As a South by Southwest novice, it took me a couple of days to really get into the groove of this massive digital festival in Austin, Texas.
Although I gained great insights from the talks I attended, some of the most thought provoking and occasionally “mind-blowing” moments came from the people and things that I stumbled upon by chance.
Virtual Reality (VR), Internet of Things (IoT), and Artificial Intelligence (AI) dominated. You couldn’t’t walk more than a few steps without seeing a VR headset, hardware vendors demonstrating the latest cutting edge technology or software providers showing off their applications – a smart tactic to get me to stop at their stands and part with my email address.
During my visit I ‘virtually’ drove across the moon with NASA, rode bikes with IBM, enjoyed the thrill of a rollercoaster with Samsung, painted the inside of a McDonald’s happy meal box and even survived a Zombie apocalypse. I even woke up one morning to Dom, our Creative Director, sitting across the breakfast table sporting a google cardboard headset.
IBM’s Cognitive Studio was one of the highlights for me, showing off its AI and machine learning capabilities. I was even served up my own personalised cognitive cocktail. It did require three attempts by the bar tender to hit on one I liked, based on a feedback loop assessing my facial expressions, but it was worth the wait.
In my role as technical director at e3, however, my radar was up for sessions covering the critical themes of Security, Privacy and Regulation which dominate many of my working hours back in Bristol.
A Connected Device is an Exposed Device
There are currently estimated to be 25 billion connected devices in the world. That’s about 3.5 times the total world population and the number is set to double by 2020. They come in many forms, using a vast array of proprietary systems and API’s, making them intrinsically insecure and vulnerable to malicious attack.
I attended a session entitled “Internet of Things: Just Someone Else’s Computer?” which focused on security concerns around this fast growing area. The panelists advised that to make “things” more secure, the culture of production needs to change. Manufacturers need to start thinking more like software engineering companies; with more consideration given to the security of the software embedded around them and the product lifecycle as a whole, so enabling them to iterate security settings more rapidly.
We are also increasingly digitizing the data and systems that control vital transport links which raises concerns about security around the world - with reports of cars and other forms of transport being “hacked”. The number of lines of code that can be found in some of today’s cars exceeds 100 million. That’s twice the number in the Windows Operating System. Inevitably, as with all software development, the code will be liable to bugs, exposing security vulnerabilities. Arguably the more lines of code that are created the higher the risk, resulting in the need for more testing and tighter regulation.
Many of the devices we purchase will at some point become unsupported and unpatched but will still be in use and connected in some way. This results in new threats, specifically unhindered access to personal information on devices that we could have used for many years without issue. A recent example of this was shown where someone had “hacked” a user’s wireless keyboard and mouse and control the signals to the user computer, coined as “Mousejacking”. These are devices that have been connected to our computers for many years, but only recently has this vulnerability been exposed.
CASS (Crime as a Service)
Adam Tyler, Chief Innovation Officer for CSID, responsible for providing enterprise identity protection and fraud detection solutions, presented, “Your identity is the new digital currency’, and defined difference between the “Dark Web” and “Deep Web”. The “Deep Web” is an area of the internet where websites lurk in the shadows. They are not indexed by traditional search engines and are accessible only via obscured URLS and multiple layers of moderated authorisation and authentication. The “Dark Web” is a traditionally a small area of the deep web, where highly illegal and fraudulent activities are carried out. Tyler argued that the dark web is coming out of the shadows and becoming increasingly easier to find via search engines.
Whilst of course I know this type of activity happens, I was shocked at the ease with which he was able to log on to an illegal site using a completely random email address, with no additional validation. Ironically when he attempted to register on another he was only unable to do so until he’d checked the the terms and conditions box.
Once inside, he had immediate access to a multitude of illegal services. He could, for example, generate a ransomware bot, a form of malicious software that typically locks access to a user’s computer system until they pay a ransom to remove the restriction. Again, the UX of the form had been carefully considered, including the provision of tooltips to make it as easy for the user to complete the form quickly.
One million new malware threats are created daily and it’s easy to see why. You would them to be created by highly intelligent, experienced developers. In actual fact, they are often generated by children, for fun, in an insecure connected world where the ability take advantage of any potential vulnerabilities in a system has already become a trivial affair, albeit with deadly consequences.
Privacy was also a hot topic at South by South West. In 2016, we readily give away more personal information than ever before in order to get the benefits of the products or services we sign up to.
VR, AI, Tracking and Privacy, all featured in an insightful talk by Kevin Kelly, founding executive editor of Wired magazine. Kevin described how the phones we carry in our pockets are essentially surveillance devices gathering and storing a wealth of information about us. As we envision a glorious future of virtual reality, artificial intelligence and more connected devices, we give away much more of our precious personal data. In the future, these devices will go even further, potentially collecting our emotions and monitoring our moods.
Some information or access can be essential, for example to our phone’s camera or photo library, but do we also need to give a number of other pieces of personal information in order to use it? Arguably we should be required to provide less information.
The question is, should there be more rules and regulations in place to minimise or mitigate the concerns around privacy, security, social or moral impact that these applications, services or devices have on the public? And if so, who would be responsible for enforcing them? Over time I think we may see more stringent regulatory testing put in place for certain sectors (e.g. transport) where the impact of any security could be extremely costly. It is likely this accountability will only develop gradually, and only in reaction to serious breaches.
Ultimately, my view is that security should be the responsibility of the company(s) who create the products and the APIs themselves, and more regulations need to be put in place to ensure that they are accountable. The new EU General Data Protection Regulation aims to help enforce accountability. The question is, how do you monitor and enforce IOT – for example, if a toaster is hacked and burns the house down or someone gains remote control of your car.
First and foremost, as end users, we must all be responsible for ensuring that we protect our personal information as much as the we can (e.g. using different strong passwords, multifactor authentication etc.), as well as reporting potential issues and errors as they occur.
Consumers do however also need to be made aware of what information is being collected about them and how it is intended to be used in order for them to make an informed decision about the risk vs. reward.
This is the first in our series that will look at the most exciting insights to come out of SXSW. In the meantime, check out some of the innovative work we create for our clients.