What kind of conference is terrifying and uplifting, appalling and encouraging, all at the same time? The answer is the kind of conference that showcases new technology which could dramatically change our lives, creating risks that are hard to evaluate or even imagine, whilst also offering brilliant new solutions to age-old problems. That was the situation at Wearable Tech 2016, which I visited last week.
Having attended and reviewed the 2015 show, I expected most exhibitors would be pushing relatively trivial consumer goods – fitbits and smart watches – and there would be some presentations about the first trials of more sophisticated products, like networked medical implants. I was wrong. This year’s show was a huge leap forward, highlighting a much more varied and exciting range of developments, many of which are already on sale, or are nearing that point.
Another big difference compared to last year was the number of businesses working on real applications for existing technology, whether they offered augmented reality glasses that increase the efficiency of factory workers, or devices that allow you to alter the lighting in your home with a gesture. And despite the name of the show, a lot of the tech on offer was not specifically wearable but more generally representative of the Internet of Things, covering everything from heads-up displays for car drivers to microsensors that can be permanently embedded in concrete bridges and powered by the vibrations caused by traffic. So this review will necessarily have to be just a high-level, high-speed summary of many interesting advances in small networked devices and the potential ramifications for comms providers.
Augmented Reality and Virtual Reality
There was one really obvious visual indicator of change since last year’s show: it was harder to see people’s eyes because of all the special headsets and spectacles they were wearing. Sony were exhibiting their augmented reality (AR) smart eyeglasses (pictured above) whilst many firms had developed novel ways to use virtual reality (VR) headsets like Oculus Gear. Talking about their smart eyewear, Joakim Elvander of Sony Mobile pithily described one motivation for most of the technology on display:
We seek lower latency and higher bandwidth between minds.
Sony’s glasses augment reality by projecting words or images as an overlay to the real world. They might provide hands-free assistance to warehouse workers, helping them to quickly locate and correctly identify inventory, speeding their work and reducing the amount of stock written-off because it gets ‘lost’ on the wrong shelf. Such technology has a rather obvious potential application for network operators; they could use it assist the management of their own equipment and spares. At the other end of the spectrum, the same glasses might be donned by a fan of the opera, allowing them to read a synchronized translation and the sheet music as they experience a live performance. Given the problem of mobile phones interrupting live music, such technology might also be a way to allow patrons to stay connected without disturbing others, by allowing messages to be discretely presented to the recipient.
Between augmented reality and virtual reality lies a mixture of what is real and what is projected. Academic institutions like Ravensbourne are researching how mixed reality might be used to help doctors to translate medical scans into a 3D image of internal organs which is then overlaid on the patient lying in front of them. This would help the doctor to visualize the medical procedures they will need to perform. Or it might be used to train surgeons, by showing them videos and recreations of operations that also respond to their movements, helping them to develop a feel for the physical sequence of actions. On a more mundane level, similar technology can already be given to new field engineers who are sent to customer premises and tasked to perform activities like servicing a boiler. Although the engineer’s training should have given them the skills to address most common faults, sometimes they will encounter unusual issues and will lack the confidence to deal with them. Instead of calling in a more experienced engineer, the novice may instead be helped by a 3D film showing how an experienced engineer dealt with a similar problem, step-by-step. Again, this same technology could obviously be used to improve the performance of any telco which employs armies of van-driving engineers to visit customer premises.
Moving into the completely virtual realm, consumers will typically think of VR as a source of entertainment. However, VR also has practical applications that telcos need to investigate. For example, vTime seeks to create a ‘sociable network’ that gives individuals the opportunity to hold a different kind of conversation with faraway friends. Users don VR headsets and enter a common 3D virtual space where they see each other’s avatars, in a fictional 3D setting of their choosing.
I must admit that I found vTime’s demonstration to be primitive; the heads of each avatar would move with the heads of the users, because of the sensing technology in the headsets, but the lack of other motion sensors meant the avatars would cycle through a robotic sequence of arm gestures that soon felt comically predictable. However, vTime are working within the limitations of the technology currently available to the mass market, such as Oculus Gear. They may be perfectly placed to take advantage of subsequent breakthroughs in consumer VR, and they claim to have already signed-up over 50,000 users to their network. Furthermore, limitations like the cartoonish look of the avatars might actually be advantages in some contexts, such as providing customers with the opportunity to go on safe and convenient ‘blind dates’ with total strangers. If a small start-up from Liverpool can make this kind of progress with a new mode of electronic communication, then telcos should certainly be thinking about the potential. Businesses also need to consider the drawbacks too, such as the extent to which they might be held liable for the anti-social behavior of individuals who enter a common virtual area.
One of the best stands at the exhibition was run by The Economist magazine, demonstrating the results of their collaboration with Project Mosul, an initiative that has created a virtual copy of the Mosul Museum after it was destroyed by the Islamic State. They used thousands of photographs to construct 3D models of the contents of the museum, allowing virtual visitors to tour and examine the lost artifacts by donning a VR headset.
Whilst the virtual Mosul Museum was an uplifting example of how to use new technology, it also shows that the ubiquity of cameras and networks might have consequences that most people struggle to foresee. Nobody took a photograph in a museum because they expected it would be later used to create a virtual model. Any photograph might be harvested from the web and used for similar purposes. We may enjoy a virtual tour of some of the world’s great tourist sights, as made possible by combining the millions of photographs that travelers take and upload to the internet. And I eagerly look forward to new ways to experience historical buildings, by entering the real building but using documentary footage to see a virtual 3D recreation of how the building used to look. However, we must also ask how people would feel if somebody used publicly available photos to make a virtual recreation of the inside of their homes, or a 3D model of their bodies. Reusing the vast number of easily-accessed 2D photographs to create 3D virtual models will have implications for both intellectual property law and public morality, and telcos will need to consider their role as technology enablers.
Many people apply Creative Commons licenses to the photos they upload to websites like Flickr, but how would they feel if a stranger used them to construct a Creative Commons virtual copy of their spouse, or children, or deceased relatives? We may need to move beyond the protections of copyright and make it possible for everybody to enforce the same kind of ‘image rights’ as currently only exercised by superstars like David Beckham and Jennifer Lawrence.
The unexpected nature of some publicly-available data was highlighted by Solomon Rogers of Rewind, a business that produces VR content. Rogers reported that the API to Google Maps already supplies 3D imaging data. However, the data only has a low resolution. Furthermore, Rogers said that the electric cars manufactured by Tesla automatically perform 3D scans of every road they are driven along, and the quality of this data is much higher than that available from Google. If Google and Tesla are not just collecting images of every street, but also supplying data which could be used to develop 3D visualizations, then we are near to a future where all real public locations could be turned into virtual realities. This opens up many possibilities, both desirable and creepy.
Smart Homes and Smart Cities
Though billed as a conference about wearable tech, many exhibitors were focused on smart homes and smart cities. There is a connection, because wearables might interact with other smart technology, but the implications of being surrounded by smart technology will stretch way beyond decisions about which devices a person carries with them. Kassir Hussain of British Gas pointed out that, on an average day, 7.8mn British homes are being heated at times when nobody is inside them, so any tech which reduces that phenomenon could have a huge impact on household bills and energy efficiency. I enjoyed Hussain’s talk because he honestly described how British Gas approaches data collection and product development, and his sage advice should also be followed by telcos. He observed that customers do not always know what they want. That means we should also question the reliability of some traditional data-gathering techniques, and should be particularly wary of relying on the feedback provided by focus groups. The alternative is obvious, and can be realized by the kind of tracking technology used by British Gas’ Hive product. If you surround a person with sensors, you gather data on what they actually do, not what they say they do. Hussain recommended giving new products to real people and monitoring how they use them in practice.
There is an obvious downside to this invasive use of technology: some people balk at having their actions monitored and scrutinized, especially in the privacy of their own home. Vincent Perrier of embedded software developer MicroEJ beautifully expressed the problem, and a potential solution, by suggesting some customers will demand a ‘home mode’ that disconnects their IoT devices in the same way that mobile phones have a ‘flight mode’ for use on planes.
A creeping invasion of privacy may also be linked to other gradual increases in the use of technology, as Hussain emphasized when he said it was a mistake to use home automation to immediately take away a customer’s control of their heating and lighting. Instead, British Gas will use a strategy of avoiding premature automation, by providing people with tools that give them increased control, but which can be used to offer predictive automation in the longer run, when customers are familiar and comfortable with it. This might sound like a plan for a stealthy takeover of people’s lives, though Hussain was refreshingly honest when pointing out the major obstacle to automation in the smart home: relatively few customers see the need for it, and so they are unwilling to pay for it. This is a great reminder that all businesses that seek to sell new technology must primarily focus on delivering results that people want.
Antii Vihavainen of Cozify also spoke on the topic of gathering data in the home, and pointed out that mobile operators see great benefits in augmenting the data they already gather by also collecting information from other networked devices. Cozify produces wireless hubs to manage a very wide range of home IoT devices, integrating them into a single commonly-managed network. That puts Cozify in a good position to sell (anonymized) data to others. I spoke to Vihavainen after he appeared on stage, and appreciated his candor when talking about the security weaknesses of IoT devices, and hence the potential for misuse and faulty data. Cozify hubs have been designed to be secure, supporting multiple methods to authenticate the devices they are connected to. However, not all home IoT devices have followed the same high standards. For example, some smoke alarms can be networked but possess no authentication mechanism. A customer can integrate an insecure home device with the secure hub if they want to. However, this creates a vulnerability where that wireless connection could be maliciously taken over by another device which is just pretending to be an IoT product, and which will then send bogus signals to the hub.
Security, Safety and the Internet of Things
Mike Majapuro of F-Secure tackled security and privacy risks head-on, saying:
Any device anywhere has been hacked or can be hacked.
Majapuro illustrated the cascade of increasing risk that comes from multiple connected IoT devices by talking about why people would hack your toaster. Nobody wants to take control of your toaster, but your toaster might be a route to subvert your PC, and your PC might be a conduit to your bank account. Another kind of risk is that we will see ransomware for IoT devices. Most of us are familiar with the danger of software which is used to lock users out of their own computers. They are told the hard drives will be wiped unless a ransom is paid by a deadline. The same techniques could be applied to IoT devices: which means criminals could decommission your expensive fridge/freezer, and you will be under pressure to pay before the food spoils!
Not surprisingly, Majapuro stated that F-Secure has security and privacy products for the IoT, but I was glad he challenged many preconceptions about who worries about these issues. He stated that the evidence showed that consumer concerns did not vary greatly with the age of the consumer, skewering the common trope that only old people worry about these things, whilst young early adopters will happily flock to any new product without caring about the consequences.
Perhaps the best presentation about IoT security was given by Brian Witten of Symantec. He emphasized that we need security strategies that address three distinct layers of operation:
- the IoT device itself;
- the connection between the IoT device and the network; and
- the data as stored in the cloud.
Unless we put in place adequate security at all three levels, then the hard work done at one level can be undermined by the exploitation of weaknesses at another level.
Witten was especially forceful when dismissing some common excuses for poor security in IoT devices. I admit I previously believed some of these excuses myself, including the problem of embedding strong cryptography into devices with very limited computational power, and how the burden of cryptographic processing would reduce battery life. He insisted that building-in optimal security libraries into the hardware would deliver quick and efficient encryption of data, whilst drawing negligible additional power. Furthermore, the cost of embedding security was both reasonable and sensible, given the results of surveys that say customers are concerned about privacy and security, and the difficulty of upgrading or replacing devices if they are not secure enough. As Witten put it, the cost of good embedded IoT security is “a fraction of a percent of the total cost of the device.”
Even so, Witten emphasized that no security controls are perfect, saying:
No matter how well you do everything else, some threats will still get past even the best defenses.
The correct strategy is to also deploy machine learning and a Security Operations Center to identify anomalous behavior which might be the result of hacking.
Whilst security is generally seen as a cost and a source of delay, Witten argued that building-in the right security at an early stage can accelerate the subsequent release of new products. He illustrated his point by noting that Tesla had implemented a secure over-the-air interface for software upgrades, allowing them to add exciting new features to their cars in a fraction of the time taken by other car manufacturers.
I was very impressed by the quality of Witten’s presentation, which included too many useful facts and figures to repeat them all in this article. You might want to find out more by reading through Symantec’s white papers on IoT security, which are available from here.
Ronald Huijgens of Unisys also spoke about security whilst participating in a panel discussion, and I was very heartened by something he said on behalf of all the businesses on that panel. He said:
[We] all want to improve security. We are not waiting for disasters to happen.
I am glad Huijgens said that, because it contradicts messages given by several other speakers at the event. Too often I heard business representatives saying they were waiting for regulators and governments to tell them what they needed to do. That is nonsense. It is not mandatory for businesses to do the minimum. They can always choose to do more to protect themselves and their customers. The disincentive is cost, which may put them at a disadvantage to rivals. But even so, ‘waiting’ for regulators is the same as saying a business cannot tell right from wrong until someone else hands them a rulebook. Informed customers can tell right from wrong, and I sincerely hope that customers will get the information they need to make sensible decisions, and thus punish businesses that ‘wait’ to be told to implement adequate security.
Alex Bazin of Fujitsu noted the need to “embed security in IoT devices that might be used for 15 years.” In so doing, he contrasted the lifecycle of an IoT device with the typical 2-3 year replacement cycle for mobile phones. Bazin stated that various industry consortia need to consolidate so IoT manufacturers will adopt fewer but more consistent standards.
Bazin also talked about actual projects where Fujitsu had deployed IoT technology to improve business efficiency, and one of these was very pertinent to network operators. Field engineers may waste a lot of time visiting customer premises only to discover they do not have the necessary inventory in their van. Bazin talked about the benefits of networked vehicles with integrated inventory management, so even if an engineer is not carrying a necessary piece of equipment in his or her vehicle, they might be able to locate the same equipment in a nearby van, or a local depot. This kind of holistic stock management would be of benefit to many operators.
Another telco-oriented example from Bazin focused on employee safety. Fujitsu’s wearable sensors are already carried by telecoms engineers who climb up telegraph poles or work underground. As a consequence, there is independent monitoring of the temperature and weather, plus assessment of the state of the employee. If the engineer is working in conditions where they may overheat, or there are signs of tiredness in the engineer’s movements, they can be instructed to take a break before they have an accident. Similar techniques can also be employed to monitor the drivers of vehicles, which is also relevant to telecoms operators with lots of field engineers. By sensing the motions of the individual, rather than just tracking the motion of the vehicle, the employer is in a better position to guarantee road safety by identifying the early signs of tiredness.
Perhaps the most unexpected benefit of networked technology also came from Bazin, who described the merits of the ‘connected cow’. The production of milk by dairy cows is linked to keeping those cows pregnant. Remotely monitoring how a cow moves will provide useful data on the cow’s fertility, and the results are dramatic. According to Bazin, the improved management of the cow’s fertility cycle, and hence milk production, increased the profitability of each cow by USD500 per annum.
Cows are simpler animals than humans, but we should be conscious that plenty of research goes into making judgements about people based on their movements. For example, the way a thief moves around a car park will be different to the way an ordinary person moves, even if the thief is trying to simulate how a person moves when they cannot find their car. If we can learn a lot about people by their movements, some of that may start to infringe on a person’s privacy. This is an area where the boundaries of what is acceptable practice will need to be continuously reassessed depending on the accuracy of the inferences drawn from tracking a person’s movement.
Data, Risk and Operators
A particularly important talk was given by Emmanuel Routier, Global VP of M2M at Orange Business Services. He began by pithily describing the three main reasons why businesses invest in M2M and IoT technology:
- To increase productivity.
- To improve service, and hence increase customer loyalty.
- To generate new revenue streams.
As a result, Orange has witnessed 38 percent CAGR growth in the number of devices connected to its networks. There was also an ever-wider range of devices being connected. Routier said that insurance firms were largely driving the deployment of IoT technology in the home, because remote detection of water leaks or fires justified reductions in premiums. Cars are also becoming increasingly networked, and Routier took the opportunity to promote the heads-up navigational display and tracking technology supplied by a partnership between Orange and WayRay.
It was notable that Routier talked about the mass of data collected from IoT devices much more than other speakers at the conference. As he pointed out, there is little value in collecting lots of data if you lack the means to store and use it. Routier firmly pitched Orange as a supplier of Big Data services to its IoT customers. They have a partnership with CRM supplier Salesforce and they used anonymized customer data to improve the targeting of adverts delivered to phones. He talked about their Datavenue cloud-based solutions and services, where Orange seeks to manage the data collected by businesses using the IoT.
Routier’s message was plain: Orange wants more than the additional usage revenue that will come from an increase in connected devices. They also want the higher margins related to storing and managing data gathered by the IoT. As such, this is an aspect of strategic risk management that contrasts with positioning telcos as dumb bitpipes. And Routier highlighted security and privacy as key motivators for customers using Orange’s Big Data services. He repeatedly talked about the vast volumes of data that Orange is already used to handling each day. As such, he believed other businesses would find it attractive to rely on Orange’s expertise when it comes to secure and legally compliant management of data.
I asked Routier about the risks to network providers that comes with the surge in connected devices. It was reassuring to hear him emphatically state that network connectivity should never be relied upon in safety-critical operations. For example, if WayRay was completely dependent on a network to determine where the car is, an outage would mean it could miss a turn, and obviously that could lead to disaster if the car was driving itself. So whilst networked devices may enhance safety in lots of ways, it is vital to design IoT devices that continue to work safely when they are disconnected from the internet. This remains true even though Orange seeks to mitigate the risk of such outages by simultaneously supporting several protocols for wireless connection.
Routier also talked at length about the GSMA’s eUICC project, which means the same embedded SIMs will seamlessly work in cars across 77 different countries. eUICC is supported by a range of telcos, including Orange, T-Mobile, Telecom Italia, Bell, TeliaSonera and SoftBank. I challenged Routier about the dangers of fraud when SIMs can be re-programmed over the air, but his response was robust. He noted that there is still an actual SIM, and that only part of the profile is downloaded over the air, leading him to conclude that the eUICC solution was secure, and preferable to some other innovations that have been proposed. All the firms involved had adopted a common standard on aspects of encryption, and he considered this to be generally a good thing that raised everyone to a higher standard, rather than forcing everyone to lower themselves to the common denominator. I am not sufficiently expert to judge Routier’s assertion, but I was reassured by the serious way he addressed the question.
This year’s Wearable Tech Show has opened my eyes, leading me to appreciate how much I had underestimated both the risks and potential for a vast array of new networked devices, and the even greater number of applications that are being developed for them. This article hardly does justice to the information I gathered and the contacts I made over the course of the two-day event. My intention is to keep drawing on these new sources of information to broaden Commsrisk’s IoT coverage. This is not motivated by a gee-whizz fascination with new gadgets, though a lot of exciting development work is underway. I now believe that IoT will prompt an even more radical transformation of telco business models than that witnessed when the old fixed-line businesses were joined by mobile operators, cable providers and ISPs.
Many of us remember a time when the only devices routinely connected to an electronic comms network were the phones in people’s houses, the phones in businesses, and the payphones in the street. What frightens and excites me about the Internet of Things is we will not just see a much greater number of devices connected, but there will also be a much greater variety of devices connected, multiplying the possibilities and the associated risks. Furthermore, none of us can be sure which innovations will prove most popular with customers, so we need to prepare for a wide range of possible outcomes, whilst being agile enough to cope with the unexpected. When it comes to the complexity of risk management, the impact of the IoT will be explosive. And telcos cannot afford to sit back and assume they will passively benefit from an increase in traffic. As OTT providers have demonstrated with voice and text services, IoT firms might also create new ways to hollow out the revenues generated by telcos. As Orange’s Emmanuel Routier said in his presentation:
Telcos have to innovate to supply IoT.
This is true, even though innovation is difficulty and risky. On the plus side, we can also make use of innovation to solve some old challenges faced by many telcos, such as managing stocks of equipment and fleets of engineers. We must explore the potential of new technology, or risk being driven out of business by the firms which do. For these reasons, I must now guide the Commsrisk editorial policy towards increased coverage of M2M, IoT, wearables, and all the new classes of networked devices for which nobody has yet invented a pithy name or acronym. This change in policy will be a personal challenge for me, as I recognize how much I have to learn. However, knowledge and education is key to managing risk, and I hope that you will also embrace the learning experience that lies ahead.