Tech Editor Michael Rundle finds the 'unhackable' gadget makers fighting a rear-guard defence against the all-encompassing Internet of Things at CES 2015 in Las Vegas.
Imagine if all of your devices, objects and data were connected in one, glorious ‘internet of things’.
Imagine if you could drive your car with your watch, and turn it on and off with a smartphone.
Imagine if your credit cards could contain literally all of your banking information, if your alarm clock could talk to your city’s traffic lights and wake you early to get you to work on time, and all of your personal health data, biometric profile and the location of every object you own was available in real time on the internet.
Now imagine someone hacks into that 'Internet of Things' and starts to, you know, mess around. Just for fun.
SUBSCRIBE AND FOLLOW TECH
Get top stories and blog posts emailed to me each day. Newsletters may offer personalized content or advertisements. Learn more
Yeah. It's the end of the world.
“A little paranoia goes a long way,” says Justin Mitchell, co-founder of NXT-ID - creators of the hack-proof Wocket Smart Wallet - one of a sudden surge in devices dedicated to personal security at this year’s CES.
“But maybe a little bit more would go even further.”
If this is the year of the Internet of Things, the subtext is that it’s also the year we need to start paying as much attention to security and privacy as flashing lights and 4K TVs.
The vast majority of this space is taken up with two kinds of companies: massive, international conglomerates trying to sell you a 4K TV, a new smartphone or a pair of speakers for $40,000, and small start-ups usually pitching a service or device which uses, collects or stores data on the internet. Almost all of these products form part of the Internet of Things in some way.
There aren’t that many companies pitching ways to keep all that data safe.
Which is perhaps surprising. The recent hack of Sony Pictures is an obvious example of hacking hitting the mainstream media. But in the UK stories such as the launch of Insecam, a website which made thousands of live webcam streams from UK homes available to watch on demand, did just as much to put personal privacy on the agenda. The longer-term implications of Edward Snowden’s revelations on government spying in the UK and USA are also still emerging, The result is that it’s clear hacking and data protection are a mainstream story. It’s also a consumer story. In the US in particular, ‘normal’ users have been as much the victim of credit card attacks on stores like Target as the businesses themselves.
In this context, it’s also surprising that the dedicated Personal Privacy area which is at CES in 2015 is a first. There have always been personal privacy products of a type at CES and shows like it, but they’ve been scattered between iPhone accessory stands and IT companies, never given their own space.
Though it’s not much of a space, to be truthful.
Shoved into the back wall of the cavernous South Hall, it comprises a cluster of about ten huts and small booths. It is bordered on one side by a large Kodak stand (yes, Kodak still exists) and on the other by a Chinese company selling pounding disco speakers. With relatively little foot traffic compared to the raging torrents around the major stands, it feels curiously empty. Perhaps aptly, though unintentionally so, it is also almost impossible to find.
The stands offer all kinds of products to protect yourself and your data in the modern, connected world. In all about 65 privacy security companies exhibited this year. Some - such as a range of leather phone cases designed to block radio signals, and a carbon passport case with a fingerprint scanner - are simple and even aesthetically attractive — if a little paranoid in feel. Some are genuinely clever, like NEXT-ID’s Wocket. A few - like an iPhone with built-in two-way voice encryption by Vysk Communications - are vaguely ridiculous, but there is a clear market there too. Other companies exhibiting in this area included Hypr Corp, who have a new three-factor authentication solution debuting in 2015, Ength Degree, which makes tracking tags, and LoopPay, the mobile security firm.
“You don’t have to be paranoid to think this way,” said Aaron Zar, 31-year-old CEO and founder of Peeled Group. “It’s 2015, this is the world we live in. You don’t have to be paranoid. If you’re savvy enough to what other people can do to you, why wouldn’t you think about how to protect yourself?”
Zar’s company offers a range of leather phone and tablet cases ('Silent Pockets') with built-in protection from phone signals, WiFi, RFID, NFC, Bluetooth and GPS. While outwardly they are normal cases the result is that you’re offline completely - and safe from any digital snoopers - until you take them out again.
“This is a simple way of taking back a bit of control over your privacy and security,” he said. “We progress and progress and everything is great, but the honeymoon phase is over. Maybe it would be nice if things were the way they used to be.” It’s also relevant to the issue of digital overload. “There are times and places to not have a cell phone and just be present, where you actually are,” he said.
Similarly, iWallet will sell you a carbon fibre, RFID blocking, Bluetooth-enabled box with a fingerprint scanner for you cards or passport, which they claim can protect anyone from stealing your data - whatever the method.
“The hackers are always five steps ahead of all the rest of us,” says iWallet CEO Jack Chadsley. “It’s going to get bigger and bigger… We don’t spend a lot of time trying to scare people but it is a reality. It’s happening out there today.”
It’s not just wallets and passports. At this year’s CES Ledger Wallet were offering a new way for owners of Bitcoin to take their secure online currency and lock it up in a physical USB key. PIA (’Private Internet Access’) were pitching subscriptions to a private network designed to mask your online identity (and also handing out little plastic sliders to place over your webcam).
And then there is the NXT-ID Wocket. This device will literally replace all of your credit cards, downloading their data into one, secure device and then re-downloading it to a wiepable card as and when you need it. The Wocket stores up to 10,000 cards, checks you are really you with voice analysis, works without an internet connection and lasts six months on a single battery charge. But if it’s stolen, it’s useless.
“I was surprised by the lack of a larger space for privacy products,” said Justin Mitchel (NXT-ID). “People aren’t aware how insecure their data is.”
“The security implications of Internet of Things have been absolutely ignored. Oh, you can open up my garage door and turn on my lights and open my safe? Yeah, you totally could! It’s all connected. Ours is a totally un-connected device.”
What’s more surprising is that major CEOs and industry figures were prepared to make the same case at CES — even as companies like Samsung went all-out in pitching the Internet of Things as the next great innovation in tech.
US Federal Trade Commission chair Edith Ramirez used her speech at CES to make exactly that point.
“Connected devices that provide increased convenience and improve health services are also collecting, transmitting, storing, and often sharing vast amounts of consumer data, some of it highly personal, thereby creating a number of privacy risks,” she said.
“The introduction of sensors and devices into currently intimate spaces … allows those with access to the data to perform analyses that would not be possible with less rich data sets, providing the ability to make additional sensitive inferences and compile even more detailed profiles of consumer behavior.”
It's time for Samsung et al to invest as much in security as in flashing press conference announcements, she said.
"As is evident here this week, companies are investing billions of dollars in this growing industry; they should also make appropriate investments in privacy and security. The stakes are too high to do otherwise. So, as we commit to New Year’s resolutions, we should also resolve to take appropriate steps for the IoT to flourish and reach its full potential across our economy in a way that does not harm or sacrifice consumer privacy.”
The Consumer Electronics Association, which runs CES, says that it launched the Personal Privacy area in response to demand - which implies it could grow, if consumer demand also grows. And it probably will. The hackers aren’t going anywhere and neither is the Internet of Things - which the CEA says could hit $300 billion in revenue by 2020.
“We develop new marketplaces every year based on market trends and exhibitor need," Allison Fried, senior manager of international communications for the Consumer Electronics Association, said this week.
The new privacy area "highlights the latest innovative technologies aimed at protecting consumer information," she said.
At the very least, the privacy and security devices on show at CES this year offered an alternative to all your data, and all your gadgets talking to each other, forever.
“Some people say to us, ‘oh I have nothing to hide’,” says Lisa Shaw, VP of marketing at Vysk which makes encrypted and privacy-enabling iPhone cases. “But wait a minute we shut the curtains. It’s not because we’re doing bad things. We just want a little privacy. Even if you don’t buy a case, be aware. And be accountable.”
Suggest a correction