I’m An Airline, Fly Me

This an email from a bona fide airline: 

Dear Sir/Madam,

Please be informed that your transaction with [international carrier] has been confirmed. Due to fraud prevention procedure against Credit Card transaction, we would like to validate your recent transaction with [international carrier] by filling information below :

Passenger(s) name :
Route :
Date of Travel :
Cardholder name :
Address :

Also, we need to confirm and validate your name and last four digit of your card number. Please kindly provide scanned/image of your front side credit card that used to buy the ticket. You may cover the rest information on the card. Please reply in 8 hours after received this email or we will cancel the reservation.

Thank you for your cooperation.

Best Regards,
Verification Data Management

BBC: The Rise of Disappearables

The transcript of my BBC World Service piece on wearables. Reuters original story here

Forget ‘wearables’, and even ‘hearables’, if you’ve ever heard of them. The next big thing in mobile devices: ‘disappearables’.

Unless it really messes up, Apple is going to do for wearables with the Watch what is has done with the iPod for music players, the phone with its iPhone, the iPad for tablets. But even as Apple piques consumer interest in wrist-worn devices, the pace of innovation and the tumbling cost, and size, of components will make wearables smaller and smaller. So small, some in the industry say, that no one will see them. In five years, wearables like the Watch could be overtaken by hearables – devices with tiny chips and sensors that can fit inside your ear. They, in turn, could be superseded by disappearables – technology tucked inside your clothing, or even inside your body.

This all may sound rather unlikely, until you consider the iPhone is only 8 years old, and see what has happened to the phone since then. Not only do we consider the smartphone a status symbol in the salons of New York, but they’re something billions of people can afford. So it seems highly plausible that the watch as a gizmo is going to seem quaint in 10 years — as quaint as our feature phone, or net book or MP3 player is now.


So how is this all going to play out? Well this year you’ll be able to buy a little earpiece which contains a music player, 4 gigabytes of storage, a microphone to take phone calls – just nod your head to accept – and sensors that monitor your position, heart rate and body temperature.

Soon after that you’ll be able to buy contact lenses that can measure things like glucose levels in tears. Or swallow a chip the size of a grain of sand, powered by stomach juices and transmitting data about your insides via Bluetooth. For now everyone is focused on medical purposes, but there’s no reason that contact lens couldn’t also be beaming stuff back to you in real time — nice if you’re a politician being able to gauge the response to your speech so you can tweak it in real time.

Or you’re on a date and needing feedback on your posture, gait, the quality of your jokes. 

In short, hearables and wearables will become seeables and disappearables. We won’t see these things because they’ll be buried in fabric, on the skin, under the skin and inside the body. We won’t attack someone for wearing Google Glasses  because we won’t know they’re wearing them. 

Usual caveats apply. This isn’t as easy as it looks, and there’ll be lots of slips on the way. But the underlying technologies are there: components are getting smaller, cheaper, so why not throw in a few extra sensors into a device, even if you haven’t activated them, and are not quite sure what they could be used for? 

Secondly, there’s the ethical stuff. As you know, I’m big on this and we probably haven’t thought all this stuff through. Who owns all this data? Is it being crunched properly by people who know what they’re doing? What are bad guys and governments doing in all this, as they’re bound to be doing something? And how can we stop people collecting data on us if we don’t want them to? 

All good questions. But all questions we should be asking now, of the technologies already deployed in our street, in our office, in the shops we frequent, in the apps we use and the websites we visit. It’s not the technology that’s moving too fast; it’s us moving too slow.

Once the technology is too small to see it may be too late to have that conversation.  

Technorati Tags: , , , ,

The Facebook Experiment: Some Collated Views

A few pieces in the Facebook Experiment. I’m still mulling my view. 

Paul Bernal: The Facebook Experiment: the ‘why’ questions…:

 Perhaps Facebook will look a little bad for a little while – but the potential financial benefit from the new stream of advertising revenue, the ability to squeeze more money from a market that looks increasingly saturated and competitive, outweighs that cost.

Based on the past record, they’re quite likely to be right. People will probably complain about this for a while, and then when the hoo-haa dies down, Facebook will still have over a billion users, and new ways to make money from them. Mark Zuckerberg doesn’t mind looking like the bad guy (again) for a little while. Why should he? The money will continue to flow – and whether it impacts upon the privacy and autonomy of the people on Facebook doesn’t matter to Facebook one way or another. It has ever been thus….

(Via Paul Bernal’s Blog)

A contrarian view from Rohan Samarajiva: Confused objections to Facebook emotional contagion research:

I am puzzled by the predominantly negative reaction to the manipulation of Facebook content, in the recent published research article in the mainstream media (MSM), though perhaps less in blogs and such.

It seems to me that MSM’s reaction is hypocritical. They manipulate their content all the time to evoke different emotional responses from their readers/viewers/listeners. The difference is that conducting research on resultant emotional changes on MSM is not as easy as on Facebook. For example, magazines have used different cover images, darkening or lightening faces and so. Their only indicator of success is whether version A sold more than version B. Not very nuanced.

(Via LIRNEasia)

And Ed Felten: Privacy Implications of Social Media Manipulation:

To be clear, I am not concluding that Facebook necessarily learned much of anything about the manipulability of any particular user. Based on what we know I would bet against the experiment having revealed that kind of information about any individual. My point is simpler: experiments that manipulate user experience impact users’ privacy, and that privacy impact needs to be taken into account in evaluating the ethics of such experiments and in determining when users should be informed.

(Via Freedom to Tinker)

And finally from Robin Wilton: Ethical Data Handling and Facebook’s “Emotional Contagion” Study:

Once, in a workshop, while discussing mechanisms for privacy preference expression, I said I would be happier for data subjects to have some means of expressing a preference than none. An older, wiser participant made the following wry remark: “That only brings a benefit if someone is prepared to give weight to their preference. If not… well, ten million times zero is still zero”. And that’s the weight Facebook appears to have given to the legitimate interests of its data subjects.

(Via Internet Society Blog Feed)

True Video Lies

This is a longer version of a piece I recorded for the BBC World Service.

The other day my wife lost her phone out shopping. We narrowed it down to either the supermarket or the taxi. So we took her shopping receipt to the supermarket and asked to see their CCTV to confirm she still had the phone when she left.

To my surprise they admitted us into their control room. Banks of monitors covering nooks, crannies, whole floors, each checkout line. There they let us scroll through the security video—I kind of took over, because the guy didn’t seem to know how to use it—and we quickly found my wife, emptying her trolley at checkout line 17. Behind her was our daughter in her stroller, not being overly patient. It took us an hour but in the end we established what look liked a pretty clear chain of events. She had the bag containing the phone, which she gave to our daughter to distract her at the checkout. One frame shows the bag falling from her hands onto the floor, unnoticed by my wife.

Then, a few seconds later, the bag is mysteriously whisked off the floor by another shopper. I couldn’t believe someone would so quickly swoop. The CCTV records only a frame a second, so it took us some time to narrow it down to a woman wearing black leggings, a white top and a black belt. Another half hour of checks and we got her face as she bought her groceries at another till. No sign of the phone bag by this time, but I was pretty sure we had our man. Well, woman.

Except I’m not sure we did. What I learned in that control room is that video offers a promise of surveillance that doesn’t lie. It seems to tell us a story, to establish a clear chain of events. But the first thing I noticed was when I walked back out into the supermarket, was that how little of the floor it covered, and how narrow each camera’s perspective was.

For the most part we’ve learned that photos don’t always tell the truth. They can be manipulated; they offer only a snapshot, without context. But what about videos? We now expect to see cameraphone footage in our news bulletins, jerky, grainy recordings taken by unseen hands, raw and often without context.

This is not to say videos are not powerful truth tellers. But we tend to see what we want to see. When a policeman pepper sprays protests at the University of California there is outrage, and it does indeed appear to be unwarranted. But when four of the videos are synchronized together a more complex picture emerges. Not only can one see the incident within context, but also one gets a glimpse of a prior exchange, as the officer explains what he is about to do to one protester, who replies, almost eagerly: “You’re shooting us specifically? No that’s fine, that’s fine.”

This is not to condone what happens next, but this exchange is missing from most of the videos. The two videos that contain the full prelude are, of course, longer, and have been watched much fewer times: 12,658 (15 minutes) and 245,226 times (8 minutes) versus 1,346,781 times (1 minute) for the one that does not  (the other video has since been taken down).

I’m not suggesting that the more popular video has been deliberately edited to convey a different impression, but it’s clearly the version of events that most are going to remember.

We tend to believe video more than photos. They seem harder to doctor, harder to hoodwink us, harder to take out of context. But should we?

It’s true that videos are harder to fake. For now. But even unfaked videos might seem to offer a version of the facts that isn’t the whole story. Allegations that former IMF president  Dominique Strauss-Kahn may have been framed during a sexual encounter at a New York Hotel, for example, have recently been buttressed by an extensive investigation published recently in the New York Review of Books. There’s plenty of questions raised by the article, which assembles cellphone records, door key records, as well as hotel CCTV footage.

The last seems particularly damning. A senior member of the hotel staff is seen high-fiving an unidentified man and then performing what seems to be an extensive dance of celebration shortly after the event. This may well be the case, but I’d caution against relying on the CCTV footage. For one thing, if this person was in any way involved, would they not be smart enough to confine their emotions until they’re out of sight of the cameras they may well have installed themselves?

Back to my case: Later that night we got a call that our phone had been recovered. The police, to whom I had handed over all my CCTV evidence, said I was lucky. A woman had handed it in to the mall’s security people. I sent her a text message to thank her. I didn’t have the heart to ask her whether she had been wearing black trousers and white top.

But I did realise that the narrative I’d constructed and persuaded myself was the right one was just that: a story I’d chosen to see.

Carrier IQ’s Opt-Out Data Collection Patent

ZDNet writes here about an Carrier IQ patent that outlines keylogging and ability to target individual devices . Which is interesting. But Carrier IQ owns a dozen patents, including this one, which to me is much more interesting. This patent indicates what Carrier IQ software could do—not what it does—but it is revealing nonetheless:

A communication device and a data server record and collect events and event-related data to create an activity record. A user of the communication device may request that events and related data be recorded and collected using a configuration option on the communication device or through an interaction with the data server. Data are grouped into data sets and uploaded to the data server either automatically or upon user approval. The data server uses the uploaded data to create an activity record which the user may access through a website. The user uploads additional data which are associated with the activity record. In some instances, the data server embeds a link pointing to the additional data in an entry in the activity record corresponding to an event associated with the additional data.

Basically this patent offers a way for a “user”—which could be either the user of the device or the service—to have a record of everything they do:

image

While most of the patent is clearly about a product that would create a ‘lifestream’ for the user—where they can access all the things they’ve done with the device, including photos etc, in one tidy presentation, there’s clearly more to it than that. Buried in the patent are indications that it could do all this without the user asking it to. It’s paragraph 0023 which I think is most interesting:

A user of a mobile device requests that events and event-related data be collected by a data server and data collection begins. Alternately, data collection may be a default setting which is turned off only when the device user requests that data collection not occur. In yet another embodiment, a request from a server can initiate, pause, or stop data collection. The mobile device is configured to record events performed by the mobile device as well as event-related data. Typical events that the mobile device records include making or receiving a phone call; sending or receiving a message, including text, audio, photograph, video, email and multimedia messages; recorded voice data, voice messages, taking a photograph; recording the device’s location; receiving and playing an FM or satellite radio broadcast; connecting to an 802.11 or Bluetooth access point; and using other device applications. The data most often related to an event include at least one of: the time, date and location of an event. However, other event-related data include a filename, a mobile device number (MDN) and a contact name. Commonly, the mobile device records events and provides a time, date and location stamp for each event. The events and event-related data can be recorded in sequence and can be stored on the mobile device.

This seems to suggest that

  • basically all activity on the phone can be logged
  • the software can be turned on by default
  • the software can be turned on and off from the server

All this information would be grouped together and uploaded either with the user’s permission or without it:

[0025] The mobile devices may be configured to store one or more data sets and upload the data sets to the data server. In one embodiment, the data sets are uploaded automatically without user intervention, while in other embodiments the mobile device presents a query to the user beforehand. When the mobile device is ready to upload one or more sessions to the data server, a pop-up screen or dialog may appear and present the user with various options. Three such options include (1) delete session, (2) defer and ask again and (3) upload now. The user interface may present the query every time a session is ready to upload, or the user may be permitted to select multiple sessions for deletion, a later reminder or upload all at once. In another embodiments, the uploading of sessions may occur automatically without user intervention. Uploads may also be configured to occur when the user is less likely to be using the device.

This point—about the option to collect such data without the user’s say-so—is confirmed in [0030]:

Although typically the device and the server do not record, upload and collect data unless the user requests it, in other embodiments the communication device and the server automatically record, upload and collect data until the user affirmatively requests otherwise.

And in [0046]:

In embodiments where participation in the data collection services is the default configuration for a mobile device (e.g., an “opt-out” model), it is not necessary to receive a request from a user prior to recording data.

An ‘opt-out’ model is hard to visualize if this is a product that is a user-centric lifestream.

While patents only tell part of the story, there’s no evidence of any such consumer-facing product on Carrier IQ’s website, so one has to assume these capabilities have been, or could be, wrapped into their carrier-centric services. In that sense, I think there’s plenty of interest in here.