The Economist’s Quarterly Technology Review is out today, and there are lots of Blindsidey nuggets to chew over.

They note progress being made in using virtual worlds for training and simulations, have a nice article on how DNA samples can be pickled (well use a briney process) for longer storage, and have two articles that I personally hope will be related in the near future: one about how corrective eye surgery is progressing and another about how head-mounted displays (HMDs) are creating a world of augmented reality.

Location-based services gets an article about Bluetooth enabling mobile dating, and another that makes me wonder if anybody is considering the information assurance issues about clustering volunteer computers to look for alien life and cures for cancer.

Surveillance in the stores gets an article–makes me hope this stays in the stores. But it won’t…

Larry Lessig of the EFF gets a nice write-up. Corrupt politicians (at least in the U.S.) should really start evaluating career alternatives.

But the piece I was waiting for, about Unmanned Aerial Vehicles (UAVs) is a real dud–unless you want the history. The present is much more interesting. Maybe they just ran out of space.

Now I have to wait three more months…

The Promise: “We will start with air cards and an in-building modem, then embedded devices will begin to appear in laptops and ultramobile PCs. But then imagine camcorders that display footage on monitors without wires or send files to social networking sites such as YouTube and MySpace; car navigation systems that get Internet access and rear-seat entertainment; Internet video; public safety surveillance. Think Internet tablets, gaming devices, DVD players. You get the idea.” Certainly Sony and Nintendo must be salivating at the possibility of extending online play to future DS and PSP gaming systems.”

The Potential: “That means a potential end to the minute model, and perhaps an end to the cellphone as we know it, since VoIP could be built into anything with a Web browser, speaker and microphone. Earlier this year, Apple gave us the phone that also was a music player, camera and on down the line. But WiMAX may give us the camera or other connected device that is also a phone. Heady stuff.”

Background: Broadband is still patchy in the U.S., and Sprint is trying to use a variant of WiMax (called Xohm) to remedy this. It’s already gotten one CEO fired for being focussed on WiMax instead of traditional subscribers, but they have 10,000 base stations ready to launch. If it works, it will impact a lot of mobile services, enable location-based services and increase the potential of mobile, pervasive and wearable devices.

The story is from the senior tech editor of Popular Mechanics. You can read it here.

This could be smoke–but if it fails, it will be because something better comes along that does the same thing.

Well, not snakes, but mobile phones. They’re here… The European Air Safety Agency has greenlighted their use in flight, and the installation of on-board base stations has resolved navigational worries. Ofcom has published a proposal that would allow usage above 3,000 metres.

Our wiki covered some of the issues involved here.

Given that the most widely publicized incident regarding previous use of mobile telephony in commercial aircraft comes from September 11, when passengers phoned emergency services, said tearful goodbyes to their family, and provided a running commentary on events (all without interfering with the plane’s navigational systems), the technical and information assurance issues, while not trivial, do not seem to be too much of an obstacle to airborne use of commercial mobile services (although I still am concerned about how future location-based services will be managed).

But the issues are more likely to be social. As the reporter for icBirmingham noted in the story linked above, “I personally think allowing the use of mobile phones on aeroplanes is only a good idea if people are encouraged to step outside the aircraft when making and receiving calls.”

The story is here.

“The electricity grid, power plants and refineries face increasing threats from computer hackers who could cause major disruptions and economic chaos, congressional investigators say.”

…”Langevin, D-R.I., noted the recent disclosure that government scientists at the Energy Department’s Idaho National Laboratory were able to hack into a simulated power plant control system and cause an electric generator to destruct.”

…”Lofgren said that was not the intent of Congress when it created the department. “We haven’t made any progress in the cybersecurity side for a long, long time,” she said.

The commission is considering more stringent standards for the electricity industry that a quasi-industry group, the North American Electric Reliability Corp., is developing.

To date, location-based services are widely used in emergency services, help alerts, fleet tracking and offering the location of a mobile phone. Or, as Wikipedia lists them,

Some examples of location-based services are:
Requesting the nearest business or service, such as an ATM or restaurant
Receiving alerts, such as notification of a sale on gas or warning of a traffic jam
Finding a buddy
For the carrier, location-based services provide value add by enabling services such as:
Resource tracking with dynamic distribution Taxis, service people, rental equipment, doctors, fleet scheduling
Resource tracking Objects without privacy controls, using passive sensors or RF tags, such as packages and train boxcars
Finding someone or something Person by skill (doctor), business directory, navigation, weather, traffic, room schedules, stolen phone, emergency 911
Proximity-based notification (push or pull) Targeted advertising, buddy list, common profile matching (dating), automatic airport check-in
Proximity-based actuation (push or pull) Payment based upon proximity (EZ pass, toll watch)

All very useful services, but in a sector where much more was expected, it looks kind of vanilla these days.

In September of 2006, Silicon.com wrote of location-based services, “Another good question. Mobile operators, pundits and other assorted industry watchers have been talking about LBS since the tail end of the last decade but have never really found a way to capitalise on them. It’s thought that the inclusion of GPS in mobile handsets could jump-start LBS. ABI Research predicts that by 2011, there will be 315 million GPS subscribers for location based services, up from a measly 12 million this year.”

A year later, has anything changed?

In May of this year, the BBC was showing interest: “Speaking at the FT Mobile Media conference, the BBC’s director of future media, Ashley Highfield, said the broadcaster - now the UK’s favourite mobile web destination - believes mobile content is shortly to enter a boom time. He said: “Mobile is the future of media and technology… I think a number of factors are coming into alignment for explosive growth.” Among those factors, Highfield believes, are better pricing, operators’ decision to ditch their ‘walled garden’ approach to content and improvements in phones themselves including the addition of GPS. Highfield added: “It looks like the shift we saw when broadband took off.”

One major use of location-based services will be in telecare for the disabled and elderly. In March of 2007, the International Journal of Health Geographics published an editorial about CAALYX, a “Complete Ambient Assisted Living Experiment, an EU-funded project that aims at increasing older people’s autonomy and self-confidence by developing a wearable light device capable of measuring specific vital signs of the elderly, detecting falls and location, and communicating automatically in real-time with his/her care provider in case of an emergency, wherever the older person happens to be, at home or outside.”

“CAALYX aims at increasing older people’s autonomy and self-confidence by developing a wearable light device capable of measuring specific vital signs of the elderly, detecting falls, and communicating automatically in real time with his/her care provider in case of an emergency, wherever the elderly person happens to be, at home or outside. Specifically, CAALYX’s objectives are:

• To identify which vital signs and patterns are most important in determining probable critical states of an elder’s health;

• To develop an electronic device able to measure vital signs and to detect falls of the older person in the domestic environment and outside. This gadget will have a geo-location system so that the monitoring system may be able to know the elder’s position in case of emergency (especially outdoors);

• To allow for the secure monitoring of individuals organised into groups managed by a caretaker who will decide whether to communicate events identified by the system to the emergency service (112); and

• To create social tele-assistance services that can be easily operated by the users.”

Crucially for Blindside readers, CAALYX addresses privacy issues in the editorial: “Location capability poses service providers with the challenge of responsibly handling consumers’ personal privacy [1]. This is particularly important with ‘tracking services’ that continuously monitor and log user’s location, like Wherifone, an American location-tracking service for the elderly and children [21], and other live tracking services using technologies like the GpsGate Server [22]. Such services raise many privacy concerns and questions; for example, “If a consumer service allows one party access to the location of a second party, should that second party be notified when this location information has been provided?”[23]

However, CAALYX’s approach to location information privacy is different. CAALYX is an extensible user health monitoring platform that uses GPS as to support that function (health monitoring) and for emergency handling. Thus CAALYX is not continuously tracking older people, or continuously communicating their location in real-time with the central monitoring station. There are a number of reasons for this. Firstly, allowing the data logger (a mobile smartphone that users carry on them) to collect the data rather than continuously stream it to a remote server means that expensive bandwidth is saved. It is also far more power-efficient than a system that has to continuously transmit data and pick up real-time geographic information via GPS, a paramount feature in any handheld device. But most importantly, it means people will not feel as if their every move is being watched. Location information is only sent when required during an emergency or when an alarm is raised. As such CAALYX has the potential of setting the standards and providing a ‘modus operandi’ or ‘best-practice’ model for wireless location privacy in mobile, location-intelligent/enabled e-health services.”

Commercial activity reported in the media indicates substantial interest in location-based services. Nokia’s recent purchase of Navteq, a supplier of digital maps, follows their recent introduction of a GPS-enabled mobile phone, the 6110 Navigator. “Using the handset’s embedded software, consumers can view their current location on a map, search for destinations, find specific routes, or locate nearby services, such as restaurants, hotels or shops. Location-based services are “one of the cornerstones of Nokia’s internet services strategy,” Nokia chief executive Olli-Pekka Kallasvuo said in a statement. “By joining forces with Navteq, we will be able to bring context and geographical information to a number of our internet services with accelerated time to market.”

And from the same article, “Navteq has been viewed as a takeover target since this summer, when navigation device maker TomTom said it would pay €1.8bn for Navteq’s top rival in the mapping market, Tele Atlas. Tele Atlas provides maps for MapQuest, Google Maps and several other navigation devices. TomTom accounts for about 40 percent of Tele Atlas’ business. When the acquisition was announced in July, many speculated that Google would buy rival Navteq.”

It’s all very much jam tomorrow, but tomorrow looks closer than it did a year ago. Well, I suppose it would.

To see what’s actually happening today, one needs to look at Asia. A white paper found on ZDNet (registration required), titled ‘Home Network Services in Korea,’ and published by Research On Asia (ROA) Group, Inc. talks about some interesting location-based services:

Logicplant’s Telekeeper (Mobile phone-based PC remote service) Service in brief: a solution to problems related to children’s PC use. The parents can monitor their children’s computer use.

Phone CCTV Service by SKT: Service in brief: this service, based on camera and high speed Internet, enables the user to monitor the situation at home via mobile phone and warns the user by sending a text message in a case of an intruder. By just installing a camera at home or in office, the service is enabled in real time via mobile phone.

Nespot Lu Service by KT: Service in brief: KT’s wireless Nespot service, connects mobile phone with a home robot. The robot is equipped with a small camera that monitors the situation inside the house and enables the user to check each room while staying outside the house by using a mobile phone.

From America (specifically, the University of Colorado), comes “A Methodological Assessment of Location Privacy Risks
in Wireless Hotspot Networks,” another white paper found on ZDNet. The abstract states, “Mobile computing enables users to compute and communicate almost regardless of their current location. However, as a side effect this technology considerably increased surveillance potential for user movements. Current research addresses location privacy rather patchwork-like than comprehensively. Thus, this paper presents a methodology for identifying, assessing, and comparing location privacy risks in mobile computing technologies. In a case study, we apply the approach to IEEE 802.11b wireless LAN networks and location-based
services, where it reveals significant location privacy concerns through link- and application-layer information. From a technological perspective, we argue that these are best addressed through novel anonymity-based mechanisms.

Jam today, but not jam here.

I should have been in Boston this week for a conference on wearable computing. The story details half a dozen applications well on their way to market, and a quick look at the conference agenda shows they talked about all the right subjects.

“BOSTON - From clothes riddled with sensors to name tags that detect our moods, computing’s next wave could unleash small devices that increasingly augment everyday activities with digital intelligence.” However, the key quote is at the end of the article: “The idea,” he said, “is to wear your remote, not to carry it.”

Wearable computing is important as it advances the concept of pervasive computing. Pervasive computing has real potential impacts on information assurance as it may multiply the number of nodes connected to a network, contribute greatly to network traffic, involve the constant transmission of data which may be sensitive (especially when combined with other data streams), and produce an unhealthy desire to increase monitoring of personal behaviour already far too evident in UK government. More about wearable computing can be found here.

It has wider implications for UK government, as it will enable services (many yet to be created, some that are currently delivered in other ways) that governments could rationally be expected to supply citizens.

Progress in wearable computing seemed stalled for a few years. It’s back.

* BOSTON - Dominated by home-cleaning gadgets, the consumer robotics market is expanding with the arrival of ‘bots that can spy inside your home when you’re away or arrange virtual meetings of family or friends.

* TOKYO, Japan (AP) — Orderly, pornography-free and safe for children, “meet-me,” an online interactive virtual Tokyo, is Japan’s answer to “Second Life.”

* WASHINGTON (CNN) — Using a Facebook profile, police arrested a suspect in an attack on the Georgetown University campus.

* SAN MIGUEL, Philippines - It’s Thursday, so 18-year-old Dennis Tiangco is off to a bank to collect his weekly allowance, zapped by his mother — who’s working in Hong Kong — to his electronic wallet: his cell phone.

* SAN FRANCISCO - A thief stole a laptop computer containing unencrypted personal information of 800,000 people who applied for jobs at Gap Inc., the clothing retailer announced Friday.

* TOKYO (AFP) - A research group will be set up in Japan to develop optical technology that will replace the Internet Protocol as the global standard in communications, a report said Sunday.

* (As noted by Wendy below) SEATTLE - Microsoft Corp.’s Excel 2007 spreadsheet program is going to have to relearn part of its multiplication table.

* (It’s not just the UK): FBI’s cybercrime efforts lagging: The growing problem of cybercrimes used by both scofflaws and hostile governments was given the No. 3 priority status by the FBI, but the Washington Post reports that few dollars and agents are assigned to its prevention.

* An online malware measuring tool has unexpectedly rated U.K. PCs as having the lowest level of infection in Europe.

At some point pervasive computing and ubiquitous connectivity become a radically different phenomenon. That point may have already been reached–William Gibson’s oft-repeated dictum that the future is already here, it just isn’t evenly distributed–may be all too relevant when discussing this subject.

I’m a nut about this kind of stuff–I love imagining the effects of new technologies on daily lives. But it all has impacts on information assurance. As I may have mentioned two or three dozen times, I believe that small devices, everywhere connectivity and services delivered to your small but connected devices is TNBT (the next big thing).

The IEEE has an awful lot of stuff about this–here are some excerpts from abstracts about Urban Computing (pdf). It talks about computing and networking everywhere. Some clips:

“Despite the complexities, urban computing is, in a limited sense, already a mass phenomenon. Roughly half the world’s population lives in urban environments. In addition to PDAs and laptops, most people have mobile phones, and most mobile phones have capabilities beyond simple voice calls. Connectivity is extensive. Mobile phones are increasingly equipped with Bluetooth for short-range communication, in addition to long-range cellular data connections. Wi-Fi networks are also commonplace.”

“In the UK, for example, people routinely swap content between their mobile phones over Bluetooth in urban settings such as
pubs and schools. That amounts to a highly dynamic, socially driven, peer-to peer network that’s pervasively embedded
in cities.”

“NAVITIME runs on mobile phones, many of which include integrated GPS. A minority use case is in-car navigation. Many people
outside Japan are familiar with in-car navigation systems, but in Japan, people are using NAVITIME mostly for personal navigation
as they walk or take public transportation—particularly in Tokyo. This is yet another example of how Japan often leads the rest of the world when it comes to pervasive computing. NAVITIME provides comprehensive navigation information, including maps, timetables, prices, and even carbon footprints for various journey options. It’s an impressive large-scale system.”

“Jonathan Reades, Francesco Calabrese, Andres Sevtsuk, and Carlo Ratti grapple with the problem of characterizing patterns of mobile phone traffic in Rome. Using data they obtained from a wireless carrier, the authors ultimately aim to match usage characteristics to urban space utilization. So far, they’ve only been able to note differing patterns across space and time and to suggest statistical links to, for example, residential versus commercial versus leisure usage. But this work paves the way for more in-depth analysis. It also opens a debate on the extent to which mobile phone data can and, given privacy considerations, should be used for this purpose.”

“In “Undergound Aesthetics: Rethinking Urban Computing,” Arianna Bassoli, Johanna Brewer, Karen Martin, Paul Dourish, and Scott
Mainwaring consider the London Underground as a target application domain. They provide extracts from an ethnographic study of passengers and propose a design for a music-sharing application. They base their proposal on observations of the roles that media such as music and newspapers play on underground journeys, together with the possibilities that Bluetooth presents for transferring content between passengers.”

“Mobile Social Software: Facilitating Serendipity or Encouraging Homogeneity?” Jennifer Thom-Santelli takes a critical view of the urban applications that have been designed so far. She looks at new urban technologies’ social and political implications, arguing
that the current approach to design and deployment tends to favor only the same privileged social group as that of the designers.”

We have tended here to concentrate on protecting information flows through computer networks. This is in part because there is so much work still to be done in this area, but I think also in part because most Blindsiders are of a computer-centric generation (you may well say ’speak for yourself, Fuller’, and I’ll eat humble pie).

However, mobile computing is growing faster than just about anything that gets measured in tech terms (well, except for Larry Ellison’s ego…) and I am personally convinced that a combination of mobile computing, location-based services and pervasive computing is going to explode onto the scene, offering new possibilities and new threats. I not only believe this–the success of my private pension scheme depends on it.

I think the day is coming very fast when the fact that I sit in a room at a desktop will instantly identify me as a grumpy old man (I think women will adapt to the new paradigm without much fuss). I think mobile devices with Japanese butterfly fan screens that fold up will move computing outside the converted second bedroom and into the street, and flash memory lapel pins will hold more information than my laptop.

It’s all going to be great fun, and I’m looking forward to it. But one reason I think it’s going to be fun is the fact that I’m not charged with assuring information flows within a government organisation. I think the number of nodes in organisational networks is set to grow logarythmically and that the edges of networks are going to blur dramatically.

I think IA specialists in 10 years are going to reminisce fondly about how life was so simple in 2007, before they had to build concentric circles of protection and build data hierarchies that have to exist in different forms within each circle.

For all of us who have retirement in mind before 2017, we may breathe a sigh of relief that it won’t happen on our watch (although it still may). And it might be fair to say that a fairly large share of Blindsiders fall within this group. But I think we owe it to the next generation of information assurance professionals to set the stage for them.

When memory becomes so small and cheap that your life fits into your belt buckle, when people will normally carry four or five objects on their person that have network connectivity, when hundreds of services offer local data based on segmentation rather than aggregation, when p2p dating services sit next to real-time data flows from your banking and investment activity, when government networks imperceptibly bleed into and through a myriad of specialist networks, information assurance will take on a different meaning.

We are entering that period of time where the evolutionary explosion fills an environmental niche created by a new technology. The prelude is finished. It’s just a bit funny that it’s not just one new technology–that computer science, biology, nanotechnology and whatever else I’m forgetting are coming of age at the same time.

Who needs science fiction?

This article, by Wired’s Ryan Singel details the FBI’s wiretapping capabilities with DCSNet, a communications surveillance network built under CALEA that sounds like it might have been advertised with the slogan, “Be the envy of other major governments”. The salient points:

- The FBI has extremely wideranging wiretapping facilities that let it log into a provider’s network; the provider turns on the tap once it receives a court order

- It’s having trouble with Skype, because there’s no central point to tap

- These digital wiretaps are more expensive than the traditional physical kind (by nearly a factor of ten) and processing the data is also considerably more expensive (all of which we taxpayers get to pay for)

- There are significant security holes inside DCSNet itself, many of which were spotted in its predecessor system, Carnivore.

wg