Whose Security Is Best?

I woke up this morning to an email from Amazon confirming that I’d just bought Bruce Schneier’s new book, ‘Data and Goliath‘ whilst I was sleeping. Ah, the wonders of forgetting you’d pre-ordered a book way before its release date…

Anyway, there’s obviously little I can say about the book as I’ve still to read it. But I can however recommend another great essay from Schneier which he posted recently on his blog: ‘Everyone wants you to have security, but not from them‘.

As I wrote yesterday, there’s a general confusion about encryption. As Schneier points out in his essay, it’s too simplistic to say that the big tech companies don’t want your data to be secure in some way in order to have their wicked way with your information. Instead, it’s far more accurate to say that companies such as Facebook and Google are constantly striving to become the single place where you deposit all of your valuable data – so that they can then protect it alone.

But of course, move ahead with that ‘single point of failure’ model and we run the very real risk of significant breaches occurring at some point or another in the future, as Lenovo discovered to their (and their customers’) cost last week. Or from secretive actors breaking into such systems and inevitably compromising the system for all participants regardless of what their motives might be, such as the Gemalto break-in whereby the encryption keys for billions of mobile phones were stolen.

It’s a binary choice that we have. Security or surveillance. Privacy or convenience. And until MaidSafe launches, the likely outcome under the current architecture of the internet doesn’t look too appealing.

The Encryption Battle Heats Up

It’s not surprising that there’s so much confusion in the minds of the general public when it comes to encryption. There are so many conflicting narratives around, each of which is wrapped up in varying degrees of political spin.

Take for example, Michael Chertoff who basically helped to create the Patriot Act in the US which paved the way for mass surveillance in the aftermath of the 911 attacks. After moving on from a career which included a four-year stint as Secretary of Homeland Security.

However, it seems that Chertoff has changed his mind. He now believes that everyone should have the right to strong encryption without the backdoors that are currently being sought by many government agencies around the world.

“I’m sympathetic to law enforcement, but nevertheless I’ve come to the conclusion that requiring network managers or ISPs to retain a key that would allow them to decrypt data moving back and forth on a particular device is not something the government should require,” he said. “If you require companies to manage a network to retain a key to decrypt, I guarantee you another provider will allow someone else in the world to have that key. What happens is, honest people will have a key to encrypted data that’s held by a third party. As we’ve seen in the past, that can lead to problems.” 

That’s quite some turnaround.

And quite different to the position of the Director of the NSA, Mike Rogers and recent statements in the UK from David Cameron. After all, even President Obama has stated in a recent interview, “I’m a strong believer in strong encryption” (seemingly contradicting an earlier statement that encryption should be unlocked by the authorities in certain circumstances).

Changes are coming: mobile phone companies are encrypting by default, there’s pressure to move all websites from http to https under the Let’s Encrypt movement and public awareness is rising. And yet there’s still a big issue here. There’s a very strong argument to say that the level of technological knowledge in order to adequately protect yourself in today’s society is one which is disproportionately damaging to those from poorer socio-economic backgrounds.

No doubt individuals and groups will continue to come forwards to protect those who inevitably are forced to rely on others to provide user-friendly solutions in this area. But working out how much protection those volunteers require in order to carry out their jobs – and who can be relied upon to provide them with this necessary support – is where we truly start to learn what sort of society we live in.

The Listening Television

I finally took the plunge and bought a new TV today. Using a mass of Nectar points accumulated from food shopping over the past decade or so, I managed to get a good deal on a new low-end model. To be honest, I rarely watch the TV. Any viewing that I do have time for inevitably tends to be on the laptop these days. But the difference between the two models, old and new, is pretty significant. If nothing else, I have no idea how to get the old TV down the stairs – it’s that heavy.

But the whole experience of buying a new piece of tech – as exciting as that invariably is for anyone with geek-tendencies – was tempered by the story in the back of my mind about the recent Samsung Smart TV. These once-simple appliances have become completely different propositions these days, as Michael Price in Salon pointed out late last year (‘I’m terrified of my new TV: Why I’m scared to turn this thing on – and you’d be too‘).

We’re suddenly in a world where so-called Smart TV’s record our activities and choices, retaining the power to send such information on to marketers and other third parties to do as they wish. The decision to be made by many consumers is in many ways an unfair one: disable many of your all-singing all-dancing new TV’s features or accept one further encroachment into your privacy.

As you might remember, the worrying issue with the Samsung Smart TV was the fact that it had voice recognition. Or, more accurately, because of the voice recognition features that it employs, the Privacy Policy for the TV shows that in fact anything you say in the vicinity of the television may in fact be recorded and transmitted to a third party for analysis. When that’s a marketing company, it’s little more than irritating perhaps. But there’s no guarantee that the data exchange stops there.

One of the biggest issues is the fact that Samsung is sending the customer’s voice searches and data in an unencrypted format. Think of the potential for hackers and snoopers to literally listen in.

Yeah, it was a lot simpler the first time I bought my TV. Even if it weighs about the same as my fridge and is almost as attractive…..

Skyscanner Becomes A $1 Billion Business

It’s Friday so it’s as good a time as any to have some good news.

Scotland now has its first $1 billion internet business in the form of Skyscanner. I remember being at a startup drinks event in Edinburgh around five or so years ago and hearing Gareth talking about his vision to achieve exactly this goal. And now it’s reality. It’s been incredible (and hugely inspiring) to see the growth of the business in the intervening years and a real testament to both the leadership and the vision within the business.

OK, this comes with the obvious caveat in that I worked with Skyscanner for a while so I may be slightly biased. But the reality is that what Gareth – and so many more – of them have achieved collectively is absolutely phenomenal. I would be dishing out the same praise whether I knew the team or not. But having seen the inside of the business only reinforces my belief that there is something very special going on within the business away from public perception of ‘simply’ being a travel aggregation site (I’m not the only one to have seen this by any means). I look forward to watching them continuing to grow.

I’ve written before about why Scotland’s such a great place to build a technology company. Edinburgh in particular leads the way, with a rich ecosystem of startups, Codebase (the UK’s largest tech incubator), the next edition of Silicon Milkroundabout landing next weekend, the Startedin group….the list goes on.

Skyscanner might be the first $1 billion internet business, it’s true. But now it’s time to build a few more.

 

Medical Apps and Regulatory Challenges

The growth of the internet has provided us with unparalleled access to information. Technology has enabled us to distribute this information on a scale that has never previously been possible and for a fraction of the cost.

However, as the barriers come down, we’re still learning how society reacts when individuals act upon such new and increasingly accessible sources of information. Healthcare apps are an obvious example. The growth of fitness tracking obviously has legal implications but some medical professionals argue that they also run the risk of being detrimental to your health in certain situations as well.

It seems to me that innovation will always present challenges. The question is whether finding a route around existing hurdles (such as regulations put in place to protect the public) provides a result for the world that is genuinely net positive or negative – or whether we still need protection as such innovations are trialled. The risks of making the wrong choices are clearly much greater when dealing with health matters than with other sectors but the principle, in my mind at least, remains the same. If forced to choose a ‘side’, technology itself must always be viewed as neutral and the overall effects of open innovation viewed as being more beneficial than harmful.

That’s a tougher argument to make if an app on your phone incorrectly informs you that your blood pressure is fine and you delay potentially life-saving medical check-ups as a result. But there doesn’t appear to be another route forwards if you truly want to evolve.

A Decade Of Blogging

I’ve always been fascinated by blogging, certainly since it really broke into the consciousness of the general public around a decade ago. Regardless of the quality of the content, the ability to actively share content directly with an audience, no matter how niche it might be, immediately hit me as being incredibly powerful.

No gatekeepers.

I’ve learned a huge amount over the last decade or so from simply reading blogs. I remember once asking work colleagues how many blogs they read regularly. Or even irregularly. The answer, it transpired, was that there wasn’t a single person who was. That still amazes me. Needless to say, I also understood that I was in the wrong job.

Of course the landscape has shifted hugely over the last decade. Some bloggers, real and anonymous, have moved on of course but many stalwarts remain (for example, Fred Wilson started blogging back in September 2003). Larger numbers of people are now producing content which, thanks to technology that’s freely available, has at least the potential of reaching a global audience. And of course the emergence of micro-blogging platforms such as Twitter really helped to tap into that pent-up desire that so many had to share something (with 288 million active monthly users generating 500 million Tweets per day currently).

However, a huge factor in the growth of blogging was the emergence of WordPress. Whilst investigating why Wordpress have withdrawn support for Bitcoin payments this week, I came across this article from October 2004 talking about the early days when Matt Mullenwegg developed WordPress, the juggernaut that is currently the most popular blogging system in use on the web, powering more than 60 million websites.

The philosophy’s really interesting here and really validates the open source model. Almost everything on WordPress.com is free. They charge for upgrades (whether it’s spam filters or custom domains) but the core proposition is – and always will be – free. If you’re worried about giving something away for free, I suggest you go and have a chat with Matt. I’m sure giving stuff away has done him much harm over the last decade or so.

Going back to the article, there seem to be some parallels between WordPress in 2004 and the state of Bitcoin in 2015. You can sense a seismic change coming. It’s impossible to say when or where the ultimate winners will be so far.  But it’s certain that there will be winners. As Scott Maxwell mentioned in the Q&A after the Bitcoin talk we gave up to Dundee Tech Meetup yesterday, there’s probably 5 or 6 places lying vacant at the moment just waiting for people to carve themselves a place in the history books. With every day, we get a little closer to the time when we find out who it’s going to be.

The VC Blogging Elite

Today is Ruckusmaker Day. Seth Godin’s trying to encourage people to commit to speaking (or writing) their opinion daily on a topic of their choosing, picking what would have been Steve Jobs’ 60th birthday as being a good a day to start as any.

I’ve just returned from the Dundee Tech Meetup after giving another ‘intro to Bitcoin’ talk which was brilliant fun. So whilst I agree with the concept, the only contribution my tired brain can make tonight is to simply highlight a valuable summary of corners of the web where – if entrepreneurship is your thing – people are doing precisely that.

Periodic Table of VC Blogs
Periodic Table of VC Blogs

Morgan Spurlock and Bitcoin

It’s interesting to see CNN continuing to actively pursue its investigation into Bitcoin’s potential. Amongst other things, they’ve just added a new Bitcoin Ticker to their CNN Money page and at the end of last year, I was kindly asked to join one of their panels for a live Twitter debate on the future of Bitcoin.

Anyway, I don’t usually just post an episode of something on the blog post but I figured this might be of interest to a few readers who are still getting to grips with Bitcoin.

I suspect most people know who Morgan Spurlock is. I like the fact that he didn’t even attempt to pretend he knew what was going on at the start. There’s a lot to be said for going down that route – especially if you’re planning to live on nothing but Bitcoin for a week.

https://www.youtube.com/watch?v=uTxEo1CkPFw

The Evolution of Spending in the Sharing Economy

Change is a constant and it’s clear that the growth in the collaborative economy is going to reshape current spending patterns throughout many economies.

The actual impact is still hard to ascertain. But the evidence is stacking up that there are going to be significant changes in the near future. As Larry Fink pointed out in a recent article, the impact of technology can profoundly affect an entire industry, even if it only directly impacts initially on a small subsection.

Fink uses the example of hydraulic fracturing in oil production to make his point. As the demand for the supply of oil has continued to rise by around 600,000 barrels a day over the past year, the actual supply – in part due to new technologies such as fracking (putting to one side for this article the immense damage that fracking causes) – has increased by around 2 million barrels a day.

His argument here is that (as damaging as fracking is) the technology has affected the overall price per barrel in despite the fact that the majority of barrels are not produced using this method.

So when it comes to the sharing economy, what sort of changes are we likely to see as a result of the stellar growth of such businesses as Uber and Airbnb? For most younger people in the Western Economy, there are two common twin goals when it comes to acquiring significant items of property: the car and the home. Not surprisingly, these are in the crosshairs of both growing businesses.

So whilst both assets are fundamentally different (one being an investment, the other a depreciating asset), the question still remains. If significant sums of money are less likely in the future to be tied up by these big capital outlays at the start of young people’s lives, where will they be directed instead? Any ideas?

Hacking The Car Wash

As the Internet of Things develops, we’re going to see more and more security issues present themselves whilst more items move online. We’ve heard recently about an (unnamed) German steel mill being hacked. Next up, renowned security researcher Billy Rios (known for hacking X-ray systems and airport baggage scanning systems) has now flagged up the potential vulnerabilities presented by car washes.

The car wash isn’t necessarily something that jumps to the top of the list when considering the varied security threats that are out there in the big bad world. After all, it’s a large, stationery piece of heavy equipment that only ever gets installed in certain controlled locations (namely petrol stations). But after showing that he could guess a default password on the machine’s web interface to take over control of the system controlling the car wash from afar, Rios points out:-

“[If] a hacker shuts off a heater, it’s not so bad. But if there are moving parts, they’re totally going to hurt [someone] and do damage…I think there should be some distinction between those sort of devices. Turning on and off the lights is cool, but if you create something that causes something to move, you can’t allow them [the manufacturers] to voluntarily opt into security.”

“…These machines are very dangerous, and typically, when you have these machines installed someplace, they are only able to be operated by qualified technicians. They could hurt someone. So when you start putting these things online, it changes the threat model dramatically”.

Sounds just like a scene at the start of a sci-fi film, doesn’t it?