Are you keeping up with Smart Phones?

Smart Phones are everywhere and they're not just being used to make phone calls. Over 60 per cent of the use of Smart Phones is now for social networking, email, browsing the net, conducting business activity, listening to music, taking pictures and playing games.

This change of use often means there is significant personal information either stored, emitted (e.g. location and usage) or accessible from your Smart Phone. These added functions offer real benefits to users but also risks, not only to the individual, but to businesses. But firstly, what is driving this market growth in Smart Phones?

Apple gave the market a real move-on kick over the last few years with their stylish iPhone range. This has been so succesful that it has helped Apple become the world's second most valuable company behind Exxon. Such market dominance attracts competition though, and we have seen phones using Google's Android operating system recently overtake Apple in terms of devices being shipped. Meanwhile, traditional phone vendors such as Nokia have fallen well behind.

The growth in this market also comes at the expense of the PC market. IDC is telling us that in the fourth quarter of 2010 there were more Smart Phones sold globally than PCs as more people make their phone their primary IT device.

This trend is not abating and we have seen the traditional PC market players realising the importance of the Smart Phone market and start investing to be part of it. For example, HP has recently launched their Veer Smart Phones and Microsoft is attempting to shore up market share by purchasing Skype and has teamed up with Nokia who is now shipping their new phones with the Windows operating system at their core.

Traditional mobile telecommunication carriers are also being impacted. They see the value in their brand diminished by the brand of the device manufacturer and application provider and risk being relegated to providers of core infrastructure bandwidth alone.

This growth in Smart Phones is attracting significant investment. On a recent trip to Silicon Valley, I saw this first hand when I learnt that one leading venture capital firm alone, Kleiner Perkins, has a US$400 million fund for iPhone apps as well as a US$400 million fund for Android. That level of investment will drive better applications for the user and will further accelerate growth in sales of Smart Phones.

One result of this massive growth is the "consumerisation" of IT. What this means is that new information technology emerges first in consumer markets and then spreads into businesses and not the other way around as we have seen in the past. We find that often our home based IT equipment and services are both more capable and less expensive than what is provided in the workplace.

At the recent Net Hui, I facilitated a session around "The changing face of the internet - Mobile and Security". Over a hundred people were in the session and the core of the discussion centred around two things, the desire of people to increasingly bring their own technology into the work place and the need for increased security on mobile devices.

Consumerisation is fuelling tension between the traditional business model of providing staff a corporate phone and controlling the use of the device and the information on it via corporate policies and you wanting to Bring Your Own Device or Technology (BYOD or BYOT) to the workplace.

We discussed this at length at the NetHui session and it was clear that many users were being forced to carry at least two cell phones, which is not ideal. Some organisations (mainly smaller ones) had already moved to allow staff to have their own devices. However, all agreed that there needs to be a clear policy within organisations to explaining to staff what the rules are regarding their Smart Phone use in either scenario.

This is not simple though, and there are many real issues that need to be considered. What happens when a device is lost? If it is, is the business able to direct that all information, including personal data, is wiped from the phone?

What happens to company information on the phone when the user leaves the company? What behaviour can the business expect from the staff member on the device to ensure the reputation of the business is not impacted?

Who shares the cost for the device? Should the company be able to restrict access to certain sites the user wants to use on the device? Who is responsible for keeping the phones operating system up to date with security patches?

I cannot provide answers to all of these questions here. Each organisation needs to do this for itself based on its own position. It is clear that many businesses are having to update their mobile phone and security policies and there is an opportunity for collaboration here to help each other and avoid us all having to reinvent the wheel.

The NetHui provided an online forum for discussion on this topic that will be left open until the next Hui. I encourage all of you who are interested or concerned about this area to make use of the forum to post your thoughts, questions, and provide answers if you can. You can even post copies of policies that are working for your organisation or those that are not.

What is the long term solution then? Maybe we can look to the wider market where we are seeing function move from the end user devices up into the cloud, enabling use of the utility scale that offers lower price, improved security and simplified management. Will we see the same happen with Smart Phones? Will that mean we will see Smart Phones become less smart over time and become just a mobile access point to services in the cloud? This way, personal and business applications could be accessed from different cloud based services, making them easier to turn off and on as the needs of the user, and who they work for, changes.

Is Anyone Safe in Cyberspace?

I have just read the US Department of Defense (DoD) Strategy for Operating in Cyberspace (July 2011). Within the document it is states that the "DoD networks are probed millions of time every day, and successful penetrations have led to the loss of thousands of files from U.S. networks and those of U.S. allies and industry partners". If the DoD cannot protect its information in cyberspace who can?

It is great to see that the DoD recognises the pervasiveness of technology in our lives today and that we are dependent on technology to run critical infrastructure (e.g. Transportation, Communication), to facilitate trade and for markets to operate.

Balancing this need for security and protection, is the reliance on the inherent openness of cyberspace to enable "new forms of entrepreneurship, advances in technology, the spread of free speech, and new social networks that drive our economy and reflect our principles".

This openness means that "the Internet was designed to be collaborative, rapidly expandable, and easily adaptable to technological innovation. Information flow took precedence over content integrity; identity authentication was less important than connectivity."

It is great to see the DoD making such a policy available in a transparent way, sharing their thinking and recognition of this issue so that we can all work together to resolve the issues that the Internet presents while protecting the opportunities it presents.

Perhaps the most unexpected comment for me was the recognition that the threat to Intellectual Property is seen as the most pervasive threat today and seen as more important than the threat to critical infrastructure - "Every year an amount of intellectual property larger than that contained in the Library of Congress is stolen from networks maintained by US businesses, Universities, and Government Departments and Agencies." Clearly information is power and businesses and economies rely on managing and protecting protect such information for their survival just as we as individuals need to manage and control our own personal information in the cyberworld we live in.

Here is the link to the document if you are interested - It is only about 12 pages long and very readable. DoD - Strategy for Operating in Cyberspace

Who is Shaping the Internet?

Internet New Zealand recently ran a three day Net Hui (conference) in Auckland to discuss key issues around the internet. Over 500 people from all walks of life attended the event, making it a rich environment to hear a wide range of views and perspectives.

There were lively discussions on topics ranging from copyright law, access and diversity, digital citizenship, human rights, the future of digital content, who controls or governs the internet, censorship, and much more.

I could not possibly cover all the issues or ideas discussed and would encourage you to go to the Hui website (http://nethui.org.nz/ ) where you can still access the discussion forums and notes from each session. You can also view YouTube videos from some of the major sessions including the well received key note speaker, Professor Lawrence Lessig. ( http://www.youtube.com/NetHuiNZ )

The key things that hit me personally from the conference were:

1. The internet is changing the world we are living in. We all know the internet is a powerful tool and that more and more people are using it, but at the Hui, I heard real examples about how the internet is revolutionising business models (e.g. the media industry), empowering people to learn about the world in which they live, and even helping bring change in governments.

2. Privacy and security issues are clearly mainstream. The truth is out about how Facebook and Google earn their money, and it is from our personal Information. With hundreds of millions of people using such services, people are becoming aware of the need to control and protect their personal information and manage it in a way that helps them derive value from it, not others.

3. There is a need for continued education regarding the internet. It was a clear reminder that the average internet user is not a very sophisticated user, but is someone who is using email, social networking, searching for information and maybe buying and selling online. While the internet needs to be simple for all to use, some of the issues and challenges the internet presents are not that simple. There is a need for ongoing discussion and education about the internet so that it continues to be a system that helps us live the lives we want to lead not hinder it.

Well done Internet New Zealand for hosting such an event and bringing discussion on these issues into the public arena. The internet is here to stay and we all need to shape its future together so that it helps us live our lives in the way we want to.

Google to retire Google Health

It was interesting to hear today that Google has decided to close down it’s Google Health service. This service was set to be a great service to individuals that wanted to create an online health record and to get advice online that would help them manage their health.

There has been much discussion over the last few years regarding what Google’s motivation was in creating such a service, with many leaning towards the standard view that Google was just interested in gaining the advertising revenues associated with marketing of products to people who use this service. There was also concern about compliance of Google health with such laws as HIPPA (Health Insurance Portability and accountability Act). I also remember signing up for the service when it launched in 2008 and being told the service only applied to American citizens which I thought was a bit limiting.

It is great to see that Google has allowed users to extract their data in certain formats (CSV, Excel, PDF etc) which gives me encouragement that Google is taking the view that personal information belongs to the individual not to Google. The service will continue to operate until January 2012 so you have a few months to extract your data.

Microsoft’s HealthVault on the other hand shows no sign of stopping. It seems that Microsoft’s implementation has found more favour with health professionals and is being adopted on in the UK and other countries. Thos familiar with the health industry will know that the best way to get things working in this space is to make sure you are on side with the health professionals.

Regarding our own health record in myINFOSAFE, we are looking to move the format of health data stored towards open portable data standards so users have the option to import data from other compliant services or similarly export their data if they choose to. Watch this space.

Some relevant links for further dialogue on this subject for those that are interested:

Tech.bloge - http://tech.blorge.com/Structure:%20/2011/06/25/does-the-death-of-google-health-mean-the-end-of-online-health-records/

PC World - http://www.pcmag.com/article2/0,2817,2387568,00.asp

Privacy of Personal Information

How private is information you post on the internet? Is it more secure than if you store that information on your PC?

The reality is that information can be very secure or very insecure on both platforms.
In regards to the Web, I found a helpful view in David Siegel's book "PULL". He states that there are three basic levels to the Web and area findable by public search engines like Google and Bing.

The Public Web which we normally see when searching and browsing for information online.
The Deep Web which includes large data repositories that public search engines usually do not see. E.g. Craigslist, Grainger etc.
The Private Web which we can only get access to if we qualify or have access rights. E.g. Corporate intranets or subscription based services. Again, this information is not searchable by public search engines.

So your data is more secure in the private web than the public web, but, in all these systems there are people that have the ability to access your information if they wish to. There is always a systems administrator or similar with super admin rights to each database and can just about always get to see what data is stored anywhere.
On your PC you may think your data is safe, but there are two main ways that people can gain access to information on your PC.

Remotely - If your PC is connected to the internet, even if you have firewall protection or security software, there are ways that people can gain access to your PC and search your information.
Physically - If someone gains physical access to your PC, and even if your PC is password protected, people who know how can access your PC and search your information. This can also be that case if they get hold of any of your back up devices for your PC.

On either platform the best way to ensure that your data is not compromised is to have it encrypted with a strong cryptographic key that is kept confidential (and separated from any systems administrator). This way, even if information is found it cannot be read or understood as all the information is encoded using this key.

The cracking of a strong encryption key of about 192 or 256 bits is considered infeasible.

So, be careful what you do with your information. If you want it shared then that is fine. If you want it safe and protected, encrypt it – end of story.

Linkability?

So you post some information on your website, your blog, or post some pictures on the internet for friends to see. What happens to it then? Can this information be copied, re-used, modified? Yes it can. This is less than ideal as you soon lose control of your information and it is off into cyberspace somewhere for who knows what purpose.

Some would say this is no different to talking to someone and them talking to someone else and soon you do not know who is talking about you. This is OK if it is about things you are happy for people to talk about, in fact this can often be beneficial. But what if you share something personal with someone in confidence and others get to know. You feel your confidence and trust in that person has been breached and this is not OK.

How can we set up similar confidence rules for information we share on the internet to protect ourselves from the openness of the internet when we need it?

Some would say that if you do not want your personal information spread on the internet, then do not put it up there. That may be right sometimes (e.g. just do not put those pictures from the office party up on Facebook). Others will say, make sure you submit such information in password protected areas. But what is stopping other members copying that info and distributing it outside of the protected area.

There are times you need to share information on a confidential matter and discuss it with people you trust. Due to geographical location or the need for input from multiple people, the internet is often the best mechanism in which to do this.

So, in the mean time, you are left with using a search engine to see what is being said about you on the internet and how information about you is being treated, then trying to correct it. Perhaps what we need is some mechanism to link (Linkability?) us to our information or protect sensitive information we do post or submit to the internet. Is there such a mechanism?

Look forward to learning about what views people have in this regard and what initiatives are underway to move us forward in this area.

What is our identity in the digital world?

As with any new system, it will evolve over time and hopefully improve the way it operates. The Internet has evolved primarily by the construction of individual websites that view the people they interact with as "their" customers and so have set up userID's and passwords to let users enter "their"system.

Of course as more and more websites have been built we the users have had to have more and more UserID's and Passwords the we have to remember to enter each website we want to make use of. Of course each website has different rules and processes for setting userID's and passwords. Some ask you to use your email address, some ask for a unique identifier for you that may not be able to be your name. The passwords can be short or long, capitalised, include symbols etc. which makes it impossible to have the same password (not that we should be using the same password should we).

What we need to evolve to is the Internet seeing individuals as real people who need to access more than one site. This is where the Open ID was formed. The Open ID allows you to use an existing account to sign into multiple websites, without needing to create new passwords.

Click here to find out more about Open ID http://openid.net/get-an-openid/what-is-openid/

More and more websites are adopting Open ID or something like it, including some of the big players like Google and Yahoo. This will help users have a better experience on the Internet over time. Bring it on!

Please let me know if you have used Open ID of something similar and let me know if it is improving the experience on the Internet or if it is creating issues for you.