Hardware

Business Leaders Lack Vital Digital Skills Says OU Survey

Posted on by Andy Miller

The Open University’s new ‘Leading in a Digital Age’ report highlights a link between improved business performance and leaders who are equipped, through technology training, to manage digital change.

Investing In Digital Skills Training

The latest version of the annual report, which bases its findings on a survey of 950 CTOs and senior leaders within UK organisations concludes that leaders who invested in digital skills training are experiencing improved productivity (56 per cent), greater employee engagement (55 per cent), enhanced agility, and vitally, increased profit.

The flipside, highlighted in the same survey, is that almost half (47 per cent) of those business leaders surveyed thought they lacked the tech skills to manage in the digital age, and more than three-quarters of them acknowledge that they could benefit from more digital training.

Key Point

The key point revealed by the OU survey and report is that the development of digital skills in businesses are led from the top and that those businesses that invest in learning and development of digital skills are likely to be more able to take advantage of opportunities in what could now be described as a ‘digital age’.

Skills Shortages

The report acknowledges the digital skills shortages that UK businesses and organisations face (63 per cent of senior business leaders report a skills shortage for their organisation) and the report identifies a regional divide in those companies reporting skills shortages – more employers in the South and particularly the South West are finding that skills are in short supply and reporting that recruitment for digital roles takes longer.

One likely contributing factor to some geographical/regional divides in skills shortages and difficulty in recruiting for tech roles in those areas may be the spending, per area, on addressing those skills shortages.  For example, London is reported to have spent (in 2019) £1.4 billion (the equivalent of £30,470 per organisation), while the North East spent the least (£172.2 million), and South East spent only £10,260 per organisation.

Factors Affecting The Skills Shortage

The OU report identifies several key factors that appear to be affecting the skills shortage and the investment that may be needed to address those skills shortages. These include the uncertainty over Brexit, increased competition, an ageing population, the speed and scope of the current ‘digital revolution’, and a lack of diversity.

What Does This Mean For Your Business?

Bearing in mind that the OU, whose survey and report this was, is a supplier of skills training, the report, nonetheless, makes some relevant and important points.  For many businesses, for example, managers and owners are most likely to the be the ones with the most integrated picture of the business and its aims, and if they had better digital skills and awareness they may be more likely to identify opportunities, and more likely to promote and invest in digital skills training within their organisation that could be integral to their organisation being able to take advantage of those opportunities.

The tech skills shortage in the UK is, unfortunately, not new and is not down to just businesses alone to solve the skills gap challenge. The government, the education system and businesses need to find ways to work together to develop a base of digital skills in the UK population and to make sure that the whole tech ecosystem finds effective ways to address the skills gap and keep the UK’s tech industries and business attractive and competitive.  As highlighted in the OU report, apprenticeships may be one more integrated way to help bridge skills shortages.

Glimpse of the Future of Tech at CES Expo Show

Posted on by Andy Miller

This week, at the giant CES expo in Las Vegas, the latest technology from around the world is on display, and here are just a few of the glimpses into the future that are being demonstrated there, with regards to business-tech.

Cyberlink FaceMe®

Leading facial recognition company Cyberlink will be demonstrating the power of its highly accurate FaceMe® AI engine. The FaceMe® system, which Cyberlink claims has an accuracy rate (TAR, True Acceptance Rate) of 99.5% at 10-4 FAR, is so advanced that it can recognise the age, gender and even the emotional state of passers-by and can use this information to display appropriate adverts.

D-ID

In a world where facial recognition technology is becoming more prevalent, D-ID recognise the need to protect the sensitive biometric data that makes up our faces. On display at CES expo is D-ID’s anti facial recognition solution which uses an algorithm, advanced image processing and deep learning techniques to re-synthesise any given photo to a protected version so that photos are unrecognisable to face recognition algorithms, but humans will not notice any difference.

Hour One

Another interesting contribution to the Las Vegas CES expo is Hour One’s AI-powered system for creating premium quality synthetic characters based on real-life people. The idea is that these very realistic characters can be used to promote products without companies having to hire expensive stars and actors and that companies using Hour One can save time and money and get a close match to their brief due to the capabilities, scale/cope and fast turnaround that Hour One offers.

Mirriad

Also adding to the intriguing and engaging tech innovations at the expo, albeit at private meetings there, is Mirriad’s AI-powered solution for analysing videos, TV programmes and movies for brand/product insertion opportunities and enabling retrospective brand placements in the visual content. For example, different adverts can be inserted in roadside billboards and bus stop advertising boards that are shown in pre-shot videos and films.

What Does This Mean For Your Business?

AI is clearly emerging as an engine that’s driving change and creating a wide range of opportunities for business marketing as well as for security purposes. The realism and accuracy, flexibility, scope, scale, and potential cost savings that AI offers could provide many beneficial business opportunities. The flipside for us as individuals and consumers is that, for example, as biometric systems (such as facial recognition) offers us some convenience and protection from cyber-crime, they can also threaten our privacy and security. It is ironic and probably inevitable, therefore, that we may need and value AI-powered protection solutions such as D-ID to protect us.

Blue Light Thinking Wrong Suggests Research

Posted on by Andy Miller

New research results from the University of Manchester suggest that the popularly accepted wisdom that the sharp blue light emitted by our smartphones and laptops is harmful to our health and disruptive to our sleep may be wrong.

Blue Light

The current thinking, which has led to device makers adding filters to our devices (e.g. Night Shift in the iPhone 11 and even the Windows 10 Night Mode) that show warmer colours at night is based on the idea that too much exposure to artificial blue light emitted by our devices at night is bad for us. For example, as highlighted by Samsung (on its Australian website), too much blue light displayed on the screen of a device has been thought to suppress the production of sleep-inducing hormone ‘melatonin’, hence the need to filter out the blue and replace it with warmer colours. Samsung also suggests that its filter could “reduce digital eye strain”.

Mixed Messages

The new results presented by the University of Manchester researchers show that not only is this belief about blue light (and the need for warmer light filters at night) likely to be mistaken but also that using warmer light filters may be sending our bodies mixed messages.

Why?

The new research, which was carried out using mice, has revealed that blue colours associated with twilight have a weaker effect than white or yellow light of equivalent brightness. The research results appear to show that, in fact, our eyes naturally associate warmer, brighter colours with daytime, and dimmer and cooler colours (blue and darker) with the night as our body clock synchronises with the environment. These cool colours are signals to the brain that it’s twilight and, therefore, time to start getting ready for sleep.

Meaning?

This means that rather than suppressing sleep-inducing hormone ‘melatonin’, the emission of blue light (in dimmed conditions) may actually be more restful than yellow light, and that showing ‘warmer’ colours (via a filter) rather than blue light could be sending the wrong message to the brain. If this is so, it may be the warmer colours of the filter that are more likely to suppress the production of melatonin rather than the blue light glow from our devices.

What Does This Mean For Your Business?

For device-makers who have developed filters based on the opposite of theses findings, these research results may be unexpected, embarrassing, and highlight an area where costs have been incurred unnecessarily. That said, the view that blue light needed to be filtered at night was widely supported by many credible, expert sources and these filters were developed by device makers with the customer’s wellbeing (and a marketing/value-adding brand benefit) in mind, based on what appeared to be correct information at the time. Also, these new results were based upon one study involving mice, not humans, and that more research is likely to be needed before this new opposite idea about blue light can be widely accepted as the new truth.

Amazon Announces Smart Office Supply Re-Ordering Device

Posted on by Andy Miller

Amazon has announced the introduction of a ‘smart’ office essentials re-ordering device called Dash Smart Shelf which uses a weight-sensing, Wi-Fi-enabled smart scale to re-order products when they’re running low.

Why?

According to Amazon, monitoring and reordering everyday business essentials (e.g. printer paper) can be unnecessarily time-consuming for the small and medium-sized businesses (SMBs) that make up 99% of business in the U.S. (99.9% of the business population / 5.9 million businesses in the UK – FSB figures).  Having a smart inventory-tracking service could, therefore, mean that time and money in manual stock checking can be saved, plus the disruption of running out of a particular item when it’s needed can be avoided.

How Dash Smart Shelf Works

Amazon’s Dash Smart Shelf is a weight-sensing, Wi-Fi-enabled smart scale that looks like a closed laptop. The device is around 1-inch-tall and will be offered in three different sizes – small (7” x 7”), medium (12” x 10”), and large (18” x 13”). Amazon says that the Dash Smart Shelf can work on a range of surfaces e.g. from counter-tops to wire shelving.

The idea being that the Dash Smart Shelf is placed on the shelf where stationery is stored and the stationery e.g. packets of printer paper, sticky tape or pens are stacked (one Smart Shelf per item type) on top of it.  When supplies run low, the Dash Smart Shelf automatically orders more.

Incentive

The Dash Smart Self is for Amazon Business Customers and Amazon is offering them “business-only prices” on certain products, and savings of up to 15 per cent on orders for selected products placed using the new Dash Smart Shelf.

Easy

Amazon says that the Dash Smart Self is easy to set up and only requires a wall plug (included) or four AAA batteries, a connection to your business Wi-Fi and that you are logged in to your Amazon Business account via the web or Amazon Shopping app.

Timescale and Price

Amazon says that the Dash Smart Shelf will be made available first to Amazon Business customers with a registered U.S. business license “starting sometime in 2020”, and no prices have yet been made available.

What Does This Mean For Your Business?

Amazon makes the point that if you’re in a location far from an office supplies shop, or if you miss a big order (e.g. because you don’t have a certain sized cable), you will instantly see the value of a product that makes sure that you never run out of essential supplies. This product does appear to have the potential to save time, money and hassle by no longer having to manually monitor stock levels.  However, since this product is aimed SMEs, and one unit will need to be purchased for each office product type and the price per unit Dash Smart Shelf (as yet unknown) is going to be an important consideration. Businesses may wonder how much flexibility they will have in choosing which supplier (via the amazon platform) they can have with the device.

Amazon has made in-roads into our homes and found out much more about us and our listening, viewing and other consumption patterns with smart speakers (Echo), Fire TV, the Ring Doorbell and more, and the Dash Smart Shelf marks a move into our business lives by Amazon. As the company becomes the close, sole supplier of some of our valued home and business services, this should enable Amazon to use the data about us to tailor more services and offers, thereby helping it to increase our loyalty and commitment to Amazon, and further fuelling the growth, power and diversification of this online giant.

Uber Loses London Licence

Posted on by Andy Miller

A decision by Transport for London (TfL) means that ride-hailing service Uber has lost its licence to carry passengers in London over safety and security failures.

Why?

According to TfL, it had identified a pattern of failures by Uber, including breaches that had risked the safety of passengers and drivers, plus some uninsured journeys.

Prior to the decision to remove its London Licence, Uber had pledged to improve its drivers’ safety training and provide a direct connection to emergency services.

Not The First Time

Uber had its London licence removed before by TfL back in 2017 after it was decided that the company was “not fit and proper” following security issues, public safety issues, poor reporting (of serious in-car crimes), poor medical checks (of drivers) and poor background checks (of drivers). Uber’s controversial founder and CEO Travis Kalanick had already resigned (in June 2017) amid rumours that he had possibly been “pushed” by unhappy shareholders.  Mr Kalanick was replaced by Dara Khosrowshahi.

In 2018, Uber was only given a probationary 15-month license in London following changes made to improve relations with city authorities and had most recently (September) only been granted only a two-month license, which is the licence that is now about to be allowed to expire.

Black Cab Battle

Uber has not had an easy ride in London from its competitors, the drivers of the famous black cabs. The 22,000 traditional “cabbies”, who are required to pass the notoriously difficult memory test of the city’s road network known as “the Knowledge” in order to pick up passengers have objected (many would say understandably) to the loss of business as a result of having to compete with a growing number of Uber drivers who don’t face the same costs or regulations, and who don’t take the same test, and who can rely on satnav apps.

Carry On and Appeal

It has been reported that although the decision to remove the London licence has been taken, Uber will appeal and it is likely that its 45,000 drivers in London may decide to keep accepting customers until the long process of the appeal has been considered.

Trouble Around The World

It’s certainly not just the UK where Uber has found itself facing legal challenges in recent years.  For example:

In the US, in March, the company had to pay $20 million in settlement of a lawsuit brought by drivers who claimed they were employees and were therefore entitled to some wage protections. Also, in November, Uber unsuccessfully challenged a city law which limited the number of licenses for ride-hailing services.

In Australia this year, the company faced a class action on behalf of thousands of drivers who alleged that Uber was operating illegally and harming them financially, and back in December 2018 in Germany, Uber’s limousine service (stopped in 2014) was ruled to have been illegal. Uber has also faced legal problems in the Netherlands, India, and Austria.

Other Woes

Back in November 2017, Uber was handed a £385,000 fine by the ICO in the UK for data protection failings during a cyber-attack back in 2016 which involved the compromising (and theft) of data relating to 600,000 US drivers and 57 million user accounts.

Also, back in May, Uber’s trading debut at the New York Stock Exchange (NYSE) proved to be somewhat underwhelming when the opening share price was much lower than had been expected at only $45 per share.

Move to Bikes and Scooters

In August 2018, Uber announced a shift in focus towards bikes and scooters in order to drive growth and keep people using the platform. It was thought that bikes and scooters would be more effective and efficient than cars in congested city areas, could represent a way to get another slice of the lucrative mobility market, and that they could be used to help shape consumer behaviour and keep levels of engagement high.

Popular With Users

It has to be said that despite Uber’s problems with the authorities and London cabbies, the service has been popular with many users having positive things to say about the convenience of the app, Uber prices and the speed of the service.

What Does This Mean For Your Business?

Uber had already been on borrowed time in London after finally being granted a two-month licence (following on from just a 15-month probationary one).  Uber’s relationship with the UK authorities and Mayor Sadiq Khan, who had accused Uber as adding to the city’s congestion problems, has been on the edge for quite some time, and it appears as though Uber may not have made the changes that it had pledged to make in order to retain its licence.  The appeal may take a few months, so it is likely that Uber drivers will simply carry on for the time being.

For users, it may come as a disappointment that a service that they found to be very convenient will soon no longer be available but it may be the case that a new London Mayor after May 2020 could take a different approach towards Uber.  For example, some Uber drivers have expressed the belief that Mayor Khan may be pandering too much to the black cabbies, and a hopeful future mayor candidate, Shaun Bailey (Conservative) has expressed regret over TfL’s decision to not grant another licence to Uber.  For the time being though, it’s a waiting game in London for Uber.

Windows Still Need Some Work on Tesla’s New “Cybertruck”

Posted on by Andy Miller

Tesla’s Elon Musk proudly launched the new ‘Cybertruck’ in front of the world’s media last week, only to find that the distinctly breakable difficult-to-break windows were the main focus of media reports.

Cybertruck

The new Tesla all-electric Cybertruck is a futuristic pickup truck / armoured vehicle which will not be manufactured until late 2021 and will retail for between $39,000 and $76,900.  The Tesla website claims that the Cybertruck features “a nearly impenetrable exoskeleton” and that all of the components are “designed for superior strength and endurance”.  For example, the truck features an “Ultra-Hard” 30X Cold-Rolled stainless-steel structural skin and armour glass (toughened glass).  The smooth steel shell is intended to resist dents, damage and long-term corrosion as well as providing added safety to the truck’s occupants.

Features

Tesla says that the new Cybertruck can accelerate from 0-60 mph in only 2.9 seconds, has up to 500 miles of range (thanks to improved Tesla batteries),  a 3,500 pounds of payload capacity, offers 100 cu ft of “vault-like” storage, has adaptive suspension, and can seat six comfortably.

In addition to the futuristic exterior, the ‘cyber’ aspect of the truck appears to be focused around the 17” touchscreen with a new customized user interface.

That Glass Incident

The embarrassing aspect of the launch that international media outlets chose to focus on was when Tesla’s head of design, Franz von Holzhausen attempted to demonstrate how strong the window glass on the Cybertruck was by throwing a heavy metal ball at two different windows, only to find that both broke (although the ball didn’t end up inside the vehicle in either case).

Orders

Elon Musk tweeted on the Sunday after the Cybertruck’s (Thursday) launch that there had already been 200,000+ orders of the vehicle (with no advertising), but this figure appears to relate to pre-orders of the not-yet manufactured vehicle involving a commitment from potential customers of only $100 deposit (fully refundable).  As any car salesperson could tell you, the small deposit coupled with the long wait for manufacture may be unlikely to produce anywhere near the same number of actual sales as pre-orders.

What Does This Mean For Your Business?

There is no doubt that the major car manufacturers are committed to producing electric cars, and Tesla has achieved a great deal in establishing itself as a major player in this market, particularly with its Model 3. Much of the media attention for Tesla, however, has focused on the claims and behaviour of its charismatic leading light and often double-edged sword Elon Musk, who appears to be no stranger to controversy e.g. when he was sued by (and settled with) The US Securities and Exchange Commission for a “false and misleading” tweet about his plans for Tesla that was thought to have upset the market and investors.

Unfortunately, unpredictable and embarrassing events at the launch appear to have slightly overshadowed many of the positive aspects of the Cybertruck. Sir James Dyson also found that his ambition in the electric car market didn’t live up to reality as Dyson recently had to scrap its £2.5 billion ‘N526’ electric car project with Sir James Dyson announcing that it was “not commercially viable”.  It remains to be seen if Tesla’s Cybertruck can achieve the same levels of popularity and approval as its Tesla 3 model.

Despite Patches, Researchers Warn That Intel Chips Are Still Vulnerable

Posted on by Andy Miller

The New York Times has reported that despite Intel issuing patches for security flaws (that were discovered last year) in its processors, security researchers are alleging that the processors still have some serious vulnerabilities.

What Flaws?

In January 2018, it was discovered that nearly all computer processors made in the last 20 years contained two flaws known as ‘Meltdown’ and ‘Spectre’. The 2 flaws could make it easier for something like a malicious program to steal data that is stored in the memory of other running programs.

Meltdown, discovered by researchers from Google’s Project Zero, the Technical University of Graz in Austria and the security firm Cerberus Security in Germany, affects all Intel, ARM, and other processors that use ‘speculative execution’ to improve their performance; i.e. when a computer performs a task that may not be actually needed in order to reduce overall delays for the task (a kind of optimisation).

Meltdown could, for example, leave passwords and personal data vulnerable to attacks, and could be applied to different cloud service providers as well as individual devices. It is believed that Meltdown could affect every processor since 1995, except for Intel Itanium and Intel Atom before 2013.

Spectre, which affects Intel, AMD and ARM (mainly Cortex-A) processors, allows applications to be fooled into leaking confidential information. Spectre affects almost all systems including desktops, laptops, cloud servers, and smartphones.

8 More Flaws Discovered

Then, in May 2018, 8 more security flaws in chips/processors were discovered by several different security teams.  The new ‘family’ of bugs were dubbed Spectre Next Generation (Spectre NB).

September 2018

According to reports by The New York Times, the Dutch researchers (at Vrije Universiteit Amsterdam) also reported a range of security issues about Intel’s processors to the company in September 2018 and provided Intel with a proof-of-concept code to help them to develop fixes

14 Months On – Only Some Fixes

It has been reported that after waiting 8 months to allow Intel enough time to develop fixes (of which only some have issued), and more than a year after providing Intel with a proof-of-concept code, Intel has only just announced the issue of more security updates earlier this week.

More Vulnerabilities

Unfortunately for Intel, just as they announced the issue of new security fixes last week, the researchers notified them of more unfixed flaws, and it has been alleged that Intel asked the researchers to alter the report about the flaws and to effectively stay quiet about them.

MDS

The latest unpatched flaw in Intel processors that the researchers from Amsterdam, Belgium, Germany and Austria have gone public about is a hacking technique, which is a variant of ZombieLoad or RIDL (Rogue In-Flight Data Load). The technique which exploits a flaw in Intel processors is known as microarchitectural data sampling (MDS) and it can enable hackers to carry out several different exploits e.g. running code on the victim’s computer that forces the processor to leak data.

Criticism

The news that there may still be flaws in Intel’s processors after the company appears to have had a long time to fix them has prompted some criticism of Intel online, some of it reported in the New York Times e.g. allegations  that there has been a lack of transparency about the issue from Intel, that the company has tried to downplay the problems, and allegations that Intel may not decide to do much to fix the problem until its reputation is at stake.

What Does This Mean For Your Business?

Bearing in mind that these flaws are likely to exist at the architectural level in the majority of processors, this story is bad news for businesses that have been legitimately trying to make themselves totally compliant with GDPR and as secure as possible from attack.

For the time being, in the short term, and unless processor companies try to completely re-design processors to eliminate the flaws, closing hardware flaws using software patches is the only realistic way to tackle the problem and this can be a big job for manufacturers, software companies, and other organisations that choose to take that step. It is good practice anyway for businesses to install all available patches and make sure that they are receiving updates for all systems, software and devices.

The hope is now that researchers can put enough pressure on processor manufacturers e.g. through bad publicity to make them speed up their efforts to tackle the known security flaws in their products.

‘Moore’s Law’ and Business Innovation Challenged By Slow-Down In Rate of Processing Power Growth

Posted on by Andy Miller

Many tech commentators have noted a stagnation or slow-down period in computing related to ‘Moore’s Law’ being challenged, but has the shrinking of transistors within computer chips really hit a wall and what could drive innovation further?

What Is Moore’s Law?

Moore’s Law, named after Intel co-founder Gordon Moore, is based on his observation from 1965 that transistors were shrinking so quickly that twice as many would be able to fit into a micro-chip every year, which he later amended to a doubling every two years.  In essence, this Law should mean that processing power for computers doubles every two years.

The Challenge

The challenge to this Law that many tech commentators have noted is that technology companies may be reaching their limit in terms of fitting ever-smaller silicon transistors into ever-smaller spaces, thereby leading to a general slowing of the growth of processing power.  The knock-on effect of this appears slowing of computer innovation that some say could have a detrimental effect on new, growing industry sectors such as self-driving cars.

What’s Been Happening?

Big computer chip manufacturers like Intel have delayed the next generation of smaller transistor technology and increased the time between introducing the future generations of their chips. Back in 2016 for example, Intel found that it could shrink chips to as little as 14 nanometres, but 10 nanometres is going to be a challenge that would take longer to achieve.

The effect has not only been a challenge to Moore’s Law, and a challenge to how the big tech companies can keep improving their data centres, but also how computers are able to work for (and keep up with) the demands of business.

Mobile devices, which use chips other than Intel’s may also have the brakes put on them slightly as they now also rely, to a large extent, on the data-centres to run the apps that their users value.

What About Supercomputers?

Some experts have also noted that the rate of improvement of supercomputers has been slowing in recent years and this may have had a negative impact on the research programs that use them.

That said, the cloud means that IBM is now able to offer quantum computing to tens of thousands of users, thereby empowering what it calls “an emerging quantum community of educators, researchers, and software developers that share a passion for revolutionising computing”.  It is doing this by opening a Quantum Computation Centre in New York which will bring the world’s largest fleet of quantum computing systems online, including the new 53-Qubit Quantum System for broad use in the cloud.

What Does This Mean For Your Business?

Many smaller businesses that are less directly reliant upon the most-up-to-date computers may not be particularly concerned at the present time about the challenge to Moore’s Law,  but all businesses are likely to be indirectly affected as their tech giant suppliers struggle to keep improving the capacity of their data-centres.

Many see AI and machine learning as the gateway to finding innovative solutions to improving computing power, but these also rely on data-centres and other areas of computing that have been challenged by the pressure on Moore’s Law.

A more likely way forward may be that chip designs will need to be improved and highly specialised versions will need to be produced, and Microsoft and Intel have already made a start on this by working on reconfigurable chips.  Also, the big tech companies may need to collaborate on their R &D in order to find the way forward in increasing the rate of improvement of computing power that can ensure that businesses can drive their products, services and innovation forward.

ICO Warns Police on Facial Recognition

Posted on by Andy Miller

In a recent blog post, Elizabeth Denham, the UK’s Information Commissioner, has said that the police need to slow down and justify their use of live facial recognition technology (LFR) in order to maintain the right balance in reducing our privacy in order to keep us safe.

Serious Concerns Raised

The ICO cited how the results of an investigation into trials of live facial recognition (LFR) by the Metropolitan Police Service (MPS) and South Wales Police (SWP) led to the raising of serious concerns about the use of a technology that relies on a large amount of sensitive personal information.

Examples

In December last year, Elizabeth Denham launched the formal investigation into how police forces used FRT after high failure rates, misidentifications and worries about legality, bias, and privacy.  For example, the trial of ‘real-time’ facial recognition technology on Champions League final day June 2017 in Cardiff, by South Wales and Gwent Police forces was criticised for costing £177,000 and yet only resulting in one arrest of a local man whose arrest was unconnected.

Also, after trials of FRT at the 2016 and 2017 Notting Hill Carnivals, the Police faced criticism that FRT was ineffective, racially discriminatory, and confused men with women.

MPs Also Called To Stop Police Facial Recognition

Back in July this year, following criticism of the Police usage of facial recognition technology in terms of privacy, accuracy, bias, and management of the image database, the House of Commons Science and Technology Committee called for a temporary halt in the use of the facial recognition system.

Stop and Take a Breath

In her blog post, Elizabeth Denham urged police not to move too quickly with FRT but to work within the model of policing by consent. She makes the point that “technology moves quickly” and that “it is right that our police forces should explore how new techniques can help keep us safe. But from a regulator’s perspective, I must ensure that everyone working in this developing area stops to take a breath and works to satisfy the full rigour of UK data protection law.”

Commissioners Opinion Document Published

The ICO’s investigations have now led her to produce and publish an Opinion document on the subject, as is allowed by The Data Protection Act 2018 (DPA 2018), s116 (2) in conjunction with Schedule 13 (2)(d).  The opinion document has been prepared primarily for police forces or other law enforcement agencies that are using live facial recognition technology (LFR) in public spaces and offers guidance on how to comply with the provisions of the DPA 2018.

The key conclusions of the Opinion Document (which you can find here: https://ico.org.uk/media/about-the-ico/documents/2616184/live-frt-law-enforcement-opinion-20191031.pdf) are that the police need to recognise the strict necessity threshold for LFR use, there needs to be more learning within the policing sector about the technology, public debate about LFR needs to be encouraged, and that a statutory binding code of practice needs to be introduced by government at the earliest possibility.

What Does This Mean For Your Business?

Businesses, individuals and the government are all aware of the positive contribution that camera-based monitoring technologies and equipment can make in terms of deterring criminal activity, locating and catching perpetrators (in what should be a faster and more cost-effective way with live FRT), and in providing evidence for arrests and trials.  The UK’s Home Office has also noted that there is general public support for live FRT in order to (for example) identify potential terrorists and people wanted for serious violent crimes.  However, the ICO’s apparently reasonable point is that moving too quickly in using FRT without enough knowledge or a Code of Practice and not respecting the fact that there should be a strict necessity threshold for the use of FRT could reduce public trust in the police and in FRT technology.  Greater public debate about the subject, which the ICO seeks to encourage, could also help in raising awareness about FRT, how a balanced approach to its use can be achieved and could help clarify matters relating to the extent to which FRT could impact upon our privacy and data protection rights.

Amazon Echo and Google Home ‘Smart Spies’

Posted on by Andy Miller

Berlin-based Security Research Labs (SRL) discovered possible hacking flaws in Amazon Echo (Alexa) and Google Home speakers and installed their own voice applications to demonstrate hacks on both device platforms that turned the assistants into ‘Smart Spies’.

What Happened?

Research by SRL led to the discovery of two possible hacking scenarios that apply to both Amazon Alexa and Google Home which can enable a hacker to phish for sensitive information in voice content (vishing) and eavesdrop on users.

Knowing that some of the apps offered for use with Amazon Echo and Google Home devices are made by third parties with the intention of extending the capability of the speakers, SRL was then able to create its voice apps designed to demonstrate both hacks on both device platforms. Once approved by both device platforms, the apps were shown to successfully compromise the data privacy of users by using certain ‘Skills and actions’ to both request and collect personal data including user passwords by eavesdropping on users after they believed the smart speaker has stopped listening.

Amazon and Google Told

SRL’s results and the details of the vulnerabilities were then shared with Amazon and Google through a responsible disclosure process. Google has since announced that it has removed SRL’s actions and is putting in place mechanisms to stop something similar happening in future.  Amazon has also said that it has blocked the Skill inserted by SRL and has also put in preventative mechanisms of the future.

What Did SRL’s Apps Do?

The apps that enabled the ‘Smart Spy’ hacks took advantage of the “fallback intent”, in a voice app (the bit that says I’m sorry, I did not understand that. Can you please repeat it?”), the built-in stop intent which reacts to the user saying “stop” (by changing the functionality of that command after the apps were accepted), and leveraged a quirk in  Alexa’s and Google’s Text-to-Speech engine that allows inserting long pauses in the speech output.

Examples of how this was put to work included:

  • Requesting the user’s password through a simple back-end change by creating a password phishing Skill/Action. For example, a seemingly innocent application was created such as a horoscope.  When the user asked for it, they were given a false error message e.g. “it’s not available in your country”.  This triggered a minute’s silence which led to the user being told “An important security update is available for your device. Please say start update followed by your password.” Anything the user said after “start” was sent to the hacker, in this case, thankfully, SRL.
  • Faking the Stop Intent to allow eavesdropping on users. For example, when a user gave a ‘stop’ command and heard the ‘Goodbye’ message, the app was able to continue to secretly run and to pick up on certain trigger words like “I” or words indicating that personal information was about to follow, i.e. “email”, “password” or “address”. The subsequent recording was then transcribed and sent back to SRL.

Not The First Time

This is not the first time that concerns have been raised about the spying potential of home smart speakers.  For example, back in May 2018, A US woman reported that a private home conversation had been recorded by her Amazon’s voice assistant, and then sent it to a random phone contact who happened to be her husband’s employee. Also, as far back as 2016, US researchers found that they could hide commands in white noise played over loudspeakers and through YouTube videos in order to get smart devices to turn on flight mode or open a website. The researchers also found that they could embed commands directly into recordings of music or spoken text.

Manual Review Opt-Out

After the controversy over the manual, human reviewing of recordings and transcripts taken via the voice assistants of Google, Apple and Amazon, Google and Apple had to stop the practice and Amazon has now added an opt-out option for manual review of voice recordings and their associated transcripts taken through Alexa.

What Does This Mean For Your Business?

Digital Voice Assistants have become a popular feature in many home and home-business settings because they provide many value-adding functions in personal organisation, as an information point and for entertainment and leisure.  It is good news that SRL has discovered these possible hacking flaws before real hackers did (earning SRL some good PR in the process), but it also highlights a real risk to privacy and security that could be posed by these devices by determined hackers using relatively basic programming skills.

Users need to be aware of the listening potential of these devices, and of the possibility of malicious apps being operated through them.  Amazon and Google may also need to pay more attention to the reviewing of third party apps and of the Skills and Actions made available in their voice app stores in order to prevent this kind of thing from happening and to close all loopholes as soon as they are discovered.