Monday, April 24, 2017

Parcel Robots On Trial In London

Hermes, the courier company, is to operate a trial scheme of autonomous, parcel collection robots on the streets of Southwark in London.

Collection Nearby Using Secure Compartment

Each of the six-wheeled robots will collect a parcel of up to a maximum 10kg in weight from an address within a two-mile radius of the control centre, and will be allocated a 30 minute time slot to complete the collection in. The robots are able to negotiate urban paved areas at speeds of up to 4mph.

Secure Compartment

The robots each have a secure compartment that the parcel is stored in during the journey, and the parcel’s recipient at the other end can open the compartment by entering an access code that has been texted to their smart-phone.

Starship Robots Just The Beginning

The robots being used in the trial have been developed by Starship Technologies, who are the same company that supplied robots for a similar pilot scheme (only for Domino's Pizza deliveries instead of parcel collections) in the city of Hamburg in Germany earlier this year.

Starship Technologies was launched in 2014 by Skype co-founders Ahti Heinla and Janus. The company is one of several new ‘professional service robotics’ companies, along with Marble and Boston Dynamics.

International Federation for Robotics (IFR) forecasts estimate that between 2016 and 2019, logistics businesses will have started using at least 175,000 robots to provide their services. This is a very big number and a bold forecast, particularly when you consider that UPS’s entire global fleet of trucks numbers 100,000.

What Are They Like?

The wheeled, ground-based robots taking part in the London trial are relatively small at only 55cm (22in) tall and 70cm (28in) long. They weigh 18kg (40lb).

Hazardous?

Although Hermes and Starship plan to keep each robot under close supervision by human operators using on-board cameras, the relatively small size of the robots, and the fact that they are unfamiliar and unexpected have prompted some people to point out the hazard that they could cause to pedestrians and road users.

If more companies opt for robot delivery and collection units and if (as Starship have reportedly said) that one operator could in future control up to 100 robots (to increase cost effectiveness), the pavements could become very busy with potential trip-hazards.

What Does This Mean For Your Business?

If your business operates regular deliveries and collections of small but relatively high-value products / items over short distances e.g. 2 miles, autonomous robots may (if the price was right) sound like a possible innovative logistics solution for the not-too-distant future. If, as the predictions state, there is wide-scale adoption of these robots by businesses and operators are able to safely control multiple robots, the cost of the technology, hardware and labour may fall over time to the point where they are a cost effective, relatively safe and environmentally friendly option.

Scammers Burgling Airbnb Users. Again.

Scammers have used the stolen account details of Airbnb users to target properties for burglaries.

What Is Airbnb?

Airbnb is an online marketplace that allows people to rent out their properties or spare rooms. Hosts can register on the site, set a price per night for their accommodation (which is typically lower than a hotel price), upload pictures of what’s on offer, and set house rules. Potential guests go to the Airbnb website, select their travel dates, and then pick from a list of options. Guests and hosts write reviews about each other.

Airbnb guests can verify their profiles by submitting identification (such as passport details) to Airbnb and 'good' guests with good ratings and reviews are preferred by property owners.

The Scam

The recent four-stage criminal process has meant that scammers have:
  1. Obtained the stolen account details of verified Airbnb customers who have good reviews. These account details are believed to have been obtained in the first place via password dumps from previous hacks as well as from online scams such as phishing and malware attacks.
  2. Accessed the customer accounts using the stolen details and changed some of the key personal details, such as the name, location and photograph.
  3. Targeted properties and made bookings using the altered accounts.
  4. Burgled the targeted properties.
Not The First Time

This is not the first time that Airbnb properties have been targeted by burglars. Last summer in the US, thieves were booking Airbnb properties and then cancelling the booking last-minute as soon as the property’s security codes (garage codes, key codes, alarm codes) had been given to them. The properties were then immediately burgled.

New Security Measures

In the light of the recent scams, Airbnb have announced that they introducing new measures to improve their scam detection and prevention methods. These improved security measures include sending text warnings if profiles are altered and requiring potential guests to use two-factor authentication when logging in to Airbnb on a device that has not previously been used to access their account. It has been reported that those property owners whose properties have been burgled as a result of the scam will be reimbursed by Airbnb, which offers hosts a $1 million insurance policy.

What Does This Mean For Your Business?

This story illustrates how vulnerable single stage, simple password verification systems are to attack, even if some form of ID verification has been carried out in the past. Businesses who collect, store, and use the personal data of customers (e.g. for booking / ordering) firstly need to make sure that the data is securely protected. Secondly, multi-stage / two-stage verification processes with each login should be used in place of simple password logins. Some organisations are now using biometric systems to make account access even more secure.

No More Vodfone Roaming Fees In Most of Europe

Vodafone have announced that they will be scrapping roaming fees for their new customers in most European countries.

What Are Roaming Fees?

Roaming fees / charges are the fees in addition to the usual phone plan charges that smart-phone users have to pay when they use an overseas network to get online while travelling abroad. These charges, enabled via international agreements between mobile operators (typically at higher rates than in the UK) and apply the moment that your phone is detected by the overseas network.

Calls and texts made / sent from your mobile while abroad are also typically more expensive. You can also be charged extra to receive a call or pick up a voicemail message while overseas and, if you pick up voicemail while your phone is registered overseas, you can be charged an overseas rate for the message being left, in addition to being charged to pick the message up.

What’s The Vodafone Deal?

The Roam Free deal from Vodafone, which applies only to new customers or those upgrading an existing pay monthly contract, means that roaming charges (for calls, texts and data) will be ditched for using your mobile abroad in 40 countries from 15th June this year.

The 40 countries are mainly European, and the list also includes some non-EU states e.g. Norway, Iceland and Turkey. The full list of countries can be found here: http://www.vodafone.co.uk/cs/groups/public/documents/webcontent/vfcon079682.pdf

Further Afield?

Roam Further means that Vodafone customers can use their monthly allowance in 60 countries outside the EU for an additional £5 per day and Vodafone will also be giving its customers access to 4G in 117 destinations worldwide. Existing Vodafone customers will have to pay £3 a day to use their phone in the EU or £5 a day to use it outside Europe.

EU Roaming Charges Dropped From June Anyway

The Vodafone deal sounds a little less special however when you consider that roaming charges will be dropped by mobile networks across Europe anyway from 15th June anyway (the same date as the offer to Vodafone’s new customers). This is as a result of a deal between networks whereby they will be cutting the roaming rates that they charge each other. As from 15th June, networks will pay each other 3.2 cents per minute for calls, 1 cent per text message and €7.70 per minute for data, which will drop in price again to €2.50 by 2021.

One good thing about the Vodafone deal (which essentially appears to be designed just to attract new customers and to encourage upgrades)  is that it may offer protection against phone charges rising again for UK customers when Britain leaves the EU (Brexit).

Many technical and communications commentators believe that mobile networks are likely to raise the base prices for their contacts from June to help make up for the lost revenue of no more roaming charges.

What Does This Mean For Your Business?

The dropping of roaming charges from the 15th June will, of course, mean a welcome cost-cut and one less worry for business phone users who need to travel to European destinations. The Vodafone deal may be good news for business customers looking to switch to a network that offers some insulation against the extra costs of Brexit.

Virgin Now Making Customer Hubs Into ‘Wi-Fi Hotspots’

After a successful trial last year (and following BT’s lead) Virgin Media is boosting its public Wi-Fi network by making customers’ SuperHub routers double as public Wi-Fi hotspots.

What Is A Wi-Fi Hotspot?

A Wi-Fi Hotspot is a location where wireless access to a network and / or the internet can be gained (via a wireless local area network / WLAN and a router) for mobile devices e.g. laptops, notebooks, and smart-phones. These hotspots are usually in public locations and usually work up to 30 feet or so from the router.

Up To The Customer To Opt Out

Virgin Media’s customers’ SuperHub v3s are automatically being converted to act as Wi-Fi hotspot beacons for the public network, in addition to their current primary job of providing a Wi-Fi connection for the customer.

The ‘public’ who will be able to access the network via the new hotspots will only be current, paying subscribers of Virgin’s TV, broadband or mobile phone services.

Virgin Media’s customers, whose SuperHubs are being used as hotspots, are currently being informed about the change via email, and have the choice to opt out of the scheme if they wish.

Virgin Media customers can start using the hotspots by downloading the Virgin Media Wi-Fi app for iOS and Android.

Why Create Hotspots?

Virgin Media needs to expand its public network and this is an ideal way to achieve it without having to invest heavily in new infrastructure.

A similar scheme worked for BT Wi-Fi. ‘FON’ used customer hubs as Wi-Fi hotspots to expand the public network and enable other BT customers to take advantage of it, free of charge. FON however, also allowed non-BT customers to use the Wi-Fi hotspots for a charge.

Customer Connection and Security Concerns

Virgin Media have stated that the new scheme will not adversely affect customers’ own broadband connections because these have their own separate connection on the Hub, and their own additional, separate bandwidth.

Customer concerns that the hotspots could represent a personal data security risk have also been addressed by Virgin Media, who have pointed out that data from the home network is completely separate and secure from Virgin Media Wi-Fi traffic, and Virgin Media Wi-Fi users and Virgin Media Broadband users (from the same Hub) will not be able to see or access anything of each other’s connections, activities or data.

What Does This Mean For Your Business?

If you are a business that uses Virgin Media as a broadband provider through a SuperHub, you may find it helpful that you will now soon have a Wi-Fi hotspot that your other devices can use.

You may decide however, that you are not comfortable with being automatically opted-in to allowing your business Hub to be retrospectively changed into part of a network that could be used by people not connected to your business. You may also, despite re-assurances, have your own concerns and reservations about the fact that your confidential customer and employee data is technically joined to the same box as a public network. You even may wish to seek your own reassurances or choose to opt-out.

Your Ad Blocker Be Helping Advertisers To Target You

A French study has shown that even though your ad blocker may be stopping unwanted adverts, it could also be identifying you to advertisers, thus making you more likely to be targeted in future!

The Study

A recent online study by French researchers Inrialpes, which builds upon previous EFF research from 2010, has shown that the Browser Extensions (including ad blocker extensions) you have, and “Login-Leak” i.e. details of the (social media) websites that you have logged-in to as identified by your browser, can mean that advertisers can piece together the information to identify you. This could mean that even though (and partly because) you have an ad blocker (extension) in place to protect you from unwanted adverts and slow page downloads, you can be easily and accurately identified by advertisers, which could lead to targeting by them.

How?

The research identified how several elements can be combined to create a clear, unique, identifiable online fingerprint of you to advertisers, even if you clear your cache or take other privacy-protecting measures. The suppliers of these elements were found to include:
  • Third party cookies that track you and can be identified when you arrive at other sites where the same advertiser’s cookies have been placed.
  • Information about your browser’s configuration e.g. version, language, timezone.
  • Data given via an estimated 13,000+ browser extensions. This could include ad blocker extensions. This data can be obtained by exploiting websites that can access browser extension resources.
  • Information gained about what kinds of plug-ins you are using.
  • Information gained using re-direction URL hijacking about websites that you are logged into e.g. social networks like Facebook, Instagram and Twitter, plus other websites such as Amazon, Gmail and Airbnb.
  • Information gained via the Content-Security-Policy (a security feature that limits what the browser can load for a website).

This kind of information and the web user identity profiles that it helps to create have a value to advertisers, and to those selling advertising space.

What Does This Mean For Your Business?

Business time, resources, and security are important and there are steps that you can take to preserve these by making yourself less likely to be identified via the methods described. Technical commentators suggest that you can use Mozilla’s Firefox browser because it is less “leaky”, make sure that you log out of your social networks and other websites e.g. Amazon when you’re not using them, and use "private browsing" / "browsing in incognito" mode.

Clever Drawing App from Google With "Auto-Correct"

Google has launched Auto Draw, an innovative AI ‘auto correct’ art app that uses predictive and shape recognition technology to help improve and complete drawings with a professional artistic flair.

Improves Your Doodles

Using the same technology as its earlier ‘Quick Draw’ experiment which employed AI to guess what a person was drawing, the new AI ‘Auto Draw’ online app allows you to create a doodle which is then improved upon by the app. You can then choose to replace your doodle with the app’s improved version. You can also choose to use your own version of the drawing, choose to use drawings submitted by other artists or even submit your own drawings to Auto Draw.

How To Use It

Auto Draw is a free online app that can be found at https://www.autodraw.com/. It can be used anywhere on any device - Chromebook, PC, desktop or phone.

Once at the website, click on the Auto Draw pen tool and draw your doodle / shape. Suggestions (better pictures) of what your shape is will then be displayed above the picture. Clicking on one will mean that your shape / doodle is replaced with the improved version. The size and colour of the shape can be changed, and text (with 15 different font style choices) can be added.

This new version of your image / annotated image can then be downloaded as a .png file or can be directly shared on Facebook, Twitter, and Google+ (because it’s a Google app).

AI Trained

Google’s Auto Draw uses Google’s neural network to power the predictive aspect of the app. Auto Draw’s AI learning was partly achieved by asking multiple web users to draw an object in under twenty seconds. The more people that drew shapes with the online app, the better the AI system got at interpreting what that drawing was and at suggesting (improved) relevant versions of it.

Poker Example

A recent high-profile example of how significant AI learning can be achieved was the Lengpudashi Poker program that learned how to play Poker and to bluff successfully to the point where it defeated 4 of the world’s leading human Poker masters. The program honed its skills by incorporating the lessons learned from playing 360,000 hands over a five-day period.

What Does This Mean For Your Business?

At the very least, Auto Draw is another free drawing app that your business can use for all kinds of digital needs e.g. websites and multiple document types. However, Auto Draw also offers you a fast way to produce high quality, tidy, basic sketches / doodles that can be used / shared by your business to help communicate plans and ideas e.g. as part of business projects and communications. It means that individual artistic ability or ability to use image programs like Photoshop needn’t be a barrier for anyone who needs to produce presentable doodles / sketches. The AI aspect of the app means that is likely to get even faster and better the more that it is used.

Monday, April 17, 2017

Robot Wins Poker Competition

In only the second triumph of its kind, an AI program has beaten expert human competitors to the prize money in a series of exhibition poker matches.

Team Dragon Vs AI Program

In a series of poker matches totalling 360,000 hands and hosted in Hainan island (China) over a five-day period, a group of engineers, computer scientists and investors called "Team Dragon" played an AI program for prize money.

Team Dragon, led by a venture capitalist and World Series of Poker veteran Alan Du, ended up being convincingly beaten out of the prize money of £230,000 by an AI program called Lengpudashi.

Winning Pedigree

The Lengpudashi program (the name means ‘cold poker master’), housed in a supercomputing centre near Carnegie Mellon University in Pittsburgh, is an updated version of the AI program called Libratus. That program famously won more than $1.5m (£1.2m) worth of chips when it defeated 4 human poker experts at the Rivers Casino in Pittsburgh in a 20-day tournament back in January.

The AI systems were developed by Tuomas Sandholm, a computer science professor at Carnegie Mellon University in the US and PhD student Noam Brown.

How Did It Win?

The AI program used algorithms based on the rules of the game and its ability to learn from each hand to develop winning strategies.

Learned to Bluff

One of the most exciting aspects of Lengpudashi’s victory is that poker is an “imperfect information game” i.e. unlike chess, all the pieces of the game are not visible. In order to win, the computer program not only has to learn complex strategies but must also learn how to bluff when it has a weak hand (in order to increase winnings). Up until now, this was an element of sophistication that people had thought computers could not learn.

One of the main reasons why AI programs are entered into these kinds of challenges is to hone their strategic decision-making and increase their abilities.

What About The Prize Money?

The AI program may know how to accumulate money but its intelligence has not yet extended to knowing how to spend it. The prize money from the program’s win is therefore going to be invested in a firm called Strategic Machine, a firm founded by Tuomas Sandholm and Noam Brown.

What Does This Mean For Your Business?

The fact that AI algorithms and program have now been developed that can use information and output a strategy in a range of scenarios means that they could have wider uses in the business world e.g. in negotiations, finance, medical treatment and cyber security.

This story also illustrates how important the investment has been in big data analysis for increasing the speed of development of AI, which in turn could benefit many businesses in the future.

The fact that the computing power on display over the poker competition could be had for under $20,000, also illustrates how affordable AI is becoming for businesses.

Your PIN Numbers Can Be Guessed When You Tilt Your Phone

Researchers from Newcastle University have discovered that how you tilt your smart-phone when you type in your secret PINs and passwords could increase the likelihood of them been obtained by hackers due to mobile browsers and phone sensor vulnerabilities.

Accessing Your Smartphone’s ‘Silent’ Sensors

The team from the university's School of Computing Science believe that the many (typically 25+) silent sensors such as gyroscopes, rotation sensors, and accelerometers that are included in today’s smart-phones, tablets and wearables could provide a way for criminals to use malware-loaded web pages (viewed through your mobile browser) to spy on what we type in.

The fact that the sensors in one device are made by many different companies is also thought to increase the risk of being spied upon.

Mobile Browser Flaw Means No Permission Needed

The researchers found that a security deficiency in all major mobile browsers (including Safari, Chrome, Opera and Firefox) means that embedded JavaScript code in a web page is able to access the motion and orientation sensors on a mobile phone without requiring any user permission.

Tilting Danger

One very interesting aspect of the research is that it was possible to work out which part of a web page that a smart-phone user is clicking on, and what they are typing in by the way that their smart-phone is tilted at the time.

The researchers (who were able to obtain 4-digt Android pins with 70% accuracy on the first guess and 100% on the 5th) have said that this was made possible using a known web page loaded with spyware program, coupled with each person’s unique way of holding (and tilting) a smart phone. This unique, personal phone holding / tapping pattern could be obtained from the sensor information in the phone.

Sounds A Bit Complicated

It has been reported that the vulnerability identified by the researchers is something that phone manufacturers are aware of, but have not yet figured out how to fix (or deemed the risk pressing enough to commit significant resources to).

What Does This Mean For Your Business?

Even though the particular risk identified in this research appears to be one of the less obvious ones, and one for which there is no fix / patch as yet, taking general security precautions with your business mobile devices is important anyway. For example, keep security software current, delete the apps you no longer use, use strong passwords, use security and privacy settings on websites and apps, disable WiFi and Bluetooth when not in use, beware of fraudulent text messages / calls / voicemails, and be careful about what personal information you store on the device or give out  through apps and websites.

Microsoft Word Hack - Patch Available

Microsoft has moved to patch a vulnerability in its ‘Word’ program in order to stop hackers and scammers from exploiting it to spread bank account snooping malware.

What’s Been Happening?

Emails containing Microsoft RTF [Rich Text Format] attachments, loaded with the trojan malware associated with a £20m British bank account theft 2 years ago, have recently been sent to millions of recipients across numerous organisations (primarily in Australia).

The scam, which was discovered by cyber-security firm Proofpoint, relied upon human error to click on the attachment to trigger the malware, and upon a “zero day” vulnerability (a flaw / unknown exploit) that could allow the malware program to run.

The reports of this incident prompted Microsoft to release a patch to Word which should stop the same thing from happening again.

Arrived By Email

The malware-loaded Microsoft documents were sent to their targets by emails from "<[device]@[recipient's domain]>". The ‘device’ part of the sender’s address was "copier", "documents", "noreply", "no-reply", or "scanner", and the subject line read "Scan Data". The attachments were named "Scan_123456.doc" or "Scan_123456.pdf", where "123456" was replaced with random digits.

What Kind of Vulnerability In Word?

The zero-day vulnerability in Microsoft Word (until the patch) meant that Microsoft RTF [Rich Text Format] Word documents laden with macros i.e. full of small malicious programs (rather than the normal customisable shortcut programs), could load malware onto the computer without users having to enable macros for the exploit to execute.

This means that, after clicking on an infected RTF Word document email attachment, and despite the presentation of a dialog box, the malware would load immediately onto the computer, and would fully exploit the recipient’s computer to achieve its ‘snooping’ aim.

The vulnerability affects Microsoft Office, including the latest Office 2016 edition running on Windows, but it is not clear whether Word for Mac is affected.

What Does The Malware Do?

The malware in this recent incident is reported to have been “Dridex”. This is a notoriously sneaky trojan program that snoops on the recipient's bank account details and logins, and then sends them back to the attackers.

In past incidents, this has resulted in lots of small transaction amounts being taken from a victim’s bank account over time.

The Patch

As of Tuesday 11th April, Microsoft customers who have updates enabled should receive the patch automatically.

What Does This Mean For Your Business?

This is another example of how cyber-criminals are using a combination of social engineering, macros, and other elements to achieve their aims. The fact that this scam requires the human error of clicking on attachments means that businesses can help to protect themselves by educating staff not to open unknown files, and not to download content from untrusted sources.

In this case, as well as recommending that businesses apply the patch as soon as possible (provided that they have release version of Service Pack 2 for Office 2010 installed on the computer ), some security experts are also recommending the complete blocking of RTF documents in Microsoft Word via the File Block Settings in the Microsoft Office Trust Center.

Tougher US Border Checks Could Mean Divulging Passwords

It has been reported that President Trump’s administration may be about to introduce new measures that will require foreign travellers give up their phones / mobile devices and various passwords when entering the US.

Bon Voyage?

The new rules will even apply to those countries that are part of the visa waiver programme i.e. 38 countries including the UK, Ireland, and France. It has been reported that border checks may also require passengers to reveal their social media account passwords, mobile phone contacts, and even financial data in order to legally enter the country.

Where There Is Doubt?

Reports indicate that this kind of information may be required by the Department of Homeland Security where there is doubt about a person’s reason for entering the country.

Could Apply To Anyone But US Citizens

Although US citizens have established rights against being subjected to unlawful searches at the border, the current word from the US Customs and Border Protection agency to all international travellers arriving to the US is to be prepared for an inspection. This could include electronic devices e.g. computers, disks, drives, tapes, mobile phones / other communication devices, cameras, music / media players and any other electronic or digital devices.

Concerns

Human rights and civil liberties groups are reported to be concerned that proposals to gain access to social media accounts, emails, and devices could be a serious, excessive, and unnecessary invasion of privacy that could end up discouraging people from travelling to the US, thus damaging its economy.

Already Possible In The UK

Some commentators have noted that Schedule 7 of the Terrorism Act 2000 means that travellers to the UK can, in theory, already be asked for information such as passwords for electronic devices.

Not A New Idea

Requiring information linked to social media accounts for entry into the US is not a new idea. Back in July 2016, the Federal Register of the U.S. government published a proposed change to travel and entry forms which indicated that the studying of social media accounts of those travelling to the U.S. would be added to the vetting process for entry to the country.

It was suggested that the proposed change would apply to the I-94 travel form, and to the Electronic System for Travel Authorisation (ESTA) visa. The reason(s) given at the time was that the “social identifiers” would be: “used for vetting purposes, as well as applicant contact information.

What Does This Mean For Your Business?

If you are a business traveller to the US, you may now decide to take as few electronic devices as possible with you. You may also wish to make sure that your social media profile, email accounts, and devices don’t contain any material that could cast any doubt upon or create suspicion about your reasons for entering the US. (Or that of your staff)

Too many border rules that appear to be excessive and intrusive, could end up deterring some UK business travellers from making all but the most necessary business trips to the US, which may have an effect on UK / US business relationships.

Taxi Firm Introduces Facial Recognition

A ride-hailing service called Careem (similar to Uber but operating in more than fifty cities in the Middle East and North Africa) is adding facial recognition software to its driver app to help with customer safety.

Is The Actual Driver The Authorized Driver?

The software, produced by ‘Digital Barriers’ will be added to the driver’s Careem smartphone app so that the actual driver of the vehicle can be matched in real-time to the authorised and accredited driver. This is intended to provide re-assurance to (and protect the safety and security of) Careem’s passengers by demonstrating to them that their driver’s credentials are being monitored (in an impressive way).

Helps With Driver Enrolment Too

The introduction of the facial recognition software to the app is also intended to help with Careem’s driver enrolment process.

First Mainstream Commercial Integration

Digital Barriers have stated that the software’s use with the Careem app is their first integration of their facial recognition software into a mainstream commercial application, on a recurring revenue basis.

Uber Also Introducing Facial Recognition

It was reported last month that Uber also plans to introduce facial recognition-based real-time ID checking for its India app, in 5 cities first (including Mumbai and New Delhi), with more to follow. Reports indicate that Uber’s facial recognition software will require drivers to take a selfie before they access the app, or accept a ride. If this doesn’t match-up with Uber’s records, the driver will be suspended while the matter is investigated. This will provide protection to customers as well as protecting drivers and their accounts from fraudsters.

Driverless Pods

As well as being an early adopter of facial recognition software as part of normal business operations, Careem is also reported to be about to team up with NEXT Future Transportation to bring battery-powered, self-driving electric pods to the Middle East and North Africa.

What Does This Mean For Your Business?

This is another example of how the advances in, the lowering costs of, and the superior security benefits (e.g. over passwords) of biometrics mean that biometrics-based services / products are being adopted by more businesses. Other examples of how biometrics are being used by businesses include Samsung’s introduction of an iris scanner to its Note 7 phablet and Barclays Bank’s voice authentication for telephone banking customers.

Possible Russian Involvement in Brexit Vote

A UK lawmaker’s committee report appears to imply that a website (used to register for voting in the EU ‘Brexit’ referendum) may have been caused to crash by a cyber attack carried out by a foreign power.

DDoS Attack?

The Public Administration and Constitutional Affairs Committee (PACAC) indicated that a crash of the vote registering website on June 7th last year, just before the cut-off point (which had to be extended because of the crash), may have been caused by a Distributed Denial of Service (DDoS) cyber attack.

What Is A Distributed Denial of Service (DDoS) Attack?

A Distributed Denial of Service (DDoS) attack is a cyber attack that is intended to make a computer or network unavailable to users. The attack uses a ‘botnet’ of multiple compromised systems (sometimes thousands) that are often infected with a Trojan virus to launch a single attack on one system. The sheer number of requests that the target receives (sometimes called a ‘flood’) typically overload the resources and memory, and render the targeted computer or network unavailable.

Not Ruling It Out

PACAC’s report into the public’s view of the government’s handling of Brexit actually stated that it did not rule out the possibility that the crash was caused by a DDoS attack, and said that it was deeply concerned about allegations of foreign interference.

Commentators have noted that, in the light of reports of the alleged interference in the US election process by Russia, and the mention in the PACAC report of Russia and China’s use a cognitive approach to ‘cyber’, the implication is that the attack on the website may have been state-sponsored by either of those countries.

No Hard Evidence

Despite the implication of Russia and China in the report, no clear evidence has been publicly produced to support this.

Cabinet Office

A Cabinet Office report into the crash at the time is reported to have concluded that the most likely explanation for the outage was that there was a large spike in user numbers just before the referendum voting registration deadline.

What Does This Mean For Your Business?

Business and government websites are constantly at risk of all manner of cyber attacks. Only last week it was reported that a China-based hacking group had been targeting UK business data since 2014, and DDoS attacks are now a very common and low-cost way for cyber criminals from any country to inflict damage on business websites. The best approach for businesses is to make sure that they are well prepared against a wide range of threats. This could include prioritising the issue and making sure that basic cyber security steps are taken at the very least - see https://www.cyberstreetwise.com/cyberessentials/. Now may also be a good time therefore for businesses to seek other professional advice about measures that could be taken to ensure cyber resilience such as cyber security training for staff, health checks, risk assessments / audits, cyber security policies, Business Continuity and Disaster Recovery Plans.

Tuesday, April 11, 2017

Amazon Launches UK Online Trade Counter Called ‘Amazon Business’

Amazon has launched its ‘Amazon Business’ service in the UK. The service, which has been added to the existing website, is essentially a trade counter for UK businesses, where they can buy anything from office supplies and computers to power tools and industrial machinery.

Who & Where?

The new Business marketplace service is targeted squarely at UK businesses and organisations of all kinds, from sole traders to multinationals, to hospitals, and third sector organisations.

Why?

UK companies spend £97 billion a year (just less than the private spending total of £119bn) buying supplies online, and corporate customers account for about two-fifths of online spending. Amazon would clearly prefer companies to spend all that money through the Amazon website, thereby enabling Amazon to expand and diversify, increase its stock price, grow its profits, and get the most leverage out of its brand.

What?

‘Amazon Business’ is a service aimed at catering to the procurement needs of businesses and organisations of all kinds and sizes, offering their buyers and chief procurement officers a competitive, controllable, well-known and trusted alternative supply source.

The Amazon Business service was first launched in the US two years ago, where it signed up 400,000 corporate customers and brought in $1bn in revenues within the first year! The German version, which was launched in December 2016, has already signed up 10,000 independent suppliers for business goods.

100 Million Products

It has been reported that UK companies who sign up to the new service are able to choose from more than a hundred million products!

The products on sale cover a wide range including the usual office supplies, furniture and devices, plus power tools, lab supplies, industrial machinery, and cleaning equipment.

The Benefits

As well as the huge choice, buyers can benefit from:
  1. Discounts offered by suppliers without the inefficiencies of bulk buying.
  2. Maintaining control without burdening employees, through the ability to set limits and approve purchases.
  3. Saved time e.g. less time spent doing pricing research on products, because competitive pricing from independent suppliers who list their products on Amazon can be easily seen on-screen in one place. Also, the actual purchase transactions can be carried out quickly and easily.
What Does This Mean For Your Business?

If you’re an independent supplier of products with a business application, you could benefit from increased sales by getting your product in front of more customers by signing up to Amazon Business. This may, however, require lower pricing.

If you’re a B2B supplier to UK businesses and organisations (and if your products aren’t highly specialised) you could be in for some serious competition from Amazon Business and its signed-up, verified, business supply companies. This in itself may encourage you to sign up as a supplier.

If you’re a business customer, this could simplify many aspects of procurement, save you money and time, pls give you more choice and control.

Property Rental Auction Site Expansion Plans

A US website that allows landlords to set a preferred rent for properties and prospective tenants to then bid against each other for the tenancy is planning a major expansion in the US.

What is Rentberry?

The Rentberry website, which was only launched a year ago, is described as a ‘transparent’ home rental service and price negotiation platform. It focuses on long-term rental properties, which, up until now, have been based in some major cities.

For Tenants

For tenants it automates the normal US rental tasks such as submitting personal information, credit reports and custom offers (offers for less than the rental price), e-signing rental agreements and online rental payments. The fact that tenants can see the highest bids and the number of people who applied for a particular property means that tenants don’t have to enter into a closed or partially closed bidding system. With Rentberry, tenants can also see relevant information about the landlord.

With the Rentberry platform, tenants have the opportunity to perhaps (depending on the bidding) get a deal on the rental figure. The cost for tenants to use the platform is $25 fee, which is paid once the rental agreement has been signed.

For Landlords

The bidding aspect of the Rentberry platform arguably allows less certainty of reaching the preferred rental figure, but it enables landlords to advertise their properties quickly to a large number prospects. The platform also takes the work out of the admin tasks. Crucially though, the platform allows landlords to see the bids, and information about their would-be tenants (including their credit score).

Expansion for Rentberry

After just a year the Rentberry platform has 100,000 properties and more than 50,000 users on the site. This has fuelled the latest plans to expand to offer listings across the whole of the United States.

Growth Drivers

Drivers for the Rentberry platform have been the fact that in the US, more than one-third of households are renters (nearly 110 million people), mortgage rates are up, and there have been millions of foreclosures across the country in recent years.

Criticism

Despite the platform’s popularity and expansion, it has attracted plenty of criticism. The main criticisms are that:
  • The website will favour the most affluent, particularly at a time when rent increases have outpaced incomes in many US cities.
  • The website could help to push rental prices up.
  • Choosing tenants based on data alone may not lead to a successful rental arrangement. There is often no substitute for actually meeting each other.
What Does This Mean For Your Business?

With homes becoming less affordable, particularly for first-time buyers in the UK, with the UK rental market growing, and with more estate agency services going online, there could be an opportunity for this type of model to work in the UK. The fact that Rentberry has worked well and has the experience in the US could also mean that it could expand to other countries, thus becoming a threat to estate agent service providers already in the UK.

Warning: Hacking Group Based in China Targeting UK Business Data

The National Cyber Security Centre and cyber units at PwC and BAE Systems have warned UK businesses about a hacking group, operating inside China, targeting UK-based B2B IT outsourcing companies with a view to reaching their customers.

Identified Through Collaboration

It is believed that it was the collaboration between the NCSC (the cyber branch of GCHQ), PwC and BAE systems that was the key to uncovering the criminal gang, which is now known to have been active (albeit at a lower level) since 2014.

The gang’s campaign (known as “APT10”) was ramped-up in 2016 and the increased activity may also have been a contributing factor in the gang appearing on the NCSC’s radar. Some security commentators have suggested that these attacks represent sustained global cyber espionage on a spectacular scale.

Location

Two of the main giveaways to the likely geographical location of the hacking group were a pattern of work that was in line with China Standard Time (UTC+8), and the fact that the nature of the targets was consistent with what are understood to be current Chinese interests.

Two crucial facts that have not yet been uncovered are the actual identities of the individual gang members and backers, or exactly how the group choose their next targets.

Which Companies Have Been Targeted?

The combined security and business operation to unmask the hacking group has been codenamed “Cloud Hopper”. So far, it has discovered that organisations and companies in 14 countries including the UK, other European countries and Japan have been targeted.

Attacks in Japan have been on commercial firms and public bodies. Particular interest has been paid by the hacking group to technology service firms / outsourced IT companies and it is thought that APT10 plans to use them as a proxy for other attacks e.g. on their business customers.

Known victims of the cyber attacks are reported to have been informed but the full extent of the gang’s hacking activities is not yet known.

How Do They Operate?

The APT10 campaign has used phishing emails loaded with custom-made malware. These have been sent to staff in IT services firms in the first stage of an attack. After gaining access to company systems, the attackers have sought out intellectual property and other sensitive data.

The gang of hackers are reported to have used a large network of websites and domains as hubs for their attacks and as conduits for the stolen data.

What Does This Mean For Your Business?

Although the report about the full extent of the ATP10 campaign is yet to be released, companies are urged to take a proactive approach into checking whether their systems have been targeted. Now may be a good time for businesses to seek professional advice about measures that could be taken to ensure cyber resilience such as cyber security training for staff, health checks, risk assessments / audits, cyber security policies, Business Continuity and Disaster Recovery Plans.

As well as the schemes such as the national filter for spam and malware, businesses in the UK could benefit from a boosted National Crime Agency, money for cyber security start-ups as well as the increased cyber security expertise and knowledge and other potential spin-offs from the government’s much-needed investment in this critical area.

The introduction of the EU’s new GDPR data security rules in the UK in 2018 means that an investment in cyber security help for the UK should be very much welcomed by businesses of all kinds.

Businesses Explore More Uses For Blockchain

If you thought that Blockchain, the ‘incorruptible ledger’ technology behind Bitcoin was only of use in the financial sector, think again. Innovative uses for the new technology are now being found across multiple sectors.

What is Blockchain?

Blockchain is an incorruptible peer-to-peer network (a kind of ledger) that allows multiple parties to transfer value in a secure and transparent way. Blockchain’s Co-Founder Nic Carey describes Blockchain as being like “a big spreadsheet in the cloud that anyone can use, but no one can erase or modify”.

The developers of the Blockchain system say that the trust between participants is not necessary because trust is embedded in the system itself, and that access to all relevant information is available to participants.

Uses So Far

Many technical commentators have, so far, focused on Blockchain’s usage as a global property rights / land registration system, as the basis of a non-centralised (and therefore faster) payment system, and as a system for exchanging / buying / selling all kinds of collateral such as stocks, bonds, land titles and more.
It has always be
en thought however that Blockchain had multiple other possible uses and it has been the ingenuity and inventiveness of business-people seeking new solutions to business challenges who have found a number of new applications for the technology.

In Dubai

Word about the potential value of Blockchain is now getting around the global community. Back in December, Dubai committed to putting all of its documents on Blockchain in the next few years and founded a public-private initiative called the Global Blockchain Council to foster the development and use of Blockchain technology in and between local government teams, local businesses and international start-ups.

New Uses

Recent, real-world examples of how Blockchain is being used outside of the financial, legal and public sectors include:
  • Using the data on a Blockchain ledger to record the temperature of sensitive medicines being transported from manufacturer to hospital in hot climates. The ‘incorruptible’ aspect of the Blockchain data gives a clear record of care and responsibility along the whole supply chain.
  • Using an IBM-based Blockchain ledger to record data about wine certification, ownership and storage history. This has helped to combat fraud in the industry and has provided provenance and re-assurance to buyers.
  • Shipping Company Maersk using a Blockchain-based system for tracking consignments that addresses visibility and efficiency i.e. digitising a formerly paper-based process that involved multiple interactions.
  • Start-up company ‘Electron’ building a Blockchain-based system for sharing information between those involved in supplying energy which could speed up and simplify the supplier switching process. It may also be used for smart grid processes, such as local load-balancing of supply and demand.
  • Australian start-up Zimrii developing a Blockchain-based service that allows independent musicians to sell downloads to fans, distribute the proceeds between collaborators, and allow interaction with managers.
What Does This Mean For Your Business?

Blockchain clearly has huge untapped potential for all kinds of businesses and could represent a major opportunity to improve services, and effectively tackle visibility, transparency and efficiency issues. Blockchain has proven itself to be particularly well suited to processes where there are a lot of steps e.g. supply chains, and where there’s a lack of trust in a business that relationship. The significant commitment that countries like Dubai have made to the technology and the success of the crypto-currency Bitcoin (which have used Blockchain) are indicators that this new technology has real value on today’s business world, not just in the future.

Report Exposes Poor Online Retailer Communications

A recent study by retail software company Eptica has found that only 7.5% of retailers respond to customers through web, email, Twitter and Facebook, while only 2.5% of retailers provide consistency in their answers to customers across all four channels.

Omni-channel Customer Expectations High

One of the factors that have amplified the apparently negative findings of the report about retailers is the fact that customer expectations of the level of service and communications in the modern omni-channel environment are so high. For example, the Eptica study showed that in an environment where consumers (particularly younger ones) are used to interacting with retailers online, in-store and by mobile, 69% of consumers said their expectations are rising.

Immediate, High Quality Shopping Experiences Valued

Retail experts agree that consumers demand and value a high-quality experience from retailers, and part of this is the speed and quality of their communications. Real-time communication is highly valued by customers.

Loyalty

The huge choice that the digital retail environment affords customers means that they can be very fickle. Even though brands still build loyalty to their products through multi-channel advertising and promotions, letting customers down through slow and poor communications e.g. when responding digital to queries / questions can quickly destroy customer loyalty. For example, the Eptica study showed that 93% of modern customers are more likely to be loyal to a brand if they receive a good customer experience.

Customisation

One other factor in the marketplace that retailers need to take account of is that customers value (and are coming to expect) customised retail experiences.

Challenges For Retailers

One of the key challenges that the Eptica study has uncovered is that many retailers are struggling to keep up with queries submitted through single channels, let alone being able to communicate through multi-channels, answer queries in real-time, and switch channels during a conversation (which 77% of customers want them to do).

Eptica figures show that companies admit that they can only answer less than half of the customer queries submitted over email, web, Twitter and Facebook, and that the number of queries answered across each channel has fallen year-on-year, with 39% of queries answered on Facebook (20% down), and a drop in answered Tweets from 45% to 44%.
The key reasons why retailers aren’t responding quickly or well enough appear to be a lack of resources, time, and expertise, as well as a lack of understanding of modern digital customer expectations.

Inconsistency

Another factor that the survey has shown to frustrate customers is the inconsistency in the answers to their queries. For example, the Eptic survey showed that 58% of retailers provided consumers with different answers to the same questions depending on the channel customers used to interact with the brand.

Dissatisfaction

According to the survey, all this has of course led to high levels of dissatisfaction among consumers. Only 47% of consumers surveyed said they have been happy with their experience of interacting with a retailer through web, email, social media and chat.

What Does This Mean For Your Business?

Based on the results of this survey, retailers clearly need to understand more about the value of fast, high quality communications in providing good customer experiences and building loyalty. Retailers should, therefore, be giving greater to priority and allocating more time and resources to multi-channel communications as an important part of the selling process. Retailers could therefore consider providing more training to those within the company tasked with answering communication, or buy-in expertise in this area. Care should also be taken to ensure that consistent information is given out across all channels. This may require improvements in the retailer’s own internal communications systems.

Monday, April 03, 2017

UK Launch For Twitter-Backed Small Business Card Payment Service

A new card and contactless payment service called ‘Square’, created by the boss of Twitter and aimed at small businesses, has launched in the UK this week.

Why?

Square has been launched in the UK because 5.4 million small businesses don’t / can’t yet accept card payments, and statistics show that 70% of people now prefer to use their debit / credit card for payments to shops and other businesses.

Started in the US

The ‘Square’ card / contactless payment system launched some time ago in the US, and the UK is a promising market for its expansion.

There has also been a UK trial of Square among a handful of small merchants in London, such as the Piano Bar in Soho.

Twitter Link

The Square system comes from Twitter creator Jack Dorsey, and it was made with the aim of enabling a largely untapped market of small businesses owners to take advantage of the kind of better payment technology that he is able to provide through Twitter's position in the IT world and its resources.

How Does Square Work?

To use Square, businesses need to purchase a Square reader for £39 from Square’s online shop: https://squareup.com/gb. A free P-o-S app download then enables a business to connect the reader to a device e.g. a phone or a tablet, via Bluetooth. Businesses using the Square system do not need to set up a separate processing account, and Square accepts cards, contactless payments and cash.

The costs to business for using Square are the purchase price of the reader plus a 1.75% fee for in-person payments, and a 2.5% fee for other transaction types such as online or phone.

Businesses using Square receive the money the day after the transactions take place, thus getting money relatively quickly into the business cashflow.

Features

Some of the many useful features of the Square system include the ability to manage employee permissions, digital and printed receipts, invoices and recurring payments, sales reporting and analytics + real-time inventory management, refunds, tipping and discounts.

Benefits

Some of the benefits of Square are reported to include minimum costs and hassle to the business (no training required, drag and drop customising, low set-up costs) and convenience for customers.

What Does This Mean For Your Businesses?

If you are one of the millions of SME businesses that does not currently take card payments, Square is an opportunity for you to set up a low-cost, relatively low-hassle and effective system that has the backing and expertise of a tech giant. This could, of course, translate into an increased ability to compete (or even gain competitive advantage), gain / attract more customers, and hopefully increase profits. It also means that there is now another effective competitor in the market, whose offering may put pressure on other providers to review and change their offerings, and may even lead to more 'me-too' card services for small businesses in the near future.

Scammers Exploit Rise In Bitcoin Value

Scammers have been quick to exploit a rise in the value of web-based, crypto-currency Bitcoin by launching bogus online schemes with the lure of false money-making offers.

What Happened to Bitcoin?

At the beginning of March, the value of a unit of Bitcoin exceeded the value of an ounce of gold for the first time. The markets recorded the value of a unit of Bitcoin at $1,268, compared to a troy ounce of gold at $1,233.

Crime and Bitcoin

The fact that Bitcoin allows payments to be transferred easily, quickly and anonymously (because it is outside of central banks and government control), across borders, continents and time-zones, and that there is no person / body / organisation to complain to if money is taken from a Bitcoin wallet, are factors that are often reported as being attractive to criminal elements of society e.g. money launderers and organised crime gangs. These features have also made Bitcoin a popular means for ransomware distributors to seek payments from their victims.

Recent Scams

The recent rise in Bitcoin’s value and a general lack of knowledge about the currency have made it ideal 'bait' for those looking to make the mythical ‘easy money’. This has led to a number of news scams being operated such as:
  • Scams that take users to phishing sites e.g. using real brand names as cover. These can also install malware on employee computers, which can then lead to the same companies being hit again.
  • Bogus Bitcoin search services.
  • Fake surveys about Bitcoin.
  • Exaggerated and misleading offers about Bitcoin.
  • Bogus old-style pyramid scams, dressed up with Bitcoins.
  • Social media scams.
What Can You Do To Protect Yourself / Your Company?

Firstly, it is important to be aware that Bitcoin scams are highly prevalent now and to inform / educate staff that they need to be vigilant and that a system / procedure needs to be in place to encourage checking and reporting. Companies who already deal with Bitcoins in any capacity will need to be particularly careful as this could be used by scammers as a point of leverage.

Businesses can also make sure that malicious sites are identified and blocked, and that any scams noticed on social media platforms are reported immediately to those platforms.

What Does This Mean For Your Business?

Clearly, extra vigilance is needed at the present time for any Bitcoin-related offers and / or communications, and it is important to make sure that staff members are made aware of this through education. Having good cyber security systems and procedures in place anyway, however, can provide protection from multiple, popular forms of scams, and popular data / cyber security risks. It is important also to make sure that your business has adequate and up-to-date Disaster Recovery and Business Continuity Plans in place should e.g. human error lead to your business falling victim to such a scam.

New Government Cyber Security Unit Encourages Business Co-Operation

After the opening of new National Cyber Security Centre in London in February (to act as part of GCHQ in Cheltenham), businesses are being encouraged to report serious data breaches to the NCSC in confidence.

Confidential

Peter Yapp, the deputy director for the incident management directorate has been reported as telling an audience of journalists in a recent meeting that such confidential disclosures would not be passed on to the ICO, the UK's independent body set up to uphold information rights.

More Outward-Facing

The idea that business CEOs can get a better outcome for the results of a serious data breach by contacting the NCSC first, rather than waiting to be called by them, is part of a new, more open, and outward-facing approach by the UK’s cyber security protection vanguard.

Businesses Encouraged To Visit

The new NCSC building in Victoria in London, opened by the Queen, is a very public part of this new initiative and is a way for GCHQ in Cheltenham to reach out and have an ear-to-the-ground presence in the hub of the UK’s business and financial centre. Business representatives are encouraged to visit to share information about cyber threats and breaches.

Announced Back In October

Back in October 2016, for example, the government announced that as part of its multi-billion pound plans, it would be seeking greater engagement with CEOs and board level executives on cyber security. This was intended to be enabled by making connections with business via the new National Cyber Security Centre (NCSC) in London.

Many Directorates

The NCSC’s CEO will be former GCHQ cyber security head Ciaran Martin, and it is reported that the NCSC will grow to house many vital cyber defence directorates and sub-directorates, including Incident Management and Research.

Now More Diverse Too

At the recent CYBERUK 2017 conference, the NCSC announced that as well as being more outward-facing to business, they will also soon be more diverse. New initiatives will mean that as well as having a one-third female workforce, the NCSC will work with the private sector to provide first-job placements for female graduates in science, technology, engineering and maths (STEM).

What Does This Mean For Your Business?

Up until now, businesses have faced the prospect of attempting to protect their data as best they could with the threat of instant reputational damage, loss of customers and the threat of huge fines if any breaches were known about. Some businesses are therefore likely to have buried or delayed data breach announcements as long as possible. The opportunity of a more open, less threatening option should the worst happen has to be good news, and only by really working together, without fear, and sharing information can the UK gain better protection for its businesses and other institutions from the constantly evolving menace of cyber attacks.

One Third of Jobs At Risk From Automation

A new report by PwC claims that over 30% of UK jobs could be lost to automation by the year 2030.

Robot Replacements

Advances in AI, robotics, and technology could mean that many jobs that need humans today may be carried out by robots in the next 15 years.

Which Jobs?

According to the report, 44% jobs in manufacturing (where there are already many robots e.g. car manufacturing), especially those involving manual work, look likely to go to AI led software or robots.

Transportation jobs are also in the high-risk category for robot replacements, and according to the report, 56% of jobs could be lost to autonomous vehicles.

Jobs in the UK’s largest sectors, wholesale retail jobs, also look vulnerable to automation.

For some jobs which are highly varied, require specific human interaction, where people are required to have high levels of education, and where automation may be less acceptable e.g. education, less than 10% of jobs likely to be at risk to robots.

Worse In Other Countries

Both the US and Germany, however, are countries that have even higher forecasts of between 35% and 40% of jobs likely to be lost to automated alternatives in the next decade and a half.

Share The Gains

Technical commentators have noted that, even though some types of jobs and industries may be more at risk than others, the situation could be improved for all by making sure that the benefits of automation are shared across society.

Employment commentators have made the point that one factor that may be making the figures in the report look more menacing than they should is the fact that current UK employment levels (75%) are at their highest since modern records began in 1971.

What Does This Mean For Your Business?

Most businesses are likely to be affected by some aspect of automation e.g. software or mechanical, in the near future, either themselves of through suppliers and stakeholders. There is an inevitability that AI and robotics will alter what jobs look like in the future, but it is also important to remember that they could provide huge advantages and opportunities for businesses. Workers can try to insulate themselves from the worst effects of automation by seeking more education / lifelong learning, and by trying to remain positive towards and adapting to changes. How much automation and what kind of automation individual businesses adopt will, of course, depend upon a cost / benefit analysis compared to human workers, and whether automation is appropriate and is acceptable to their customers.

Laptop Bans on Aircraft


The UK and US governments have introduced a ban on taking laptops and tablets on planes as cabin baggage on flights from selected Middle East and North African Countries.

Which Countries?

For the UK, the ban covers all flights from 6 countries: Egypt, Turkey, Jordan, Saudi Arabia, Tunisia and Lebanon. This means that 14 airlines, including British Airways and Easyjet, will be affected by the ban.

For the US, the ban covers all flights from 8 countries: Turkey, Morocco, Jordan, Egypt, the United Arab Emirates, Qatar, Saudi Arabia and Kuwait. This will affect 9 airlines that, between them, operate around 50 flights to the US per day. Among the airports affected by the US ban is the world's busiest international airport, Dubai International.

Why?

The ban is being introduced as a security measure to prevent terrorists from targeting commercial aviation using innovative means, such as hiding explosives inside popular electronic devices.

As far as the US is concerned, the timing for (and the nature of) the ban is based upon was has been referred to as “evaluated intelligence”. Although this is unlikely to mean specific threats, the ban enables the two governments to provide a clear, very public, and re-assuring move to protect citizens from more obvious potential risks, and a counter to terrorist propaganda.
Examples of commercial aviation attacks that have been widely reported in support of the ban include the downing of a Russian airliner Sinai in 2015 killing all 224 people, the attempt at downing an airliner in Somalia in 2016, and the attacks on Brussels and Istanbul airports.

Why A Cabin Luggage Ban?

Many have argued that it would make little difference whether an automatic explosive device was in the hold or in the cabin area. The logic of banning potential concealed explosive devices from the cabin appears to be to separate the ‘bomber from the bomb’ e.g. in the case of manually operated devices, and to prevent explosions near the fuselage. Explosions in the cabin area are believed to be more likely to breach the fuselage, and cause the kind of massive de-pressurisation that brings down aircraft.

Which Devices Are Banned?

For example, for US-bound passengers, the non-exhaustive list of devices includes laptops and tablets, cameras and portable DVD players, e-reading devices, electronic game units larger than a smartphone, travel printers and scanners. The UK banned list is similar and will essentially apply to almost any electronic device that is not a phone.

What Does This Mean For Your Business?

For airline businesses, the ban could hit profits by affecting passenger numbers, could increase baggage scanning and security costs, and could negatively affect customer satisfaction levels. For business travellers, the ban could mean lost time where work could be done e.g. on the laptop during flights. The ban could also mean the hassle of having to find other means of entertainment on long flights, and perhaps having to suffer more distractions from other passengers who cannot use their electronic devices e.g. children. The ban could also mean greater disruption (particularly in the early stages of the ban) as a result of increased waiting times at security. Some commentators have also pointed out that there is the potential for electronic devices stored in the baggage hold to be damaged or lost, and this could have insurance implications.

Home Secretary Calls For Government Access To WhatsApp Messages

The discovery that last week’s London terror attacker Khalid Masood used WhatsApp’s encrypted message service minutes before the killings have led for calls, not least by Home Secretary Amber Rudd, to give the government access to the un-encrypted content of messages on the platform.

Unacceptable?

In a weekend TV interview, Home Secretary Rudd described the current situation whereby terrorists can secretly talk to each other on a formal social media messaging platform as ‘unacceptable’. Home Secretary Rudd and the government’s frustration have meant that a meeting has been set for this week with Facebook and other technology companies to try and broker a work-around.

Shift From End-To-End Encryption

The government’s likely position at the meeting will be to seek a shift by social media platforms e.g. Facebook, WhatsApp and Apple's iMessage, away from the complete end-to-end encryption model that denies everyone (including government’s) access to message content, towards allowing specific unscrambled messages to be handed to the government on warranted request.

Issues & Objections

The government’s wish to have greater access on request and surveillance powers have, however, been met with several counter-arguments and objections from technical and security commentators, tech companies, and even a former Ministry of Defence's cyber-security chief. The arguments and objections against granting the government yet more powers include:
  • There is already a wide-ranging Investigatory Powers Act (“Snooper’s Charter”) in place. As well as potentially enabling secret backdoors to be created in apps and thereby undermining public trust in their software, the Act is regarded by many as granting enough powers for now.
  • Doubts exist as to whether the WhatsApp activity by the London terror-attacker were even related to the atrocity anyway.
  • If encryption was banned or weaknesses / backdoors were built-in to popular platforms, determined criminals would simply obtain encryption products from other sources.
  • Banning encryption e.g. as a knee-jerk reaction to specific attacks and / or to gain access to communications of a few people could pose much wide security risks to all of us. For example, we could all face greater privacy and security risks from authoritarian governments, foreign spies, hackers and other criminals.
What Does This Mean For Your Business?

Security and privacy is important in business communications, whether by phone app, social platform, or by email system. Businesses could argue that a more immediate and more likely risk comes from cyber criminals, many of whom have already shown themselves to be capable of exploiting situations where there are back-doors in software / platforms / systems, or where there is a lack of adequate encryption. Relaxing security protection for all for the sake of a few may, therefore, may not be a response that will benefit businesses right now. The debate, however, looks likely to continue for some time.