Your servile robocleaner spies on you

Cue the outrage.

for the last couple of years, the robovacs have been quietly mapping homes to maximize efficiency. Now, the device’s makers plan to sell that data to smart home device manufacturers, turning the friendly robot into a creeping, creepy little spy.

Sadly, this seems to be or for the course when it comes to smart devices these days. Bear stories like these in mind when someone goes in ridding again how Apple’s privacy stance may hinder their AI/ML advances, because this is what they’re advocating for.

The worst story we managed to tell about the internet and digital is that “data is the new oil.” It isn’t. But just the narrative makes everybody think they’re losing out when they’re not collecting as much as they can get their hands on. Why not just sell products?

Ethereum needs as much power as Cyprus

We’ve had a look at the energy-intensity of Bitcoin before, and now we have the numbers for Ethereum, the hot new kid on the cryptocurrency block, and purportedly the underpinning of a complete disruption of how we do business. Turns out, Ethereum currently doesn’t fare much better, with roughly half the energy required per transaction compared to Bitcoin.

A new real-time index from Alex de Vries, founder of cryptocurrency analysis site Digiconomist, shows that each ethereum transaction could now represent as much as 45 Kilowatt-hours (kWh) of electricity spent mining. That's about as much juice as the average American household uses in a day and a half. For comparison's sake, De Vries has estimated that a Visa transaction requires 0.00651 kWh. The entire network could be using as much as 4.2 Terawatt-hours (tWh), or slightly more than the country of Cyprus.

Ethereum plans to shift to a Proof of Stake-model that would significantly curtail the energy consumption of its network, but so far we haven’t seen more than announcements to that effect.
Bear this in mind when you read news about the Blockchain impact, especially when it comes with funding announcements for P2P energy startups.

Fundamental Risks to Civilisation: Team Climate Change or Team AI?

While I’m still skeptical when it comes to most use-cases that are currently dubbed to be Artificial Intelligence, Mr. Musk goes out of its way to warn people about its potential downsides.
I’ve linked to Kevin Kelly’s previous take on this1, but I think Musk’s argument should make you pause. Given that the main concern driving his call for pre-emptive regulation is a fundamental risk to civilization, you have to wonder whether these calls would, in the short term, be more fruitfully directed at the risk of climate change.

“AI is a rare case where I think we need to be proactive in regulation instead of reactive. Because I think by the time we are reactive in AI regulation, it’s too late.”

“Normally the way regulations are set up is a while bunch of bad things happen, there’s a public outcry, and after many years a regulatory agency is set up to regulate that industry,” he continued. “It takes forever. That, in the past, has been bad but not something which represented a fundamental risk to the existence of civilization. AI is a fundamental risk to the existence of human civilization.”

  1. Kevin Kelly: The Myth of a Superhuman AI, Wired Magazine

Who cleans self-owning cars?

From the department of second order effects, here’s an interesting thought about the cost savings potentially achievable with autonomous vehicles. Recall that esp. UBER sees autonomy as a silver bullet to save their flawed unit economics. But getting proficient in fleet management will be crucial for any player in the robotaxi game. If we’re all ferried around, as a popular tech-utopian vision portrays, in self-driving on-demand vehicles owned by themselves, who cleans them?

Bloomberg speculates the never-ending process of cleaning other people’s filth will cost large firms with autonomous fleets tens of millions of dollars annually. That number swells into the billions when you account for insurance, maintenance, storage, and the accelerated devaluation of such vehicles.

Uber is desperate to make the switch to driverless vehicles as soon as technology allows it, but abandoning the vehicle’s owner could result in unforeseen costs. […]

Traditional rental companies spend anywhere from $100 to $300 per vehicle each month while maintaining their fleet. For hourly rentals, that fee is much less predictable.

How to evolve antitrust?

Ben Thompson watched Facebook’s F8 Developer conference, and comes away with some important observations:

Last year, before Facebook realized it could just leverage its network to squash Snap, Mark Zuckerberg spent most of his presentation laying out a long-term vision for all the areas in which Facebook wanted to innovate. This year couldn’t have been more different: there was no vision, just the wholesale adoption of Snap’s, plus a whole bunch of tech demos that never bothered to tell a story of why they actually mattered for Facebook’s users. It will work, at least for a while, but make no mistake, Facebook is the only winner.

There are similar concerns around Amazon, which we talked about here before.

The rise of platform quasi-monopolists is a defining feature of software-based markets, which has competitors in industries that are currently or in the near future be impacted by the intrusion of software angling for a spot to reap platform economies.

It seems clear that antitrust regulation needs to evolve to establish a broader inclusion of market distortions than just consumer benefit. Amazon is predominantly a monopsonist, that is an actor with overwhelming purchasing power, rather than a monopolist, but the effects on competition are no less severe.

In the same vein, it seems Facebook has only just started to begin how they can use their massive attention platform, with devastating effects on the competition and upstream suppliers.

Data is the new oil and everyone wants some of it, BOSE edition

Oh come on now, this is getting ridiculous. TV’s that track your viewing habits, and now it’s noise-cancelling headphones that track what you’re listening to.

And you wonder why Apple is putting the foot down on privacy?

The audio maker Bose, whose wireless headphones sell for up to $350, uses an app to collect the listening habits of its customers and provide that information to third parties—all without the knowledge and permission of the users, according to a lawsuit filed in Chicago on Tuesday.

I guess this is what happens if you preach “Data is the new Oil” long enough. Everybody wants some of it.

I’m not a Bose customer, but I’d love to see the ToS on that app. I’m fairly certain that, if they indeed engage in this behaviour, this would be illegal under several statutes here on the old continent as well, and better result in a proper slap on the wrist.

What is it with premium household appliance makers and their poor security?

Continuing our series on really rather poor security choices on part of device manufacturers who offer some sort of remote functionality: how about controlling a high-end oven and range with SMS messages?

Among the security issues he says he found is the fact that SMS messages - which are used by the system to turn the oven on or off - are not authenticated by the cooker.

Nor is the Sim card set up to send the messages validated on registration.

I’m not even sure what the rationale behind this was. Certainly, once you have a 2G signal to receive SMS, you’ll also have enough bandwidth for the trickle of data needed to convey this information, but you can layer encryption etc on top. Doing completely unauthenticated SMS controls seems ludicrous. The only security defense you have is the hope that people don’t find out what the phone number of the embedded SIM module is.

And of course, the manufacturer, much like in the Miele bug, proved unable to respond to security disclosure. Again, requiring manufacturers and distributors of connected devices to have a Single Point of Contact for security-related inquiries and disclosures seems more sensible by the day.

OK Google, do you track ads?

After in-home voice-activated assistants have been inadvertently triggered by TV programs in the recent past, I guess it was only a matter of time until an ad agency decided to hop onto the gravy train. Cue BurgerKing, which launched an ad that was – to put it euphemistically – ill-advised.

A video from a Burger King marketing agency showed the plan in action: “You’re watching a 15-second Burger King ad, which is unfortunately not enough time to explain all the fresh ingredients in the Whopper sandwich,” the actor in the commercial said. “But I got an idea. O.K. Google, what is the Whopper burger?”

Prompted by the phrase “O.K. Google,” the Google Home device beside the TV in the video lit up, searched the phrase on Wikipedia and stated the ingredients.

Of course, the internet being the internet Wikipedia’s entry for the Whopper was quickly subject to edit wars, some of which is detailed by Gizmodo, and ultimately Google decided to deactivated this particular request.

Which of course is problematic in that Google tries to portray some sort of algorithmic platform impartiality around its One True Answer-system derived from search results. On the other hand, Google itself was found flatfooted after it experimented with ads on the Home platform, and users didn’t exactly like it.

Two observations from this:

1) Advertisers will definitely try to take advantage of voice-activated systems more. You can already imagine a system where a Shazam-like system tracks which TV ads you actually watch.

2) Voice-activated systems really need voice fingerprinting. This wouldn’t have worked if Google Home only reacted to a registered user’s voice input.

Coal is on its way out

Here is some news, that some might argue justifies the adjective historic:

Europe’s energy utilities have rung a death knell for coal, with a historic pledge that no new coal-fired plants will be built in the EU after 2020. National energy companies from every EU nation – except Poland and Greece – have signed up to the initiative, which will overhaul the bloc’s energy-generating future. “The debate about coal is over,” one industry insider told the Guardian. “This is the only way that we can go forward with decarbonisation. But it would be good to see a phase out of existing coal plants.”

No new coal plants after 2020. That is good news. There are still 3GW of coal plants under construction in the EU, however – and much, much more when looking at it globally – and there’s no word on closures of existing plants.
But the economics seem to be clear. This is an overdue signal. The risk of any hydrocarbon investment these days becoming a stranded asset is growing by the day.

AdChain – because there has to be a blockchain in it

If you mumble Blockchain three times in quick succession, a VC will appear and fund your startup. That’s the only explanation I have for harebrained schemes like this:

The key is that blockchain, and adchain, theoretically lets multiple parts of the industry work together with no dependency on one party’s data. “If it’s immutable and decentralized, then you can align incentives,” said Brook. Right now, adchain will embed a tracker in the xml of a creative asset — and in real time, show you who is watching it or if viewability standards aren’t being met.

Here’s what that theoretically looks like in the adchain if it’s about figuring out if an impression was real: A buyer buys an impression, which is encrypted in a block, and then broadcasted to every single participant on the chain. The impression is verified by the publisher, then added to the ledger. Everyone in the blockchain gets to see the impression event and approve it.

There’s a huge problem with programmatic advertising delivery right now. Fraud, placement, you name it. So much so that even Google sees its hand forced by ad buyers. So you could argue it makes sense to inject more accountability into the system. (Or you could argue that we need to rethink how we do advertising on the web.)

But Ad impressions recorded on a blockchain? C’mon. (Never mind the energy impact)

Don’t think for a minute your driving data is yours

Just the other day we wrote about the imbalances that come with Terms of Services, End User Licence Agreements and Privacy Policies, esp. when applied to products we usually think of as things we own. We talked about John Deere and the Right to Repair. Now comes a different story from the Guardian.

The AP observed in September: “Tesla Motors has used data to reveal – sometimes within hours of a crash – how fast the driver was going and whether or not the company’s semi-autonomous Autopilot system was engaged.”

In a statement to the Guardian, Tesla defended this practice. “In unusual cases in which claims have already been made publicly about our vehicles by customers, authorities or other individuals, we have released information based on the data to either corroborate or disprove these claims. The privacy of our customers is extremely important and something we take very seriously, and in such cases, Tesla discloses only the minimum amount of information necessary.”

Tesla indemnifies itself extensively in its privacy policy, granting itself the right to “transfer and disclose information, including personal and non-personally identifiable information … to protect the rights, property, safety, or security of the Services, Tesla, third parties, visitors to our Services, or the public, as determined by us in our sole discretion”.

Of course, it’s in Tesla’s interest to defend the record of its AutoPilot system. But going as far as not giving your customers access to – ostensibly – their data, while using said data to discredit their trustworthiness, well, it’s something else entirely. And it’s not a good lool.

I’m not quite sure whether they, as they state, indeed faithfully comply with European Data Protection and Privacy regulation (which would give customers rights to inspect data held on them). And such conduct will certainly be a talking point in the ongoing conversation about how to regulate self-driving vehicles.

Hack a Samsung Smart TV via DVB-T

Here’s a fun story about Smart TVs, if your definition of fun includes hacked gadgets:

A new attack that uses terrestrial radio signals to hack a wide range of Smart TVs raises an unsettling prospect—the ability of hackers to take complete control of a large number of sets at once without having physical access to any of them.

The proof-of-concept exploit uses a low-cost transmitter to embed malicious commands into a rogue TV signal. That signal is then broadcast to nearby devices. It worked against two fully updated TV models made by Samsung. By exploiting two known security flaws in the Web browsers running in the background, the attack was able to gain highly privileged root access to the TVs. By revising the attack to target similar browser bugs found in other sets, the technique would likely work on a much wider range of TVs.

I promise, this won’t devolve into a running commentary of the latest IoT hacks. But as with last week’s case with the Miele Dishwasher, it shows the increasing complexity of IT Security.

And as opposed to the Miele vulnerability, Samsung is a player that should by now have learned how to do IoT security (but of course, as its Android history shows, isn’t quite as up to the challenge as you’d want them to be.)

Either way, it’s patently obvious that something’s gotta give. Not regulating IoT security seems implausible. To that end, Stiftung Neue Verantwortung, with whom I work on the Future of Energy Markets, published a white paper on strategic principles for IoT security. Alas, it’s only available in German so far…

Blockchains sure need a lot of power

With the increasing contribution of Renewable Energy Sources towards electricity grids, and the accompanying drive towards more flexibility in the grid, blockchains get thrown around as a potential solution, as well as a means to disintermediate traditional utilities. What’s often forgotten in that discussion is that blockchains are quite energy intensive on their own. As writes Christopher Malmo for Vice Motherboard:

In 2015, I wrote that bitcoin had a big sustainability problem. Back then, each bitcoin transaction represented roughly enough electricity to power 1.57 American households for a day— approximately 5,000 times more energy-intensive than a credit card transaction. Since it's been two years, it's time for an update.

A new index has recently modeled potential energy costs per transaction as high as 94 kWh, or enough electricity to power 3.17 households for a day. To put it another way, that's almost enough energy to fully charge the battery of a Tesla Model S P100D, the world's quickest production car, and drive it over 300 miles.

He’s writing about Bitcoin, and most electricity trading on the blockchain experiments are going with Ethereum. But Ethereum follows the same fundamental model: a blockchain in which transactions are secured by a proof-of-work system that involves hashing. It’s reasonable to assume then that the energy consumption footprint would look similar.

Ethereum wants to move to Proof-of-Stake, which would drastically reduce the power consumption overhead the protocol incurs, but introduces different problems, possibly even this year.

End of Ownership: Licenses as parallel legal system?

Software means licenses. We’re talking about that a lot here lately. And it seems the topic is getting some much needed attention: here’s an intro to a book called The End Of Ownership, which grapples some of the legal issues that come up with licensing.

Perzanowski and Schultz have come to the conclusion that companies have "created private regulatory schemes that impose all manner of obligations and restrictions … effectively rewriting the balance between creators and the public that our laws are meant to maintain." As the pair explain, on a near-daily basis we are forced into agreements that we don't understand, don't have time to read, and that are designed to be dense. Since the first EULAs were developed in the early 1980s by IBM, they have become a commonplace and refined tradecraft. Courts have often recognized them as binding "contracts," but they aren't contracts in any real sense of the word, which has traditionally assumed negotiation on a level playing field and a nuanced understanding of the terms from both parties.

Of course, terms of services and license agreements are contracts. The assumption that contracts require a nuanced understanding of the terms would be to say most everyday purchasing contracts are invalid.
The problem we have is that traditional institutions we have developed to deal with information asymmetries don’t work in this environment.›

The coming Lithium Rush

Bloomberg Business Week looks into the growing Lithium mining business:

Banks and consultants such as Deutsche Bank and Macquarie Research are near-unanimous in the belief that the next several years will see an increase of 60 percent to 250 percent in demand for lithium—and that it will sell for 50 percent or more above historical levels. The rise in demand will be driven by batteries for electric vehicles and energy storage for wind and solar plants. UBS Group estimates that electric cars will account for 9.2 percent of global light vehicle sales by 2025, up from only 1 percent today, while analysts at Goldman Sachs Group Inc. have suggested that the market for lithium in energy storage could eventually be bigger than in all other products combined.

Already, the four companies that in 2015 provided 88 percent of the world’s lithium can’t keep up: Lithium contract prices have increased from $4,000 per metric ton in 2014 to as high as $20,000 today.

Commodities, of course, are always a bit of a gamble. But is there anyone who seriously doubts that that market will expand quite dramatically? The price development gives a good indication of where the journey is going. Propping up coal and petrol might give short-term economic relieve, but financial markets seem to make up their mind where the future is headed.

Miele Dishwasher Hackable – firm doesn’t respond to disclosure

Not a week goes by without a security incident. This time, a “smart” dishwasher, manufactured by Miele, has been found to include a critical security vulnerability that allows arbitrary code execution.

The German domestic-appliance giant Miele decided to make a dishwasher that can be connected to the internet and, of course, someone found out it has a bug that allows hackers to break into it, infect it with malware, and give them the opportunity to use it as leverage to hack other devices on the network.

"The worst case scenario is an attacker is able to infect the system with malware and is in a position to attack other devices in the network," Regel told Motherboard in an email.

The main problem with these kind of devices having connectivity is that the manufacturers making them have little to no experience dealing with cybersecurity. In this case, Regel tried to contact Miele in November of last year to alert them of the issue, but after an initial conversation with a representative, the company never got back to him.

The problem here, of course, isn’t that someone’s going to manipulate some sensitive data on your dishwasher, but that it gives attackers a beachhead on your network from which to mount subsequent attacks. That’s the problem with IoT security: individual security issues might not seem so critical in isolation – it’s just a dishwasher after all – but as they are usually embedded in complex network topographies, the overall effect could be quite drastic.

Remember that the Target Hack was mounted from a compromised HVAC system.

But how the manufacturer failed to respond to the disclosure of the vulnerability is revealing. It’s probably not even a refusal to engage, but an inability. These are white goods manufacturers. They have no experience in dealing with IT security.

In German law, there’s a provision for firms of a certain size that handle sensitive data to appoint a Data Protection Officer. From my understanding, that’s part of the EU’s General Data Protection Regulation as well. Maybe we should think about a similar provision for IT/IoT security contacts, as clearly the industry isn’t going to do it themselves.

All new London taxi’s to be “zero emissions capable” starting next year

As we’ve detailed in our newsletter, London is experiencing pretty bad air quality, mostly attributable to the exhaust of Diesel engines. The effort to tackle this starts with taxis:

From 1 January 2018, all taxis licensed for the first time must be zero emission capable, while new diesel taxis will not be allowed in London. […]

The Ultra Low Emission Zone emission standards will be in operation 24 hours a day, seven days a week within the Congestion Charging zone. Drivers who do not comply will have to pay a daily charge.

A ZEC [zero emissions capable] taxi is considered to be a pure electric or hybrid vehicle that is Euro 6 (minimum) and capable of running in zero emission (at tailpipe) mode for all or part of the time (maximum 50g/km CO2 and minimum zero-emission range of 30 miles). If the taxi has an internal combustion engine as part of a hybrid system, then it must be a petrol engine

Bear in mind that this comes from 2015. Regulation like this is outstanding, as it provides incentives for the industry to move quicker. There’s growing momentum to clean up city traffic, with curbs on diesel engines being put in place in more and more European metropolises.

I wonder how VW feels about this.

Amazon’s Ambition

There’s always been an argument about whether Amazon is overvalued. And there’s always been arguments that other companies follow Amazon’s models of foregoing early profits to fuel growth, one of the standard models of XaaS firms these days.

But just how large Amazon has to get to justify its current valuation is mind-boggling, as the Economist illuminates.

But as it grows, so will concerns about its power. Even on standard antitrust grounds, that may pose a problem: if it makes as much money as investors hope, a rough calculation suggests its earnings could be worth the equivalent of 25% of the combined profits of listed Western retail and media firms. But regulators are also changing the way they think about technology. In Europe, Google stands accused of using its clout as a search engine to extend its power to adjacent businesses. The comparative immunity from legal liability of digital platforms—for the posting of inflammatory content on Facebook, say, or the vetting of drivers on Uber—is being chipped away.

Amazon’s business model will also encourage regulators to think differently. Investors value Amazon’s growth over profits; that makes predatory pricing more tempting. In future, firms could increasingly depend on tools provided by their biggest rival. If Amazon does become a utility for commerce, the calls will grow for it to be regulated as one.

How firms of that size, and more generally quasi-monopolies in digital platforms, are regulated is one of the big open questions indeed.

EVs are changing the industry faster than we thought

Is there any question left that electric vehicles are going to seriously change the automotive industry?

Consider this story in Bloomberg, about Deutsche Post’s new electric vehicles:

This boxy, bare-bones van has no air conditioning or radio, no passenger seat and a top speed of less than 50 miles an hour. Yet the electric vehicle’s success has irked the likes of Volkswagen AG.

When Deutsche Post AG couldn’t find a zero-emission delivery van that met its needs, it bought a startup and developed one.

The barrier to entry in building vehicles drops massively with the advent of cheaper electric drive trains. And the form factor will experience wide differentiation across use cases, as it doesn’t have to strictly adhere to the workings of internal combustion engines anymore. We discusses this in one of the latest Thingonomics episodes.

Deutsche Post expects to break even on this project after just 1.500 vehicles. No wonder VW is annoyed.

Ownership and post-sale restrictions

While all the attention is on John Deere and the Nebraskan famers, there’s another case pending in the US looking at post-sale restrictions of product use. Lexmark is trying to use patent law to prop up their business model.

While this is not strictly about licensing and software in products (but it could be), it’s interesting to note that we’re increasingly discussing questions of what exactly ownership is, in the first place.

Impression Products v. Lexmark International is Lexmark’s latest attempt to prevent purchasers from reusing and refilling its ink cartridges with cheaper ink. If Lexmark can use patent law to accomplish this, it won’t just affect the person or company that buys the cartridge, but also anyone who later acquires or refills it, even if they never agreed to what Lexmark wanted. […]

Courts and legal scholars have long acknowledged that such restrictions impair the purchasers’ personal autonomy, interfere with efficient use of property, create confusion in markets, and increase information costs. The Federal Circuit’s ruling is even out of step with copyright law, whose exhaustion principle is codified in the first sale doctrine.