It feels like hardly a week goes by without announcements of major security breaches or leaks. And while we’re not in the business of keeping tabs on individual breaches (egregious ones, like unsecured databases that contain millions of voice recordings, like the one covered two weeks ago, excluded), there was enough smoke this week to have a closer look where the systemic fire might be.

Let’s start with Wikileaks’ Vault7 document drop. While anything Wikileaks publishes these day should be consumed with a rather copious amount of salt, the framing of the purportedly leaked documents, which seemed to ascribe to the CIA almost mythical powers of “cyber”, brought the discussion around consumer IoT electronics to the fore again.

And of course everybody now thinks that who they need to worry about when it comes to IT security is the CIA or NSA. They’re the ones who get their hands on a lot of Zero-Day vulnerabilities (who tend to linger for a long time, as a fortuitously times study by RAND shows). And yet, the reality is far more mundane.

The web has been around for a while, and there’s a whole industry in supporting security on web sites. And yet, the complexity of frameworks and solutions to build websites lead to poor security even in an environment where incentives for security align better than in low-cost consumer hardware. Research into some 133.000 websites has shown that at least 37% of them rely on insecure Javascript frameworks.

It might sound antithetical, but I’m coming around to think that for IoT to work successfully, and sustainably at that, maybe we need to increase the barriers of entry. Apple often gets a bad rep for its stringent requirements for MfI and hence HomeKit certification, among which there’s a requirement for a custom security module, but that makes those low-hanging fruit attacks so much harder. The tradeoff, of course, would be much slower product discovery, i.e. figuring out what people actually want out of connected homes and connected products.

Relatedly, we need to dispense with the notion that “Data is the New Oil.” It leads producers of goods who have no business running backend servers and data collection efforts to think they have to do it, or else they’ll miss out on a massive revenue opportunity. There’s a reason why you shouldn’t host your own email server, and that’s the exact same reason why you probably shouldn’t be collecting customer data yourself. Leave that to the professionals. But I guess you don’t become a disruptive platform unicorn with classic core competency matrices.

I guess it’s as hard these days to not hear about Uber as it is not to have news about 45’s latest twitter antics pushed into your streams. But the Waymo/Uber does make for a compelling business thriller, given that the suit essentially portrays Otto, the autonomous trucking firm acquired by Uber, as a corporate vehicle specifically set up for the purpose of extracting trade secrets from Google to Uber. Of course, it’s for the courts to decide whether that claim has merits, but the narrative doesn’t exactly bode well for a firm that had two punitive weeks in the public relations department.

And if Google/Waymo gets its injunction against Uber’s self-driving car project, the company will be back at square one at a time where the technology race is accelerating. We’ve detailed some of the diverse partnerships that have emerged around self-driving car tech. One of the dominant players has been Mobileye, which until last summer powered Tesla’s self-driving tech, and was this week acquired by Intel. Intel themselves, after having missed Mobile completely, desperately needs a play in automotive, so this makes sense. It’s interesting to note, as we’ve done before, that there’s increasing specialisation around chipsets. Something something death of Moore’s Law, I presume.

Another angle of those partnerships are the enormous data sets that have to be generated and maintained for cars to be able to navigate the world. The mapping data needs to be far more precise than what us mere mortals need. A machine is dumb after all, machine learning notwithstanding, and needs information in much higher resolution. Those mapping efforts are underway, although you have to wonder whether a collective solution wouldn’t be better for everyone involved.

But cars aren’t just tech, and it was obvious that at some stage, specialised insurance products for advanced driver assistance systems would appear. Now such a product has been launched in the US, and it promises reduced rates for miles travelled with Autopilot engaged. The problematic aspect here is that you’re going to hand over your driving data to your insurance, and that of course sets a precedence that can then be used for things like usage-based road taxation. For now it’s an interesting data point for more upheaval in the car insurance industry, as it comes to terms with shifting notions of mobility.

Ah, Elon Musk. Nobody’s really as good at creating a PR opportunity and riding it as Tesla’s CEO. While South Australia suffers from scheduled black-outs due to poor reserve capacities and inclement weather, there’s apparently an offer on the table to deliver 100MWh of battery storage within 100 days, or the system is free. The notional price tag of the system runs at $25mm, but the extraordinary aspect is the speed with which the system supposedly can be installed. Increasingly,

Meanwhile, Google’s DeepMind is trying to embed itself ever deeper into the fabric of the United Kingdom. After it’s gotten access to some NHS data, there’s now a deal to help National Grid to run the electricity grid more efficiently. DeepMind has done the same thing with Google’s data centers before, but complexity tends to increase exponentially in these systems. So we’ll have to see where this leads.

But there’s certainly a lot of potential here. Electricity is a weird market with a mix of price signals and central coordination, and a lot of inefficiencies. Helping discover those inefficiencies, and consequently run the grid better, should go a long way in reducing cost and carbon emissions (which fell by 6% last year, due to a combination of factors). Bear in mind that with the vastness of electricity systems, even small percentage changes can have drastic effects.

The CIA’s canonical directory of Japanese style Faces

How 1960s nuclear-fallout math influences today’s drone regulations 

That’s it for this week. I’ll be in Dusseldorf tomorrow, and hit Bosch Connected World in Berlin on Thursday. If you’re there, say hi! We should meet up.

In the meantime, if you have feedback please send it my way: martin@internetofpeople.eu

And if you like this newsletter, don’t forget to share it!

See you next week.

Cheers,

Martin