Tag Archives: legal

Cloud thinking for IoT

Who would have thought that the legal side of IoT could be so interesting?
Who would have thought that the legal side of IoT could be so interesting?

TechUK held an event called “Can the IoT (Internet of Things) become a reality without the Cloud?” and whilst the event didn’t really answer the headline question, it was interesting in other unexpected ways.

The last couple of events I’ve attended at TechUK have been a little dry, lacking anything interesting to report here. As I left the office for the IoT event I remarked to a colleague that if this event was also dry, I might reduce the number of TechUK events I attend.

There were four speakers supported by the chair Stephen Pattison, VP, ARM Holdings:

  • Paul D’Cruz, Chief Technical Officer, Cisco UK Public Sector
  • Barry Jennings, Associate, Bird & Bird
  • Nick Hyner, Director Cloud Services EMEA, Dell
  • Gabriel Vizzard, Internet of Things Lab Services Foundry, IoT Solution Architect, IBM

Stephen, Paul, Nick and Gabriel naturally promoted their employer’s latest product offerings, with varying degrees of humour.

Surprise surprise Cisco said the current network (Internet) doesn’t have the bandwidth for billions of devices (I wonder who sells network equipment….) and Dell talked about more Cloud computing which ultimately translates into more [Dell] servers. Every time thw word “security” was mentioned, we were served a reminder of how much ARM are investing in IoT security protocols.

The surprise session was from Barry Jennings who spoke about the liability and funding models for IoT. Continue reading Cloud thinking for IoT

TechUK and the Connected Home (IoT)

It was a large audience for today's TechUK IoT #connectedhome event. Credit: João Marques Lima on Twitter
It was a large audience for today’s TechUK IoT #connectedhome event.
Credit: João Marques Lima

This morning I went to an event at Tech UK called “The Connected Home: Empowering the consumer through the Internet of Things”. Here are my notes which I managed to quickly scribble down.

Jeremy Green from Machina Research was the chairman for the morning.

Energy Retail

  • In the energy retail market, smart meters increased conversion rate from 12 to 48% through more intelligent offers and improved proposition
  • Internet of Things (IoT) is about getting data to a user’s smartphone to view analytics and make a choice of what to do 20% of energy bills are ‘background use’ – which is background energy being used while sleeping, or not even knowing a device is on.
  • The topic was highly focussed on Smart Meters, mainly because of the panel at the event (smart meter suppliers). Unfortunately there was nothing about changing business models and it led to some government bashing.

Continue reading TechUK and the Connected Home (IoT)

AgileLondon at McKinsey Labs

This week I went to AgileLondon which was hosted at McKinsey. It was a really interesting MeetUp-style event with a format I’ve not seen before.

There were seven presentations and we all voted for two of them after a short elevator pitch from the presenters on why their presentation was worthy of being included. The other five were ‘eliminated’ and the audience provided a topic for those presenters to work on while the two were being presented.

Continue reading AgileLondon at McKinsey Labs

Bitcoin introduction, key facts and opportunities

The number of Bitcoin transactions per day looks like it's waiting for a major retailer to join the party
The number of Bitcoin transactions per day looks like it’s waiting for a major retailer to join the party

Firstly, I want to set some context about Bitcoin and this article. I started this blog when I found myself explaining something to one person, then another, and another, and I thought there had to be a more efficient method of distributing information (together with my opinion!) Three years later, this mantra still holds true. However this article has taken the longest to write because when I have met people to discuss Bitcoin, every conversation seems to approach the subject from a different perspective and I’m asked many great questions, so I’ve delayed this article while I’ve tacked those extra points to this article. At times I felt that I should just write a book, but I never had the guts to ask my wife for the time during our summer holiday!!!

This article is split into five sections mainly to specifically answer some presumptions that people have about Bitcoin:

  1. Introduction, and Bitcoin key facts
  2. Anonymity & Illegality
  3. Opportunities
  4. Conclusion
  5. Further reading

Continue reading Bitcoin introduction, key facts and opportunities

The ticking time bomb of digital footprints

Mail on Sunday front page 7 April 2013
Mail on Sunday front page 7 April 2013

This week’s news about Paris Brown brought home the reality of growing from a child to an adult with a digital footprint.

Paris wrote some tweets aged between 14 and 16 years old that contained poor language that most adults would be ashamed of.

What Paris tweeted (I’ve seen the tweets and they are not worthy of being repeated here) is completely wrong. However, the point to this case is that Paris is the first high profile case of a child who had made some pretty bad statements which have come back to haunt her later on in life. She won’t be the last.

There are a number of important points to the Paris Brown case. Firstly, I find it appalling the way the news was broken. The Mail on Sunday covered the story on the front page. Really? Was this really the most important story for a Sunday paper? Paris is 17 years old and this week’s ordeal has been out of proportion. She was 14 when she wrote some of the tweets.

The question is whether employers should check all social media channels for indecent content?

That’s an interesting question. Should employers check newspaper articles and letters to the editor too? How can employers check Facebook pages which are, or at least should be, private? Where’s the line drawn?

In 2008 there was a court case in the UK where a company took an employee to court to instruct them to remove all LinkedIn connections from their account. The employer claims to own those connections, not the employee. The case was settled out of court.

In the US, a similar case, also concerning LinkedIn, did go through to judgement, and the court was in favour of the employee, mainly because the contacts could be found in the public domain and replicated by anyone.

We are at the tip of the iceberg with these legal issues. These are new challenges that need to be resolved.

When recruiting, should it be standard practice to research the candidate online? What happens if an employer sees a photo of the candidate in a fund raising capacity for cause seemed inappropriate? “Inappropriate content” is a very wide grey area.

I feel sorry for Paris Brown. She posted something at 14 years old, has apologised for her comments, resigned from her job, and now has a permanent digital footprint across all the national newspapers which is beyond her control. Paris’ digital footprint, which started as a handful of tweets, now has over 38,000,000 results according to Google. She won’t be able to delete those so easily.

Why do age restrictions fail?


If a 10 year old child walked into a cinema and wanted to watch an 18 certified film, they wouldn’t be able to buy the ticket. If a 10 year old child walked into a video rental shop (remember those?) and wanted to rent an 18 certified film, they wouldn’t be served.

So I was pretty surprised recently when I discovered that I had been playing Battlefield 3, accidentally using my 10 year old son’s XBox account. My son plays on the XBox much more than I do, and leaves his account signed in when he switches the console off.

I guess that in the (10 year old style!) excitement of receiving Battlefield 3 through the post one day, I switched on the XBox and started playing without checking which account was logged in.

Back to the original point, my XBox knows that my son is a minor because his age is part of his profile and Xbox doesn’t allow him to accept new terms and conditions – it always asks for me to log in. So why does it allow him to play an 18 rated game?

In reality, it’s easier for the XBox to block someone by age than the cinema or video shop, but in reality I suspect games sales would plummet. That’s no defence to the games companies though.

And finally for the record, my son isn’t allowed to play Battlefield or Call of Duty whatsoever…

A digital method to deal with illegal cyclists and motorists


Although the weather is extremely warm for autumn in London, it’s still getting dark earlier during the day and I’m now cycling home from work after the sun has set. I cannot believe how many cyclists don’t have lights on their bikes, and for some reason it really irritates me.

As a rough guess I thought about a quarter of all cyclists between the City of London and my home in North West London don’t have any lights. Tonight I counted them (there isn’t a lot more to do when cycling 13 miles):

  • 9 cyclists without lights from a total of 21 bikes
  • That’s over 40% of the cyclists I saw this evening didn’t have lights on when it was dark.

Unrelated (well it will be related later on) Mrs H and I hardly watch any television (it goes part way to explain how we have four children…) yet one of our favourite programmes is Road Wars, which follows a team of police officers who drive top end sports cars around at high speed pulling over offenders. And one of the most common offences is no insurance.

One in fifteen cars in the UK are uninsured. £30 of every premium goes towards a central organisation called MIB to cover drivers who can’t claim from an uninsured third party.

Back to my bicycle.

I started thinking that the Police should team up with a cycle retailer and stand at pretty much any junction in the City of London pulling over any cyclists without lights. Instead of fining the cyclists, they should make them pay £30 for a set of lights. That’s got to be better than an on the spot fine, because the outcome is better for the Police (less accidents) and the cyclist (less accidents!).

I have a similar solution for drivers with no car insurance. The Police should carry a laptop or a tablet computer and when they pull over an insured driver, instead of the £5,000 fine, penalty points and seizing the vehicle, they should offer an option for the driver to buy the insurance on the spot. Just hand over the laptop with a comparison engine and watch the driver buy a policy.

One of the tactics that uninsured drivers use is to buy insurance and cancel the policy or direct debit after the first month, so one of the terms of this on-the-spot-insurance-cover should be to pay for a full year.

For any other complex social problems, send me an email just before I get on the bike in the evening!

Identity crisis


The photo above was taken eight years ago and shows my parents and my identical twin daughters Shelley and Natalie. I’m pretty certain that it’s my dad on the left and my mum on the right, however I can’t tell which baby is Shelley or Natalie.

Before I joined IMG I worked for a Finnish telco company called Sonera. At Sonera we enabled consumers to use mobile phones to ‘sign’ – to prove their identity. We used the SIM card in the phone as a secure, unique system. At the time (late 1990s) the system was designed from the ground up to be secure enough to sign mortgage papers.

As the Internet has matured over the last few years, the issue of identity hasn’t gone away, however it has changed subtly. It’s now possible to create an anonymous Twitter user, build up a few hundred followers and start a malicious rumour. This is why I find it hard to digest newspapers who reference Twitter for their news content.

It is quite secure for consumers to run a Google search for a product, land on a site they’ve never seen before, and hand over their credit card details. The main reason for this security is that your card issuer (bank) will provide a level of reimbursement if the website fail to deliver the goods.

However we are soon going to find that it’s necessary for end users, the consumers, to have a valid identity.

We’ve read how some of the people accused in the British riots have been banned from using their Facebook account (which is ridiculous because they probably phoned someone as well, yet their mobile isn’t being revoked, but I digress). There is nothing to stop that person from creating a new Facebook account straight away. In fact, Facebook’s friend suggestion tool is so accurate that it will help recreate all that user’s friends as well.

In order for the Internet to truly grow up and allow us to vote online and perform all the duties we’ve previously done in the Post Office, we need to sort out digital identities. Digital identities in the UK have always been seen in a negative light, despite the irrational xenophobic fear whipped up by some of our national newspapers. However we’re going to need to jump over this fear if we can issue these digital identities.

These digital identities will be used to sign into most websites and will work across mobile, web, TV and anything else that springs up.

In order to apply for a digital identity, financial services organisations will require stringent checks – just like a passport, but probably with someone physically checking the photos and documents face to face. This is why Facebook Connect isn’t the right platform for an Internet-wide ID platform.

The Internet is truly global, and the identities will need to work globally too. They will probably be government run, although it’s feasible for some of the larger financial services companies to run them.

Like so many technology vendors, Sonera was doing the right thing, just at the wrong time – about 15 years too early.

Voice mail hacking vs website security


Whilst I think the actions of the journalists at News of the World (and perhaps other ‘press’ organisations) have been totally guilty of their conduct, I find it interesting how the phone companies have managed to get away relatively unscathed.

When a website user database is hacked, the press consider the lack of security of the website to be the guilty party. In the voicemail scenario, I’ve hardly seen any commentary around the mobile phone operators.

There are two main ways of hacking voicemails:

  1. The first method is to use the remote dial in number to access voicemails, enter the phone number of the person you’re trying to gain access to, and guess the PIN code. The PIN is usually 4 digits, and companies simply ‘brute force’ their way into mailboxes. Brute force is simply a case of guessing 0000, then 0001 and so on.
  2. The second method is to clone a user’s phone number using a proxy-style service. It’s very simple – you dial a phone number (the proxy) and you’ll hear a message asking what number you want your phone number to appear to be to the person you’re about to call. You stay on the call and then enter the phone number you want to call, and the recipient sees the ‘new’ phone number you entered earlier. A number of offshoring cold call sales companies use this type of service to make it look like they are calling you from the UK. Voicemail hackers phone a proxy, enter the phone number of the person they are trying to hack, and the mobile phone voicemail thinks the incoming call is from that victim’s number (and there’s no need to enter a PIN number).

Neither of these methods are particularly elaborate. A simple Google search provides a long list of companies who offer the proxy service (although to be fair all the ones I went to said they didn’t allow the service to be run for UK phone numbers).

In my opinion, the phone companies should do the following:

  1. Every time the remote voicemail is accessed a text message should be sent to the phone number. At the very least, each unsuccessful PIN number attempt should send a text message to the mobile warning of the attempt.
  2. If the wrong PIN number is entered more than say, four times, the voicemail should be “locked”.
  3. Phone companies should be able to work out if a phone number has been cloaked (run through the proxy) more accurately.

Why Internet scams are becoming harder to detect

Internet scams are becoming more and more elaborate and easier to fall for, according to the Howard household. Here are two scams that we’ve experienced in the last couple of months:

Trial products

Mrs H signed up for a trial product which arrived quickly and was good value at £29.95. The next month we noticed a number of significant transactions on our credit card (we always use the credit card for Internet purchases so that we can appeal to the credit card company, rather than having to claim back money into our own debit account).

We called the company we’d bought the trial from, and they asked us to look at the terms and conditions of the trial.

How often do you check the terms and conditions on ecommerce sites? How often do you even click through to the terms and conditions page?

On this site, number one term was “the cost of the product will be £200 from the second month”.

The second term was that we would be automatically registered and charged for other products.

Luckily, the person on the phone was extremely rude and ended up putting the phone down on us. I called the credit card company who, as soon as I said I think we’ve fallen for a scam, they said “Is it xxxxxxx company, because we’ve had a number of complaints about them, however they are adamant they are not hiding anything, it’s all in the terms and conditions. It’s morally wrong, but not illegal.”

I then wrote an email to the company and focussed on the rude phone support rather than the product, and they agreed to refund the additional items and the second month’s “full” cost.

The trust had already been broken and I asked the credit card company to reinssue our cards with new numbers, so there was no way we could be charged at a later point.

A few key lessons from this:

  1. Read the terms and conditions. Even if it’s a quick glance, it’s important to read them.
  2. Always use a credit card and not your debit card for Internet purchases.
  3. If you regularly buy from Internet sites, I think it’s worth changing your card number from time to time (even if it’s every couple of years).


We haven’t had a virus on our home PC for several years. I make sure our anti-virus software is regularly up to date and configured correctly. The kids also have parental controls on their accounts, which prevents them going to many sites.

This morning Mrs H woke me up and called me over the computer to show me the screenshot below:


At first glance, I looked at it and agreed that it looked like we had a virus. I paused, and thought “Why is this screen inside Internet Explorer?” and then I realised it was just an elaborate web page.

Mrs H had been looking for a photo to use on a birthday card (she’d searched on Google Images) and when she clicked on a site, this came up.

I’ve seen a number of virus warning ads and websites over the years, but this one was the most accurate-looking of them all.

A few key lessons if you see a virus warning:

  1. Take a screenshot (just press the Print Screen button, and email it to yourself in Gmail/ Hotmail). You might need this evidence later.
  2. Close all windows and applications.
  3. Open anti-virus, and run a scan. Only follow instructions from your anti-virus program, nothing else.