62 posts categorized "Internet of Things" Feed

Connected Cars: 4 Tips For Drivers To Stay Safe Online

With the increasing dominance of the Internet of Things (IoT), connected cars are becoming more ubiquitous than ever. We’ve long heard warnings from the media about staying safe online, but few consumers consider data hacks and other security compromises while driving a car connected to the internet.

According to the inforgraphic below from Arxan, an app protection company, 75 percent of all cars shipped globally will have internet connectivity by 2020, and current connected cars have more than 100 million lines of code. Connected features are designed to improve safety, fuel efficiency, and overall convenience. These features range from Bluetooth, WiFi, cellular network connections, keyless entry systems, to deeper “cyberphysical” features like automated braking, and parking and lane assist.

More Features Means More Vulnerability
However, with this increasing connectivity comes risks from malicious hacking. Today, connected cars have many attack points malicious hackers can exploit, including the OBD2 port used to connect third-party devices, and the software running on infotainment systems.

According to Arxan, some of the more vulnerable attack points are mobile apps that unlock vehicles and start a vehicle remotely, diagnostic devices, and insurance dongles, including the ones insurance companies give to monitor and reward safe drivers. These plug into the OBD2 port, but hackers could essentially access any embedded system in the car after lifting cryptographic keys, as the Arxan page on application protection for connected cars describes.

Vulnerabilities are usually demonstrated in conferences like Black Hat. Example: in 2010, researchers at the University of Washington and the University of California San Diego hacked a car that had a variety of wireless capabilities. The vulnerable attack points they targeted included its Bluetooth, the cellular radio, an Android app on the owner’s phone that was connected to the car’s network, and an audio file burned onto a CD in the car’s stereo. In 2013, hackers Charlie Miller and Chris Valasek hijacked the steering and brake systems of both a Ford Escape and Toyota Prius with only their laptops.

How To Protect Yourself
According to the FBI and Department of Transportation in a public service announcement, it’s crucial that consumers following the following recommendations to best protect themselves:

  1. Keep your vehicle’s software up to date
  2. Stay aware of recalls that require manual security patches to your car’s code
  3. Avoid unauthorized changes to your car’s software
  4. Use caution when plugging insecure devices into the car’s ports and network

With the latest remote hack of a Tesla Model S, it seems that the response time between finding out about a breach and issuing a patch to correct it is thankfully getting shorter. As more automakers become tech-oriented like Tesla, they will also need to cooperate with OEMs to make sure the operating-system software in their vehicles is designed securely. It seems, this will take time, coordination with vendors, and money to bring these operations in house.

Arxan connected vehicles infographic

What do you do to protect your Internet-connected vehicle? What security tools and features would you prefer automakers and security vendors provide?


Study: Almost 40 Percent of U.S. Smartphone Owners Use Voice Recognition

According to a recent study by Parks Associations, a market research and consulting company, 39 percent of smartphone owners in the United States use some form of voice recognition (e.g., Siri, Google Now). The usage is higher (more than 50 percent) for iPhone owners compared to Android owners (less than 33 percent). Harry Wang, Director of Health & Mobile Product Research at Parks Associations said:

“Smartphone penetration has reached 86% of U.S. broadband households, so it is a mature market, with users, particularly younger consumers and iOS users, exploring more intelligent features and interfaces, including voice control... The growing consumer interest in voice control features is driving this technology into new IoT areas... Following Apple’s lead with Siri, other brands have created ‘personalities’ for their voice-control solutions, like Alexa for Amazon Echo and Cortana for Windows Phones."

Usage is higher among younger persons. 48 percent of smartphone users ages 18-24, use voice recognition software, usage of the “Siri” voice recognition software increased from 40 to 52 percent between 2013 and 2015. In total, about 15 percent of all U.S. broadband households use Siri.

About 70 percent of smartphone owners who use voice recognition are satisfied. 38 percent said they are very satisfied, and 9 percent said they are not satisfied.

Additional findings about U.S. smartphone users:

  • More than 70 percent watch short streaming video clips, and more than 40 percent watch long streaming videos.
  • 36 percent use WiFi calling.
  • 26 percent use a payment app for purchases at retail stores, and
  • 24 percent stream video from their phones to a second screen (e.g., TV, PC).

Learn more in the "360 View: Mobility and the App Economy" report, or the press release, by Parks Associates.


Potential Security Issues Regarding the Internet of Things

Header potential IoT device security issues

[Editor's Note: today's blog post is by guest author Cassie Phillips, a technology blogger who developed a special interest in cybersecurity after her webcam was hacked. While she’s interested to see how the Internet of Things changes how we use technology, she is very concerned about all the risks it poses.]

By Cassie Phillips

Many people and organizations have raised concerns about the potential risks related to the Internet of Things (IoT). It turns out that they were right to be concerned. Last month the France-based hosting provider, OVH, fell victim to an enormous distributed denial-of-service (DDoS) attack on the Minecraft servers that OVH was hosting.

DDoS attacks are attempts to make a resource (usually a website) inaccessible to its users through an inundation of requests, aiming to overburden the system. In the past, DDoS attacks were carried out by computers, with or without their owner’s consent. Hot Hardware reported:

“OVH was the victim of a wide-scale DDoS attack that was carried via a network of over 152,000 IoT devices… Of those IoT devices participating in the DDoS attack, they were primarily comprised of CCTV cameras and DVRs.”

Before the attack on OVH, there was another DDoS attack on prominent internet security researcher Brian Krebs’ website. This attack was also carried out by IoT devices. Akamai Technologies Inc., a provider of security services worldwide for major companies, cut ties with Mr. Krebs because the DDoS attack on Krebs’ website was enormous. Josh Shaul, Akamai’s vice president, said it was the worst DDoS attack the company had ever seen.

These broad attacks prove that the IoT does pose a significant security risk. And DDoS attacks are by no means the only security risks that the IoT presents. Let’s look at what the IoT is, the risks it presents and, most importantly, how to ensure that any IoT devices you use are secure.

What Is the Internet of Things?
The IoT is the idea that any device can be designed to be able to connect to the internet and other devices. These devices include mobile phones, washing machines, refrigerators, coffee makers, televisions, home thermostats, motion sensors, headphones, Barbie dolls and baby monitors. There is no limit except the imagination.

There are even buildings, cars, and health-related implants (such as pacemakers) that can connect to the internet and to each other. All of these devices can exchange information and collect data, creating a huge pool of information and an enormous network.

What Risks Does the Internet of Things Pose?
As mentioned above, the IoT poses a few risks and concerns. There are four key risks associated with the IoT, with the first being reliability. IoT devices are not necessarily reliable. While this may not be a crisis if the device in question is a refrigerator, it is deadly if devices such as cars fail or are hacked.

The second major risk related to the IoT is privacy. Each device in a network of the IoT can collect and share data. As consumers, we don’t always know who gets this data and what it is used for. The data will almost certainly be used to track consumers’ behavior, allowing companies to target each consumer with tailor-made advertising. While this data probably won’t always be used for nefarious purposes, it can be used in a way that violates our right to privacy. According to Buzzfeed:

“ "We were sleeping in bed, and basically heard some music coming from the nursery, but then when we went into the room the music turned off,” said the anonymous mother. They tracked the IP address that had accessed their camera and discovered a website with “thousands and thousands of pictures of cameras just like their own.” Anyone could use the site to access hacked cameras and monitors located in at least 15 different countries."

This leads to the third major risk associated with the IoT, namely security. Again, each of the IoT devices collects and transmits data. If these devices are hacked, criminals will have access to vast amounts of consumers' private information. Depending on the device, criminals can learn our routines, find out what valuables we keep in our homes, gain access to information about any security measures we use, and even collect sensitive information such as financial payment information.

Another security risk is the potential for hacking medical devices and implants. According to a report by research and advisory firm, Forrester, ransomware in medical devices is the single biggest cybersecurity threat for this year. Security researchers have already managed to hack into hospitals’ networks, pacemakers and other medical devices. This will put people’s lives at risk.

The potential for cyberattacks is the fourth major risk associated with the IoT. Because all these devices are connected, they have the potential to spread malware across homes and entire companies. However, the greatest risk lies in criminals’ ability to use our IoT devices in massive cyberattacks, such as the DDoS attack on OVH. Widespread vulnerabilities are only a few missteps away, and that is a seriously concerning fact.

How to Protect Yourself When Using IoT Devices
Given the risks listed above, it’s vital that consumers learn to protect our devices, our homes, and ourselves. The following actions are all essential to your security when using IoT devices:

  • Carefully consider how much connectivity you need in your home and life. Then try to avoid any devices that unnecessarily connect to the internet. After all, you can always opt for a coffeemaker with a timer instead of one that connects to a mobile app on your phone.
  • If you do decide to buy an IoT device, be sure to find one with the best security features possible.
  • Read all the terms and conditions and privacy policies for any IoT device you intend to purchase. This will help you understand what data the device collects and what it does with the data.
  • When you buy an IoT device, change its default password immediately. This also applies to any IoT devices that you already own. Be sure to use strong passwords and manage them effectively.
  • Always keep the software on IoT devices up to date. Updates often contain essential bug fixes and security patches.
  • If your IoT device supports security software, install it. Don’t forget that your mobile phone and tablet count as IoT devices!
  • Use a reputable Virtual Private Network, such as one recommended by Secure Thoughts.
  • If your IoT device allows it, use encryption technology.
  • Switch off and unplug any IoT devices when you are not using them.
  • If your IoT device uses location data unnecessarily, turn it off if possible.
  • If your IoT device has a camera or monitor that you don’t think it needs, block the lens.

Conclusion
While it would be best if security features were built into the design of IoT devices, that’s not always the case. So it’s crucial that you implement the security ideas discussed above. Hopefully, we’ll start seeing a move toward creating an international standard for all IoT devices in the future.

Have you had any bad experiences with IoT devices? How do you think the technology is progressing? Share your thoughts in the comments section below.


German Regulators Ask Tesla To Stop Advertising 'Autopilot' Term

Government regulators have asked the automaker Tesla to stop using the term "autopilot" for its driver-assist feature. Deutsche Welle (DW) reported that a letter:

"... published in the newspaper "Bild am Sonntag," called on Tesla to take urgent action "in order to prevent misunderstandings and false expectations from clients." The KBA transport regulator said the term "autopilot" was misleading, and called for it to be removed in future advertisements for Tesla products. The self-driving feature has been available on the California-based automaker's Model S since October 2015."

The Autopilot feature manages the car's speed, steers within a lane, changes lanes (when the driver taps a turn signal), scan for a parking space, and parallel parks on command. Officials in Germany are still conducting an investigation into the car's capabilities.

After the fatal crash in May of a Tesla Model S car operating beta-version software for its Autopilot feature, Tesla engineers said in August the problem was with the car's brakes and not its Autopilot feature.

DW also reported:

"... the German transport regulator wrote to Tesla owners warning them that the autopilot function was purely to assist the driver and did not turn the car into a highly-automated vehicle. The feature still required the driver's unrestricted attention at all times, the letter said. Under German road traffic regulations, the driver is required to remain alert and in control of the vehicle at all times when using the system, the letter added."

The Los Angeles Times reported:

"Tesla Chief Executive Elon Musk has repeatedly said he’s sticking with the name, and the company responded to the German report as it does every time the subject comes up: The term “autopilot” has a long history in aerospace, where human pilots and autopilot systems work together to fly a plane."


Report: Consumer Usage of Video Streaming Services in The US

New research revealed that 16% of the "viewing population" have multiple subscription video-on-demand (SVOD) services in their homes. That's up from 10% three years ago. Consumer market research firm Gfk studied consumers in the United States, and also found that almost half (49%) of the "viewing population" subscribes to at least one SVOD service, 17% have both Netflix and Amazon Prime, 9% have Netflix and Hulu Plus, and 5% have all three of the major services.

The “viewing population” includes consumers who watch video at least once per week via any format: regular TV, streaming, or otherwise. According to Gfk, this is 95 percent of the total number of people 13 to 64 US years of age. Gfk also found that consumers:

"... who pay for combinations of Netflix, Amazon Prime, Hulu, and other subscription streaming services – are more likely to have kids under 18 in their homes (50%, versus an average of 41% among all weekly viewers of any type). “Self-bundlers” also have higher mean incomes than average weekly viewers – at $90,000 per year versus $76,000 – but are less likely to subscribe to traditional pay TV services.."

GfK interviewed 1,054 consumers in the United States for its “Over-the-Top TV 2016: A Complete Video Landscape” report. In related studies during the past year, Gfk found:

Below is an infographic from Gfk's "Over the Top TV 2016" report with additional information:

Infographic from Gfk Over the Top TV 2016 report. Click to view larger version


Proposed Legislation in Michigan For Driverless Cars

The Stanford Center For Internet & Society (CIS) analyzed several draft driverless-car bills under consideration by legislators in Michigan. The analysis highlighted the issues and inconsistencies by the proposed legislation. First, the good news. While SB 995 repeals existing laws that ban driverless cars, it:

"... would return Michigan law to flexible ambiguity on the question of the legality of automated driving in general. The bill probably goes even further by expressly authorizing automated driving: It provides that "[a]n automated motor vehicle may be operated on a street or highway on this state," and the summary of the bill as reported from committee similarly concludes that SB 995 would "[a]llow an automated motor vehicle to be operated on a street or highway in Michigan." (This provision is somewhat confusing because it would be added to an existing statutory section that currently addresses only research and testing and because it would seem to subvert many restrictions on research tests and "on-demand automated motor vehicle networks.") Regardless, this bill would also exempt groups of closely spaced and tightly coordinated vehicles from certain following-distance requirements that are incompatible with platooning."

Platooning is a method for several driverless vehicles to operate together on highways with less space in between, than otherwise. Advocates claim this maximizes the capacity of highways. What does this mean for safety? Do consumers want platooning? Can drivers opt out? If platooning is allowed, then the driverless vehicle you ultimately buy must be outfitted with that software feature.

The drawbacks of the draft legislation:

"... The currently proposed language could mean that automated driving is lawful only in the context of research and development and "on-demand motor vehicle networks." Or it could mean that automated driving is lawful generally and that these networks are subject to more restrictive requirements. It could mean that any company could run a driverless taxi service, including motor vehicle manufacturers that might otherwise face unrelated and unspecified legal impediments. Or it could mean that a company seeking to run a driverless taxi service must partner with a motor vehicle manufacturer -- or that such a company must at least purchase production vehicles, the modification of which might then be restricted by SB 927 and 928 (see below). It could also mean that municipalities could regulate and tax only those driverless taxi services that do not involve a manufacturer..."

And:

"... SB 995 and 996 understandably struggle to reconcile an existing vehicle code with automated driving. Under existing Michigan law, a "driver" is "every person who drives or is in actual physical control of a vehicle," an "operator" is "a person, other than a chauffeur, who "[o]perates" either "a motor vehicle" or "an automated motor vehicle," and "operate" means either "[b]eing in actual physical control of a vehicle" or "[c]ausing an automated motor vehicle to move under its own power in automatic mode," which "includes engaging the automated technology of that automated motor vehicle for that purpose." The new bills would not change this language, but they would further complicate these concepts in several ways..."

I encourage you to read the long list of complications in the CIS analysis. Another key issue:

"Consider the provision that "an automated driving system ... shall be considered the driver or operator ... for purposes of determining conformance to any applicable traffic or motor vehicle laws." This provision says nothing about who or what the driver is for purposes of determining liability for a violation of those laws, particularly when there is no crash. SB 996 does provide that "a motor vehicle manufacturer shall assume liability for each incident in which the automated driving system is at fault," subject to the state's existing insurance code..."

The proposed legislation is important for several reasons. Besides platooning and the list of complications, it decides: a) which types of companies can operate driverless-car networks, b) who is liable and under what conditions, and c) who can repair driverless cars. All items affect consumers rights. A narrow definition of "A" (e.g., only automakers) would mean fewer competitors, and probably higher prices due to a lack of competition. Similarly, a narrow definition of "C" could mean fewer options and choices for consumers, with higher repair prices. Liability must be clear for instances when a driverless vehicle violates road laws; and especially when there is a crash and/or fatality.

Consistency and clarity matter, too. The final legislation and definitions also should be forward-thinking. It's not just driverless vehicles but also remotely-operated vehicles. Companies want remotely-operated ships on the oceans, and remotely-operated trucks are already used off-road for mining purposes. It seems wise to anticipate that off-road use will probably migrate to roads and highways.

Clearly, the proposed legislation in Michigan is not ready yet for prime time. This topic definitely bears monitoring.


FDA Releases Guidelines For Apps And Wearables For Fitness And Health

The U.S. Food and Drug Administration (FDA) released guidelines about mobile apps and wearable devices for health and fitness (Adobe PDF). The guidelines document stated that it is for clarity for industry and FDA staff, and include "nonbinding recommendations." The federal agency will not regulate mobile apps and wearables that promote general wellness or a healthy lifestyle, and are classified as "low risk." The guidelines do not apply to products (e.g., drugs, biologics, dietary supplements, foods, or cosmetics) regulated by other FDA Centers or to combination products.

The FDA's Center For Devices and Radiological Health (CDRH) defines general wellness products as:

"... products that meet the following two factors: (1) are intended for only general wellness use, as defined in this guidance, and (2) present a low risk to the safety of users and other persons. General wellness products may include exercise equipment, audio recordings, video games, software programs4 and other products that are commonly, though not exclusively, available from retail establishments (including online retailers and distributors that offer software to be directly downloaded), when consistent with the two factors above."

The guidelines provide further definitions:

"A general wellness product, for the purposes of this guidance, has (1) an intended use that relates to maintaining or encouraging a general state of health or a healthy activity, or (2) an intended use that relates the role of healthy lifestyle with helping to reduce the risk or impact of certain chronic diseases or conditions and where it is well understood and accepted that healthy lifestyle choices may play an important role in health outcomes for the disease or condition. If the product’s intended uses are not limited to the above general wellness intended uses, this guidance does not apply."

The guidelines provide a list of general wellness health outcomes: weight management, physical fitness (including recreational uses), relaxation or stress management, mental acuity, self-esteem, sleep management, and sexual function.

Typically, regulation is used to ensure that products actually do what their manufacturers and developers claim to do. The guidelines specified which claims are general wellness (e.g., the FDA will not regulate) and which claims are not (e.g., the FDA will continue to regulate). General wellness claims include claims to:

  1. Promote or maintain a healthy weight, encourage healthy eating, or assist
    with weight loss goals;
  2. Promote relaxation or manage stress;
  3. Increase, improve, or enhance the flow of qi “energy;”
  4. Improve mental acuity, instruction following, concentration, problem solving, multitasking, resource management, decision-making, pattern recognition or eye-hand coordination;
  5. Enhance learning capacity;
  6. Promote physical fitness (e.g., log, track, or trend exercise activity, measure aerobic fitness, develop or improve endurance, strength or coordination;
  7. Promote sleep management (e.g., track sleep trends);
  8. Promote self-esteem
  9. Address a specific body structure or function (e.g., increase or improve muscle size or body tone, enhance or improve sexual performance);
  10. Improve general mobility; and
  11. Enhance participation in recreational activities by monitoring the consequences (e.g., heart rate).

Some claims are categorized as "disease related." The new FDA guidelines list disease-related general wellness claims and how companies should reference those claims in product packaging and advertisements:

"A claim that a product will treat or diagnose obesity; a claim that a product will treat an eating disorder, such as anorexia; a claim that a product helps treat an anxiety disorder; a claim that a computer game will diagnose or treat autism; a claim that a product will treat muscle atrophy or erectile dysfunction; a claim to restore a structure or function impaired due to a disease or condition, e.g., a claim that a prosthetic device enables amputees to walk... disease-related general wellness claims should only be based on references where it is well understood that healthy lifestyle choices may reduce the risk or impact of a chronic disease or medical condition..."

Since the new FDA guidelines apply only to products categorized as "low risk," it is important to understand that definition:

"If the answer to any of the following questions is YES, the product is not low risk and is not covered by this guidance: 1) Is the product invasive? 2) Is the product implanted? 3) Does the product involve an intervention or technology that may pose a risk to the safety of users and other persons if specific regulatory controls are not applied, such as risks from lasers or radiation exposure? In assessing whether a product is low risk for purposes of this guidance, FDA recommends that you also consider whether CDRH actively regulates products of the same type as the product in question. For example, CDRH actively regulates external penile rigidity devices, which are devices intended to create or maintain sufficient penile rigidity for sexual intercourse, under 21 CFR 876.5020 as class II devices exempt from premarket notification with special controls..."

The guidelines listed examples of products that are low risk and those which are not. Products that are not low risk:

"Sunlamp products promoted for tanning purposes, due to risks to a user’s safety from the ultraviolet radiation, including, without limitation, an increased risk of skin cancer.

Implants promoted for improved self-image or enhanced sexual function. Implants pose risks to users such as rupture or adverse reaction to implant materials and risks associated with the implantation procedure.

A laser product that claims to improve confidence in user’s appearance by rejuvenating the skin. Although the claims of rejuvenating the skin and improving confidence in user’s appearance are general wellness claims, laser technology presents risks of skin and eye burns.

A neuro-stimulation product that claims to improve memory, due to the risks to a user’s safety from electrical stimulation.

A product that claims to enhance a user’s athletic performance by providing suggestions based on the results of relative lactic acid testing, when the product uses venipuncture to obtain the blood samples needed for testing. Such a product is not low risk because it is invasive (e.g., obtains blood samples by piercing the skin) and also because the product involves an intervention that may pose a risk to the safety of the user and other persons if specific regulatory controls are not applied (e.g., venipuncture may pose a risk of infection transmission)."

Companies and individuals can submit feedback to the FDA about these guidelines. See the guidelines document for instructions for submitting feedback. Fierce Healthcare reported:

"Epstein Becker Green health attorney Brad Thompson, who had previously commented to FierceHealthIT on the draft guidance, said in an email the final version "strikes the right balance between regulation and innovation... Over the intervening year and a half, I have talked to a lot of developers of wearable technologies and associated mobile apps and have used the draft guidance as a roadmap for how to assess FDA jurisdiction. I have found it to be extremely practical..."

A copy of the guidance document is also available here (Adobe PDF). What guidance or clarity does it provide for consumers? I guess not much regarding low risk apps and wearables. Consumers are on their own, so shop wisely and carefully. Whenever I read a document that describes itself as "nonbinding recommendations," that is worrisome.


Update: Tesla Engineers Say Crash Due To Brakes, Not Autopilot Feature

About the fatal crash in May of a Tesla Model S car operating beta-version software for its Autopilot feature, the company's engineering executives told the U.S. Senate during committee hearings that the vehicle's brakes were at fault. The New York Times reported:

"... Tesla told members of the Senate Commerce Committee staff on Thursday that the problem involved the car’s automatic braking system, said the staff member, who spoke on condition of anonymity. It was not clear how or why Tesla considers the automatic braking system to be separate from Autopilot, which combines automated steering, adaptive cruise control and other features meant to avoid accidents. Tesla declined to comment... The company told the committee staff that it considered the braking systems as “separate and distinct” from Autopilot, which manages the car’s steering, and can change lanes and adjust travel speed..."

Auto experts say that the Autopilot feature and brakes should work together. So, either the car didn't recognize that it had to stop, or it failed to stop when it should have. The Autopilot feature requires the driver to be ready to assist, if needed. The National Highway Traffic Safety Administration (NHTSA) is investigating the crash.

Consumer Reports, which has tested vehicles for decades, has called for automakers to not use people as "guinea pigs for vehicle safety beta programs."

While the fatal Tesla crash was tragic, it is also a reminder for consumers to:

  • Know the differences between full autonomous automation and features that assist drivers,
  • Know the limitations of automation features including road conditions that require driver intervention,
  • Know which features use beta-version software (which means they are unfinished and still being tested), and
  • Read all applicable polices (e.g., terms of service, privacy) before and after purchasing a vehicle to understand your responsibilities and liability. Certain features and road conditions require driver intervention.

Smart Wine Bottles

Does wine go stale in your home? If so, then Kuvée Wine has a solution for you. The solution uses Internet-connected or "smart" wine bottles that reportedly keep your wine fresh for up to 30 days. Each bottle holds 5 glasses or 750 ml of wine. Included wines are 2013 Schug Carneros Pinot Noir, 2013 BR Cohn Cabernet Sauvignon, 2014 Bonny Doon Vin Gris de Cigare, and 2014 Coppola Director's Chardonnay.

Residents in some states can pre-order wine now. Orders from California and Massachusetts residents start shipping in October. Orders from residents in New York, Washington, and Oregon start shipping in December. See the website for terms for other states. The price is $199.00, which includes the Kuvée smart wine bottle plus four bottles of wine.

Since everything is "smart" in today's world, I guess this was bound to happen. Is it a good deal? You can decide for yourself. I'm not a big wine drinker. Heck, I'm not a big drinker -- period. This entertaining video from The Verge provides a perspective about how the Kuvée smart wine bottle works:


Consumer Reports: Don't Use Consumers as 'Guinea Pigs For Vehicle Safety Beta Programs'

Consumer Reports logo The recent fatal crash involving a Tesla auto operating with the Autopilot feature has highlighted the issues with beta software in commercially-available vehicles. Consumer reports discussed the matter in a recent blog post:

"The company’s aggressive roll-out of self-driving technology—in what it calls a “beta-test”—is forcing safety agencies and automakers to reassess the basic relationship between human drivers and their increasingly sophisticated cars... Consumer Reports experts believe that these two messages — your vehicle can drive itself, but you may need to take over the controls at a moment’s notice—create potential for driver confusion. It also increases the possibility that drivers using Autopilot may not be engaged enough to to react quickly to emergency situations. Many automakers are introducing this type of semi-autonomous technology into their vehicles at a rapid pace, but Tesla has been uniquely aggressive in its deployment. It is the only manufacturer that allows drivers to take their hands off the wheel for significant periods of time..."

For decades, Consumer Reports has reviewed, tested and rated both new and used vehicles to help drivers make informed decisions about purchases and repairs. It also tests and rates a wide variety of household appliances, electronics, telecommunications services (e.g., phone, cable TV, broadband), music streaming services, social networking sites, prepaid cards, credit monitoring services, and more. Consumer Reports owned and tested three Tesla vehicles: 2013 Model S 85, 2014 Model S P85D, and 2016 Model X 90D.

Laura MacCleery, the vice president of consumer policy and mobilization for Consumer Reports, said:

"By marketing their feature as ‘Autopilot,’ Tesla gives consumers a false sense of security... In the long run, advanced active safety technologies in vehicles could make our roads safer. But today, we're deeply concerned that consumers are being sold a pile of promises about unproven technology. 'Autopilot' can't actually drive the car, yet it allows consumers to have their hands off the steering wheel for minutes at a time. Tesla should disable automatic steering in its cars until it updates the program to verify that the driver's hands are on the wheel... Consumers should never be guinea pigs for vehicle safety 'beta' programs...”

Consumer Reports provided four recommendation for Tesla and its Autopilot feature, which include renaming it, halting beta test programs, and reprogramming the feature to require drivers to keep their hands on the steering wheel.

I agree. Beta testing features with business software (e.g., spreadsheets, word processing, VPN connections, etc.) and general software are entirely different from vehicles where lives are directly at risk. What are your opinions?


Coming Soon: Autonomous Freighters On The Oceans

Technology races forward in several industries. The military uses remote-controlled drones, vendors use drones to inspect buildings, companies test driver-less cars, automakers introduce cars with more automation, and retailers pursue delivery drones. Add shipping to the list of industries.

Experts predict that robotic ships will sail the oceans by 2020. The Infinity Leap site reported:

"The concept of robotic ships was revealed by Rolls Royce back in 2014. According to reports, the Advanced Autonomous Waterborne Applications (AAWA) project guided by Rolls-Royce recently came up with a white paper which provides comprehensive details about the robotic ships or the autonomous vessels and the problems associated with them as far as their operation is concerned... the AAWA whitepaper is developed by Rolls-Royce with the support of partners like ESL Shipping, Finferries, Brighthouse Intelligence and the Tampere University of Technology. The AAWA whitepaper talks extensively about autonomous applications, and the issues related to the safety and certainty of designing and running the distantly controlled ships."

So, there's some new terminology to learn. Obviously, manned ships include on-board human crews that operate all ship's functions. There are subtle but important differences between automated, remote-controlled, and autonomous ships. The Maritime Unmanned Navigation through Intelligent Networks (MUNIN) website provides some helpful definitions and diagrams:

"The remote ship is where the tasks of operating the ship are performed via a remote control mechanism (e.g. by a shore based human operator), and

The automated ship is where advanced decision support systems on board undertake all the operational decisions independently without intervention of a human operator."

I found this diagram helpful with understanding the different types of robotic ships:

MUNIN. Types of robotic ships. Click to view larger version

So, the remote human operator could be on land, on board another ship, or on board an airplane. And, remote-controlled ships will use augmented reality displays. Again, from Infinity Leap:

"According to reports, Rolls-Royce has developed a unique new bridge called ‘oX’ or the Future Operator Experience Concept in collaboration with Finland’s VTT Technical Research Centre and Aalto University. It is learned that the bridge’s windows serve as augmented reality displays, which help in displaying necessary information and improve the visibility around the ship with the support of high-end cameras and sensors. That means the augmented reality windows help in displaying navigation tracks and give necessary warnings and information about the ships sailing nearby, ice and a whole lot of other invisible things."

The MUNIN site also provides a view of how decisions might be made by autonomous ships:

MUNIN. Decision making by autonomous ships. Click to view larger version

All of this makes one wonder how much of this automation the passenger cruise ship industry will adopt. It is a reminder of the importance of applying similar distinctions in types of automation to land-based commercial vehicles: delivery vans, school buses, inter-city buses, tractor-trailers, buses and trains in mass-transit systems, and construction equipment.

Would you want your children riding in autonomous school buses? How do you feel about riding in autonomous mass-transit buses or subways? Commuter trains?


NHTSA Investigates Fatal Crash Of Tesla Auto. Numerous Implications For Drivers

Several news sites reported that the fatal crash of a Tesla Motors model S car while operated in Autopilot mode. Tesla Motors released a statement about the incident:

"... NHTSA is opening a preliminary evaluation into the performance of Autopilot during a recent fatal crash that occurred in a Model S. This is the first known fatality in just over 130 million miles where Autopilot was activated. Among all vehicles in the US, there is a fatality every 94 million miles. Worldwide, there is a fatality approximately every 60 million miles... What we know is that the vehicle was on a divided highway with Autopilot engaged when a tractor trailer drove across the highway perpendicular to the Model S. Neither Autopilot nor the driver noticed the white side of the tractor trailer against a brightly lit sky, so the brake was not applied..."

Established in 1970, the National Highway Traffic Safety Administration (NHTSA) is responsible for ensuring safety standards and safety on the nation's highways. Tesla's statement also described its Autopilot feature:

"... Tesla disables Autopilot by default and requires explicit acknowledgement that the system is new technology and still in a public beta phase before it can be enabled. When drivers activate Autopilot, the acknowledgment box explains, among other things, that Autopilot “is an assist feature that requires you to keep your hands on the steering wheel at all times," and that "you need to maintain control and responsibility for your vehicle” while using it. Additionally, every time that Autopilot is engaged, the car reminds the driver to “Always keep your hands on the wheel. Be prepared to take over at any time.” The system also makes frequent checks to ensure that the driver's hands remain on the wheel and provides visual and audible alerts if hands-on is not detected. It then gradually slows down the car until hands-on is detected again."

The Tesla site provides a general description of the Autopilot feature:

"Autopilot allows Model S to steer within a lane, change lanes with the simple tap of a turn signal, and manage speed by using active, traffic-aware cruise control. Digital control of motors, brakes, and steering helps avoid collisions from the front and sides, and prevents the car from wandering off the road. Autopilot also enables your car to scan for a parking space and parallel park on command. And our new Summon feature lets you "call" your car from your phone so it can come greet you at the front door in the morning. Autopilot features are progressively enabled over time with software updates."

This fatal crash has broad implications. The New York Times reported:

"The crash also casts doubt on whether autonomous vehicles in general can consistently make split-second, life-or-death driving decisions on the highway. And other companies are increasing investments in self-driving technology. Google, for example, recently announced plans to adapt 100 Chrysler minivans for autonomous driving. Earlier this year, G.M. acquired the software firm Cruise Automation to accelerate its own self-driving applications. Even as the companies conduct many tests on autonomous vehicles at both private facilities and on public highways, there is skepticism that the technology has progressed far enough for the government to approve cars that totally drive themselves."

In 2013, NHTSA defined five levels of automation in vehicles:

"No-Automation (Level 0): The driver is in complete and sole control of the primary vehicle controls – brake, steering, throttle, and motive power – at all times.

Function-specific Automation (Level 1): Automation at this level involves one or more specific control functions. Examples include electronic stability control or pre-charged brakes, where the vehicle automatically assists with braking to enable the driver to regain control of the vehicle or stop faster than possible by acting alone.

Combined Function Automation (Level 2): This level involves automation of at least two primary control functions designed to work in unison to relieve the driver of control of those functions. An example of combined functions enabling a Level 2 system is adaptive cruise control in combination with lane centering.

Limited Self-Driving Automation (Level 3): Vehicles at this level of automation enable the driver to cede full control of all safety-critical functions under certain traffic or environmental conditions and in those conditions to rely heavily on the vehicle to monitor for changes in those conditions requiring transition back to driver control. The driver is expected to be available for occasional control, but with sufficiently comfortable transition time. The Google car is an example of limited self-driving automation.

Full Self-Driving Automation (Level 4): The vehicle is designed to perform all safety-critical driving functions and monitor roadway conditions for an entire trip. Such a design anticipates that the driver will provide destination or navigation input, but is not expected to be available for control at any time during the trip. This includes both occupied and unoccupied vehicles."

Today's vehicles offer several safety automation features to assist drivers: Automatic Crash Notification (ACN), Automatic Emergency Braking (AEB), Electronic Stability Control (ESC), Forward Collision Warning (FCW), Lane Departure Warning (LDW), Lane Keeping Support, and Pedestrian Crash Avoidance/Mitigation. There are huge differences between autonomous automation and assisted-driving features.

There are big differences between Tesla cars and Google's self-driving car. Earlier this year, NHTSA granted the software in Google's driver-less cars as "driver" status. According to the Washington Post:

"... the law will treat the car's software as the driver. "We agree with Google its [self-driving vehicle] will not have a 'driver' in the traditional sense that vehicles have had drivers during the last more than one hundred years," the letter reads: "If no human occupant of the vehicle can actually drive the vehicle, it is more reasonable to identify the "driver" as whatever (as opposed to whoever) is doing the driving." The decision by NHTSA marks a huge moment for Google and the rest of the auto industry as it races to build the first fully autonomous motor vehicle. While most other carmakers are building their vehicles with steering wheels, brake pedals and other machinery in mind, Google imagines that its robot car will have none of these things."

The fatal Tesla accident is truly tragic. It is also a reminder for consumers to:

  • Know the differences between full autonomous automation and features that assist drivers,
  • Know the limitations of automation features including road conditions that require driver intervention,
  • Know which features are beta version (which means they are unfinished and still being tested), and
  • Read all applicable polices (e.g., terms of service, privacy) before and after purchasing a vehicle to understand your responsibilities and liability. Certain features and road conditions require driver intervention.

The features in automated vehicles depend upon software, and beta version software indicates software still being tested. Wise Geek provides a definition:

"The beta version of a software release is considered to be a preview; though it may include many standard features, it is not yet ready for wide release or sale. During this phase, the developers collect feedback from users about the product's functionality, including what they like and what should be changed before its wide release. A beta version of a program can be either "closed," which is limited to a specific group of users, or "open," which is available to the general public. During this testing, developers might release numerous versions of a program, including improvements and bug fixes with each iteration."

So, the software may have bugs or errors in it that affect the feature's performance and/or interaction with other features. And, government regulators seem satisfied with this. Reuters reported:

"Hours before the crash became public knowledge on Thursday, U.S. National Transportation Safety Board Chairman Christopher Hart said driverless cars will not be perfect. "There will be fatal crashes, that's for sure," Hart told the audience at the National Press Club in Washington, but added that will not derail the move toward driverless cars, even if the vehicles are not ready.. Former NHTSA chief Joan Claybrook said in an interview the agency needs to set performance standards for electronic systems like Autopilot. "It's the like Wild West. The regulatory system is not being used," Claybrook said."

It seems wise for consumers to know before purchase: a) the specific limitations of features (and associated sensors) using beta version software; b) when software testing will be completed and a final version available; c) if price discounts are available for features being tested; and d) if the limitations require more driver attention or driver intervention during specific road and/or weather conditions.

Also, a 2014 survey found that half of Americans don't know what a privacy policy is. It is difficult to find statistics about the percentage of users that read terms of service policies (a//k/a terms and conditions). The best estimate I've found is from 2008: 10 percent of consumers read terms of service policies. Even if that percentage is now double, it's still abysmal.

Should drivers place a lot of trust in features using beta version software? Do you view current regulatory activity as acceptable? Comments?


Surveillance Capitalism: A Profitable Business Google And Microsoft Agree About

Google logo The Guardian reported a major shift at both Google and Microsoft. The tech giants have agreed not to sue each other and to focus upon competing in the marketplace:

"This is a gentleman’s agreement. The specifics are secret, but the message on both sides is that the deal reflects a change in management philosophy. Microsoft’s new chief Satya Nadella is eager to push the vision of a dynamic, collaborative Microsoft, partnering with everyone from Apple to Salesforce."

Microsoft logo Microsoft wants to operate in the marketplace that Google already operates in:

"... Microsoft today is facing a very different business ecosystem to the one it dominated in the 1990s. It needs to adapt... what Satya Nadella describes as “systems of intelligence”... cloud-enabled digital feedback loops. They rely on the continuous flow of data from people, places and things, connected to a web of activity. And they promise unprecedented power to reason, predict and gain insight..."

How this relates to "surveillance capitalism":

"For emeritus Harvard Business School professor Shoshana Zuboff, this gets to the core of the Google-Microsoft deal. Zuboff is a leading critic of what she calls “surveillance capitalism”, the monetization of free behavioral data acquired through surveillance and sold on to entities with an interest in your future behavior..."

Whether you call it -- "systems of intelligence" or "surveillance capitalism" -- it shouldn't be a surprise. There has been government surveillance for intelligence and security applications, and for political control. It is more than technologies such asn e-mail trackers, canvass fingerprinting, voice-activated interfaces, and target advertising (a/k/a behavioral advertising). It is more than companies collaborating with government. It is more than smart meters that automatically collect and transmit via wireless your water, gas, and electric utility consumption.

This latest news makes things a lot clearer how companies plan to use the combination of cloud computing services and Internet-of-Things devices installed in smart homes and public spaces.


Survey: U.S. Households Have More Connected Televisions Than Set-Top Boxes

A recent survey found that most households in the United States with televisions have them connected to the Internet. According to the Leichtman Research Group:

"... 65% of US TV households have at least one television set connected to the Internet via a video game system, a smart TV set, a Blu-ray player, and/or a stand-alone device (like Roku, Apple TV, Chromecast, or Amazon Fire TV) -- up from 44% in 2013, and 24% in 2010... 74% [of households] have more than one device... Overall, there are more connected TV devices in US households than there are pay-TV set-top boxes..."

The survey included 1,206 households. It also included the types of televisions:

"79% of all TV sets in US households are HDTVs -- an increase from 34% of all TV sets in 2010, and 3% in 2004..."

And, satisfaction:

"70% of all [households] with a connected TV agree that streaming services like Netflix are easy to access via connected TV devices... 20% with a pay-TV HD set-top box agree that set-top boxes from TV companies are a waste of money, while 44 percent disagree... 42% [of households] with a pay-TV HD set-top box agree that set-top boxes from TV companies provide features that add value to the TV service, while 16% disagree... 68% [of households] with 3 or more set-top boxes are very satisfied with their pay-TV provider, compared to 54% [for households] with 1-2 set-top boxes..."

The U.S. Federal Communications Commission (FCC) has proposed unlocking set-top boxes to encourage more innovation, competition, choices, and lower prices for consumers. That's welcome news for households dissatisfied with set-top boxes they are forced to purchase from cable-TV providers.


Boston Mayor Announced Verizon Partnership And Fiber High-Speed Internet Expansion Across City

Verizon logo During a Boston City Council meeting in October 2015, Verizon representatives firmly stated the company's disinterest in expanding its FiOS fiber-based high-speed Internet services throughout the city. That position resulted in a lack of broadband Internet competition, with Comcast often the only service available in teh city. (The FCC increased the minimum broadband speed, so DSL services no longer qualify.) I was pleasantly surprised when Boston Mayor Marty Walsh announced on Tuesday:

"... a new partnership with Verizon to make Boston one of the most technologically advanced cities in the country by replacing its copper-based infrastructure with a state-of-the-art fiber-optic network platform across the city. The new network will offer enormous bandwidth and speeds. Through an investment of more than $300 million from Verizon over six years, this change will bring increased competition and choice for broadband and entertainment services in Boston..."

This is welcome news. Other Internet Service Providers (ISPs) offer slower speeds and charge high prices for those slower speeds. This worldwide study found that municipal broadband networks provide consumers with the best value (e.g., highest speeds at the lowest prices via wired lines). Thankfully, Massachusetts is not one of the 19 states with laws that prevent local towns and cities from forming their own municipal broadband networks. Consumers everywhere need choice and more competition.

Verizon fiber broadband construction in Boston will start:

"... in Dorchester, West Roxbury and the Dudley Square neighborhood of Roxbury in 2016, followed by Hyde Park, Mattapan, and other areas of Roxbury and Jamaica Plain. The city has also agreed to provide an expedited permitting process to encourage this build... As a next step, the city will begin the cable television licensing process. Upon successful completion of the licensing process, Verizon expects to offer FiOS TV service in Boston... Verizon kicked off the new collaboration by presenting a $100,000 Digital Equity contribution to the city, which will be used to support a mobile hotspot lending program at the Boston Public Library."

The partnership will measure demand from residents and businesses, and prioritize construction, using the www.verizon.com/BostonFiber website. Residents and businesses should visit the site and vote (for free) to ensure that their neighborhood gets fiber broadband first.

The partnership also includes the installation of Internet-connected devices in public areas, which is one portion of the Internet-ofThings (ioT):

"... an innovative "Smart Cities" trial that will address traffic safety and congestion along the Massachusetts Avenue Vision Zero Priority Corridor. The city and Verizon will experiment with sensors and advanced traffic signal control technology to increase safety, measure bicycle traffic, improve public transit vehicle flow, and decrease congestion. Future "Smart Cities" applications will address other key services, including environmental sensors, energy efficiency, and city lighting management."

As the projects move forward, it will be interesting to learn about what data will be collected by ioT devices and data-sharing agreements. Details matter. Verizon also announced:

"This partnership will also improve wireless services in Boston by enabling Verizon to attach wireless equipment to city street lights and utility poles, helping residents get fast, reliable mobile service."

Fiber broadband availability is good news. I visited the Boston Fiber website and voted. The site asks for your full name, email, and mobile phone number to provide availability updates. The site confirmed that I live in the area the partnership considers Zone A: the first area to get Verizon FiOS.

With all of this good news, sadly it seems to already be two steps forward and one step backward. Verizon has failed to reach agreement with its workers' unions, who went on strike yesterday. CNN reported:

"Most of the striking workers service the company's landline phone business and FiOS broadband network -- not the much larger Verizon Wireless network. They have gone without a contract since August, and their union, the Communication Workers of America, says it is fighting to get Verizon to come to the table with a better offer. The union's list of complaints is a long one: Verizon has outsourced 5,000 jobs to workers in Mexico, the Philippines and the Dominican Republic. Verizon is hiring more low-wage, non-union contractors... The union also claims Verizon won't negotiate with people who work in Verizon stores and is closing call centers. And Verizon is asking workers to work out of state, away from their homes, for months at a time. Meanwhile, the union says Verizon is cutting costs as its profits have soared."

I am sure that many residents and businesses want to order Verizon FiOS fiber broadband, and have it installed by fully trained and experienced technicians, not hastily gathered replacements.

After I voted, the Verizon website presented the image below with relative vote counts for Boston fiber:

Verizon FiOS fiber broadband Internet for Boston. Relative vote counts by neighborhoods. Click to view larger image


Emotional Technology: The Coming Products, Services, And Apps

A reader shared the video below with this comment:

"I don't know George, this sort of creeps me out."

My comments appear below the video:

My thoughts and reactions to the video:

  1. It should creep you out. Do you want technology between you and your spouse? During very private, intimate, face-to-face conversations? I think not.
  2. We consumers are already experiencing the beginnings of emotional technology. To make that tech work, companies must collect data about our moods and emotions. Some examples of this data capture: a) Facebook's expanded list of emojis; b) Facebook saves your unpublished and unedited comments and posts before final posting,
  3. Consumers decide when and where you want technology in your relationships. That line is already blurred. (Examples: devices with voice-recognition interfaces, such as Amazon Echo and Hello Barbie, that listen 24/7/365.)
  4. If I was a data broker, of course I'd want to capture your moods and emotions and link them to certain geo-locations and at times of day. Why? It's an opportunity to make more $$$ by selling to advertisers that emotional data so they can serve up supposedly relevant ads responding to your moods in those locations and/or times,
  5. Wearables, fitness trackers and smart homes outfitted with certain Internet-of-things devices will perform this mood data capture.
  6. Whenever somebody uses technology to offer convenience, watch out. There is usually are accompanying data capture, tracking, and privacy issues (e.g., notice, consent) embedded. Will companies adequately protect emotional information from data breaches? How will your government and law enforcement acquire, archive, and use moods information?

What are your opinions?


Survey: Bankers Expect Consumers To Use Wearable And Smart Home Devices For Banking

Pegasystems logo Would you use a smart watch, fitness band, or other wearable device for banking? How about your smart television or refrigerator? Many bankers think you will, and are racing to integrate a broader range of mobile devices and technologies into their banking services. A recent survey of financial executives found that:

"... 20 per cent expect it to be common for consumers to make financial transactions using wearables within one year, 59 per cent within two years and 91 per cent within five years... 87 per cent expect it to be common for consumers to make financial transactions using Smart TVs and 68 per cent via home appliances."

The survey included 500 executives globally in several financial areas: banking, financial advice, consumer finance, investment management, insurance, and payments. So, consumers are likely to see these changes not just at your bank, but in a variety of financial and insurance transactions. Here's why:

"... too many banks are out of touch with what customers really want: one survey found 62 per cent of retail banking executives believed their bank offered excellent service compared to just 35 per cent of customers.... Millennials will have annual spending power of US$1. trillion [in 2020] and represent 30 per cent of total retail sales... Millennials not only have an appetite for disruptive new technologies but also an affinity with brand-savvy digital leaders... The Millennial Disruption Index, a three-year study of industry disruption conducted by Viacom subsidiary Scratch, found that banking was most vulnerable to disruption..."

The report discussed the desire by executives to serve customers via a variety of methods:

"Today’s customers expect a flawless end-to-end experience across all channels, yet fewer than 4 per cent of our respondents say they have achieved full omni-channel integration... by 2020, 89 per cent of our respondents expect to achieve full omni-channel integration. This either suggests a massive surge of investment over the next five years – or an industry in denial about the scale of the task ahead... 70 per cent expect video chat to largely replace branch appointments. Indeed, six out of ten now believe a digital-only channel model is viable."

Bankers view the Internet-of-Things (IoT) as both a collection of endpoint devices to provide services through, and a rich source of data:

"...93 per cent agree that finding innovative ways to provide value-added services to customers based on data-driven insight will be crucial to long-term success... 86 per cent agree that once consumers recognize the data potential of the IoT they will increasingly seek to benchmark their own behavior against their peers..."

Banks will probably develop more non-human (e.g., self-service) interfaces:

"... 76 per cent agree the widespread use of virtual assistants such as Siri on the iPhone means customers are more willing to engage with automated assistance and advice... almost three quarters of our respondents agree that in the future customers will interact with a human-like avatar..."

Another technology being considered:

"... 60 per cent [of survey respondents] believe that blockchain, a distributed public ledger which can securely record any information and the ownership of any asset, will prove to be the most significant technology development to affect financial services since the Internet and 45 per cent think the combination of blockchain wallets and peerto-peer (P2P) lending could herald the end of banking as we know it... 12 per cent expect the settlement of insurance claims using IoT data, blockchain and smart contracts to be mainstream practice within two years and 74 per cent expect it to be mainstream by 2025..."

Don't expect your bank to provide these new services next week or next month. It will take them time. New systems must be built, tested, debugged, and integrated with legacy computer systems and processes. All of this suggests that to fund their investments in innovation projects, banks probably won't lower their retail banking prices and fees (e.g., checking, savings, etc.) any time soon. While writing this blog the past 8+ years, I've found it wise to always keep an eye on the banks.

Download "The Future of Retail Financial Services" report by Cognizant, Marketforce, and Pegasystems.


Vehicle Accident Involving Google Self-Driving Car Highlights Several Issues

In a monthly report on February 29 to California regulators, Google disclosed that one of its self-driving cars hit a city bus in Mountain View. Google's description of the accident on February 14:

"... our vehicle was driving autonomously and had pulled toward the right-hand curb to prepare for a right turn. It then detected sandbags near a storm drain blocking its path, so it needed to come to a stop. After waiting for some other vehicles to pass, our vehicle, still in autonomous mode, began angling back toward the center of the lane at around 2 mph -- and made contact with the side of a passing bus traveling at 15 mph. Our car had detected the approaching bus, but predicted that it would yield to us because we were ahead of it..."

A human test driver was in the Google self-driving car while it was operating in autonomous mode. Nobody was hurt in the accident, and 15 bus passengers were transferred to another bus. The Google car sustained damage to its left front fender, left front wheel, and one driver's side sensor.

The company operates 23 self-driving Lexus RX450h SUVs on public streets. That includes 14 vehicles in Mountain View (California), 8 in Austin (Texas), and one in Kirkland (Washington). It also operates 33 self-driving prototypes in public city streets: 26 in Mountain View, and 7 in Austin. The cars have driven about 1.5 million miles in autonomous mode, and about one million miles in human-driver mode. There have been more than a dozen accidents; mostly where Google vehicles were rear ended by other vehicles. The first injury accident was in July last year when several employees suffered whiplash when their Google vehicle was rear ended by a human-driven vehicle.

Google admitted that it bore some responsibility in this accident:

"In this case, we clearly bear some responsibility, because if our car hadn’t moved there wouldn’t have been a collision. That said, our test driver believed the bus was going to slow or stop to allow us to merge into the traffic, and that there would be sufficient space to do that. We’ve now reviewed this incident (and thousands of variations on it) in our simulator in detail and made refinements to our software. Our cars will more deeply understand that buses and other large vehicles are less likely to yield to us than other types of vehicles, and we hope to handle situations like this more gracefully in the future."

Reportedly, this would be the first accident where a self-driving car operating in autonomous mode is at fault. Many experts predict that insurance for self-driving cars will be lower than insurance for human-driven cars. Besides ethical dilemmas, accidents involving self-driving cars highlight unresolved liability issues. The Guardian UK explained:

"Hilary Rowen, a partner at the insurance regulation practice Sedgwick LLP and an expert in the issue of self-driving cars and legal responsibility, said the case is a good example of a conundrum that will soon be common. “Here, the software didn’t avoid the accident, but the human could have taken over,” she said. “Who’s at fault – the driver, the bus driver, or the software? Rowen said in real world situations, both the driver and injured party will actually be incentivized to blame the software which, if found to be guilty, will leave the driver’s record clear and likely have a higher payout for the injured party."

It is good that the company is transparent and forthcoming with accident reports. The accident also highlights the state of the self-driving or robotic software for vehicles. It's not ready yet for every-day operation. You can bet that when the software is ready a lot of drivers for ride-sharing services and taxi companies will find themselves quickly out of work. View the February 2016 Google Self-Driving Car Report (Adbobe PDF).

What are your opinions of the accident? Of the liability issue?


Researcher Claims SimpliSafe Home Security System Is Simply Vulnerable

SimpliSafe logo Maybe you've seen the advertisements on late-night television and cable. SimpliSafe offers a wireless, do-it-yourself home security system that is cheaper than traditional wired systems. IOActive Labs examined the SimpliSafe system and found it was pretty easy to hack and record the alarm disable code, making the system not very secure. Plus the hacker could return in the future at any time and easily disable the system:

"This attack is very inexpensive to implement – it requires a one-time investment of about $250 for a commodity microcontroller board, SimpliSafe keypad, and SimpliSafe base station to build the attack device. The attacker can hide the device anywhere within about a hundred feet of the target’s keypad until the alarm is disarmed once and the code recorded. Then the attacker retrieves the device. The code can then be played back at any time to disable the alarm and enable an undetected burglary, or worse..."

Unfortunately, the bad news gets worse because:

"... there is no easy workaround for the issue since the keypad happily sends unencrypted PINs out to anyone listening. Normally, the vendor would fix the vulnerability in a new firmware version by adding cryptography to the protocol. However, this is not an option for the affected SimpliSafe products because the microcontrollers in currently shipped hardware are one-time programmable. This means that field upgrades of existing systems are not possible; all existing keypads and base stations will need to be replaced."

Unencrypted PINs sent? Wow! Not good.

IOActive first discovered this vulnerability in August, 2015. The IOActive Labs Security Advisory (Adobe PDF) reported a timeline with the number of instances IOActive labs attempted to contact the vendor without an response. SimpliSafe is not alone. InfoSecurity reported:

"SimpliSafe is not the only home security system in the spotlight of late. Earlier in the year, a vulnerability was discovered in Comcast XFINITY’s Home Security System that could open the door—literally—to intruders."

How did this happen? TrendMicro UK probably said it best last year:

"The Internet of Things has the potential to transform the way we live and work. A network not just of mobile phones, PCs and laptops but billions of connected smart devices – from fridge-freezers to kettles, cars and medical devices. But this potential will never be realized unless manufacturers are able to respond to consumer privacy and security concerns... it’s perhaps no surprise that everyone wants to rush their products out before their competitors. But fail to understand and respect the significant privacy and security concerns of consumers in your region and you’re in danger of falling at the first hurdle."

Manufacturers: don't fall at the first hurdle. Get security right.

After reading published news reports, some SimpliSafe customers expressed their security concerns on the company's customer service forums online. Consumers: if you bought a SimpliSafe home security system, what communications have you received about fixes?

[Editor's note: in the last paragraph, the text link to the company's online customer service forum was added on February 19 at 1:45 EST.]


Gartner: 4 Implications About The Internet of Things You May Not Realize

Information Age reported about four unexpected implications about the Internet of Things (ioT) according to Gartner, a firm that specializes in research for businesses and vendors globally that use technology. While the article focused upon the interests of businesses, the issues also apply to consumers. You may find these issues unexpected or surprising, too:

"2. By 2020, a black market exceeding $5 billion will exist to sell fake sensor and video data for enabling criminal activity and protecting personal privacy. The nature of IoT solutions, how they are deployed, and the types of data they generate and consume are giving rise to new security and privacy implications that organizations must begin to address. This is a rapidly escalating risk to the organization, bringing complexity unfamiliar to most IT and business leaders..."

For those unfamiliar with the Internet of Things, it includes autonomous devices outfitted with sensors that collect and transmit information about a wide range of activities. At least one employer installed (and later removed) ioT heat-sensitive and motion-sensor devices under its employees' desks. Several years ago, shipping companies started using ioT devices to track the physical movement of packages. Some law enforcement agencies use ioT devices for several applications, including gunshot monitoring, smart guns, body cameras, and wearables.

The Information Age article also reported:

"Uses of the ioT that were previously impractical will increasingly become practical... The ioT is relevant in virtually every industry, although not in every application... There will be no purely ioT applications. Rather, there will be many applications that leverage the ioT in some small or large aspect of their work."

Currently, consumers don't own the data collected by ioT devices in homes. When the information collected is incorrect or applied to the wrong persons, consumers need legal remedies to have that information revised, corrected, and/or deleted. If not, then consumers have no control over the sensitive personal information about them collected by ioT devices.

The data collected by many ioT applications will probably be included into corporate databases. The U.S. Federal Trade Commission (FTC) has warned that while "big data" can be used to benefit under-served groups of consumers for education, credit, health care and employment, it can also be misused to target vulnerable consumers for fraud, higher prices, discrimination, and economic disparity. All of this highlights the need for legislation to keep pace.

What are your opinions of the implications of the Internet of Things? Is legislation keeping pace?