feature article
Subscribe Now

Who Gets Access?

Will the IoT Use the Desktop or Cellphone Model?

It’s like we have two separate brains, and only one of them can be on at a time.

In one brain, we deal with desktop and laptop computers. These are machines we use to do work. (Well, they used to be until content consumption via tablets looked tempting, and then all computers had to be that, making it harder to do actual work. But that’s a separate topic.)

The work we do on our own computers is considered to be our private business. We connect the computers to the internet in order to get information or talk to other computers or buy stuff or whatever. Historically, it was an “option” to connect, but these days, it’s pretty much only black networks that have no outside access. For the most part, all desk- and laptops are connected.

These connections are intended to be outgoing unless some external party is explicitly invited in. But being connected opens the risk that someone from the outside could get in uninvited. We talk about these kinds of invaders using the language of violation: intrusion, malware, hacker/cracker, spy. The goal is that none should get in; we more or less live with the fact that, despite our best defensive efforts, some may make it through, so we install protective software to neutralize any such attack.

One thing you might not think twice about is this: your laptop manufacturer – Sony, Lenovo, Dell, whoever – does not get to ride along with you for your computing ride. You buy your computer from them and, unless you want customer support of some kind, they’re out of the picture. In fact, if you do want customer support – from your manufacturer or from the purveyor of any other software or service that’s not behaving as expected – there are tools that let them into your computer so that they can help to debug the issue. Such tools are used cautiously, and, critically, you, as computer owner, have to give your permission for them to enter.

OK, so that’s one brain. Computing engine is private, access is limited to your invited guests, and anyone else is considered an intruder.

Let’s shut that brain down and go to the other one. In this brain, we have cell phones. These evolved conceptually from landlines, so, as a communication device (not a computing device), it makes no sense for them to be disconnected. Yeah, the mobile guys took advantage of lax oversight to extract more money by including ring time in billing as well as charging both parties, practices that never happened with landlines, but, more or less, the model is that you use the communication device, they monitor your calls, and then they bill you according to usage. Just like ol’ Ma Bell.

In this model, as a communication device, it’s natural that the phone company be able to see the calls you’re making – that’s how they know how much to charge. In the old landline days, you didn’t even own the equipment (although you might rent it). Today you do own the equipment, although in the cell case, it may be heavily subsidized in order to attract those lucrative calls.

But what I’ve described here is an old cell phone – maybe a “feature phone.” Not a smartphone. A smartphone is all about apps and services. The phone calls are almost secondary. To the point where there are predictions that, plugged into a docking station that connects a full-size keyboard and monitor, these smartphones will evolve to replace the desktops and laptops.

But the whole access scenario is completely different with phones – and we seem completely happy with it. (Well, some of us, anyway.) When you download an app, that app gets access to data in a way that would never be tolerated on a desktop machine. Heck, it took a lot of pressure before phone users were even allowed to see what privacy they were giving up and could approve or block an installation based on that information.

“Hey, our new dictionary app will make it a snap for you to look up foreign words in restaurants. Of course, in order to do this, we’ll need access to all your contacts, your calendar, and your emails, thank you.” These days it’s an all-or-nothing game. You can’t limit some of the access: if you want the app or the service, you have no choice but to concede to their demands.

Ever looked at the Facebook app access expectations? This is where the difference between phone and desktop is particularly visible. On a desktop, my contacts are safely stored on my hard drive in an Outlook file. As is my calendar, and as are my emails. Anything gaining access to that under color of some other activity would be considered way out of bounds. So when I view Facebook on my computer, it’s simply my browser taking me to the Facebook servers. Facebook can’t (or isn’t supposed to) root around on my hard drive to get other information.

But with the Facebook phone app, you can’t install it unless you agree to let them root around in your phone. All those contacts and events and emails that they can’t get to on my desktop? They can get to them on my phone. (Which is why I abandoned the installation.)

So in one brain, we build all kinds of defenses against others prying into our private data. In the other brain, we seem to have no problem letting those same guys pry into that same private data. There are two completely different ecosystems built around the two different models: McAfee and Symantec and the like enforce the No Trespassing rules of desktops, while the giant app industry runs rampant on our phones.

And no one seems to notice the conflict.

OK, so computers and phones are inconsistent, but they’re so yesterday’s technology. What’s new about this? Well, by all reports, the Internet of Things (IoT) is coming. That means that your factories and homes will have practically everything connected to the Cloud.

If you’ve looked at any of the internet platforms, you’ll have seen that they provide obvious critical services for communication between the Things and the Cloud. After all, the whole scheme breaks down if those two can’t communicate. Why do they need to talk? Because, presumably, some important calculations are being done in the Cloud rather than in your Things. You don’t want to have to provision a door lock with a massive computing engine; you want the Cloud (OK, perhaps the Fog – don’t worry for the moment if that makes no sense) to handle that heavy lifting.

So in order for this to work, the Cloud and the Things must be able to communicate regularly. Meanwhile, if you want access yourself, as owner of the Things, you’ll have a phone app or even an enterprise desktop computer program or browser page where you can control your Things or see how operations are going.

But here’s where an industry choice comes in. And let’s take it in a few steps. Many of these platforms provide more than a way for Thing to talk to Cloud and for Owner to talk to Cloud (and Thing via the Cloud). They also provide a portal for the Thing maker – or network maker or service provider – to monitor user activity. On the one hand, this can help with debug if things aren’t going right. On the other hand, we already have a solution for that in desktops: give temporary permission for the provider to get in, and then lock the door shut again afterwards.

Such an open-door policy to Dell or Lenovo or whomever would be unthinkable in a desktop, and yet, if the IoT goes as planned, the desktop may end up being the only device in your home that doesn’t let the manufacturer in whenever he/she wants.

OK, so maybe it’s not so bad if the manufacturer can see your activity. In fact, some business models are evolving that require such monitoring – like cell phone business models (more on that in a future piece). But, taking it one step further, can the manufacturer sell that information to someone else? My guess is that they can and will unless told otherwise. Will there be an opt-out? Or even “informed consent” of the smartphone kind (where you get the product/service only if you agree)?

Let’s take it another step further. Let’s picture that some Things might be purchased from one company, but that another company might have a service that accesses that Thing. This would be loosely analogous to a third-party app on a cell phone. The access in this case isn’t there to provide for Thing debugging (that’s the Thing maker’s job); it’s there to provide some value-added function. Analogous to a dictionary on a phone.

Should that third party have access to all your other Thing data? This isn’t quite as straightforward a question as you might think, because it’s not quite parallel to the cellphone example. With a smartphone, the rummageable data is all on the phone. With IoT Things, most of that data will be in the Cloud. So the third party guy would literally need to access the Thing maker’s database to do the rummaging – something the Thing maker wouldn’t likely allow. Unless they see that as a source of revenue – selling out their users for a few bucks. Or, stated differently, taking advantage of “revenue-producing opportunities.” Depending on how you see things.

It’s not completely settled yet which brain the IoT will inhabit. But my guess is that it will be the smartphone brain. The Big Data thirst is just too great; there are too many dollars looking to profile all of us and sell that profile to whomever wants it – typically an advertiser. (Have you ever noticed that 90% of technology seems ultimately to be used for advertising?)

I have to be honest in saying that I don’t relish the picture of barbarians at the door salivating at the prospect of getting into every aspect of my life (at least those that involve Things – which eventually may not leave much out) with no ability of my own to control it. (The “informed consent” model is no better than a terms-of-use or end-user-license agreement – you either accept it as a whole or you don’t use the product, so that’s not really letting you control how something works.) The IoT will churn up untold amounts of data the likes of which wouldn’t have been imaginable even a couple short decades ago. And, by design, the system is set up to capture and mine all that data.

So the big question remains: who will have access to the data? And who should have access? Should this be run more like a desktop, where rummaging is considered an infringement unless explicitly granted as a privilege, or like a smartphone, where rummaging is considered part of the cost of convenience? There’s still time to address and settle this before IoT systems and networks create a default that may or may not be the best way. It makes me wonder whether anyone else is having this specific conversation. I’m not aware of it, and if, in fact, it’s not happening, then it seems like it would be a good conversation to have.

Eventually, we need to get to one brain instead of the two conflicting ones we have now.

5 thoughts on “Who Gets Access?”

  1. For me, the model you’re calling “computers” should really be “computers 20 years ago”. Then, we were using our machines as glorified typewriters and calculators, and whatever we did on the machine stayed on the machine.

    However, as soon as we decided we wanted to use those same machines as communications devices and connected them to the internet, they became essentially the same as what you’re calling the “cellphone model”. It’s not about the manufacturer/integrator (Dell, Lenovo, Samsung, Apple, whoever)… Once we start using any device for communication, we’re trusting a deep stack of companies with the security of our information. The makers of the apps/software we’re running, the providers of the OS and all its utilities, the writers of the BIOS, the manufacturers of many of the chips that are in the system, the provider of internet connectivity (Comcast, AT&T, Verizon… whoever), even the company who makes our wifi routers – every single one of them has to be trusted, and every single one of them has the ability to violate that trust and leak our information.

    Since the very meaning of IoT is “connected”, IoT will by definition use this latter model. A device that sits isolated and just “does work” without communicating with the outside world (and thus risking our privacy) is not part of the IoT. This may sound like a daunting challenge when it comes to security, and it certainly is. Overall, we have to depend mostly on a fundamental trust of the general public, and loosely effective means of enforcing and policing that trust.

    If you think about it, every time we walk down a public street we have no assurance that some random person won’t just walk up and punch us in the face. Yet, we still walk down streets. Most of us don’t wear hockey masks on our stroll through the park, and most of us don’t get punched. When it occasionally doesn’t work out, we have laws that are somewhat effective in keeping the outliers under control.

    Lastly, I think you’re being too harsh on apps like Facebook. It actually isn’t an “all-or-nothing” proposition at all. They have a decent level of granularity in what information they will and won’t use based on your settings. Of course, if you want them to send messages to people in your contact list, you’ll need to let them look at your address book. If you want to post pictures, you’ll have to let them see your photo albums. I can’t really think of a good way around that. Any one-to-many communication tool (like Facebook) is fundamentally intended to share your information with large numbers of people. It isn’t reasonable to expect it not to do that.

  2. Kevin, here’s the difference. Yes, all those things can happen on a desktop – and if violations occur, we consider them violations. Just like getting punched while walking down the street. It’s not acceptable.

    In the cellphone model, it’s all considered acceptable and part of how cellphones work. There are certain apps that you download, and, if you want to use them, you have to agree to get punched in the face. Not considered a violation.

    That’s the essential difference.

  3. I see what you’re saying about things considered “violations” versus things that are an accepted part of the plan.

    However, I see the phone/computer situation exactly the opposite of what you describe.

    On my phone, when I install a piece of software that needs/wants access to something, I’m always asked to grant permission: “XYZ app would like to access your contacts”, or “XYZ app would like to access your photo album” or “XYZ app would like access to your location data”, etc. I’ve also found that there is granularity to these permissions, I can give a single app access to some kinds of data but deny it access to others. I’ve never encountered the situation you describe where an app is “all or nothing” or where it will refuse to install without being granted access to some data. Of course, if it’s a navigation app and I’m not willing to give it access to my location data, well, the utility of that is pretty marginal.

    On the computer, when I install a piece of software, that app basically assumes it can access whatever it wants on my system – anything on the disk, any system resources or utilities, cameras, sensors, external media, network resources… I’m never asked permission for anything.

    Locality of data is one big difference – more of the information storage and computational load on mobile devices is remote/cloud while more of the data and computational load on computers is (historically) local. However, with the proliferation on laptops/desktops of cloud-based apps and software-as-a-service (of which I’m a big consumer), that distinction is rapidly disappearing.

    From my point of view, the newer mobile/cloud model is more respectful of my information and my privacy than the old-school “computer” model (which didn’t really consider it at all). However, mobile devices (and presumably IoT devices) will likely have access to data that is much more “personal” than the data on old-school computers, e.g. my current location, the photo I just took, my heart rate, how fast I walk, my body fat percentage etc.

    With IoT, I think we’re firmly in the “mobile” model. I imagine a very small percentage of IoT applications will rely primarily on local storage of collected data. I also imagine, because of local power limitations on IoT devices like wearables, that a lot of the “heavy lifting” computing will have to be done remotely on servers as well. Therefore, I think IoT will follow closely in the footsteps of cloud-based computing for many things – including privacy/security.

  4. I don’t know if things have changed, but when I tried to install the Facebook app, for example, there was no way to pick and choose what it had access to. It simply told me what it would be accessing and gave me the option to back out, which I did.

    I can honestly say I’ve talked to a lot of other people that have had similar experience.

    And yes, the IoT stuff will largely be in the cloud, but the question I ask is, who will have access to it? As I described in the piece, rooting around on the device won’t likely be an issue. But what I didn’t ask outright, but which is a natural corollary question is, who actually owns the data? If the service provider does, then they can sell it to someone else. Will users have options there? Can they stop such sales? Will granting ownership to others be a requirement for the service?

Leave a Reply

featured blogs
Aug 15, 2018
Yesterday was the first of two posts about Cadence Automotive Solutions. Today we go down into the details a bit more. However, there are so many details that this will be more of a map of the landscape so you get an idea of the breadth of our technology. Each item could have...
Aug 14, 2018
I worked at HP in Ft. Collins, Colorado back in the 1970s. It was a heady experience. We were designing and building early, pre-PC desktop computers and we owned the market back then. The division I worked for eventually migrated to 32-bit workstations, chased from the deskto...
Aug 14, 2018
Introducing the culmination of months of handwork and collaboration. The Hitchhikers Guide to PCB Design is a play off the original Douglas Adams novel and contains over 100 pages of contains......
Aug 9, 2018
In July we rolled out several new content updates to the website, as well as a brand new streamlined checkout experience. We also made some updates to the recently released FSE locator tool to make it far easier to find your local Samtec FSE. Here are the major web updates fo...
Jul 30, 2018
As discussed in part 1 of this blog post, each instance of an Achronix Speedcore eFPGA in your ASIC or SoC design must be configured after the system powers up because Speedcore eFPGAs employ nonvolatile SRAM technology to store its configuration bits. The time required to pr...