do your own testing to make sure it is safe, you just look for a UL (Underwriter’s Laboratory) code on it,” (Cottrell). As to how this sort of “UL mark for IoT” security will actually work, “Open standards and protocols will be baked into products as a matter of course and standards bodies will make sure devices comply with security,” (Palan). The idea of introducing clear lines of liability for IoT privacy and security and coming up with indemnification mechanisms was a recurring theme throughout the panel.

Beyond the usual drumbeat of privacy and security hacks, Mr. Winslow suggested that a move from selling IoT devices to selling IoT services could provide an effective economic incentive for IoT security. “Six months ago, I saw a medical device manufacturer move to giving a device away for free and charging a subscription fee, getting 10 to 20 times the revenue,” (Winslow). With additional revenue and an added incentive to keep the service up and going, a subscription model means more resources available for security measures. 

—-

Photo Caption:

From left to right: Davis Hakes (Palo Alto Networks), Vivek Palan (Intertrust), Lance Cotrell (Ntrepid), Peter Day (Bank of the West) and Ford Winslow (centrexIT) 

Consumers Agree: Fix IoT Security and Privacy for Market Growth

As we greet the New Year (Happy New Year everyone!), like every year the tech industry starts things off with a bang at the annual CES show. This year, with introductions of everything from new AI technology for connected cars to talking sunglasses, the consumer electronics industry is looking for their next big market. And, it’s clear that consumer IoT (Internet of Things) is the theme of CES 2016. So, it’s not surprising that the consulting firm Accenture picked this time to release an international survey of consumers’ attitudes toward IoT. The Accenture survey shows what many in the industry have been pointing out for a while; for the consumer IoT market to really take off, security and privacy concerns have to be effectively addressed.

Accenture surveyed 28,000 consumers in 28 countries in October and November, 2015. They found that consumer intent to purchase such IoT products as smartwatches and fitness monitors in 2016 was around 7 to 13 percent, with little change compared to 2015. This relatively tepid enthusiasm can be explained by the perceived barriers, the first being cost with 62 percent of consumers feeling IoT products were still too expensive. The second, though, is the security and privacy risks of these products, with 47 percent of consumers citing this concern. In the expected high-growth markets of China and South Africa, security and privacy risks were cited by 58 percent of those surveyed.

Most likely consumers have been influenced by the spate of news stories about actual security and privacy risks found in the IoT products in the market today. Wired Magazine has a good roll up of some of the more egregious incidents in 2015, including a demonstration of the remote takeover of a Jeep Cherokee and security holes found in smart refrigerators and dolls. A poll of U.K. based security experts found that 75 percent felt that IoT device manufacturers were not implementing appropriate security measures.

Consumers are not the only ones concerned; IoT privacy and security concerns have reached the government level as well. In Fall 2014, an organization of the European Commission released an opinion on IoT privacy, followed by the Federal Trade Commission (FTC) in January, 2015. In December 2015, the U.S. Department of Homeland Security (DHS) put out a call for startups in Silicon Valley and others to help develop IoT security.

Some of the issues with IoT security can be attributed to the fact that many companies now getting into the market are ones that haven’t had much reason to worry about computing security in the past. This makes it even more urgent for the IoT industry to move on and create appropriate standards and best practices for security and privacy. There are, in fact, quite a number of standards consortiums and industry organizations working on this issue. Of course, we recognize that hastily cobbled together standards could lead to even more potential problems down the road. Still, given the threats to today’s consumers and tomorrow’s corporate profits, it seems a wise course for industry participants to commit even more resources in hopes of speeding the process along.

19 Ways Cryptanium Delivers Comprehensive Application Security

Software, hardware, and content industries lose millions every year because of piracy, intellectual property theft, cracked copyright mechanisms, tampered software, malware, and so on. The basic problem lies in the openness of the underlying architecture of today’s computing systems. With the right expertise and tools, anyone can gain control over software running on their devices. There will always be users who will attempt to analyze and break software protection mechanisms, out of personal gain or pure curiosity. Therefore, a robust and efficient software protection scheme is an absolute must for all modern software applications in virtually all business areas. It is a fundamental factor in ensuring long-term profitability in today’s distributed software markets.

The war zone between software applications and adversaries who want to crack them is very broad and diverse. An application can be attacked at various layers, on different hardware, and with very different goals in mind, creating a very complex problem for companies who want to protect their intellectual property. Here are nineteen ways that our integrated software protection solution, Cryptanium, protects the entire application code and all the sensitive data processed by that code:

1. Integrity protection. Hundreds of embedded overlapping checksums ensure that the binary code of the application is not modified.

2. Code obfuscation. Source-level protection that transforms the original code so that it is very hard to understand and reverse engineer.

3. Anti-debug protection. Platform-specific anti-debug code enables effective protection against main-stream debuggers, thus preventing analysis of the code.

4. iOS jailbreak detection. Code Protection provides efficient security mechanisms that will defend the application if a jailbroken device is detected.

5. Method swizzling detection. Code Protection provides efficient security mechanisms that will defend the application if a jailbroken device is detected.

6. Android rooting detection. Code Protection provides efficient security mechanisms that will defend the application if a rooted device is detected.

7. Mach-O binary signature verification. Code Protection provides a security feature specifically aimed at the Mach-O file format (used by iOS and OS X apps) that prevents unwarranted re-signing and distribution of the protected app.

8. Google Play licensing protection. The anti-piracy feature relies on an alternative implementation of the Google Play license verification library written in native code, which is very hard to reverse engineer and modify.

9. Integrity protection of Android APK packages. Set of source code and run-time features that allow you to protect APK packages against any kind of tampering, including re-signing with a different key.

10. Verification of function caller modules. Code Protection prevents manipulation of function calls by enabling the application to verify function caller modules and defend itself if modules are unauthorized.

11. Cross-checking of shared libraries. You can select specific shared library files from your application, and Code Protection will calculate cryptographic signatures of their binary code and embed these signatures in the main application. Then, at arbitrary places in the application code you can invoke a special function that checks if the signature of a particular shared library loaded in the memory matches the previously recorded signature.

12. Binary packing. Executable code is stored in encrypted form, and is decrypted only at run time.

13. Inlining of static void functions. Obfuscation level of the protected application is greatly increased by merging certain simpler functions into other functions.

14. Objective-C message call obfuscation. Code Protection can obfuscate message calls in the binary code so that they do not appear in plain text.

15. Objective-C metadata obfuscation. Code Protection can encrypt the metadata of Objective-C executables to hide valuable information from potential attackers.

16. String literal obfuscation. Code Protection can encrypt a large portion of string literals in the code. They are decrypted only before they are actually used. This feature provides strong protection against static analysis.

17. Customizable defense action. You can write a custom callback function to be invoked when the protected application detects a threat.

18. Software diversification. The footprint of the generated protection and its data is different for every protected application, making it even harder for hackers to develop a universal cracking scheme.

19. White-box cryptography. Standard cryptographic algorithms are implemented in a way that completely hides the internal keys and prevents them from being modified.

Recent data breaches underscore the need for comprehensive application security, and Cryptanium delivers!

Photo by Craig Moe.

Is Digital Privacy a Myth, or can we Win the War on Controlling our Data over the Open Internet?

The rise of the “information economy” has been fueled by a combination of efficiencies (higher performance at lower cost) in processing power and storage capacity, rabid consumer adoption of sensor-rich devices, and refinements in machine learning.  This progress has made data an indispensible component of growth for any modern enterprise.   As a result, entities of all kinds – commercial, governmental, academic – are motivated to collect and analyze as much data as possible to better understand us as individuals.  Whether we are tracked as customers, constituents or research subjects, more of our consumption, preferences, geographic movements, biometric information, and even our DNA is being recorded and interpreted.   The end goal may be to improve our experiences with products and services, allocate scarce resources more efficiently, cure disease, or simply gain an edge on a competitor. 

Whether harmless or not, all of these data collection practices are becoming more invisible to us as we are “lulled” into giving up our digital privacy by accepting that such information can no longer be practically controlled if we are to engage as consumers in a connected world.

This raises questions around the wide array of seemingly “free” services offered via the Internet.  Of course, none of these are truly costless to us, and our data is the currency we are paying with.  Every time we browse, shop, make a reservation, pay, share, read, like or follow, we submit trackable, identifiers that are collected and sold to marketers, insurance agents, app developers, publishers and others who profit from knowledge of our behavior.  Disclosures about these data privacy practices may be written out in the lengthy legal agreements presented when we register for a new app or service, but they are wholly impractical for laypeople to read and understand.  So by clicking “ACCEPT”, we are effectively signing away our data privacy and rights to control how our data is being collected, resold, and used. 

Are any online services truly free? What are the true but hidden data privacy costs? 

To be clear, the “Internet era” did not create the practice of information management.  Long before we were blindly accepting Terms of Use, we were sharing personal information for particular purposes: to get a credit card, diagnose an ailment, travel internationally, comply with a census, etc.  In these scenarios, we were more comfortable in sharing this personal information because it was handled by an entity that we believed we could trust like a bank, government agency, physician, or co-worker.  And at that time, we could reasonably assume that such information would not jeopardize our digital privacy, and would remain with that entity, and used for only the explicitly stated purpose. 

What makes us uneasy today is the notion that our personal information might be distributed to a broader group than we’d thought or used for a different purpose than we’d intended.  The notion that many disparate sets of data could be amalgamated to build a very accurate model of us is uncomfortable.  The fact that profit-seeking entities are now incentivized to accelerate and refine this process is all the more troubling because we don’t even know them, let alone trust them.

Would this change if these entities were both known and trusted? Is trust over the Internet the cornerstone to achieving digital privacy?

A host of regulatory bodies around the globe have produced rules around the ways in which personal information may be collected and used, including: US-EU Safe Harbor Privacy Principles, COPPA, HIPAA, EU privacy directives, standards bodies such as IAB, NAI, and CNIL are putting forth frameworks to set limits, and the US NITRD is actually researching the challenge as well.  Most of these groups advocate for a rigorous regime of transparency, disclosure, accountability, consent (through opt-in), and “fair use” which are necessary to preserve people’s “Datarights,” that is, the rights of individuals to control access to and use of personal data. But the elephant in the room is that this is not sufficient until the ownership structure of data is rebalanced in favor of the individual.

At the moment, the balance of power on the Internet is highly skewed towards service providers with massive capital resources, while individuals are left with a difficult choice – use the Internet and surrender some measure of data privacy, or not use these services and become marginalized from society. With the right mechanisms in place, this dilemma can be solved.

What regulatory framework is required to manage personal data online? 

Twenty-five years ago, Intertrust Technologies pioneered Digital Rights Management (DRM) to protect the rights of copyright holders and continues to make significant advances to the field of trusted computing. The company’s technologies have been at the core of both first-hand and externally developed solutions to fundamental security challenges such as code tamper resistance, content protection and authentication of IoT (Internet of Things) devices. Today, Intertrust continues its work in these fields as well as taking its technology into the fields of protecting individual digital privacy.

To learn more about how Intertrust proposes to preserve privacy, please visit our blog.

 

Photo Caption: Die Erste Lücke in der Berliner Mauer, The first gap in the Berlin Wall

Application Security Just Got Proactive – Runtime Application Self-Protection

According to Gartner (Forecast: Information Security, Worldwide, 2012-2018, 2Q14 Update) in 2014 organizations spent nearly $9.1 billion on firewalls and intrusion prevention systems and almost $2.4 billion for secure Web gateways. This $11.5 billion is massive when compared to their estimate of little more than $500 million spent on application security. And yet,its applications and their reliance on data are generally considered the most valuable enterprise assets.

Compounding the security threat to applications is the heavy reliance on mobile devices for access and the use of these mobile devices within the enterprise network. The BYOD growth has helped fuel some of the growth in this perimeter security spending increase, but perimeter protection simply won’t cut it in today’s intrusion landscape; applications need self-defense or as Gartner calls it, runtime application self-protection (RASP).

Also, if a mobile app isn’t properly protected, it is vulnerable to another pernicious attack, “trojanization”. Trojanization is where a cybercriminal takes a legitimate app and modifies it so that instead of the app performing the tasks originally designed for it, the app actually performs tasks for the cybercriminal such as stealing information from the mobile device. Trojanization is particularly a threat to Android devices because apps distributed through Google Play undergo a less strenuous vetting process and Android devices can also be set to download apps from sources other than Google Play.

Gartner sees RASP as an emerging security trend that will become critical in protecting applications. In their research report – Maverick Research: Stop Protecting Your Apps; It’s Time for Apps to Protect Themselves – Gartner predicts “25% of Web and cloud applications will become self-protecting, up from less than 1% today.”

This trend is important as today, viruses, Trojans, key loggers, and other harmful software are serious problems reaching smartphones, tablets, and other embedded systems. If your application is not sufficiently self-protected, it will be exposed to theft of sensitive data and intellectual property, reverse engineering/analysis, license checks removal, performance-loss, and unwanted behavior.

Runtime application self-protection is the next smart application security protocol. Make sure you’re ahead of the threats to your enterprise by thinking inside the box.

Secure Key Box: FIPS 140-2 Level One Certification Now in Hand

If you work in government or financial services then you know the importance that industry regulators place on information security and with today’s reliance on mobile devices and platforms, this security protocol is not always an easy endeavor. In fact, according to the Identify Theft Resource Center Data Breach Report (PDF), as of December 23, 2014, there have been 42 data breaches in the financial services industry alone, representing 5.5 percent of all breaches and involving over 1 million records. Think that’s bad? In the government sector there were 90 data breaches in 2014, representing 7.6 percent of all breaches and involving 6.5 million records.

One of the ways these industries emphasize security is with the Federal Information Processing Standard (FIPS) 140-2 that validates security claims for products using cryptography through the National Institute of Standards and Technology (NIST). By law, U.S. government purchasing agents must purchase the product that is validated for FIPS 140-2 (or FIPS 140-1) over one that is not. FIPS 140-2 is also required by federal agencies in Canada and recognized in Europe and Australia.

The financial community uses FIPS 140-2 to measure the safety of products handling monetary transactions. Security Level 1 allows the software and firmware components of a cryptographic module to be executed on a general purpose computing system using an unevaluated operating system without any additional hardware security mechanism.

We’re excited to announce that our Secure Key Box 4.6.0 Crypto Module has received the FIPS 140-2 Level 1 certification from NIST. This certification assures that government, financial agencies, and resellers alike that our Secure Key Box module delivers the highest level of protection available for sensitive information.

Thorsten Held, our managing director, summed up our certification:

Investing in certifications like FIPS is important for our customers and demonstrates our commitment to offer best-in-class software security solutions to the industry. Our Secure Key Box is an innovative white-box protected crypto library that secures cryptographic keys in memory. With the FIPS certification we address the security concerns of government and financial agencies that can rest assured our solution has passed the most rigorous testing. And to date, we seem to be the only company that is offering a white-box crypto library that comes with FIPS 140-2 certification.

Our Cryptanium security solutions are available for popular platforms such as Android, iOS, Windows, OSX and Linux.

Digital Security: A Look in the Mirror

As 2014 draws to a close, It is essential to look back on  financial and other implications for companies in dealing with digital security and privacy, particularly as IoT implementations are likely to grow. There are rays of hope for 2015, despite the pessimism-privacy is not dead.

A Look in the Mirror

This past year, the world experienced such a high volume of brutal cyber attacks (which are showing little sign of decreasing) that they have become seemingly commonplace. These many privacy breaches of a wide variety of companies make it more important than ever to take action to protect personal and corporate information online.  This must be done in order to support an open society and to protect users’ flow of digital information the way they intend it. That is what the Internet of trust is all about-for individuals and enterprises alike.

Increasing Costs of Digital Security and Privacy

It is important to understand that digital security and digital privacy are two different things: digital security is necessary to ensure digital privacy. As criminals become more sophisticated and the need for digital trust and privacy increases, a new industry, cyber insurance, has risen to help companies weather the very real consequences of cyber attacks. The extreme consequences of attacks on corporate data could lead to a jump in cyber insurance premiums. This is just with the amount of data companies currently hold. What will happen when premiums take into account the increase in the amount of data companies hold due to IoT implementations? At this rate, cyber insurance is likely to become a necessity for small and mid-size companies. How many can afford it, and what can companies expect regarding policies?

What Companies Can Do

To successfully achieve digital privacy and security, companies are already taking a number of newsworthy steps. Companies can:

Be prepared!

Incorporate Tripwire technology into the Internet of Things (IoT) security.

Restructure and Reorganize to focus on IoT security.

Put policies in place to address fundamental security practices.

Looking Forward to 2015

As more and more people and companies continue to use connected devices, how is it best to go about securing, making trustworthy, and managing access to networks and massive sets of data for a connected society? Where do trusted intermediaries fit in to this approach? This will be the primary focus of 2015.

As 2014 comes to a close, despite the pessimism, there are in fact rays of hope in the continuing struggle to protect digital security and privacy amongst the concerns. For starters, these concerns are bringing about necessary change: government and industry authorities are recognizing the value of and are calling for more digital-and mobile application-privacy and security. Furthermore, it’s encouraging to see the American technology industry take a principled stand to ensure people that privacy is not dead.

Privacy is not dead.

Friday Highlights: Connected Car, OTT TV, and Sensors for Good

Intertrust’s Friday Highlights provides a weekly review and analysis of a variety of articles that highlight trends in digital trust, Internet security, and Internet privacy. Here are the top connected car, OTT TV, and “wearables” stories from last week.

Privacy and Security in the Connected Car Era

This week, Intertrust’s whiteCryption subsidiary participated in the Connected Car Expo in Los Angeles showcasing its automotive software security solutions. It’s also worth pointing out that security and privacy in the connected car is something which Intertrust and whiteCryption have been thinking about for a while now. So, to highlight issues around the emerging connected car market, here are some articles about the connected car, privacy and security from this week.

Written from a European perspective, here is a good overview of some of the legal conundrums surrounding privacy and security in the connected car.

Top 5 takeaways on connected cars
www.jdsupra.com/legalnews/top-5-takeaways-on-connected-cars-66570

Traditionally, all the software contained in automobiles has been tightly controlled by the automobile manufacturer. With individuals now expecting their connected cars to run apps like their smartphones, manufacturers are beginning to open up their cars to third-party app developers. While this is a plus for the user experience, third-party apps represent an additional security and privacy threat which all parties in the ecosystem must work to address. This week, Honda announced a new program to work with app developers with privacy being one focus.

Honda wants to help developers build better Android Auto apps

http://www.cnet.com/news/honda-opens-android-auto-developer-studio-in-silicon-valley/

Here’s a company working on a solution bringing the connected car experience to older vehicles. It will be interesting to see how they address security issues in vehicles that weren’t designed to be connected to the Internet.

The Internet of Anything: The Little Box That Hooks Your Old Car Up to the Internet

http://www.wired.com/2014/11/internet-anything-little-box-hooks-old-car-internet/

One principal of security is understanding what are targets for bad actors. There is now a proposal in front of the New Jersey Legislature on how to protect the privacy of data held by a component already present in many of the cars today. These are “event data recorders” (often called “black boxes”) which record quite a lot of information related to the operation of a car. Avoiding bad actor access to the data in these devices is one of the challenges in connected car security. By the way, other politicians in the United States have also focused on privacy issues around the connected car, including a United States Senator.

Proposed New Jersey Legislation Seeks to Protect Privacy Interests in Motor Vehicle’s “Black Box” Data
www.jdsupra.com/legalnews/proposed-new-jersey-legislation-seeks-to-73892/

Privacy Professionals Gather in Europe

Continuing on the theme of Intertrust event participation, we’re honored that Intertrust’s Knox Carey was chosen to speak on the subject of privacy and genetic data in the era of cloud computing at the IAPP Europe Data Protection Congress, 2014 held in Brussels this week. This event brought together luminaries from both the policy and technology fields to discuss the latest issues in the privacy field. For those of you who couldn’t make it to Brussels, here’s a site showing the Twitter feed from the event to give a flavor of the discussions.

The Social Story from the Data Protection Congress

https://storify.com/IAPP/the-iapp-europe-data-protection-congress-2014-2015

The Continuing Inevitable March of OTT TV

Intertrust’s Gilles Boccon-Gibod was interviewed for the November/December 2015 edition of Streaming Media’s Video Monetization DRM and Syndication. In the interview, Gilles discusses some of the technical issues around content protection in OTT (over-the-top) TV. As we have noted, Intertrust believes OTT TV represents the future of TV and content protection will continue to play an important part in the growth of this industry. Here are some articles backing up the growth of OTT TV.

OTT TV is already big business.

OTT Services Predicted To Hit $5.8 In 2014

http://www.mediapost.com/publications/article/238631/ott-services-predicted-to-hit-58-in-2014.html

In the US market, the television industry lives and breathes off the viewership data produced by Nielsen Media. This week, it came out that Nielsen is planning on measuring the audience reach of TV content distributed by OTT TV providers such as Netflix and Amazon. This is an important validation of OTT TV. The implications of this move on the TV industry will be interesting to watch going forward.

Nielsen to Reportedly Measure Netflix and Amazon Viewership

http://www.hollywoodreporter.com/live-feed/nielsen-reportedly-measure-netflix-amazon-750134

One challenge facing the traditional TV industry in the US shows up with the fact that people now spend more time looking at their mobile devices rather than a TV set. Today’s smartphones and tablets are perfectly good platforms for enjoying OTT TV.

We Now Spend More Time Staring at Phones Than TVs
www.businessweek.com/articles/2014-11-19/we-now-spend-more-time-staring-at-phones-than-tvs

Sensors for Social Good

In Silicon Valley, the term “wearables” is often used to describe various devices worn on the body measuring an individual’s fitness and health. Here’s a story about how a startup wants to aggregate wearable sensors to gather important environmental data.

This Wearable Detects Pollution to Build Air Quality Maps in Real Time
www.wired.com/2014/11/clarity-wearable/

Friday Fun

Here in the US, next week is when we hold our Thanksgiving holiday. It’s great to see that this year’s Macy’s Thanksgiving Day Parade will feature a float celebrating women and engineering.

Engineering gets float in Thanksgiving Day Parade

http://www.edn.com/electronics-blogs/serious-fun/4437670/Engineering-gets-float-in-Thanksgiving-Day-Parade

 

Friday Highlights: Mobile, IoT, and Health News

 Intertrust’s Friday Highlights provides a weekly review and analysis of a variety of articles that highlight trends in digital trust, Internet security, and Internet privacy. Here are the top mobile, IoT, and health stories from last week.

Nex Gen Mobile: Fast and Contextual

The tech industry is now well into what arguably could be called Mobile 3.0 (yes, you are allowed to throw things for overuse of industry clichés).  The mobile world today is primarily characterized by smart mobile devices running apps connected to 3G and 4G networks. Yet, it’s fun to think about what the next generation of the mobile world could look like. Here are some hints:

While 4G networks are still rolling out through the world, work continues to increase wireless network speeds.

 World’s Wireless Record Breaks 40 Gbit/s

http://www.eetimes.com/document.asp?doc_id=1324357

The tech industry is now readying for a quick rollout of support for 4K (aka Ultra HD) TV’s and other displays. Qualcomm is understandably pushing mobile as a major source of 4K video as a way to enjoy it. If they succeed, this will provide an immediate market need for faster network speed and higher data throughput.

Qualcomm leading push for 4K
www.fiercewireless.com/tech/story/qualcomm-leading-push-4k/2014-10-19

Rumblings are echoing through the mobile world that the current app paradigm is peaking at an unsustainable rate. Here is an interesting design proposal for mobile content focused on contextualized notifications and services, not apps.

THE END OF APPS AS WE KNOW THEM
blog.intercom.io/the-end-of-apps-as-we-know-them/
{C}{C}
{C}{C}

Different Views on IoT and Humans

IoT (Internet of Things) is an industry buzz word which is probably bandied around too much. Yet, it is one which arguably represents the next computing revolution. When many people think of IoT, they may think about are smart watches, fitness bands, connected glasses and smart thermostats. Here are a couple takes on very different and human applications.

What if IoT is you? In other words, what if people could authenticate themselves to devices with Internet services? By the way, if you don’t like the sight of blood, you may want to skip this one.

Here’s why I implanted an NFC chip in my hand
www.connectedly.com/why-i-implanted-nfc-chip-hand

By now, most everyone should be familiar with malware disguising itself as a program for displaying emoticons, nude pictures, providing computer protection, and so forth.  What if malware were to disguise itself as a cute robot?

Could robots become too cute for comfort?

http://www.bbc.com/news/technology-29737539

 

Health, IoT, and Privacy

Health care seems to be quite a promising field for IoT. There are all sorts of ways that sensors connected to intelligent services can promote health and reduce medical costs at the same time.

Ford unveils a car seat which detects when a driver is having heart attack
www.independent.co.uk/news/uk/home-news/ford-unveils-a-car-seat-which-detects-when-a-driver-is-having-heart-attack-9807042.html

Yet, health data is very sensitive and new health related IoT services need to be designed with security and privacy in mind. It seems that our current systems are failing on that score.

What’s behind the dramatic rise in medical identity theft?
fortune.com/2014/10/19/medical-identity-theft/ 

IoT has now, and rightly so, become a top focus of privacy experts around the world.

World’s Data Protection Leaders Highlight Internet of Things, Big Data Privacy Risks
www.bna.com/worlds-data-protection-n17179897174/

The US now has a well-known specialist on privacy issues, who has been appointed to be the chief technology officer of the FTC (Federal Trade Commission), the primary Federal agency tasked with consumer protection. Hopefully IoT and privacy will become one of his top focuses going forward.

F.T.C. Names New Chief Technologist
bits.blogs.nytimes.com/2014/10/21/f-t-c-names-new-chief-technologist/

 

Friday Fun

For people of a certain generation, making mix cassette tapes was their first taste of personalized music. In our age where Pandora, Spotify, 8tracks and many other services provide personalized music services over the Internet, it’s great to see someone re-imagining the cassette player and tape in a modern style.

Rewind: This Raspberry Pi cassette player plays Spotify tunes from actual tapes
www.cnet.com/news/rewind-this-raspberry-pi-cassette-player-plays-spotify-tunes-on-actual-tapes/

 

 

 

 

Friday Highlights: Digital Trust, Data Security, and Internet Security News

 Intertrust’s Friday Highlights provides a weekly review and analysis of a variety of articles that highlight trends in digital trust, Internet security, and Internet privacy. Here are the top OTT, privacy, and security stories from last week.

OTT TV Shift HBO Version

It’s here. The much lauded US cable network and content producer HBO finally announced that it will launch an OTT TV (over the top or broadband TV) service in its largest market, the US (it already offers this type of service in the Nordic countries). Intertrust and others have long championed the advantages of OTT TV. HBO’s announcement, however, could represent the point where the proverbial logjam is broken and the general public begins to prefer viewing OTT TV content.

HBO to Offer Stand-Alone Web Subscription in U.S. Next Year
www.bloomberg.com/news/2014-10-15/hbo-to-offer-stand-alone-online-subscription-in-u-s-next-year.html

Whether or not CBS’ announcement of an OTT TV service took place shortly after HBO’s announcement was a coincidence or not is a matter open for debate. The important thing is that it happened. In the OTT TV age, the brand value of broadcast networks has been questioned. This seems like an attempt by CBS to shore up its position in the new world.

CBS Offers Web Service as TV Unbundles Itself
www.nytimes.com/2014/10/17/business/cbs-to-offer-web-subscription-service.html?smid=tw-share&_r=0

However, it’s important to remember that there are many unanswered questions about the HBO announcement.

Nine Thoughts On An Unbundled HBO
www.linkedin.com/pulse/article/20141016154117-6623892-nine-thoughts-on-an-unbundled-hbo

Of course, OTT TV is thriving in markets outside the US as well. One major Chinese OTT TV player is telling Chinese broadcasters to pack it up and just focus on content creation.

MIPCOM: Chinese Online Video Pioneer Charles Zhang Tells TV Broadcasters to Quit
www.hollywoodreporter.com/news/mipcom-chinese-online-video-pioneer-740653

 

While Privacy and Security Concerns Continue, Help May Be on the Way

This past week, the dangers to privacy and security in our modern connected world continue to be a matter of great concern, particularly in the data broker market. Advances in big data analysis techniques also hold the potential to further aggravate the potential dangers of this business model, an issue that already has received attention from the White House.

The Dark Market for Personal Data
http://www.nytimes.com/2014/10/17/opinion/the-dark-market-for-personal-data.html?ref=opinion&_r=0

A chilling tale around unexpected implications of information design.

SOUTH KOREA IDENTITY THEFTS FORCES ID OVERHAUL
hosted.ap.org/dynamic/stories/A/AS_SKOREA_IDENTITY_THEFT_?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2014-10-14-02-42-14

With the continuing drumbeat about privacy and security concerns, it’s good to be able to point to some potential help on the way. First is a fascinating technical advancement with a great deal of potential.

Who’s using your data? New Web technology would let you track how your private data is used online.
newsoffice.mit.edu/2014/whos-using-your-data-httpa-0613

This past week, Smart Grid related technologies have also helped advance renewable sources of energy and increase energy efficiency. The same can be said about the potential the Smart Grid for violating electricity customers’ (i.e. most everyone’s) privacy. It’s good to see that privacy is getting attention from a major group working on Smart Grid standards.

Smart Grid, V2.0: Now With More Privacy
privacyassociation.org/news/a/smart-grid-v2-0-now-with-more-privacy/

The Bright Side of Decreasing Sensor Costs

Here’s a great example of how water sensor costs are dropping and could end up helping to clean up rivers.

River Sensors to Clean Up Waterways

http://www.eetimes.com/document.asp?doc_id=1324298

Friday Fun

Art can always help people make sense of the world in ways other mediums can’t. Codame is a San Francisco based group focused on the intersection between art and technology. For a really scary Halloween, on October 31st,  Codame is sponsoring an event on privacy and security. Here is an example of the fun that attendees can expect that evening.

Jasper Paterson
www.codame.com/post/portfolio/jasper-paterson/