CES 2015 was a superb event in terms of the amount of new technologies per square foot, which have been referred to numerous times by reporters for tech websites. As for me, a person fully immersed in the world of information security, the show resulted in mixed feelings.
On the one hand, CES demonstrated key trends that await us 5 to 10 years from now: smart homes, connected cars, virtual reality and biometric/healthcare body sensors – the so-called ‘Internet of Things’ at its best.
257 gadgets in three minutes at #CES2015 http://t.co/iCipCcwfED pic.twitter.com/bcjrhw3MLb
— The Verge (@verge) January 10, 2015
On the other hand, the degree of offhandedness with which developers and vendors treat users’ data was striking. Beside scarce exceptions, I noted an absolute negligence towards important aspects like privacy, security and encryption.
The market is eager to move forward, continually preaching the ‘Internet of Things’ mantra. Relevant questions like ‘What kind of data will be collected?’, ‘Who will be receiving the data and how?’ and, of course, the main question, ‘Will we be asking a user whether s/he is keen on giving away data?’, are either being ignored or asked in the manner that a vendor wants them to be asked.
https://plus.google.com/116816299317552146445/posts/fj1GbdvSVpp
Every time I would propose these simple questions in the hallways of CES, I would get a strong feeling that I was actually in the midst of star troopers whom Emperor Palpatine has just ordered to execute ‘Order 66.’ In the best scenarios, people would take me for a madman saying, “Dude, what are you talking about? We are talking about a multi-billion dollar market – users will have to accept privacy violations, anyway!”
Quite likely, they will. However, when it comes to me, I am really enraged by any attempt to steal my right to privacy. This is why I decided to write this post and, hopefully, draw your attention to four controversies related to CES’ key tech trends.
1. Driverless cars
To be honest, I don’t think we really need driverless cars that much. The key marketing message that this strategy relies on is decreasing the human factor in car accidents and, ultimately, eliminating them all together. Well this looks like a very legitimate reason, but there are also several issues.
https://twitter.com/thegooglecar/status/535590615988195328
The first problem concerns the labor market and employment. Obviously, the first to jump in line with organizations eager to use driverless cars will be taxi companies. In New York alone, the taxi fleet includes about 40 thousand cars. In the entire world the number is unimaginable, but we can safely add three more digits to make up a plausible number.
If millions of low-wage employees were deprived of this hard but honest job, this would significantly contribute to a growing crime rate all over the world. Curiously, I have not seen any analytical reports addressing these two closely interconnected trends.
http://instagram.com/p/xh76IaRpV3/
However, the situation presented above represents just a part of a bigger problem. In order for driverless cars to exist, the stats are crucial – and this statistical information would consist of zillions of gigabytes of data regarding routes, users, traffic loads and the like.
The driverless car, contrary to how the common user sees it, does not ‘learn’ to drive on its own: it merely operates with the statistical data to generate behavioral patterns, depending on the surrounding environment and conditions. These patterns result from the analysis of an enormous quantity of accomplished scenarios. Who will ‘feed’ all of this data to computers? Of course, ‘we the users’ will since there’s no one else to do it.
All of the data about our transportation habits, i.e. the way we act, where we turn, and, most importantly, where and when we go, will be sent to… umm, somewhere.
http://instagram.com/p/xh8ZvMRpWn/
For quite a long time, this fact never provoked any questions. But the recent Uber debacle proved that this ignorance would not last for long: people cannot help but care that some undefined agent is able to detect their precise locations in real time. And, even more alarming, this agent can also accumulate the ENTIRE history of translocations in a person’s ENTIRE lifetime.
In theory, the developer of driverless cars and taxis would try to protect user data from scammers. But the stakes are really high, so this attempt may ultimately be unsuccessful. The problem now lies in whether or not to trust the service providers. Offering data security and protection is a complex and science-intensive business where the majority of service providers just lack competence. Trusting their ability to properly secure data is like trusting a child with a million dollars.
Driverless cars – what's to come? https://t.co/XERAi2e9NM via @kaspersky pic.twitter.com/y16EjoGTnW
— Kaspersky (@kaspersky) December 15, 2014
I am not saying that driverless cars are all that bad. I only want to convey the message that, before deploying and commercializing this tech, one should ensure that there is legislation in place to protect collected user data and that service providers offer users a reliable and transparent means of fully wiping out the data from the providers’ databases should there be a need.
2. Drones
This year CES was packed with drones. These little robots have become more and more affordable, and are available now for as little as $199 – $499. The majority of drones are equipped with cameras (or are GoPro or smartphone-mountable). Everything is in place—smart stabilization algorithms, sensor-based piloting and navigation systems—and continues to evolve, except one thing: the regulation of flights and legislation on the violation of privacy.
A quick search on YouTube provides enough evidence supporting that drones are frequently used for mischief, including spying through the windows, stealth surveillance and many not-so-childish pranks. This topic was covered well by the journalist John Oliver:
Given the fact that there is no proper regulation for drones, they could potentially be used in practically any scenario. So don’t be surprised if one day you discover a couple of drones hovering opposite your balcony and recording videos.
Are #drones as scary as they seem? https://t.co/6jqha7bonz #security #privacy pic.twitter.com/N4Puv6NRZ0
— Kaspersky (@kaspersky) January 6, 2015
Today, drones are no big threat. But this is just for now since the tech has not evolved dramatically. And we all know how fast tech evolves, don’t we?
3. Healthcare/fitness sensors
I encountered 17 companies offering fitness trackers at CES this year. Needless to say, there are way more of them. Fitness bands capable of counting steps, heart rate or other biometric parameters are produced by dozens of major vendors and small start-ups, and are widely available on the market.
How fitness has become smarter, better, faster, stronger … and more connected http://t.co/RLHFrrs0RU #TechTimeMachine
— Mashable (@mashable) January 4, 2015
I was an early adopter of this type of gadget. After having spent a couple of years with these gizmos, I am fully positive they are completely useless for fitness purposes.
As soon as the initial ‘wow’ effect fades away, the reality sinks in and you realize that life is way simpler than this. If you want to go jogging, just go for it: treadmills at the gym can tell you how many miles you ran. Want to slim down? Just stop eating junk and jog even harder. A coach or specialized website can help you to develop your own personalized routine.
No fitness band is a cure-all for your problems – you won’t be a better runner just by wearing it. But the problem with the sensors is not their mere existence, but the data that they generate. The latter is beneficial for many third parties.
Fitness tracking apps & wearables vs #privacy. Guess who wins? https://t.co/YjIZv2vQVa pic.twitter.com/LfMqqWGBES
— Eugene Kaspersky (@e_kaspersky) October 31, 2014
All of the relevant questions would seem quite innocent, but today, one can identify a person based on the analysis of an array of biometric data.
This is not necessarily bad. For example, this approach may end up as a means of replacing obsolete password-based authentication methods. The real problem is that anyone might be using our — yes, our! — personal data precisely now, but it’s not us.
The real problem is that anyone might be using our #personaldata precisely now, but it’s not us.
Tweet
So one more question arises: how well will this data be protected? We are all sick and tired of hearing the news over and over again: some bad people have stolen batches of data from an honest megacorporation which just so happened to have collected an enormous amount of personal data from its customers.
4. Smart homes
Another key trend evident at CES 2015 was the next generation of homes where lighting, HVAC, locks, fridges, stoves and everything you can find in an average home, is connected and equipped with a controller deployed on a mobile device.
A fascinating story how @JacobyDavid hacked his smart home https://t.co/ckTyeMVLUp pic.twitter.com/q4LiqsBnA4
— Eugene Kaspersky (@e_kaspersky) September 25, 2014
Again, this coin is two-sided. What connected home advocates usually show off at trade events is the apparent convenience of such technology at home. But the reverse side of the coin is that, in fact, everything can be hacked. No system is 100% secure – the likes of Stuxnet, Gauss and Duqu serve as a continuous reminder that even uranium enrichment centrifuges are not safe from trespassers.
Who is to blame for “hacked” private web cameras? https://t.co/1A3deNQCEQ pic.twitter.com/r4B079ile0
— Eugene Kaspersky (@e_kaspersky) November 22, 2014
In the event of a hacker breaking into your connected home, the culprit may get access to everything you have, from the history of your fridge’s ‘correspondence’ with Wal-Mart, to telemetric data, surveillance videos, credit card numbers and tons of confidential data unthinkable for an average mortal.
Today, the most paranoid users even use tape to cover his or her laptop webcams, just because it has been proven that someone can spy through a remote connection. If we discuss smart homes, you will quickly run out of tape patching all of the sources of data.
P.S. Having returned from CES 2015, I started to better understand Ray Bradbury who, decades ago, preached that tech innovations do not play a major role in humanity’s cultural and intellectual development, comfort and, most importantly, happiness. Really, there is nothing wrong with turning off the lights with an old-fashioned switch. Manually.