Weak Spots / Blind Spots

A day late on Issue 2, but I'll conveniently blame travel. I've just gotten home from four days as a
Changeist
Weak Spots / Blind Spots
By Changeist • Issue #2
A day late on Issue 2, but I’ll conveniently blame travel. I’ve just gotten home from four days as a guest of the Atlantic Council at their Energy & Economic Summit, held in Istanbul (big thanks to AC for the invite). The purpose of going was not only to listen to some fascinating discussions on macroeconomics, geopolitics and energy, but to participate as a panel as well, talking about managing risk, the future of technology, cybersecurity, and the future of systems like the IoT. With co-panelists Steve Watson from Zurich Insurance, Dr. Itamara Lochard, and moderator Barry Pavel from the Council, our 90-minute discussion ranged from unexpected vectors of future vulnerability to the need to update sometimes pre-modern legal frameworks to frankly post-modern ones. The jumping off point was a recent set of cyber risk scenarios by the Council, and we closed by discussing which technologies might bring the biggest benefits and threats in coming years. Video should be available soon.
All of this was of course taking place against the backdrop of the horrible Paris attacks and subsequent arguments over the risks and benefits of encryption in a free society, and now discussions of exposures of critical infrastructure. As the IoT, for example, moves more deeply into personal and enterprise applications, it brings with it thousands of potential new weak points, enabled by everything from poor or non-existent security considerations, use cases such as medical applications that are notoriously seamful (a polite way of saying “terribly gappy”), and the generation of petabytes of often sensitive data not well protected. And the distance between critical infrastructure and a seemingly harmless consumer or business app or connected widget closes steadily. 
Trying to enforce current IT policies or insert a global security standard won’t solve the problem either. As Pavel put it in our panel, the “threat surface” is expanding exponentially due to the rapid introduction of new technologies that outstrip our ability to risk assess and plan prudently. I would add that the same forces that unlock acceptable, beneficial innovation also produce a mirror world of negative innovation. “Agile” isn’t just available to Silicon Valley, but to Raqqa as well. One doesn’t exist without the other today. 
There’s more to be said here (and I will write it up), but in the interest of getting this issue out on time, I’ll just share some links that I referenced in my research for the panel, or that are otherwise timely.
Be safe. 

IoT and Risk
To build the Internet of Things we have to first know how, exactly, it’s defined, which also means understanding where it came from and what it encompasses in its current, still-primordial state.
Rajnesh D. Singh (ISOC) and Yoonee Jeong (TRPC) at the “Online Privacy in an Internet of Things World” Roundtable, Bangkok, Thailand (December 2014)
In the fall of 2013, Billy Rios flew from his home in California to Rochester, Minn., for an assignment at the Mayo Clinic, the largest integrated nonprofit medical group practice in the world. Rios is a “white hat” hacker, which means customers hire him to break into their own computers.
The seductive lure of activity and health wearables make it easy to forget, or ignore, the inherent security and privacy risks involved. The gentle buzz of a wearable device vibrates on your wrist at 7 am. You sync the device with your smartphone to see how well you slept. The result: poor.
There’s a smooth, dark brown stone sitting in front of me on the table with a bright circle pulsing on its face—a signal, apparently, about the security status of Yossi Atias’s fictional Internet-connected home.
Visibility, Invisibility, and Spoofery
These topics are a bit tangential to what’s above, but present some interesting questions about transparency, legibility, and, frankly, perception as reality in a data state.
Hello, I'm Mr. Null. My Name Makes Me Invisible to Computers | WIRED
A name even more disruptive in database land than Smith.
In L.A., One Way to Beat Traffic Runs Into Backlash  - WSJ
Waze, the popular app owned by Alphabet Inc.’s Google provides alternate routes to busy boulevards and packed freeways. In Los Angeles, that’s riling some residents.
The Hollywood Sign might be one of the most recognizable things on Earth. In Los Angeles, it’s also one of the most visible. You can see it from a plane as you glide into LAX. You can see it from a car as you drive up the 101 freeway. But a group of people who live near the sign are trying to hide it, even as it looms in the hills, in plain sight. By removing it from Google Maps.
America’s next president could be eased into office not just by TV ads or speeches, but by Google’s secret decisions, and no one—except for me and perhaps a few other obscure researchers—would know how this was accomplished.
Abroad, Google Maps has waded into raw, tender issues of national identity. For example, take its depiction of Crimea on maps.google.com, where a dashed line reflects the U.S. view that the area is an occupied territory. But in Russia, on maps.google.
Did you enjoy this issue?
Changeist
A periodic look into research threads on critical futures, strategy, post-normal innovation, providing a look over the shoulder of the team at Changeist. Each issue includes brief analysis, links, updates, and occasional invisible hand gestures.
Carefully curated by Changeist with Revue. If you were forwarded this newsletter and you like it, you can subscribe here. If you don't want these updates anymore, please unsubscribe here.