67 posts categorized "Internet of Things" Feed

Win $25K In The FTC Internet-Of-Things Home Inspector Challenge

For the holidays, many consumers gave or received devices for their homes that are WiFi-connected, often referred to as the "Internet of Things" (IoT). Those devices include Internet routers, security cameras, home security systems, and a variety of appliances and electronics: televisions, refrigerators, clothes washers, lighting, heating/cooling systems, toys, DVRs, and more. Residences outfitted with these devices are often referred to as "Smart Homes" or "Connected Homes."

Experts forecast 50 billion devices globally by 2020. Plus, utilities have already installed smart meters in homes that regularly transmit consumers' water/oil/gas usage to their utility providers. Protecting those devices against hackers is critical.

U.S. Federal Trade Commission logo While the FTC has published guidelines for manufacturers of IOT devices, those guidelines aren't mandatory. The privacy threats of IoT devices are known, and researchers have warned about the vulnerabilities in specific products.

To help consumers manage their WiFi-connected home devices, the U.S. Federal Trade Commission (FTC) announced a prize competition called the "IoT Home Inspector Challenge." The FTC will award the $25,000 top prize to the solution that best helps consumers protect their IoT devices against vulnerabilities and to manage passwords (e.g., replace factory-defaults) for all home devices. Up to three honorable mention prizes of $3,000 each area also available.

Consumers working individually, or in teams, can register and submit entries beginning March 1, 2017. The deadline for entries is May 22, 2017. Winners will be announced on July 27, 2017. To be considered, entries must meet the following criteria:

  • Provide a technical solution, rather than a policy or legal solution
  • Work on home IoT devices that currently exist on the market
  • Protect information it collects both in transit and at rest,
  • Explain how the tool or solution will avoid or mitigate any additional security risks that the tool itself might introduce into the consumer’s home by (example, software upgrades)

The judges will rate each entry based upon how well it addresses the following four components:

  1. Recognize what IoT devices are operating in the consumer’s home. This may be automatic or provide instructions for consumer input,
  2. Determine what software version is already on those IoT devices. Again, this may be automatic or provide instructions for consumer input,
  3. Determine the latest software version each home IoT device should have, and
  4. Assist with updates.

Visit the FTC IoT Home Inspector Challenge site for complete details about the competition, including contest rules, judges, FAQs, and the registration/submission process.


Health App Developer Settles With FTC For Deceptive Marketing Claims

The U.S. Federal Trade Commission (FTC) announced a settlement agreement with Aura Labs, Inc. regarding alleged deceptive claims about its product: the Instant Blood Pressure App. Aura sold the app from at least June 2014 to at least July 31, 2015 at the Apple App Store and at the Google Play marketplace for $3.99 (or $4.99). Sales of the app totaled about $600,000 during this period. Ryan Archdeacon, the Chief Executive Officer and President of Aura, was named as a co-defendant in the suit.

The FTC alleged that the defendants violated the FTC Act. The complaint alleged deceptive marketing claims by Aura about its blood pressure app:

"Although Defendants represent that the Instant Blood Pressure App measures blood pressure as accurately as a traditional blood pressure cuff and serves as a replacement for a traditional cuff, in fact, studies demonstrate clinically and statistically significant deviations between the App’s measurements and those from a traditional blood pressure cuff."

iMedicalApps reported on March 2, 2016:

"A study presented today at the American Heart Association EPI & Lifestyle (AHA EPI) meeting in Phoenix has shown the shocking inaccuracy of a popular medical app, Instant Blood Pressure... Back in 2014, we raised concerns about the Instant Blood Pressure medical app which claimed to measure blood pressure just by having users put their finger over their smartphone’s camera and microphone over their heart presumably to use something akin to a pulse wave velocity... Dr. Timothy Plante, a fellow in general internal medicine at Johns Hopkins, led the study in which a total of 85 participants were recruited to test the accuracy of the Instant Blood Pressure app... When looking at individuals with low blood pressure or high blood pressure, they found that the Instant Blood Pressure app gave falsely normal values. In other words, someone with high blood pressure who used the app would be falsely reassured their blood pressure was normal... the sensitivity for high blood pressure was an abysmal 20%. These results, while striking, should not be surprising. This medical app had no publicly available validation data, despite reassurance from the developer back in 2014 that such data was forthcoming. The use of things like pulse wave velocity as surrogates for blood pressure has been tried and is fraught with problems..."

The FTC complaint listed the problems with an online review posted in the Apple App Store:

"Defendant Ryan Archdeacon left the following review of the Instant Blood Pressure App in the Apple App Store: "Great start by ARCHIE1986 – Version – 1.0.1 – Jun 11, 2014. This app is a breakthrough for blood pressure monitoring. There are some kinks to work out and you do need to pay close attention to the directions in order to get a successful measurement but all-in-all it’s a breakthrough product. For those having connection problems, consider trying again. I have experienced a similar issue. It is also great that the developer is committed to continual improvements. This is a great start!!!" That the review was left by the Chief Executive Officer and President of Aura was not disclosed to consumers and would materially affect the weight and credibility consumers assigned to the endorsement."

The complaint also cited problems with endorsements posted at Aura's web site:

"At times material to this Complaint, the What People Think portion of Defendants’ website contained three endorsements, including the following endorsement from relatives of Aura’s Chairman of the Board and co-founder Aaron Giroux: "This is such a smart idea that will benefit many of us in monitoring our health in an easy and convenient way." That the endorsement was left by relatives of Aura’s Chairman of the Board and co-founder Aaron Giroux was not disclosed to consumers and would materially affect the weight and credibility consumers assigned to the endorsement."

Terms of the settlement prohibit the defendants from making such unsubstantiated claims in the future, refund money to affected customers, reimburse plaintiffs for the costs of this lawsuit, and additional unspecified items. The FTC announcement also stated that the court order imposed:

"... a judgment of $595,945.27, which is suspended based on the defendants’ inability to pay. The full amount will become due, however, it they are later found to have misrepresented their financial condition."

Copies of the complaint are available at the FTC site and here (Adobe PDF). Kudos tot he FTC for its enforcement action. Product claims and endorsements should be truthful and accurate. And consumers still need to do research before purchase. Just because there's an app for it doesn't mean the results promised are guaranteed.

Got an unresolved problem with a product, service, or app? Consumers can file a complaint online with the FTC. What are your opinions of the Aura-FTC settlement? Of claims by app developers?


Can Apple Move iPhone Production To The United States?

President Elect Donald Trump and his incoming administration have promised to "make America great again." That promise included a key policy position to move manufacturing -- and its jobs -- back to the United States; in particular move production of Apple iPhones to the USA:

"we have to bring Apple — and other companies like Apple — back to the United States. We have to do it. And that’s one of my real dreams for the country, to get … them back. We have a great capacity in this country."

Well, can it be done? And if so, what might the consequences be?

Nikkei Asia Review reported:

"Key Apple assembler Hon Hai Precision Industry, also known as Foxconn Technology Group, has been studying the possibility of moving iPhone production to the United States... Apple asked both Foxconn and Pegatron, the two iPhone assemblers, in June to look into making iPhones in the United States..."

Experts warn that moving production is complex and difficult. Not only must assembly operations be relocated, but new facilities must be located and built, plus nearby suppliers and transport services found, moved, and contracts obtained. During the globalization trend of the last 35 years, many manufacturing facilities in the USA were closed, destroyed, and replaced with other businesses. Plus, the remainaing facilities may be technologically obsolete. After solving these issues, then production workers must be hired.

With any major change, there often are unintended consequences. A possible consequence:

"Making iPhones in the U.S. means the cost will more than double... According to research company IHS Markit, it costs about $225 for Apple to make an iPhone 7 with a 32GB memory, while the unsubsidized price for such a handset is $649..."

Prices for unlocked iPhone7 with 32 GB phones on eBay range from $700 to $1,000.00. 128 and 256 GB versions cost even more. Would consumers be willing to pay higher prices, say 50 percent more, or even double?


Phone Calls, Apple iCloud, Cloud Services, And Your Privacy

A security firm has found a hidden feature that threatens the privacy of Apple iPhone and iCloud users. Forbes magazine reported:

"Whilst it was well-known that iCloud backups would store call logs, contacts and plenty of other valuable data, users should be concerned to learn that their communications records are consistently being sent to Apple servers without explicit permission, said Elcomsoft CEO Vladimir Katalov. Even if those backups are disabled, he added, the call logs continue making their way to the iCloud, Katalov said... All FaceTime calls are logged in the iCloud too, whilst as of iOS 10 incoming missed calls from apps like WhatsApp and Skype are uploaded..."

Reportedly, the feature is automatic and the only option for users wanting privacy is to not use Apple iCloud services. That's not user-friendly.

Should you switch from Apple iCloud to a commercial service? Privacy risks are not unique to Apple iCloud. Duane Morris LLP explained the risks of using cloud services such as Dropbox, SecuriSync, Citrix ShareFile, and Rackspace:

"Users of electronic file sharing and storage service providers are vulnerable to hacking... Dropbox as just one example: If a hacker was to get their hands on your encryption key, which is possible since Dropbox stores the keys for all of its users, hackers can then steal your personal information stored on Dropbox. Just recently, Dropbox reported that more than 68 million users’ email addresses and passwords were hacked and leaked onto the Internet... potentially even more concerning is the fact that because these service providers own their own servers, they also own any information residing on them. Hence, they can legally access any data on their servers at any time. Additionally, many of these companies house their servers outside of the United States, which means the use, operation, content and security of such servers may not be protected by U.S. law. Furthermore, consider the policies regarding the sharing of your information with third parties. Among others, Dropbox has said that if subpoenaed, it will voluntarily disclose your information to a third party, such as the Internal Revenue Service."

Regular readers of this blog know what that means. Many government entities, such as law enforcement and intelligence agencies besides the IRS issue subpoenas.

This highlights the double-edged sword from syncing and file-sharing across multiple devices (e.g., phone, laptop, desktop, tablet). Sure, is a huge benefit to have all of your files, music, videos, contacts, and data easily and conveniently available regardless of which device you use. Along with that benefit comes the downside privacy and security risks: data stored in cloud services is vulnerable to hacking and subject to government warrants, subpoenas, and court actions. As Duane Morris LLP emphasized, it doesn't matter whether your data is encrypted or not.

Also, Forbes magazine reported:

"Katalov believes automated iCloud storage of up-to-date logs would be beneficial for law enforcement wanting to get access to valuable iPhone data. And, he claimed, Apple hadn’t properly disclosed just what data was being stored in the iCloud and, therefore, what information law enforcement could demand."

Well, law enforcement, intelligence agencies, and cyber-criminals now know what information to demand.


Some Android Phones Infected With Surveillance Malware Installed In Firmware

Security analysts recently discovered surveillance malware in some inexpensive smartphones that run the Android operating system (OS) software. The malware secretly transmits information about the device owner and usage to servers in China. The surveillance malware was installed in the phones' firmware. The New York Times reported:

"... you can get a smartphone with a high-definition display, fast data service and, according to security contractors, a secret feature: a backdoor that sends all your text messages to China every 72 hours. Security contractors recently discovered pre-installed software in some Android phones... International customers and users of disposable or prepaid phones are the people most affected by the software... The Chinese company that wrote the software, Shanghai Adups Technology Company, says its code runs on more than 700 million phones, cars and other smart devices. One American phone manufacturer, BLU Products, said that 120,000 of its phones had been affected and that it had updated the software to eliminate the feature."

Shanghai ADUPS Technology Company (ADUPS) is privately owned and based in Shanghai, China. According to Bloomberg, ADUPS:

"... provides professional Firmware Over-The-Air (FOTA) update services. The company offers a cloud-based service, which includes cloud hosts and CDN service, as well as allows manufacturers to update all their device models. It serves smart device manufacturers, mobile operators, and semiconductor vendors worldwide."

Firmware is a special type of software store in read-only memory (ROM) chips that operates a device, including how it controls, monitors, and manipulates data within a device. Kryptowire, a security firm, discovered the malware. The Kryptowire report identified:

"... several models of Android mobile devices that contained firmware that collected sensitive personal data about their users and transmitted this sensitive data to third-party servers without disclosure or the users' consent. These devices were available through major US-based online retailers (Amazon, BestBuy, for example)... These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI). The firmware could target specific users and text messages matching remotely defined keywords. The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices.

The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users' consent and, in some versions of the software, the transmission of fine-grained device location information... Our findings are based on both code and network analysis of the firmware. The user and device information was collected automatically and transmitted periodically without the users' consent or knowledge. The collected information was encrypted with multiple layers of encryption and then transmitted over secure web protocols to a server located in Shanghai. This software and behavior bypasses the detection of mobile anti-virus tools because they assume that software that ships with the device is not malware and thus, it is white-listed."

So, the malware was powerful, sophisticated, and impossible for consumers to detect.

This incident provides several reminders. First, there were efforts earlier this year by the U.S. Federal Bureau of Investigation (FBI) to force Apple to build "back doors" into its phones for law enforcement. Reportedly, it is unclear what specific law enforcement or intelligence services utilized the data streams produced by the surveillance malware. It is probably wise to assume that the Ministry of State Security, China's intelligence agency, had or has access to data streams.

Second, the incident highlights supply chain concerns raised in 2015 about computer products manufactured in China. Third, the incident indicates how easily consumers' privacy can be compromised by data breaches during a product's supply chain: manufacturing, assembly, transport, and retail sale.

Fourth, the incident highlights Android phone security issues raised earlier this year. We know from prior reports that manufacturers and wireless carriers don't provide OS updates for all Android phones. Fifth, the incident highlights the need for automakers and software developers to ensure the security of both connected cars and driverless cars.

Sixth, the incident raises questions about how and what, if anything, President Elect Donald J. Trump and his incoming administration will do about this trade issue with China. The Trump-Pence campaign site stated about trade with China:

"5. Instruct the Treasury Secretary to label China a currency manipulator.

6. Instruct the U.S. Trade Representative to bring trade cases against China, both in this country and at the WTO. China's unfair subsidy behavior is prohibited by the terms of its entrance to the WTO.

7. Use every lawful presidential power to remedy trade disputes if China does not stop its illegal activities, including its theft of American trade secrets - including the application of tariffs consistent with Section 201 and 301 of the Trade Act of 1974 and Section 232 of the Trade Expansion Act of 1962..."

This incident places consumers in a difficult spot. According to the New York Times:

"Because Adups has not published a list of affected phones, it is not clear how users can determine whether their phones are vulnerable. “People who have some technical skills could,” Mr. Karygiannis, the Kryptowire vice president, said. “But the average consumer? No.” Ms. Lim [an attorney that represents Adups] said she did not know how customers could determine whether they were affected."

Until these supply-chain security issues get resolved it is probably wise for consumers to inquire before purchase where their Android phone was made. There are plenty of customer service sites for existing Android phone owners to determine the country their device was made in. Example: Samsung phone info.

Should consumers avoid buying Android phones made in China or Android phones with firmware made in China? That's a decision only you can make for yourself. Me? When I changed wireless carriers in July, I switched an inexpensive Android phone I'd bought several years ago to an Apple iPhone.

What are your thoughts about the surveillance malware? Would you buy an Android phone?


Connected Cars: 4 Tips For Drivers To Stay Safe Online

With the increasing dominance of the Internet of Things (IoT), connected cars are becoming more ubiquitous than ever. We’ve long heard warnings from the media about staying safe online, but few consumers consider data hacks and other security compromises while driving a car connected to the internet.

According to the inforgraphic below from Arxan, an app protection company, 75 percent of all cars shipped globally will have internet connectivity by 2020, and current connected cars have more than 100 million lines of code. Connected features are designed to improve safety, fuel efficiency, and overall convenience. These features range from Bluetooth, WiFi, cellular network connections, keyless entry systems, to deeper “cyberphysical” features like automated braking, and parking and lane assist.

More Features Means More Vulnerability
However, with this increasing connectivity comes risks from malicious hacking. Today, connected cars have many attack points malicious hackers can exploit, including the OBD2 port used to connect third-party devices, and the software running on infotainment systems.

According to Arxan, some of the more vulnerable attack points are mobile apps that unlock vehicles and start a vehicle remotely, diagnostic devices, and insurance dongles, including the ones insurance companies give to monitor and reward safe drivers. These plug into the OBD2 port, but hackers could essentially access any embedded system in the car after lifting cryptographic keys, as the Arxan page on application protection for connected cars describes.

Vulnerabilities are usually demonstrated in conferences like Black Hat. Example: in 2010, researchers at the University of Washington and the University of California San Diego hacked a car that had a variety of wireless capabilities. The vulnerable attack points they targeted included its Bluetooth, the cellular radio, an Android app on the owner’s phone that was connected to the car’s network, and an audio file burned onto a CD in the car’s stereo. In 2013, hackers Charlie Miller and Chris Valasek hijacked the steering and brake systems of both a Ford Escape and Toyota Prius with only their laptops.

How To Protect Yourself
According to the FBI and Department of Transportation in a public service announcement, it’s crucial that consumers following the following recommendations to best protect themselves:

  1. Keep your vehicle’s software up to date
  2. Stay aware of recalls that require manual security patches to your car’s code
  3. Avoid unauthorized changes to your car’s software
  4. Use caution when plugging insecure devices into the car’s ports and network

With the latest remote hack of a Tesla Model S, it seems that the response time between finding out about a breach and issuing a patch to correct it is thankfully getting shorter. As more automakers become tech-oriented like Tesla, they will also need to cooperate with OEMs to make sure the operating-system software in their vehicles is designed securely. It seems, this will take time, coordination with vendors, and money to bring these operations in house.

Arxan connected vehicles infographic

What do you do to protect your Internet-connected vehicle? What security tools and features would you prefer automakers and security vendors provide?


Study: Almost 40 Percent of U.S. Smartphone Owners Use Voice Recognition

According to a recent study by Parks Associations, a market research and consulting company, 39 percent of smartphone owners in the United States use some form of voice recognition (e.g., Siri, Google Now). The usage is higher (more than 50 percent) for iPhone owners compared to Android owners (less than 33 percent). Harry Wang, Director of Health & Mobile Product Research at Parks Associations said:

“Smartphone penetration has reached 86% of U.S. broadband households, so it is a mature market, with users, particularly younger consumers and iOS users, exploring more intelligent features and interfaces, including voice control... The growing consumer interest in voice control features is driving this technology into new IoT areas... Following Apple’s lead with Siri, other brands have created ‘personalities’ for their voice-control solutions, like Alexa for Amazon Echo and Cortana for Windows Phones."

Usage is higher among younger persons. 48 percent of smartphone users ages 18-24, use voice recognition software, usage of the “Siri” voice recognition software increased from 40 to 52 percent between 2013 and 2015. In total, about 15 percent of all U.S. broadband households use Siri.

About 70 percent of smartphone owners who use voice recognition are satisfied. 38 percent said they are very satisfied, and 9 percent said they are not satisfied.

Additional findings about U.S. smartphone users:

  • More than 70 percent watch short streaming video clips, and more than 40 percent watch long streaming videos.
  • 36 percent use WiFi calling.
  • 26 percent use a payment app for purchases at retail stores, and
  • 24 percent stream video from their phones to a second screen (e.g., TV, PC).

Learn more in the "360 View: Mobility and the App Economy" report, or the press release, by Parks Associates.


Potential Security Issues Regarding the Internet of Things

Header potential IoT device security issues

[Editor's Note: today's blog post is by guest author Cassie Phillips, a technology blogger who developed a special interest in cybersecurity after her webcam was hacked. While she’s interested to see how the Internet of Things changes how we use technology, she is very concerned about all the risks it poses.]

By Cassie Phillips

Many people and organizations have raised concerns about the potential risks related to the Internet of Things (IoT). It turns out that they were right to be concerned. Last month the France-based hosting provider, OVH, fell victim to an enormous distributed denial-of-service (DDoS) attack on the Minecraft servers that OVH was hosting.

DDoS attacks are attempts to make a resource (usually a website) inaccessible to its users through an inundation of requests, aiming to overburden the system. In the past, DDoS attacks were carried out by computers, with or without their owner’s consent. Hot Hardware reported:

“OVH was the victim of a wide-scale DDoS attack that was carried via a network of over 152,000 IoT devices… Of those IoT devices participating in the DDoS attack, they were primarily comprised of CCTV cameras and DVRs.”

Before the attack on OVH, there was another DDoS attack on prominent internet security researcher Brian Krebs’ website. This attack was also carried out by IoT devices. Akamai Technologies Inc., a provider of security services worldwide for major companies, cut ties with Mr. Krebs because the DDoS attack on Krebs’ website was enormous. Josh Shaul, Akamai’s vice president, said it was the worst DDoS attack the company had ever seen.

These broad attacks prove that the IoT does pose a significant security risk. And DDoS attacks are by no means the only security risks that the IoT presents. Let’s look at what the IoT is, the risks it presents and, most importantly, how to ensure that any IoT devices you use are secure.

What Is the Internet of Things?
The IoT is the idea that any device can be designed to be able to connect to the internet and other devices. These devices include mobile phones, washing machines, refrigerators, coffee makers, televisions, home thermostats, motion sensors, headphones, Barbie dolls and baby monitors. There is no limit except the imagination.

There are even buildings, cars, and health-related implants (such as pacemakers) that can connect to the internet and to each other. All of these devices can exchange information and collect data, creating a huge pool of information and an enormous network.

What Risks Does the Internet of Things Pose?
As mentioned above, the IoT poses a few risks and concerns. There are four key risks associated with the IoT, with the first being reliability. IoT devices are not necessarily reliable. While this may not be a crisis if the device in question is a refrigerator, it is deadly if devices such as cars fail or are hacked.

The second major risk related to the IoT is privacy. Each device in a network of the IoT can collect and share data. As consumers, we don’t always know who gets this data and what it is used for. The data will almost certainly be used to track consumers’ behavior, allowing companies to target each consumer with tailor-made advertising. While this data probably won’t always be used for nefarious purposes, it can be used in a way that violates our right to privacy. According to Buzzfeed:

“ "We were sleeping in bed, and basically heard some music coming from the nursery, but then when we went into the room the music turned off,” said the anonymous mother. They tracked the IP address that had accessed their camera and discovered a website with “thousands and thousands of pictures of cameras just like their own.” Anyone could use the site to access hacked cameras and monitors located in at least 15 different countries."

This leads to the third major risk associated with the IoT, namely security. Again, each of the IoT devices collects and transmits data. If these devices are hacked, criminals will have access to vast amounts of consumers' private information. Depending on the device, criminals can learn our routines, find out what valuables we keep in our homes, gain access to information about any security measures we use, and even collect sensitive information such as financial payment information.

Another security risk is the potential for hacking medical devices and implants. According to a report by research and advisory firm, Forrester, ransomware in medical devices is the single biggest cybersecurity threat for this year. Security researchers have already managed to hack into hospitals’ networks, pacemakers and other medical devices. This will put people’s lives at risk.

The potential for cyberattacks is the fourth major risk associated with the IoT. Because all these devices are connected, they have the potential to spread malware across homes and entire companies. However, the greatest risk lies in criminals’ ability to use our IoT devices in massive cyberattacks, such as the DDoS attack on OVH. Widespread vulnerabilities are only a few missteps away, and that is a seriously concerning fact.

How to Protect Yourself When Using IoT Devices
Given the risks listed above, it’s vital that consumers learn to protect our devices, our homes, and ourselves. The following actions are all essential to your security when using IoT devices:

  • Carefully consider how much connectivity you need in your home and life. Then try to avoid any devices that unnecessarily connect to the internet. After all, you can always opt for a coffeemaker with a timer instead of one that connects to a mobile app on your phone.
  • If you do decide to buy an IoT device, be sure to find one with the best security features possible.
  • Read all the terms and conditions and privacy policies for any IoT device you intend to purchase. This will help you understand what data the device collects and what it does with the data.
  • When you buy an IoT device, change its default password immediately. This also applies to any IoT devices that you already own. Be sure to use strong passwords and manage them effectively.
  • Always keep the software on IoT devices up to date. Updates often contain essential bug fixes and security patches.
  • If your IoT device supports security software, install it. Don’t forget that your mobile phone and tablet count as IoT devices!
  • Use a reputable Virtual Private Network, such as one recommended by Secure Thoughts.
  • If your IoT device allows it, use encryption technology.
  • Switch off and unplug any IoT devices when you are not using them.
  • If your IoT device uses location data unnecessarily, turn it off if possible.
  • If your IoT device has a camera or monitor that you don’t think it needs, block the lens.

Conclusion
While it would be best if security features were built into the design of IoT devices, that’s not always the case. So it’s crucial that you implement the security ideas discussed above. Hopefully, we’ll start seeing a move toward creating an international standard for all IoT devices in the future.

Have you had any bad experiences with IoT devices? How do you think the technology is progressing? Share your thoughts in the comments section below.


German Regulators Ask Tesla To Stop Advertising 'Autopilot' Term

Government regulators have asked the automaker Tesla to stop using the term "autopilot" for its driver-assist feature. Deutsche Welle (DW) reported that a letter:

"... published in the newspaper "Bild am Sonntag," called on Tesla to take urgent action "in order to prevent misunderstandings and false expectations from clients." The KBA transport regulator said the term "autopilot" was misleading, and called for it to be removed in future advertisements for Tesla products. The self-driving feature has been available on the California-based automaker's Model S since October 2015."

The Autopilot feature manages the car's speed, steers within a lane, changes lanes (when the driver taps a turn signal), scan for a parking space, and parallel parks on command. Officials in Germany are still conducting an investigation into the car's capabilities.

After the fatal crash in May of a Tesla Model S car operating beta-version software for its Autopilot feature, Tesla engineers said in August the problem was with the car's brakes and not its Autopilot feature.

DW also reported:

"... the German transport regulator wrote to Tesla owners warning them that the autopilot function was purely to assist the driver and did not turn the car into a highly-automated vehicle. The feature still required the driver's unrestricted attention at all times, the letter said. Under German road traffic regulations, the driver is required to remain alert and in control of the vehicle at all times when using the system, the letter added."

The Los Angeles Times reported:

"Tesla Chief Executive Elon Musk has repeatedly said he’s sticking with the name, and the company responded to the German report as it does every time the subject comes up: The term “autopilot” has a long history in aerospace, where human pilots and autopilot systems work together to fly a plane."


Report: Consumer Usage of Video Streaming Services in The US

New research revealed that 16% of the "viewing population" have multiple subscription video-on-demand (SVOD) services in their homes. That's up from 10% three years ago. Consumer market research firm Gfk studied consumers in the United States, and also found that almost half (49%) of the "viewing population" subscribes to at least one SVOD service, 17% have both Netflix and Amazon Prime, 9% have Netflix and Hulu Plus, and 5% have all three of the major services.

The “viewing population” includes consumers who watch video at least once per week via any format: regular TV, streaming, or otherwise. According to Gfk, this is 95 percent of the total number of people 13 to 64 US years of age. Gfk also found that consumers:

"... who pay for combinations of Netflix, Amazon Prime, Hulu, and other subscription streaming services – are more likely to have kids under 18 in their homes (50%, versus an average of 41% among all weekly viewers of any type). “Self-bundlers” also have higher mean incomes than average weekly viewers – at $90,000 per year versus $76,000 – but are less likely to subscribe to traditional pay TV services.."

GfK interviewed 1,054 consumers in the United States for its “Over-the-Top TV 2016: A Complete Video Landscape” report. In related studies during the past year, Gfk found:

Below is an infographic from Gfk's "Over the Top TV 2016" report with additional information:

Infographic from Gfk Over the Top TV 2016 report. Click to view larger version


Proposed Legislation in Michigan For Driverless Cars

The Stanford Center For Internet & Society (CIS) analyzed several draft driverless-car bills under consideration by legislators in Michigan. The analysis highlighted the issues and inconsistencies by the proposed legislation. First, the good news. While SB 995 repeals existing laws that ban driverless cars, it:

"... would return Michigan law to flexible ambiguity on the question of the legality of automated driving in general. The bill probably goes even further by expressly authorizing automated driving: It provides that "[a]n automated motor vehicle may be operated on a street or highway on this state," and the summary of the bill as reported from committee similarly concludes that SB 995 would "[a]llow an automated motor vehicle to be operated on a street or highway in Michigan." (This provision is somewhat confusing because it would be added to an existing statutory section that currently addresses only research and testing and because it would seem to subvert many restrictions on research tests and "on-demand automated motor vehicle networks.") Regardless, this bill would also exempt groups of closely spaced and tightly coordinated vehicles from certain following-distance requirements that are incompatible with platooning."

Platooning is a method for several driverless vehicles to operate together on highways with less space in between, than otherwise. Advocates claim this maximizes the capacity of highways. What does this mean for safety? Do consumers want platooning? Can drivers opt out? If platooning is allowed, then the driverless vehicle you ultimately buy must be outfitted with that software feature.

The drawbacks of the draft legislation:

"... The currently proposed language could mean that automated driving is lawful only in the context of research and development and "on-demand motor vehicle networks." Or it could mean that automated driving is lawful generally and that these networks are subject to more restrictive requirements. It could mean that any company could run a driverless taxi service, including motor vehicle manufacturers that might otherwise face unrelated and unspecified legal impediments. Or it could mean that a company seeking to run a driverless taxi service must partner with a motor vehicle manufacturer -- or that such a company must at least purchase production vehicles, the modification of which might then be restricted by SB 927 and 928 (see below). It could also mean that municipalities could regulate and tax only those driverless taxi services that do not involve a manufacturer..."

And:

"... SB 995 and 996 understandably struggle to reconcile an existing vehicle code with automated driving. Under existing Michigan law, a "driver" is "every person who drives or is in actual physical control of a vehicle," an "operator" is "a person, other than a chauffeur, who "[o]perates" either "a motor vehicle" or "an automated motor vehicle," and "operate" means either "[b]eing in actual physical control of a vehicle" or "[c]ausing an automated motor vehicle to move under its own power in automatic mode," which "includes engaging the automated technology of that automated motor vehicle for that purpose." The new bills would not change this language, but they would further complicate these concepts in several ways..."

I encourage you to read the long list of complications in the CIS analysis. Another key issue:

"Consider the provision that "an automated driving system ... shall be considered the driver or operator ... for purposes of determining conformance to any applicable traffic or motor vehicle laws." This provision says nothing about who or what the driver is for purposes of determining liability for a violation of those laws, particularly when there is no crash. SB 996 does provide that "a motor vehicle manufacturer shall assume liability for each incident in which the automated driving system is at fault," subject to the state's existing insurance code..."

The proposed legislation is important for several reasons. Besides platooning and the list of complications, it decides: a) which types of companies can operate driverless-car networks, b) who is liable and under what conditions, and c) who can repair driverless cars. All items affect consumers rights. A narrow definition of "A" (e.g., only automakers) would mean fewer competitors, and probably higher prices due to a lack of competition. Similarly, a narrow definition of "C" could mean fewer options and choices for consumers, with higher repair prices. Liability must be clear for instances when a driverless vehicle violates road laws; and especially when there is a crash and/or fatality.

Consistency and clarity matter, too. The final legislation and definitions also should be forward-thinking. It's not just driverless vehicles but also remotely-operated vehicles. Companies want remotely-operated ships on the oceans, and remotely-operated trucks are already used off-road for mining purposes. It seems wise to anticipate that off-road use will probably migrate to roads and highways.

Clearly, the proposed legislation in Michigan is not ready yet for prime time. This topic definitely bears monitoring.


FDA Releases Guidelines For Apps And Wearables For Fitness And Health

The U.S. Food and Drug Administration (FDA) released guidelines about mobile apps and wearable devices for health and fitness (Adobe PDF). The guidelines document stated that it is for clarity for industry and FDA staff, and include "nonbinding recommendations." The federal agency will not regulate mobile apps and wearables that promote general wellness or a healthy lifestyle, and are classified as "low risk." The guidelines do not apply to products (e.g., drugs, biologics, dietary supplements, foods, or cosmetics) regulated by other FDA Centers or to combination products.

The FDA's Center For Devices and Radiological Health (CDRH) defines general wellness products as:

"... products that meet the following two factors: (1) are intended for only general wellness use, as defined in this guidance, and (2) present a low risk to the safety of users and other persons. General wellness products may include exercise equipment, audio recordings, video games, software programs4 and other products that are commonly, though not exclusively, available from retail establishments (including online retailers and distributors that offer software to be directly downloaded), when consistent with the two factors above."

The guidelines provide further definitions:

"A general wellness product, for the purposes of this guidance, has (1) an intended use that relates to maintaining or encouraging a general state of health or a healthy activity, or (2) an intended use that relates the role of healthy lifestyle with helping to reduce the risk or impact of certain chronic diseases or conditions and where it is well understood and accepted that healthy lifestyle choices may play an important role in health outcomes for the disease or condition. If the product’s intended uses are not limited to the above general wellness intended uses, this guidance does not apply."

The guidelines provide a list of general wellness health outcomes: weight management, physical fitness (including recreational uses), relaxation or stress management, mental acuity, self-esteem, sleep management, and sexual function.

Typically, regulation is used to ensure that products actually do what their manufacturers and developers claim to do. The guidelines specified which claims are general wellness (e.g., the FDA will not regulate) and which claims are not (e.g., the FDA will continue to regulate). General wellness claims include claims to:

  1. Promote or maintain a healthy weight, encourage healthy eating, or assist
    with weight loss goals;
  2. Promote relaxation or manage stress;
  3. Increase, improve, or enhance the flow of qi “energy;”
  4. Improve mental acuity, instruction following, concentration, problem solving, multitasking, resource management, decision-making, pattern recognition or eye-hand coordination;
  5. Enhance learning capacity;
  6. Promote physical fitness (e.g., log, track, or trend exercise activity, measure aerobic fitness, develop or improve endurance, strength or coordination;
  7. Promote sleep management (e.g., track sleep trends);
  8. Promote self-esteem
  9. Address a specific body structure or function (e.g., increase or improve muscle size or body tone, enhance or improve sexual performance);
  10. Improve general mobility; and
  11. Enhance participation in recreational activities by monitoring the consequences (e.g., heart rate).

Some claims are categorized as "disease related." The new FDA guidelines list disease-related general wellness claims and how companies should reference those claims in product packaging and advertisements:

"A claim that a product will treat or diagnose obesity; a claim that a product will treat an eating disorder, such as anorexia; a claim that a product helps treat an anxiety disorder; a claim that a computer game will diagnose or treat autism; a claim that a product will treat muscle atrophy or erectile dysfunction; a claim to restore a structure or function impaired due to a disease or condition, e.g., a claim that a prosthetic device enables amputees to walk... disease-related general wellness claims should only be based on references where it is well understood that healthy lifestyle choices may reduce the risk or impact of a chronic disease or medical condition..."

Since the new FDA guidelines apply only to products categorized as "low risk," it is important to understand that definition:

"If the answer to any of the following questions is YES, the product is not low risk and is not covered by this guidance: 1) Is the product invasive? 2) Is the product implanted? 3) Does the product involve an intervention or technology that may pose a risk to the safety of users and other persons if specific regulatory controls are not applied, such as risks from lasers or radiation exposure? In assessing whether a product is low risk for purposes of this guidance, FDA recommends that you also consider whether CDRH actively regulates products of the same type as the product in question. For example, CDRH actively regulates external penile rigidity devices, which are devices intended to create or maintain sufficient penile rigidity for sexual intercourse, under 21 CFR 876.5020 as class II devices exempt from premarket notification with special controls..."

The guidelines listed examples of products that are low risk and those which are not. Products that are not low risk:

"Sunlamp products promoted for tanning purposes, due to risks to a user’s safety from the ultraviolet radiation, including, without limitation, an increased risk of skin cancer.

Implants promoted for improved self-image or enhanced sexual function. Implants pose risks to users such as rupture or adverse reaction to implant materials and risks associated with the implantation procedure.

A laser product that claims to improve confidence in user’s appearance by rejuvenating the skin. Although the claims of rejuvenating the skin and improving confidence in user’s appearance are general wellness claims, laser technology presents risks of skin and eye burns.

A neuro-stimulation product that claims to improve memory, due to the risks to a user’s safety from electrical stimulation.

A product that claims to enhance a user’s athletic performance by providing suggestions based on the results of relative lactic acid testing, when the product uses venipuncture to obtain the blood samples needed for testing. Such a product is not low risk because it is invasive (e.g., obtains blood samples by piercing the skin) and also because the product involves an intervention that may pose a risk to the safety of the user and other persons if specific regulatory controls are not applied (e.g., venipuncture may pose a risk of infection transmission)."

Companies and individuals can submit feedback to the FDA about these guidelines. See the guidelines document for instructions for submitting feedback. Fierce Healthcare reported:

"Epstein Becker Green health attorney Brad Thompson, who had previously commented to FierceHealthIT on the draft guidance, said in an email the final version "strikes the right balance between regulation and innovation... Over the intervening year and a half, I have talked to a lot of developers of wearable technologies and associated mobile apps and have used the draft guidance as a roadmap for how to assess FDA jurisdiction. I have found it to be extremely practical..."

A copy of the guidance document is also available here (Adobe PDF). What guidance or clarity does it provide for consumers? I guess not much regarding low risk apps and wearables. Consumers are on their own, so shop wisely and carefully. Whenever I read a document that describes itself as "nonbinding recommendations," that is worrisome.


Update: Tesla Engineers Say Crash Due To Brakes, Not Autopilot Feature

About the fatal crash in May of a Tesla Model S car operating beta-version software for its Autopilot feature, the company's engineering executives told the U.S. Senate during committee hearings that the vehicle's brakes were at fault. The New York Times reported:

"... Tesla told members of the Senate Commerce Committee staff on Thursday that the problem involved the car’s automatic braking system, said the staff member, who spoke on condition of anonymity. It was not clear how or why Tesla considers the automatic braking system to be separate from Autopilot, which combines automated steering, adaptive cruise control and other features meant to avoid accidents. Tesla declined to comment... The company told the committee staff that it considered the braking systems as “separate and distinct” from Autopilot, which manages the car’s steering, and can change lanes and adjust travel speed..."

Auto experts say that the Autopilot feature and brakes should work together. So, either the car didn't recognize that it had to stop, or it failed to stop when it should have. The Autopilot feature requires the driver to be ready to assist, if needed. The National Highway Traffic Safety Administration (NHTSA) is investigating the crash.

Consumer Reports, which has tested vehicles for decades, has called for automakers to not use people as "guinea pigs for vehicle safety beta programs."

While the fatal Tesla crash was tragic, it is also a reminder for consumers to:

  • Know the differences between full autonomous automation and features that assist drivers,
  • Know the limitations of automation features including road conditions that require driver intervention,
  • Know which features use beta-version software (which means they are unfinished and still being tested), and
  • Read all applicable polices (e.g., terms of service, privacy) before and after purchasing a vehicle to understand your responsibilities and liability. Certain features and road conditions require driver intervention.

Smart Wine Bottles

Does wine go stale in your home? If so, then Kuvée Wine has a solution for you. The solution uses Internet-connected or "smart" wine bottles that reportedly keep your wine fresh for up to 30 days. Each bottle holds 5 glasses or 750 ml of wine. Included wines are 2013 Schug Carneros Pinot Noir, 2013 BR Cohn Cabernet Sauvignon, 2014 Bonny Doon Vin Gris de Cigare, and 2014 Coppola Director's Chardonnay.

Residents in some states can pre-order wine now. Orders from California and Massachusetts residents start shipping in October. Orders from residents in New York, Washington, and Oregon start shipping in December. See the website for terms for other states. The price is $199.00, which includes the Kuvée smart wine bottle plus four bottles of wine.

Since everything is "smart" in today's world, I guess this was bound to happen. Is it a good deal? You can decide for yourself. I'm not a big wine drinker. Heck, I'm not a big drinker -- period. This entertaining video from The Verge provides a perspective about how the Kuvée smart wine bottle works:


Consumer Reports: Don't Use Consumers as 'Guinea Pigs For Vehicle Safety Beta Programs'

Consumer Reports logo The recent fatal crash involving a Tesla auto operating with the Autopilot feature has highlighted the issues with beta software in commercially-available vehicles. Consumer reports discussed the matter in a recent blog post:

"The company’s aggressive roll-out of self-driving technology—in what it calls a “beta-test”—is forcing safety agencies and automakers to reassess the basic relationship between human drivers and their increasingly sophisticated cars... Consumer Reports experts believe that these two messages — your vehicle can drive itself, but you may need to take over the controls at a moment’s notice—create potential for driver confusion. It also increases the possibility that drivers using Autopilot may not be engaged enough to to react quickly to emergency situations. Many automakers are introducing this type of semi-autonomous technology into their vehicles at a rapid pace, but Tesla has been uniquely aggressive in its deployment. It is the only manufacturer that allows drivers to take their hands off the wheel for significant periods of time..."

For decades, Consumer Reports has reviewed, tested and rated both new and used vehicles to help drivers make informed decisions about purchases and repairs. It also tests and rates a wide variety of household appliances, electronics, telecommunications services (e.g., phone, cable TV, broadband), music streaming services, social networking sites, prepaid cards, credit monitoring services, and more. Consumer Reports owned and tested three Tesla vehicles: 2013 Model S 85, 2014 Model S P85D, and 2016 Model X 90D.

Laura MacCleery, the vice president of consumer policy and mobilization for Consumer Reports, said:

"By marketing their feature as ‘Autopilot,’ Tesla gives consumers a false sense of security... In the long run, advanced active safety technologies in vehicles could make our roads safer. But today, we're deeply concerned that consumers are being sold a pile of promises about unproven technology. 'Autopilot' can't actually drive the car, yet it allows consumers to have their hands off the steering wheel for minutes at a time. Tesla should disable automatic steering in its cars until it updates the program to verify that the driver's hands are on the wheel... Consumers should never be guinea pigs for vehicle safety 'beta' programs...”

Consumer Reports provided four recommendation for Tesla and its Autopilot feature, which include renaming it, halting beta test programs, and reprogramming the feature to require drivers to keep their hands on the steering wheel.

I agree. Beta testing features with business software (e.g., spreadsheets, word processing, VPN connections, etc.) and general software are entirely different from vehicles where lives are directly at risk. What are your opinions?


Coming Soon: Autonomous Freighters On The Oceans

Technology races forward in several industries. The military uses remote-controlled drones, vendors use drones to inspect buildings, companies test driver-less cars, automakers introduce cars with more automation, and retailers pursue delivery drones. Add shipping to the list of industries.

Experts predict that robotic ships will sail the oceans by 2020. The Infinity Leap site reported:

"The concept of robotic ships was revealed by Rolls Royce back in 2014. According to reports, the Advanced Autonomous Waterborne Applications (AAWA) project guided by Rolls-Royce recently came up with a white paper which provides comprehensive details about the robotic ships or the autonomous vessels and the problems associated with them as far as their operation is concerned... the AAWA whitepaper is developed by Rolls-Royce with the support of partners like ESL Shipping, Finferries, Brighthouse Intelligence and the Tampere University of Technology. The AAWA whitepaper talks extensively about autonomous applications, and the issues related to the safety and certainty of designing and running the distantly controlled ships."

So, there's some new terminology to learn. Obviously, manned ships include on-board human crews that operate all ship's functions. There are subtle but important differences between automated, remote-controlled, and autonomous ships. The Maritime Unmanned Navigation through Intelligent Networks (MUNIN) website provides some helpful definitions and diagrams:

"The remote ship is where the tasks of operating the ship are performed via a remote control mechanism (e.g. by a shore based human operator), and

The automated ship is where advanced decision support systems on board undertake all the operational decisions independently without intervention of a human operator."

I found this diagram helpful with understanding the different types of robotic ships:

MUNIN. Types of robotic ships. Click to view larger version

So, the remote human operator could be on land, on board another ship, or on board an airplane. And, remote-controlled ships will use augmented reality displays. Again, from Infinity Leap:

"According to reports, Rolls-Royce has developed a unique new bridge called ‘oX’ or the Future Operator Experience Concept in collaboration with Finland’s VTT Technical Research Centre and Aalto University. It is learned that the bridge’s windows serve as augmented reality displays, which help in displaying necessary information and improve the visibility around the ship with the support of high-end cameras and sensors. That means the augmented reality windows help in displaying navigation tracks and give necessary warnings and information about the ships sailing nearby, ice and a whole lot of other invisible things."

The MUNIN site also provides a view of how decisions might be made by autonomous ships:

MUNIN. Decision making by autonomous ships. Click to view larger version

All of this makes one wonder how much of this automation the passenger cruise ship industry will adopt. It is a reminder of the importance of applying similar distinctions in types of automation to land-based commercial vehicles: delivery vans, school buses, inter-city buses, tractor-trailers, buses and trains in mass-transit systems, and construction equipment.

Would you want your children riding in autonomous school buses? How do you feel about riding in autonomous mass-transit buses or subways? Commuter trains?


NHTSA Investigates Fatal Crash Of Tesla Auto. Numerous Implications For Drivers

Several news sites reported that the fatal crash of a Tesla Motors model S car while operated in Autopilot mode. Tesla Motors released a statement about the incident:

"... NHTSA is opening a preliminary evaluation into the performance of Autopilot during a recent fatal crash that occurred in a Model S. This is the first known fatality in just over 130 million miles where Autopilot was activated. Among all vehicles in the US, there is a fatality every 94 million miles. Worldwide, there is a fatality approximately every 60 million miles... What we know is that the vehicle was on a divided highway with Autopilot engaged when a tractor trailer drove across the highway perpendicular to the Model S. Neither Autopilot nor the driver noticed the white side of the tractor trailer against a brightly lit sky, so the brake was not applied..."

Established in 1970, the National Highway Traffic Safety Administration (NHTSA) is responsible for ensuring safety standards and safety on the nation's highways. Tesla's statement also described its Autopilot feature:

"... Tesla disables Autopilot by default and requires explicit acknowledgement that the system is new technology and still in a public beta phase before it can be enabled. When drivers activate Autopilot, the acknowledgment box explains, among other things, that Autopilot “is an assist feature that requires you to keep your hands on the steering wheel at all times," and that "you need to maintain control and responsibility for your vehicle” while using it. Additionally, every time that Autopilot is engaged, the car reminds the driver to “Always keep your hands on the wheel. Be prepared to take over at any time.” The system also makes frequent checks to ensure that the driver's hands remain on the wheel and provides visual and audible alerts if hands-on is not detected. It then gradually slows down the car until hands-on is detected again."

The Tesla site provides a general description of the Autopilot feature:

"Autopilot allows Model S to steer within a lane, change lanes with the simple tap of a turn signal, and manage speed by using active, traffic-aware cruise control. Digital control of motors, brakes, and steering helps avoid collisions from the front and sides, and prevents the car from wandering off the road. Autopilot also enables your car to scan for a parking space and parallel park on command. And our new Summon feature lets you "call" your car from your phone so it can come greet you at the front door in the morning. Autopilot features are progressively enabled over time with software updates."

This fatal crash has broad implications. The New York Times reported:

"The crash also casts doubt on whether autonomous vehicles in general can consistently make split-second, life-or-death driving decisions on the highway. And other companies are increasing investments in self-driving technology. Google, for example, recently announced plans to adapt 100 Chrysler minivans for autonomous driving. Earlier this year, G.M. acquired the software firm Cruise Automation to accelerate its own self-driving applications. Even as the companies conduct many tests on autonomous vehicles at both private facilities and on public highways, there is skepticism that the technology has progressed far enough for the government to approve cars that totally drive themselves."

In 2013, NHTSA defined five levels of automation in vehicles:

"No-Automation (Level 0): The driver is in complete and sole control of the primary vehicle controls – brake, steering, throttle, and motive power – at all times.

Function-specific Automation (Level 1): Automation at this level involves one or more specific control functions. Examples include electronic stability control or pre-charged brakes, where the vehicle automatically assists with braking to enable the driver to regain control of the vehicle or stop faster than possible by acting alone.

Combined Function Automation (Level 2): This level involves automation of at least two primary control functions designed to work in unison to relieve the driver of control of those functions. An example of combined functions enabling a Level 2 system is adaptive cruise control in combination with lane centering.

Limited Self-Driving Automation (Level 3): Vehicles at this level of automation enable the driver to cede full control of all safety-critical functions under certain traffic or environmental conditions and in those conditions to rely heavily on the vehicle to monitor for changes in those conditions requiring transition back to driver control. The driver is expected to be available for occasional control, but with sufficiently comfortable transition time. The Google car is an example of limited self-driving automation.

Full Self-Driving Automation (Level 4): The vehicle is designed to perform all safety-critical driving functions and monitor roadway conditions for an entire trip. Such a design anticipates that the driver will provide destination or navigation input, but is not expected to be available for control at any time during the trip. This includes both occupied and unoccupied vehicles."

Today's vehicles offer several safety automation features to assist drivers: Automatic Crash Notification (ACN), Automatic Emergency Braking (AEB), Electronic Stability Control (ESC), Forward Collision Warning (FCW), Lane Departure Warning (LDW), Lane Keeping Support, and Pedestrian Crash Avoidance/Mitigation. There are huge differences between autonomous automation and assisted-driving features.

There are big differences between Tesla cars and Google's self-driving car. Earlier this year, NHTSA granted the software in Google's driver-less cars as "driver" status. According to the Washington Post:

"... the law will treat the car's software as the driver. "We agree with Google its [self-driving vehicle] will not have a 'driver' in the traditional sense that vehicles have had drivers during the last more than one hundred years," the letter reads: "If no human occupant of the vehicle can actually drive the vehicle, it is more reasonable to identify the "driver" as whatever (as opposed to whoever) is doing the driving." The decision by NHTSA marks a huge moment for Google and the rest of the auto industry as it races to build the first fully autonomous motor vehicle. While most other carmakers are building their vehicles with steering wheels, brake pedals and other machinery in mind, Google imagines that its robot car will have none of these things."

The fatal Tesla accident is truly tragic. It is also a reminder for consumers to:

  • Know the differences between full autonomous automation and features that assist drivers,
  • Know the limitations of automation features including road conditions that require driver intervention,
  • Know which features are beta version (which means they are unfinished and still being tested), and
  • Read all applicable polices (e.g., terms of service, privacy) before and after purchasing a vehicle to understand your responsibilities and liability. Certain features and road conditions require driver intervention.

The features in automated vehicles depend upon software, and beta version software indicates software still being tested. Wise Geek provides a definition:

"The beta version of a software release is considered to be a preview; though it may include many standard features, it is not yet ready for wide release or sale. During this phase, the developers collect feedback from users about the product's functionality, including what they like and what should be changed before its wide release. A beta version of a program can be either "closed," which is limited to a specific group of users, or "open," which is available to the general public. During this testing, developers might release numerous versions of a program, including improvements and bug fixes with each iteration."

So, the software may have bugs or errors in it that affect the feature's performance and/or interaction with other features. And, government regulators seem satisfied with this. Reuters reported:

"Hours before the crash became public knowledge on Thursday, U.S. National Transportation Safety Board Chairman Christopher Hart said driverless cars will not be perfect. "There will be fatal crashes, that's for sure," Hart told the audience at the National Press Club in Washington, but added that will not derail the move toward driverless cars, even if the vehicles are not ready.. Former NHTSA chief Joan Claybrook said in an interview the agency needs to set performance standards for electronic systems like Autopilot. "It's the like Wild West. The regulatory system is not being used," Claybrook said."

It seems wise for consumers to know before purchase: a) the specific limitations of features (and associated sensors) using beta version software; b) when software testing will be completed and a final version available; c) if price discounts are available for features being tested; and d) if the limitations require more driver attention or driver intervention during specific road and/or weather conditions.

Also, a 2014 survey found that half of Americans don't know what a privacy policy is. It is difficult to find statistics about the percentage of users that read terms of service policies (a//k/a terms and conditions). The best estimate I've found is from 2008: 10 percent of consumers read terms of service policies. Even if that percentage is now double, it's still abysmal.

Should drivers place a lot of trust in features using beta version software? Do you view current regulatory activity as acceptable? Comments?


Surveillance Capitalism: A Profitable Business Google And Microsoft Agree About

Google logo The Guardian reported a major shift at both Google and Microsoft. The tech giants have agreed not to sue each other and to focus upon competing in the marketplace:

"This is a gentleman’s agreement. The specifics are secret, but the message on both sides is that the deal reflects a change in management philosophy. Microsoft’s new chief Satya Nadella is eager to push the vision of a dynamic, collaborative Microsoft, partnering with everyone from Apple to Salesforce."

Microsoft logo Microsoft wants to operate in the marketplace that Google already operates in:

"... Microsoft today is facing a very different business ecosystem to the one it dominated in the 1990s. It needs to adapt... what Satya Nadella describes as “systems of intelligence”... cloud-enabled digital feedback loops. They rely on the continuous flow of data from people, places and things, connected to a web of activity. And they promise unprecedented power to reason, predict and gain insight..."

How this relates to "surveillance capitalism":

"For emeritus Harvard Business School professor Shoshana Zuboff, this gets to the core of the Google-Microsoft deal. Zuboff is a leading critic of what she calls “surveillance capitalism”, the monetization of free behavioral data acquired through surveillance and sold on to entities with an interest in your future behavior..."

Whether you call it -- "systems of intelligence" or "surveillance capitalism" -- it shouldn't be a surprise. There has been government surveillance for intelligence and security applications, and for political control. It is more than technologies such asn e-mail trackers, canvass fingerprinting, voice-activated interfaces, and target advertising (a/k/a behavioral advertising). It is more than companies collaborating with government. It is more than smart meters that automatically collect and transmit via wireless your water, gas, and electric utility consumption.

This latest news makes things a lot clearer how companies plan to use the combination of cloud computing services and Internet-of-Things devices installed in smart homes and public spaces.


Survey: U.S. Households Have More Connected Televisions Than Set-Top Boxes

A recent survey found that most households in the United States with televisions have them connected to the Internet. According to the Leichtman Research Group:

"... 65% of US TV households have at least one television set connected to the Internet via a video game system, a smart TV set, a Blu-ray player, and/or a stand-alone device (like Roku, Apple TV, Chromecast, or Amazon Fire TV) -- up from 44% in 2013, and 24% in 2010... 74% [of households] have more than one device... Overall, there are more connected TV devices in US households than there are pay-TV set-top boxes..."

The survey included 1,206 households. It also included the types of televisions:

"79% of all TV sets in US households are HDTVs -- an increase from 34% of all TV sets in 2010, and 3% in 2004..."

And, satisfaction:

"70% of all [households] with a connected TV agree that streaming services like Netflix are easy to access via connected TV devices... 20% with a pay-TV HD set-top box agree that set-top boxes from TV companies are a waste of money, while 44 percent disagree... 42% [of households] with a pay-TV HD set-top box agree that set-top boxes from TV companies provide features that add value to the TV service, while 16% disagree... 68% [of households] with 3 or more set-top boxes are very satisfied with their pay-TV provider, compared to 54% [for households] with 1-2 set-top boxes..."

The U.S. Federal Communications Commission (FCC) has proposed unlocking set-top boxes to encourage more innovation, competition, choices, and lower prices for consumers. That's welcome news for households dissatisfied with set-top boxes they are forced to purchase from cable-TV providers.


Boston Mayor Announced Verizon Partnership And Fiber High-Speed Internet Expansion Across City

Verizon logo During a Boston City Council meeting in October 2015, Verizon representatives firmly stated the company's disinterest in expanding its FiOS fiber-based high-speed Internet services throughout the city. That position resulted in a lack of broadband Internet competition, with Comcast often the only service available in teh city. (The FCC increased the minimum broadband speed, so DSL services no longer qualify.) I was pleasantly surprised when Boston Mayor Marty Walsh announced on Tuesday:

"... a new partnership with Verizon to make Boston one of the most technologically advanced cities in the country by replacing its copper-based infrastructure with a state-of-the-art fiber-optic network platform across the city. The new network will offer enormous bandwidth and speeds. Through an investment of more than $300 million from Verizon over six years, this change will bring increased competition and choice for broadband and entertainment services in Boston..."

This is welcome news. Other Internet Service Providers (ISPs) offer slower speeds and charge high prices for those slower speeds. This worldwide study found that municipal broadband networks provide consumers with the best value (e.g., highest speeds at the lowest prices via wired lines). Thankfully, Massachusetts is not one of the 19 states with laws that prevent local towns and cities from forming their own municipal broadband networks. Consumers everywhere need choice and more competition.

Verizon fiber broadband construction in Boston will start:

"... in Dorchester, West Roxbury and the Dudley Square neighborhood of Roxbury in 2016, followed by Hyde Park, Mattapan, and other areas of Roxbury and Jamaica Plain. The city has also agreed to provide an expedited permitting process to encourage this build... As a next step, the city will begin the cable television licensing process. Upon successful completion of the licensing process, Verizon expects to offer FiOS TV service in Boston... Verizon kicked off the new collaboration by presenting a $100,000 Digital Equity contribution to the city, which will be used to support a mobile hotspot lending program at the Boston Public Library."

The partnership will measure demand from residents and businesses, and prioritize construction, using the www.verizon.com/BostonFiber website. Residents and businesses should visit the site and vote (for free) to ensure that their neighborhood gets fiber broadband first.

The partnership also includes the installation of Internet-connected devices in public areas, which is one portion of the Internet-ofThings (ioT):

"... an innovative "Smart Cities" trial that will address traffic safety and congestion along the Massachusetts Avenue Vision Zero Priority Corridor. The city and Verizon will experiment with sensors and advanced traffic signal control technology to increase safety, measure bicycle traffic, improve public transit vehicle flow, and decrease congestion. Future "Smart Cities" applications will address other key services, including environmental sensors, energy efficiency, and city lighting management."

As the projects move forward, it will be interesting to learn about what data will be collected by ioT devices and data-sharing agreements. Details matter. Verizon also announced:

"This partnership will also improve wireless services in Boston by enabling Verizon to attach wireless equipment to city street lights and utility poles, helping residents get fast, reliable mobile service."

Fiber broadband availability is good news. I visited the Boston Fiber website and voted. The site asks for your full name, email, and mobile phone number to provide availability updates. The site confirmed that I live in the area the partnership considers Zone A: the first area to get Verizon FiOS.

With all of this good news, sadly it seems to already be two steps forward and one step backward. Verizon has failed to reach agreement with its workers' unions, who went on strike yesterday. CNN reported:

"Most of the striking workers service the company's landline phone business and FiOS broadband network -- not the much larger Verizon Wireless network. They have gone without a contract since August, and their union, the Communication Workers of America, says it is fighting to get Verizon to come to the table with a better offer. The union's list of complaints is a long one: Verizon has outsourced 5,000 jobs to workers in Mexico, the Philippines and the Dominican Republic. Verizon is hiring more low-wage, non-union contractors... The union also claims Verizon won't negotiate with people who work in Verizon stores and is closing call centers. And Verizon is asking workers to work out of state, away from their homes, for months at a time. Meanwhile, the union says Verizon is cutting costs as its profits have soared."

I am sure that many residents and businesses want to order Verizon FiOS fiber broadband, and have it installed by fully trained and experienced technicians, not hastily gathered replacements.

After I voted, the Verizon website presented the image below with relative vote counts for Boston fiber:

Verizon FiOS fiber broadband Internet for Boston. Relative vote counts by neighborhoods. Click to view larger image