Category: Safety

Fingerprints, Security, and the Law

In October of 2013, I wrote a post titled, Device Security: Fingerprints vs Passwords. That post was published about a month after Apple released the iPhone 5S, the first device with Touch ID.

In the post I argued that the choice between password and fingerprint was about optimizing for a particular type of data thief.

On the subject of the police, I stated, “It takes a massive amount of legal proceedings for the police to compel a person to turn over their password.” When it came to fingerprints I argued, “The police can compel you to turn over your fingerprints. There isn’t enough legal precedent to ensure protection from the authorities.

Since publishing this, I have on more than a few occasions been accused of wearing a tin foil hat.

Well my friends, the police are in fact compelling US citizens to use their fingerprints to unlock their phones in cases where they would not be allowed to compel a person to turn over their passwords.

In this particular instance, it sucks to be correct.

If we don’t defend our civil liberties, then the freedoms that make this country worth defending will wither away.

The Geek Whisperer’s 2015 Tech Predictions

I’ve been at this for a long time, this is the first time I’m taking a stab at industry predictions. Let’s see how I do in 12 months.

Security Breaches Everywhere

Information security is going to continue to grow as both a problem, and a political issue.

There will be more point-of-sale breaches at major retailers and large-scale corporate leaks like Sony (they will largely be inside jobs).

This will continue because companies won’t:

  • update their systems
  • implement proper password standards and management
  • hire and empower skilled information security specialists

Security Politicization

All of the breaches are going to grow into larger political issues as legislators try to regulate security.

The proposed laws will be terrible.

Most of our leaders will try their hardest to avoid discussing the fact that the Department of Justice has been actively working to hobble corporate and individual information security for years.

Apple Watch

At launch, there will be a mix of sneering and praise for the Apple Watch, but it will be a runaway success. Their stock price will drop initially.

Why will it be a success?

  • Because Apple
  • Minimally functional wrist-based wearables have already caught-on
  • We use our phones too much, and don’t want to take them out all of the time
  • It’s even more difficult to get your phone in and out of tight pants (watch people when you’re out; this is actually something people struggle with)

User Interfaces Go Vertical

The Apple Watch is going to bring new web and app design trends with it.

I’m in the middle of designing my first Apple Watch app, and I have discovered that because of the “crown,” everything shifts to a vertical interface. I suspect that many iPhone apps will shift to a more vertical experience to create similarities between their iPhone and Apple Watch apps. This will find its way into web design as well.

Apple Watch Theft

(This is the last Apple-related prediction)

Apple Watch theft is going to be a really big thing; especially in the warm months when crime rises and people aren’t covering their wrists with sleeves.

Even if Apple comes up with a very clever theft deterrence system, stolen Apple Watch bands will fetch good money.

"That Milanese Loop will look so great on me... Give it to me or I'll cut you!"
“That Milanese Loop will look so great on me… Give it to me or I’ll cut you!”

Net Neutrality = Giant Mess

The FCC will try to split the proverbial baby on net neutrality, and it’s going to be a mess.

I predict lawsuits from both sides of the issue. No one will be happy, and the ISPs will continue to suck… But lawyers and lobbyists will make money, and that’s all that really matters isn’t it?

Innovations Mobile Gaming

Mobile video games are going to get better, and more interesting.

The comparatively low cost of iOS and Android development vs console gaming, as well as the ubiquity of iOS and Android devices will spur a renascence in mobile video games. We’re going to see more of the quirky, interesting, and unusual indie games that have been priced out of the console market, or lost in the ether.

HTTPS Everywhere(ish)

2015 will be year that one of the browsers will label unencrypted websites as insecure. Many website owners will finally make the leap to HTTPS for everything.

It won’t be perfect, but it will be far better than the current situation.

Backend / Frontend Decoupling

There aren’t many content management systems that are great on both the back and front end.

While not a new concept, more websites will be built with a decoupled front and backend. Look for lots of Drupal backend, and AngularJS frontend sites. The web will be better for it.

API All the Things!

APIs are going to continue to become a necessary business tool for both internal and external purposes.

The non-profit and government worlds will need them to open up and share data.

Companies will want them to power their growing array of external websites and applications.

Really smart organizations will find that internal APIs for cross-department data sharing are more important than an intranet.

[Image via Apple]

Stephen Colbert Must Speak at 2014 RSA Conference

RSA the makers of one of the most prolific digital encryption systems was outed for taking a $10 million bribe to weaken their security, so that the NSA could break it more easily.

Dongle
Dongle

Setting aside that $10 million seems like the NSA bought RSA’s integrity for an incredibly low price (who says government always has to pay top dollar?). The biggest problem here (even bigger than state surveillance) is that you cannot weaken security for just one party. If RSA security is easier for the NSA to break, then it is easier for everyone to break.

It’s messed up.

It’s horrible that the NSA asked them to compromise their product.

It’s insane that RSA complied.

What does this have to do with Stephen Colbert?

RSA has an annual security conference. It was a big deal in tech circles (until this year).

This year many security experts have rightly decided to boycott the conference. In its place they will be speaking at, TrustyCon.

Colbert is still scheduled as RSA’s keynote speaker and many in the tech community want him to cancel. Fight for the Future, an Internet advocacy group that I typically agree with is circulating a petition asking Colbert to do just that.

It says, among other things:

“Whatever speech you had planned, we’re sure it would be amazing. We want to hear it; we really do. The 2006 White House Press Corps Dinner? You killed it. But this isn’t that. Not only will your speech not be broadcast to the public–it’s also really hard to make jokes about surveillance that don’t distract from how scummy and dangerous it is.”

Fight For the Future is wrong. Colbert needs to speak.

Non-tech geeks don’t care about RSA Con, or the intricacies of Internet security. And while more people should be interested in what folks like Christopher Soghoian have to say, they just aren’t.

Colbert can draw attention to it. A lot more attention.

It won’t be broadcast… But I’m willing to bet that it will find its way to YouTube. If RSA tries to censor the video, it will only spread more rapidly.

“It’s hard to make jokes about surveillance that don’t distract from how scummy and dangerous it is?”

Really? Have they seen his show?

I have faith that Colbert will rise to the occasion, and deliver a speech that will help to push this conversation in a productive direction. If he cancels, that doesn’t happen. If he goes to TrustyCon and speaks to a friendly audience on their own turf, it loses a lot of its potential.

Guys like Stephen Colbert and Jon Stewart are at their most powerful when they are lighting fires in the belly of the beast.

(Image via Wikipedia)

FDA Banning 23andMe Puts Our Health at Risk

From my cold dead… Spit!?

In November 2013, the Food and Drug Administration took it upon itself to ban the at-home, personal genome service 23andMe.

This is unimaginably stupid, and if the decision isn’t reversed, it will have a long-lasting impact on healthcare innovation for years to come.

23andMe

WTF is 23andMe?

23andMe is a rapid gene testing company. That work(ed) like so:

  • You pay them $99
  • They send you a box with a special plastic tube
  • You spit into the tube (a lot), and seal it shut
  • Put the tube full of your geney spit into the box
  • Mail the box back to 23andMe
  • 23andMe does science!
  • A few weeks later you get an email telling you that your results are ready to view online

Stand Back Science!

Pretty straightforward, but nifty stuff.

The results (like this site) span the range of practical, interesting and trivial information about your body, and things you can expect from it over time.

  • Eye color
  • Earwax consistency
  • Ability to metabolize alcohol
  • Cancer risks
  • Risks for tons of other diseases

And it presents all of this information in a beautifully designed, easy-to-read format. The presentation of health information on the site is an incredible feat on its own. It’s even cooler because everything  is pertinent to you and your genes.

In my case, I mostly confirmed a ton of things I already knew (more on that in a bit) or suspected from carefully following my family’s medical history… But 23andMe did explain my laughable tolerance for alcohol.

In addition to the medical information, 23andMe gives a massive amount of ancestry information, allowing you to meet distant relatives through their site. It’s neat stuff, and at times it’s a bit strange.

The FDA banned that?

Technically the FDA didn’t ban the testing… They banned the spit tube. The FDA didn’t really have standing to ban the test, so they classified the spit tube as a medical device… Like a pacemaker.

Pretty lame loophole right?

The FDA is concerned that people will make bad medical decisions based on the gene report. It’s not an unfounded concern because there is a margin of error in your results (and you’ll rarely know if something is incorrect), and genes don’t always react as they are expected to.

Nothing is certain when it comes to our genes. We all have little genetic bombs in us that are likely to detonate, but may lay dormant while something completely unexpected kills us.

What Does the Ban Mean?

23andMe can grandfather in early users. Those of us who used it prior to the ban can still access or data.

Anyone who used the service post-ban can only access ancestry information… Which while it’s interesting is a bit like ordering an ice cream sundae and receiving a cup with a few sprinkles instead.

23andMe is appealing the ban. We’ll see what happens.

Plenty of opportunities to make bad decisions

Have you ever gone on WebMD? Almost any symptom on there will present a range of diseases from common cold to cancer.

People also make bad decisions after visiting psychics, palm-readers and other snake-oil pushers.

And then there are the myriad dietary decisions that people make. People self-diagnose themselves all the time and casually make life-changing decisions with little-to-no information on their own health.

Finally, there’s doctor error. No exaggeration, I have nearly died twice because of misdiagnosis or poor judgment by seemingly competent doctors.

What’s at stake?

Banning 23andMe is banning patients from information about their own bodies. There’s really nothing more personal than your own genes. You should be able to learn about them.

As a teen I complained to my doctor about some very scary symptoms and he ignored me. Told me that it was in my head. I took him at his word because I was young and naive. Sophomore year of college, I almost died in my dorm room because of the very symptoms that I complained about. The problem was fully remedied, and I’m healthier today than I ever was as a child.

Years later my 23andMe results included information about the condition that I was born with and nearly died from. Had I been in possession of my own genetics information, my parents, doctors and I would have known what to look for. A very terrifying chapter in my life could have been completely avoided.

Patients need to be empowered with information about their bodies, not sheltered from it.

Banning 23andMe is a warning to any innovator who might seek to empower patients. Let 23andMe be a beacon of what the 21st century has to offer. Active, empowered, educated patients working with their doctors and loved ones towards better health.

You can help by petitioning the FDA to reverse their decision.

(Story via BoingBoing)

(Images via xkcd & 23andMe)