Apple Watch Goes All-In With Health and Fitness Focus

By John P. Mello Jr.

Sep 18, 2018 5:00 AM PT

Apple aimed to stretch its lead in the smartwatch market when it introduced its Apple Watch Series 4 last week.

The redesigned and re-engineered line features a bigger display, thinner and smaller case, an interface with richer detail, and some innovative health applications enabled by new sensor, accelerometer and gyroscope hardware.

“Between watchOS 5 and what they revealed to us last week, there’s a lot of cool things to like about this,” said Ramon T. Llamas, senior research analyst at IDC, a market research company in Framingham, Massachusetts.

“When you add the new features, it creates a significant improvement over previous versions,” noted Ross Rubin, principal analyst at Reticle Research, a consumer technology advisory firm in New York City.

Apple Watch Series 4 basketball lifestyle

More Screen Space

Apple Watch comes in two sizes — 40mm and 44mm. Both have edge-to-edge displays with more real estate than previous models. The screen on the 40mm watch is 35 percent larger than its Series 3 predecessor, while the 44mm is 32 percent larger.

“Let’s face it,” Llamas told TechNewsWorld. “When you look at something this small and anything is 30 percent bigger, that’s a pretty noticeable change.”

The watch interface has been optimized to accommodate the larger screen, allowing for larger icons and fonts.

Apple Watch Series 4

Apple Watch Series 4

The speaker on the Series 4 watches is 50 percent louder and optimized for phone calls, Siri and Walkie-Talkie, which is Apple’s version of push-to-talk.

The watch’s microphone has been relocated to reduce echo and improve sound quality.

The S4 chip gives the watch more muscle. It contains a dual-core 64-bit processor with twice the speed of previous models, while maintaining the all-day battery life of its slower progenitors.

ECG on a Wrist

Apple has improved the watch’s radio wave reception by building its back out of ceramic and sapphire crystal.

The watch’s crown has been modified to provide haptic feedback, which gives the fob a mechanical and responsive feel through the sensation of incremental clicks.

In addition, new electrodes have been built into the crown. Together with the watch’s new heart rate sensor and ECG app, they can be used to take an electrocardiogram..

The ECGs, which take about 30 seconds to complete, can report if a heart is beating normally or a condition exists that should be reviewed by a healthcare professional.

Heart rhythms are monitored intermittently by the watch, so it can alert you if an irregular rhythm is determined or your heart rate exceeds or falls below a specified threshold.

All monitoring information is stored in the watch’s health app in PDF format so it can be shared with a physician.

Detecting Falls

Series 4 watches also can detect falls through use of new accelerometer and gyroscope technology.

After a fall, the watch sends you an alert that can be ignored or used to call for emergency services.

If the watch detects that you haven’t moved for more than 60 seconds after sending a notification, it automatically will alert emergency services, as well as your emergency contacts.

“The health monitoring features are the headline of the new device,” said James Moar, a research analyst at Juniper Research, a market research, forecasting and consulting company in Basingstoke, UK.

“The appeal of heart-rate monitoring for insurers and, to a degree, caregivers will be relatively large,” he told TechNewsWorld.

“However, its price point means that it will not be easily available on any but premium insurance plans,” Moar noted.

“While there is FDA approval for its use,” he added, “some hesitance to use a consumer device for diagnosis will likely remain in the medical profession.”

FDA Selling Point

FDA clearance of the watch is something consumers may find compelling, observed Tuong Nguyen, senior principal analyst at Gartner, a research and advisory company based in Stamford, Connecticut.

“Although the technical FDA terminology — ‘cleared’ vs. ‘approved’ — might be too opaque for typical consumers, the acknowledgment and association with a regulatory body makes a better argument for purchasing this device,” he told TechNewsWorld.

Being FDA-cleared opens up the adoption potential among a broader set of users beyond tech enthusiasts, Nguyen continued, whether it be direct purchase — user for user’s use — or indirect purchase — someone buying it for a parent or grandparent.

There’s tremendous promise in something that can monitor people for potential health risk events, Rubin told TechNewsWorld.

“Over time, it may alert us to a broad range of potential issues, possibly in advance of diagnosis,” he said.

Older Target Market

Apart from the health features, most of the improvements in the watch are incremental and performance-related, which will be hard for consumers to relate to, suggested Juniper’s Mohr.

“It is unlikely that the new processors, additional haptics, and a higher motion data capture rate will drive new purchases,” he said, “although it may encourage a degree of device refresh.”

Because the watch’s headline features target better health monitoring, it appears that older consumers and those with chronic conditions are the target market, said Mohr.

“However, care must be taken with these consumers to present the device’s benefits, rather than the technology,” he added. “The latter has been the focus of late, and so a reposition of the device may be necessary to appeal to those with the kind of health concerns that could be alleviated by the new features.”

Market Doldrums

Preordering of Series 4 Apple watches began Friday, with the GPS version priced at US$399 and the GPS+Cellular edition at $499.

Those preorders were going “better than expected,” according to well-known Apple analyst Ming-Chi Kuo, whose
research note was published in MacRumors on Sunday.

Apple Watch sales will hit 18 million in 2018, with Series 4 units making up 50 to 55 percent of those sales, Kuo predicted.

Although Apple has had a measure of success in the smartwatch market, the market as a whole has been sluggish.

“It’s been a slow moving market overall, but a fast growing market for Apple, which has a dominant share,” Reticle’s Rubin said.

“The market as a whole has not been as large or grown as steadily as many have hoped,” said Gartner’s Tuong. “A lot of that has to do with functionality that has not been that compelling — until Apple Watch got FDA cleared status.”

John P. Mello Jr. has been an ECT News Network reporter
since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the
Boston Phoenix, Megapixel.Net and Government
Security News
. Email John.

Let’s block ads! (Why?)

Link to original source

Death Watch Begins for Google

The European Union has been stretching its wings. In the shadow of Brexit, it apparently has decided it has the
real enemy of the people in its sights: social media companies and Google.

France is even more aggressive than the EU overall, suggesting that the region’s “right to be forgotten” law should apply worldwide. Given that it actually does fall within the legitimate purview of government, it is hard not to agree.

In the United States, the administration appears to be gearing up to go to war with these companies (Google in particular).

has viewed Google as a threat to its government almost from the beginning.

Individually, the firms likely could survive an attack — as long as the U.S. had their backs — but the U.S. appears to be one of the attackers. What that suggests is that unless something changes, these firms are likely to
go the way of Gawker (although, ironically, Gawker is
on its way back). Oh, and Alphabet’s CEO (Alphabet is the parent of Google) apparently
has gone into hiding, which really can’t be good.

I’ll share some thoughts on why these movements may mean the death of search and social media as we know them, and I’ll close with my product of the week: a new printer from HP that can print metal parts. You heard me, metal parts!

The Fall of Google

I’m going to focus mostly on Google because it is the firm most likely to be broken up, and its CEO apparently has gone into hiding. This isn’t their first issue with a CEO, as Eric Schmidt was known to have a string of romantic liaisons, and it was rumored that was the primary reason he was asked to step down.

Given the coverage in the book Brotopia, his conduct was hardly unusual, but given the new spotlight on #MeToo, this kind of behavior could be viewed as problematic.

Google may have anticipated the potential for problems when it adopted its “don’t be evil” motto. It seemed to ignore it, though, and with the creation of Alphabet
it was dropped from the code of conduct. Perhaps, based on the behavior of its leaders, it was considered unachievable. Boy, talk about a red flag…

Google’s problems likely started when it went to the European Commission, along with Sun and Oracle, and persuaded it to levy massive fines against Microsoft and compel the company to open its operating system to competing browsers.

The EC didn’t care about tech until then, but the commission largely is funded by the fines it levies. Since then, Sun failed, and Oracle’s purchase of Sun was hindered so effectively by the EC that there was almost nothing left when it finally got control.

Google currently faces a fine that is several times greater than Microsoft’s penalty. Further, Google also faces a proposal that it be fined 5 percent of its total worldwide revenue for every terrorist message it fails to delete within 60 minutes.

Facebook and Twitter likely aren’t very impressed with Google, given that they face the same potential fine. What this means is that it would take just 20 late deletions for Google to lose a year of revenue — that’s revenue, not profit — and 100 misses would result in five years of revenue lost.

To put this in perspective, Google makes round US$50 billion a year, so 100 missed messages would cost the firm a quarter of a trillion dollars. For perspective, that would represent about 1.5 percent of the EU’s total GDP and exceed by $50 billion the EU’s total defense spending. That’s effectively free money, making it likely that a lot of folks in the EU might try to force this fine rather than just let nature take its course.

Now Alphabet appears to have been created to help shield Google from fines that could consume it, but governments tend to be tenacious. I doubt that getting through Google to Alphabet’s assets would be all that difficult for the EC. Also, keep in mind that this is just Google. If we add in Facebook and Twitter, the combined exposure easily could exceed the total value of all three firms.

Imagine what that would do to the U.S. tech market.

Typically, a U.S. company could look to the U.S. for defense against the EU, but the current administration
isn’t happy with Google either.

Google’s massive support for the Obama administration (believed largely to relate to an effort to avoid antitrust challenges), coupled with what some see as a smoking gun regarding Google’s bias against the current administration, represents a huge problem.

It appears that rather than defending Google and the social media companies, the U.S. is likely to levy its own fines or file charges against the firm(s) in an effort to see who can get all the money first. The Republicans would love a risk-free revenue source, and one that was closely tied to Democratis allies likely would be especially sweet.

Wrapping Up: How Do You Spell Screwed?

What fascinates me about this, particularly regarding Google, is the irony. Google participated in the attack on Microsoft. However, much of the damage to Microsoft was self-inflicted, because it initially thought it was too powerful to be bothered by any government, including its own.

Microsoft even basically told the attorney general at the time, publicly, that she could go to heck (it didn’t mean “heck”).

Instead of learning from Microsoft’s mistake, Google appears to have tripled down on it, now facing fines that make Microsoft’s look trivial in comparison, and even failing to send its top brass to a congressional hearing to discuss related problems.

By the way, when your CEO goes into hiding, that is generally a sign not only that your firm is in deep sh*t, but also that you likely are in desperate need of a new CEO with crisis management experience.

Despite Microsoft’s arrogant behavior, the EU conflict didn’t end well for the company. Still, it finally came around and became stronger for the experience. Google could have — should have — learned from Microsoft’s mistake. Instead it now faces a going-out-of-business sale or government takeover scenario.

As a side comment, I still think the core problem is likely weak boards of directors who fail to do their jobs, because there is an impressive number of firms at high risk at the moment due to self-inflicted wounds. Alphabet, Facebook and Twitter join Intel, Uber and Tesla as companies either on or approaching death row, and it’s not because of competitors, but because of avoidable stupid behavior.

Rob Enderle's Product of the Week

Given this thing costs nearly $400K, it isn’t likely you will have one in your home any time soon. However, after releasing at scale the first industrial 3D printer that could be used for manufacturing, HP stepped up its game this week and released the first metal printer, the
HP Metal Jet Printer, with similar capabilities.

HP Metal Jet Printer

HP Metal Jet Printer

The parts this thing produces are significantly lighter, and they can be produced faster and far more cheaply than with competing technologies.

What is particularly fascinating is how resistant the industry has been to the technology, because with every instance of saving in the high double digits (60 percent to 80 percent), the opportunity for a firm to use this technology to disrupt its own industry is massive.

Yet it is so different from what engineers are used to that more of them seem to be fighting the change instead of embracing it. This may have to do in part with the fact that HP really is the only big tech company that has begun playing aggressively at this end of manufacturing. However, it reminds me a bit of the stories about the folks who built cars initially badmouthing Ford and their assembly lines. Look how that turned out.

I was watching one of my favorite shows this week,
Street Outlaws, and noticed one of the teams was using an HP laptop. I was once again reminded that maybe this is where a lot of the focus initially should be.

Race teams spend massively to cut weight. They often need incredibly expensive parts that are not available locally, and they are held up when they don’t get them. More importantly, solutions developed for racing teams often make it into production cars, and automotive is one of HP’s target markets.

Of course, seeing that laptop, I kind of wondered when HP would 3D print one of those puppies.

A new technology typically comes into the market high priced, and then folks work to figure out how to cost-reduce it, making it at least possible that we will have some version of this in our homes in around a decade or so. We’ll see.

The HP Metal Jet represents just one of the massively disruptive advancements hitting the market this year, and it is my product o the week.

Rob Enderle has been an ECT News Network columnist since 2003. His areas of interest include AI, autonomous driving, drones, personal technology, emerging technology, regulation, litigation, M&E, and technology in politics. He has an MBA in human resources, marketing and computer science. He is also a certified management accountant. Enderle currently is president and principal analyst of the Enderle Group, a consultancy that serves the technology industry. He formerly served as a senior research fellow at Giga Information Group and Forrester.
Email Rob.

Let’s block ads! (Why?)

Link to original source

Google Digs In Heels Over Global Expansion of EU's 'Right to Be Forgotten'

Google took on French lawyers at the European
Union Court of Justice this week, in an effort to fend off expansion of the EU’s “right to be forgotten” judgment.

The EU’s attempts to broaden the scope of
that judgment would be “completely unenvisagable,” and
it could result in impositions on the values of different countries around the world, Google argued.

The right to be forgotten directive, which the EU imposed six years ago,
allows individuals to request the removal of content from a search engine.

Although details about the actual review process were not disclosed, EU regulators released guidelines in the fall of 2014. However, Google already had removed nearly 1.4 million URLs months earlier. The company has maintained that it accommodated reasonable requests.

Google earlier this year said that it had complied with 43 percent of the 2.4 million requests it received between 2014 and 2017.

One point of disagreement is over the EU’s
proposal that delinking requests made by EU citizens be
implemented by Google globally and not be limited to European
versions of the search engine. European regulators have called for
Google to delink the content to prevent circumvention of the law.

Google so far has refused the French Data Protection Agency’s demand
to apply the right to be forgotten internationally, which has
resulted in the search company becoming the subject of a
four-year-long antitrust investigation.

The French watchdog group, Commission Nationale de
l’Informatique et des Libertés (CNIL) this week argued before the 15-judge panel that by limiting the delinking to Europe alone, content would be rendered difficult to find, but it would not be removed.

For example, information could be retrieved from non-EU URLs or
by using a Virtual Private Network (VPN) tool to conduct the searches, the group noted.

Google is not the only tech company to face fines under
the right to be forgotten law. Yahoo, Microsoft, Facebook and Twitter also have had to comply with requests to be forgotten in the EU.

More EU Regulations on the Way

While Google has been attempting to push back against the right to be forgotten law,
regulators in the EU have been pushing for more privacy and data

The EU earlier this year implemented the General Data
Protection Regulation, which gives consumers greater
control of personal data collected by companies online.

The EU recently has been considering rules that would require search engines and social media companies to remove alleged
terrorist propaganda from their respective platforms within an hour of
a “competent” authority’s notification.

Europe, which has experienced a rash of terrorist attacks, evidently aims to crack down on the spread of such propaganda online, including its use as a recruiting tool.

In his annual State of
the Union speech, European Commission President Jean-Claude Juncker
called for the removal of such content as way to reduce the likelihood
of attacks.

Addressing terrorist threats is just one topic in the back-and-forth
discussions between the European Commission and tech
companies. The companies have emphasized the progress they’ve made in removing extremist content via automated detection technology.

Google, Facebook and other companies have not yet responded to the EU’s
calls for action, but given the nature of Juncker’s message, the tech companies may find it difficult to mount opposition. It’s highly unlikely that any of them would characterize stopping terrrorism as an overreach.

“Governments have many rights and powers but only one true unalienable
responsibility — to protect and nurture the citizens that underlie that
government,” said Rob Enderle, principal analyst at the Enderle Group.

“France, in this instance, is stepping up to this responsibility and
applying it broadly as they should,” he told TechNewsWorld.

“Facebook isn’t obligated under the First Amendment freedom of speech,” noted social media consultant Lon Sakfo, “and they aren’t required to print everything every nut-bag has to say.”

Torture videos and worse have been posted online.

“There are just some things that don’t belong on a happy social network,” Safko told

Is There a Right Way to Be Forgotten?

How this plays out could revolve around the issue of
the so-called “right” to be forgotten, especially when so much online content
seems to live forever.

Fully addressing the problem could involve much more than enforcing a
regulation. Someone, somewhere still could keep the content alive.

“The scope of complying with the EU’s expansion of ‘the right to be
forgotten’ is hard to conceive,” said Charles King, principal analyst
at Pund-IT.

“An inadequate comparison would be to demand that libraries be
responsible for all the information in the books on their shelves, as
well as for removing citations that individuals believe are
inaccurate, inappropriate or offensive,” he told TechNewsWorld.

“The fact is that libel laws offer people ways to pursue and police
such information in hard copy publications, but nothing similar exists
for online content,” King added.

“This goofy scenario could become even more complex and costly if
Google and other search companies were required to exert these control
mechanisms on a country-by-country basis according to differing
regulations,” he suggested.

“Google has taken a hard-line stand on removing anything from their
index,” said Safko. “Since the beginning, it has said they are not
the Internet police, and they will not make determinations of what
should be indexed.”

EU Overreach?

Clearly, the right to be forgotten is not something that easily can be contained within the borders of the EU. Does it follow that regulators in Europe should have a say about what individuals across the world can — or in this case, cannot — see?

“This isn’t only an issue for Google,” said Niles Rowland, director of product development for
The Media Trust.

Other tech giants with a global reach also have come under threat from a growing number of EU laws, Rowland told TechNewsWorld.

Google knows it’s being watched closely — not only by regulators, but also by
other companies and consumers. It has been treading carefully between
complying with EU privacy laws and ensuring that they do not exceed the intended scope and jurisdiction, Rowland pointed out.

“Google is not alone in opposing the expansion. The EU executive arm,
human rights activists and others see the potential for abuse by
heads of countries with weak democratic traditions,” he added.

“The ‘right to be forgotten’ for the EU is very relevant,” said Laurence Pitt, strategic security director at
Juniper Networks.

It “means
that businesses and individuals have to act as data controllers for
the information that they post to, or host on, the Internet — whether
or not they own it,” he explained.

“Google alone has had hundreds of thousands of individual requests for
data to be removed — the workload for this is huge,” Pitt told

This is where it gets complicated. Should Google somehow be
required to expand the EU directive globally isn’t feasible, given current
international laws.

“It needs to be driven by a global agreement with all countries around
the world approving the change,” suggested Pitt. “Otherwise, it’s simply
not workable.”

An Issue of Privacy

One major consideration is whether this is, in fact, simply
about protecting consumer privacy online — and if so, whether privacy protections should be limited to one continent.

“The request of the EU has some legs. It doesn’t make sense to be
forgotten on one version of Google’s search site but not on another,
just on the grounds of a different language or a different
geographical location,” suggested Mounir Hahad, head of Juniper Threat
Labs at Juniper Networks.

“An EU citizen could be traveling to non-EU countries and
inadvertently have access to search results that are supposed to be
filtered,” he told TechNewsWorld.

For those motivated to find filtered information, a VPN
connection is all it takes, and there are many free ones available.

“Governments have been slow to realize that the digital information
that describes, constrains and defines it citizens should be
protected as part of this responsibility,” observed Enderle.

“I’ve always thought that, given companies like Google are largely funded by mining and selling this information, they would either be nationalized or constrained,”
he added. “More countries in the EU, and eventually the U.S., will follow this

How This Will Change Online Business

One of the major concerns being voiced by opponents of the EU’s right to be forgotten and GDPR, is how these regulations could impact online businesses.

Expanding the scope won’t have any substantial impact on the way
businesses use the Internet, according to Hahad.

“The current situation, if it
stands, may indeed push some businesses to bypass EU local search
engine versions in favor of unfiltered ones,” he said. “On the contrary,
companies would prefer to apply the same rules across the globe and
not have to deal with local regulations.”

However, there is the view that it still boils down to censorship —
even if done for compelling reasons, such as to stop terrorist
propaganda, or simply to keep personal information truly
personal. Governments could determine what actually was fake news, and
potentially even censor content that they found offensive to their positions.

“In such a situation, terrible deeds could be perpetrated without fear of
censure, repercussion, or even the judgment of history,” said Douglas
Crawford, online privacy expert at

These deeds simply would disappear from the public record, Crawford
told TechNewsWorld.

“Whatever happens, though, the right to be forgotten ruling will have
little impact on the way business is done in Europe,” he added.

“What will make a difference to Americans doing business in Europe, though, is how and when [Europe] chooses to enforce the Privacy Shield obligations that the U.S. government agreed to in 2016,” Crawford said.

Although the deadline for meeting these obligations has now passed, the
EU has yet to respond. Many businesses still could be taking a wait-and-see approach.

“Businesses will likely choose between shifting resources to the less
regulated markets or taking a blanket approach, where the most
stringent measures are applied across the board,” said The Media
Trust’s Rowland.

“The blanket approach will most likely be the most frequently used,
which will lead to a universal application of the most stringent laws,” he added, “and in short, consolidation rather than fracturing could be the

The final question may be what right does one region have to enforce
its rules on another region that doesn’t want them?

“There hasn’t been any shortage of countries that already try to
enforce their own censorship rules locally,” said Crawford, “but these
have no power to exert their version of reality on the world at large,
and thereby permanently change the historical record.”

Peter Suciu has been an ECT News Network reporter since 2012. His areas of focus include cybersecurity, mobile phones, displays, streaming media, pay TV and autonomous vehicles. He has written and edited for numerous publications and websites, including Newsweek, Wired and
Email Peter.

Let’s block ads! (Why?)

Link to original source

Apple Unveils Trio of New iPhones

Apple on Wednesday unveiled three new iPhones at an event held in the Steve Jobs Theatre on its Cupertino, California, campus. Along with the iPhone Xs, iPhone Xs Max and iPhone XR, Apple introduced the Apple Watch 4.

“Our mission started with personalizing technology for the desktop,” CEO Tim Cook told the audience, and it’s “now personalizing it for every aspect of our lives.”

Apple aims “to put the customer at the center of everything we do,” he added. The iPhone X is “the No. 1 smartphone in the world,” and has “an amazing 98 percent customer satisfaction [rating].”

The Apple Watch is “not only the No. 1 smartwatch in the world, it’s the No. 1 watch,” Cook noted. “Period.”

Apple Watch Series 4

Apple Watch Series 4

All three new X series iPhones come with 64 GB, 256 GB or 512 GB of storage.

The XR starts at US$750, the Xs at $1,000, and the Xs Max at $1,100.

The XR can be preordered starting Oct. 19, and it will begin shipping on Oct. 26.

The Xs and Xs Max can be preordered starting Friday and will begin shipping Sept. 21.

The New iPhones

Screens in all the new iPhones extend top to bottom and edge to edge, allowing Apple to use a smaller form factor. The screens are rounded at the edges.

The Xs and Xs Max have a Super Retina screen, and the XR an LCD display, which Phil Schiller, Apple’s SVP of worldwide marketing, called “the most advanced LCD display ever in a smartphone.”

iPhone XS and iPhone XS Max

Apple SVP Phil Schiller introduces iPhone XS and iPhone XS Max.

All three have cases that are water and dust resistant, to IP 68 for the Xs and Xs Max, and IP 67 for the XR.

“If you hang by the pool and drop the iPhone Xs into the water,” Schiller said, “get it out, rinse it, let it dry, and you’ll be fine. We tested it in orange juice … tea, wine and even beer.”

All three have 12-MP rear cameras with portrait mode, depth control, portrait lighting, Smart HDR, adjustable bokeh, and 4K video up to 60fps. The Xs and Xs Max have two of these cameras, and the XR has one.

All three also have a 7-MP TrueDepth front camera with the same features as the rear cameras except for video capability.

“You’re going to be blown away with the photos you can take with the iPhone Xs camera,” Schiller said. The Xs and Xs Max have one 12-MP wide-angle camera and one 12-MP telephoto camera in the rear, both with optics image stabilization.

The phones run on a 7nm A12 Bionic System on a Chip, with next-generation neural engine dedicated neural network hardware.

The SoC’s image signal processor, working in conjunction with the CPU, automatically sets exposure, white balance, focus, and other photographic features.

The Smart HDR feature takes a four-frame buffer for each shot and merges them into one perfect photo. It also lets users shoot photos while facing the sun.

“The HDR screen is key,” said Gerritt Schneeman, senior research analyst at IHS Markit.

It’s a “premium feature [that] plays into a key aspect of Apple’s existing UX focus — camera experience,” he told TechNewsWorld.

The new cameras’ sound capabilities also drew praise.

“We can use stereo rewinding on the iPhone,” noted Todd Howard, game director at Bethesda Game Studios, when demonstrating Blades, the new Elder Scrolls game coming to iOS this fall.

“This experience used to be available only on consoles in the living room,” he said.

The stereo audio recording offered in the new iPhones “enhances existing content and is clearly different than before,” observed Schneeman.

“Content creation — and consumption — is getting richer on these new devices,” Schneeman remarked. “The competition is not following along with this as quickly, if at all.”

The new iPhones have a longer battery life than their predecessors, and have a dual SIM card capability, using eSIM.

“The dual SIM capability is a smart move and needs to be done,” said Ramon Llamas, a research director at IDC.

“They’re responding to the Chinese market and the needs of the enterprise market here in the United States,” he told TechNewsWorld.

The Bionic SoC and Neural Engine

The bionic SoC runs Core ML apps up to nine times faster, with one-tenth the power consumption, said Kaiann Drance, senior director of iPhone product marketing.

It also enables augmented reality experiences, she noted. Apple’s developer system has been building AR apps with ARKit 2 and iOS 12.

The A12 has an “8-core machine learning engine with a smart compute system that can analyze neural network data and figure out on the fly whether to run it on the CPU, GPU or the neural engine,” Schiller said. “It can process 5 trillion operations a second.”

Incremental Improvements

“The newest iPhones are iterative upgrades, and in the case of the XR, an upgrade/downgrade over the iPhone X,” said Ken Hyers, research director at Strategy Analytics.

iPhone XR

Apple SVP Phil Schiller reveals the iPhone XR, which features an all-screen glass and aluminum design in six new color finishes.

None of the upgrades “are earth-shattering improvements, but for someone with an iPhone 7 Plus or 8 Plus who’s looking to move on after a year or two, these improvements may be enough to get them into the store and part with the better part of a thousand dollars — or more,” Hyers told TechNewsWorld.

The specs are good, noted IDC’s Llamas. “I think they’re pushing in the right direction with the XS and Xs Max.”

However, the differentiation among the three new models is unclear, he pointed out.

“It used to be that when you went to get an iPhone, the only issue was how much memory you wanted,” Llamas said. “Now you have the XR that’s between the size of the S and the S Max. If you go for a 128-GB XR, you’re only a couple of hundred dollars away from the entry-level Xs, and now you have to figure in not just the memory, but also the screen size and various other features as well.”

Richard Adhikari has been an ECT News Network reporter since 2008. His areas of focus include cybersecurity, mobile technologies, CRM, databases, software development, mainframe and mid-range computing, and application development. He has written and edited for numerous publications, including Information Week and Computerworld. He is the author of two books on client/server technology.
Email Richard.

Let’s block ads! (Why?)

Link to original source

Android Apps Riskier Than Ever: Report

Widespread use of unpatched open source code in the most popular Android apps distributed by Google Play has caused significant security vulnerabilities, suggests an
American Consumer Institute report released Wednesday.

Thirty-two percent — or 105 apps out of 330 of the most popular apps in 16 categories sampled — averaged 19 vulnerabilities per app, according to the
report, titled “How Safe Are Popular Apps? A Study of Critical Vulnerabilities and Why Consumers Should Care.”

Researchers found critical vulnerabilities in many common applications, including some of the most popular banking, event ticket purchasing, sports and travel apps.

Chart: Distribution of Vulnerabilities Based on Security Risk Severity

Distribution of Vulnerabilities Based on Security Risk Severity

ACI, a nonprofit consumer education and research organization, released the report to spearhead a public education campaign to encourage app vendors and developers to address the worsening security crisis before government regulations impose controls over Android and open source code development, said Steve Pociask, CEO of the institute.

The ACI will present the report in Washington D.C. on Wednesday, at a public panel attended by congressional committee members and staff. The session is open to the public.

“There were 40,000 known open source vulnerabilities in the last 17 years, and one-third of them came last year,” ACI’s Pociask told LinuxInsider. That is a significant cause for concern, given that 90 percent of all software in use today contains open source software components.

Pushing the Standards

ACI decided the public panel would be a good venue to start educating consumers and the industry about security failings that infect Android apps, said Pociask. The report is meant to be a starting point to determine whether developers and app vendors are keeping up with disclosed vulnerabilities.

“We know that hackers certainly are,” Pociask remarked. “In a way, we are giving … a road map to hackers to get in.”

The goal is to ward off the need for eventual government controls on software by creating a public dialog that addresses several essential questions. Given the study’s results, consumers and legislators need to know if app vendors and developers are slow to update because of the expense, or merely complacent about security.

Other essential unanswered questions, according to Pociask, include the following: Do the vendors notify users of the need to update apps? To what extent are customers updating apps?

Not everyone relies on auto update on the Android platform, he noted.

“Some vendors outsource their software development to fit their budget and don’t follow up on vulnerabilities,” Pociask said.

Having the government step in can produce detrimental consequences, he warned. Sometimes the solutions imposed are not flexible, and they can discourage innovation.

“It is important for the industry to get itself in order regarding privacy requirements, spoofing phone numbers and security issues,” said Pociask.

Report Parameters

Businesses struggle to provide adequate protection for consumer personal information and privacy. Governments in California and the European Union have been putting more aggressive consumer privacy laws in place. Americans have become more aware of how vulnerable to theft their data is, according to the report.

One seemingly indispensable device that most consumers and businesses use is a smartphone. However, the apps on it may be one of the most serious data and privacy security risks, the report notes.

Researchers tested 330 of the most popular Android apps on the Google Play Store during the first week in August. ACI’s research team used a binary code scanner — Clarity, developed by Insignary — to examine the APK files.

Rather than focus on a random sampling of Google Play Store apps, ACI researchers reported on the largest or most popular apps in categories. Most of the apps are distributed within the United States. Researchers picked 10 top apps in each of the 33 categories in the Play store.

Factoring the Results

Results were charted as critical, high, medium and low vulnerability scores. Of 330 tested apps, 105 — or 32 percent — contained vulnerabilities. Of those identified, 43 percent either were critical or high risk, based on the national vulnerability database, according to the report.

“We based our study on the most popular apps in each category. Who knows how much worse the untested apps are in terms of vulnerabilities?” Pociask asked.

In the apps sampled, 1,978 vulnerabilities were found across all severity levels, and 43 percent of the discovered vulnerabilities were deemed high-risk or critical. Approximately 19 vulnerabilities existed per app.

The report provides the names of some apps as examples of the various ways vendors deal with vulnerabilities. Critical vulnerabilities were found in many common applications, including some of the most popular banking, event ticket purchasing, sports and travel apps.

For example, Bank of America had 34 critical vulnerabilities, and Wells Fargo had 35 critical vulnerabilities. Vivid Seats had 19 critical and five high vulnerabilities.

A few weeks later, researchers retested some of the apps that initially tested way out of range. They found that the two banking apps had been cleaned up with updates. However, the Vivid Seats app still had vulnerabilities, said Pociask.

Indications for Remedies

More effective governance is critical to addressing “threats such as compromised consumer devices, stolen data, and other malicious activity including identity theft, fraud or corporate espionage,” states the report.

These results increasingly have been taking center stage, noted the researchers.

The ACI study recommends that Android app developers scan their binary files to ensure that they catch and address all known security vulnerabilities. The study also stresses the urgency and need for apps providers to develop best practices now, in order to reduce risks and prevent a backlash from the public and policymakers.

The researchers highlighted the complacency that many app providers have exhibited in failing to keep their software adequately protected against known open source vulnerabilities that leave consumers, businesses and governments open to hacker attacks, with potentially disastrous results.

Note: Google routinely scans apps for malware, but it does not oversee the vulnerabilities that could allow them.

“We want to create a lot more awareness for the need to update the vulnerabilities quickly and diligently. There is a need to push out the updates and notify consumers. The industries should get involved in defining best practices with some sort of recognizable safety seal or rating or certification,” Pociask said.

App Maker or User Problem?

This current ACI report, along with others providing
similar indications about software vulnerabilities, concerns an area many app users and vendors seem to ignore. That situation is exacerbated by hackers finding new ways to trick users into allowing them access to their devices and networks.

“Posing as real apps on an accredited platform like the Google Play Store makes this type of malicious activity all the more harmful to unsuspecting users,” said Timur Kovalev, chief technology officer at

It is critical for app users to be aware that hackers do not care who becomes their next victim, he told LinuxInsider.

Everyone has data and private information that can be stolen and sold. App users must realize that while hackers want to gain access and control of their devices, most also will try to infiltrate a network that the device connects to. Once this happens, any device connected to that network is at risk, Kovalev explained.

Even if an app maker is conscientious about security and follows best practices, other vulnerable apps or malware on Android devices can put users at risk, noted Sam Bakken, senior product marketing manager at

“App makers need to protect their apps’ runtime against external threats over which they don’t have control, such as malware or other benign but vulnerable apps,” he told LinuxInsider.

Part of the Problem Cycle

The issue of unpatched vulnerabilities makes the ongoing situation of malicious apps more troublesome. Malicious apps have been a consistent problem for the Google Play Store, said Chris Morales, head of security analytics at

Unlike Apple, Google does not maintain strict control over the applications developed using the Android software development kit.

“Google used to perform basic checks to validate an app is safe for distribution in the Google Play Store, but the scale of apps that exists today and are submitted on a daily basis means it has become very difficult for Google to keep up,” Morales told LinuxInsider.

Google has implemented new machine learning models and techniques within the past year, he pointed out, in an effort to improve the company’s ability to detect abuse — such as impersonation, inappropriate content or malware.

“While these techniques have proven effective at reducing the total number of malicious apps in the Google Play Store, there will always be vulnerabilities in application code that get by Google’s validation,” noted Morales.

Developers still need to address the problem of malicious or vulnerable apps that could be exploited after being installed on a mobile device. That would be handled by applying machine learning models and techniques on the device and on the network. That would help to identify malicious behaviors that would occur after an app is already installed and bypassed the Google security checks, Morales explained.

Time for Big Brother?

Having government agencies step in to impose solutions may lead to further problems. Rather than a one-size-fits-all solution, ACI’s Pociask prefers a system of priorities.

“Let’s see if the industry can come up with something before government regulations are imposed. Getting a knee-jerk reaction right now would be the wrong thing to do in terms of imposing a solution,” he cautioned.

Still, personal devices are the user’s responsibility. Users need to take more accountability with regards to what apps they are allowing on their devices, insisted Untangle’s Kovalev.

“Government intervention at this time is likely not needed, as both users and Google can take additional actions to protect themselves against malicious apps,” he said.

Frameworks Exist

Dealing with unpatched Android apps may not need massive efforts to reinvent the wheel. Two potential starting points already are available, according to OneSpan’s Bakken.

One is the U.S. National Institute of Standards and Technology, or NIST. It has guidelines for vetting mobile apps, which lay out a process for ensuring that mobile apps comply with an organization’s mobile security requirement.

“This can help an enterprise, for example, to keep some vulnerable mobile apps out of their environment, but instituting such a program is no small feat. It’s also simply guidance at this point,” said Bakken.

The other starting point could be the Federal Institutions Examination Council, or FFIEC, which provides some guidance for examiners to evaluate a financial institution’s management of mobile financial services risk. It also provides some safeguards an institution should implement to secure the mobile financial services they offer, including mobile apps.

“In the end, the effectiveness of any government intervention really depends on enforcement. It’s likely that any intervention would focus on a specific industry or industries, meaning not all mobile app genres would be in scope,” Bakken said. “That means that developers of some mobile apps for consumers would not necessarily have any incentive to secure their apps.”

What Needs to Happen?

One major solution focuses on patching the Google Play platform. Joining the platform is straightforward, according to Kovalev. Developers complete four basic steps and pay a fee.

Once joined, developers can upload their apps. Google processes them through a basic code check. Often, malicious apps do not appear to be malicious, as they have been programmed with a time-delay for malicious code to be executed, he noted.

“To combat these malicious apps, Google has begun to implement better vetting techniques — like AI learning and providing rewards to white hat pros who hunt down and surface these malicious apps,” Kovalev said.

While these techniques have helped to pinpoint malicious apps, the apps should be vetted more thoroughly prior to being publicly available to unsuspecting users, he stressed.

Final Solution

The ultimate fix for broken Android apps rests with app makers themselves, OneSpan’s Bakken said. They are in the best position to lead the charge.

He offered this checklist for mobile app developers:

  • Do threat modeling and include security in product requirements.
  • Provide secure code training to Android developers.
  • Do security testing of their apps on a regular basis as part of the development cycle.
  • Fix identified vulnerabilities as they go.
  • Submit their apps to penetration testing prior to release.

“And then, finally, they should proactively strengthen their app with app-shielding technology that includes runtime protection,” Baken said, “so the app itself is protected, even in untrusted and potentially insecure mobile environments, to mitigate external threats from malware and other vulnerable apps.”

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.

Let’s block ads! (Why?)

Link to original source

Sonos Welcomes Devs With Open APIs

By John P. Mello Jr.

Sep 12, 2018 5:00 AM PT

Getting Sonos’ top-shelf speakers to play nice with other connected devices in the home has been challenging in the past, but that’s about to change.

The company has announced the Sonos Sound Platform, which includes new APIs, developer tools and documentation to make it easier for Sonos products to operate with third-party hardware and software.

Sonos also announced integration with IFTTT, a free Web-based service used to integrate smart home products.

“Now you can have Sonos start your favorite radio station when your Ring-enabled door unlocks after you get home, or play your special pizza song (you do have a special pizza song, don’t you?) when your Domino’s order goes out for delivery,” Sonos community manager Ryan S wrote in an online post last week.

“IFTTT support adds a way for Sonos to tie its offerings into wider smart home integrations by drawing on end-user enthusiasm and a wider developer community,” noted Jonathan Collins, research director at ABI Research, a technology advisory company based in Oyster Bay, NewYork.

“The step is important, as it brings Sonos into the fastest-growing segment of the smart home market and increases its value to smart homes with off-the-shelf consumer devices,” he told TechNewsWorld.

New APIs, SDKs

The Sonos Sound Platform has three objectives, noted James Senior, the company’s director of product, platform and partnerships.

  • Create opportunities for Sonos partners to take advantage of growing trends in the home audio market, such as streaming music services, digital voice assistants and smart home devices.
  • Make Sonos products more approachable for developers with new APIs, SDKs and documentation.
  • Provide customers with more personalized experiences through the addition of more intelligence to the platform, and with confidence in products that say they work with Sonos by creating a “Works with Sonos” certification program.

Sonos next month will add APIs that permit the playing of short, discrete sounds and notifications on a player without fully interrupting the music, Senior said, as well as allow the playing of Sonos playlists through a third-party interface, and add max volume and volume pass-through controls.

More Attractive Platform

Sonos historically has been highly proprietary, as was most of the early Internet of Things industry, observed Rob Enderle, principal analyst at the
Enderle Group, an advisory services firm in Bend, Oregon.

“That means that getting a connected device to work with something that didn’t come from the same vendor was just short of impossible,” he told TechNewsWorld.

“By supporting IFTTT, they move, along with others, to become a far more effective interoperable player,” said Enderle, who owns a Sonos system. “It makes the Sonos platform far more attractive, and Sonos customers far more likely to stay with the platform long term.”

The Sonos Sound Platform allows the company not only to better serve its installed base, but also broaden its product portfolio, making its brand more attractive to high-end customers, said Brad Russell, audio analyst at Dallas-based Parks Assocates, a market research and consulting company specializing in consumer technology products.

Change in Attitude

By opening up its platform, Sonos has sent a signal to the market that it’s adaptable, Russell noted.

“For a long time, they fought off competition by saying, ‘We’re better because we’re proprietary. We don’t need to play with everybody else because we’re the best,” he told TechNewsWorld.

“That argument crumbles in the face of interoperable ecosystems systems of products,” Russell continued. “They’ve shifted in some positive ways for the company by moving away from that proprietary system and toward integrating with as many people as possible.”

The move also signals a change in emphasis by the company from hardware to software.

“No one just wants to be in the hardware business,” Russell said.

“Everybody wants to add value where they can, and after 15 years in the market, Sonos’ real value is in their software,” he maintained.

“In the long term, Sonos wants to create value in software applications and the integration platform, not just the hardware,” said Paul Erickson, senior research analyst at the Austin, Texas, offices of IHS Markit .

Deepening the Moat

Opening up the Sonos platform allows it to stay ahead of its competition, Erickson explained.

“It will help differentiate them in a market where the core functionality of having WiFi-connected speakers and multiroom audio is becoming commoditized,” he told TechNewsWorld.

“The core capabilities that they had three or four years ago are no longer unique — they’re in every smart speaker today,” Erickson pointed out.

“It will put a deeper moat around the territory they already have a hold on more than growing new markets,” he added.

The program also could attract more developers to the Sonos ecosystem.

“Ideally, third parties will build apps that add valuable new functions and service capabilities into Sonos smart speakers and increase their usability and customer satisfaction,” said Charles King, principal analyst at Pund-IT, a technology advisory firm in Haywood, California.

“It’s analogous to taking a simple pocket knife and, with the help of developers, giving it the cool new capabilities of a Swiss Army Knife,” he told TechNewsWorld.

While removing one of the major barriers to participation should help attract developers, “developers will still need to see a strong value proposition to justify their investment,” Enderle noted. “Still, without interoperability, there was no real reason to even consider Sonos as a platform.”

Better Market Position

Sonos’ new open approach could impact its fortunes in the home speaker market, which Parks Associates expects to take off in the coming months.

“We’re expecting to see a really huge sales jump in Q3 and Q4 this year,” said Kristen Hanich, research analyst at Parks Associates.

“Certainly a more capable Sonos One device will help drive sales,” she told TechNewsWorld.

There’s a perception that smart speakers are ground zero for creating and evolving smart home solutions and services, King noted.

“If that’s the case, efforts like Sonos’ partnership with IFTTT should help the company stay in the thick of things as the smart home market develops and evolves,” he suggested.

“This open API positions Sonos to much more effectively compete with big guys like Apple, Amazon and Google,” Russell added, “even while not trying to do everything they do.”

John P. Mello Jr. has been an ECT News Network reporter
since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the
Boston Phoenix, Megapixel.Net and Government
Security News
. Email John.

Let’s block ads! (Why?)

Link to original source

Medical Device Insecurity: Diagnosis Clear, Treatment Hazy

An increasing number of healthcare professionals have become alert to the need for well-rounded medical device security in recent years, and players throughout the industry have started putting more effort into raising the bar.

An optimistic observer might point to strides toward reaching that goal. Developers have become aware of the most glaring holes, and more information security researchers have been brought into the fold.

If nothing else, the formation of advocacy groups like
I Am The Cavalry and the simple uptick in the number of vulnerability disclosures have started to chart a course toward medical devices that are resilient against attack.

Preexisting Conditions

A presentation at last month’s Black Hat security conference revealed severe flaws in pacemakers currently on the market. Their manufacturer’s unwillingness to address the vulnerabilities makes clear the extent to which medical device security has been plagued by lack of cohesion among major health sector players and poor security hygiene among developers.

Why, despite the undeniable gains that medical devices have made, are there still gaping holes like the ones exhibited at Black Hat? Like the most intractable medical conditions that physicians sometimes must diagnose, the cause is rooted in multiple compounding maladies.

To start with, the operating conditions of medical Internet of Things devices — which encompass everything from connected insulin pumps to networked CT scanners — differ notably from those of their consumer IoT counterparts.

A key distinction is their markedly longer lifecycle, often so long that it outlives the support cycle for the operating systems they run, according to physician and security researcher Christian Dameff.

“[With] consumer IoT, there’s maybe iterations of devices regularly, like every year or something like that,” Dameff said. “Healthcare connected devices are expected to be in service for five, 10-plus years, which might be the case for something like a CT scanner, and guess what? They’ll be running Windows XP, and Windows XP will be end-of-life support by year three.”

In fact, the regulatory process that new connected medical devices must go through is so lengthy — understandably so — that they typically are years behind modern security trends by the time they hit the market, as security researcher and I Am The Cavalry cofounder Beau Woods pointed out.

“Any device that comes out brand new today probably had a several-year research and development phase, and a several-month to several-year approval phase from the FDA,” Woods said.

“You can have devices that were essentially conceived of eight to 10 years ago that are just now coming out, so of course they don’t have the same protections that are in place today [or] have modern medical device architectures — to say nothing of the devices that came out 10 years ago and are still perfectly usable, like MRI machines,” he explained.

The needs that always-on networked medical devices must meet, especially those of implanted devices like pacemakers, present additional operating constraints. Desktop OS developers have had decades to accrue the experience to determine best practice exploit countermeasures. However, headless medical IoT devices with zero allowance for downtime rule out many of those very countermeasures, necessitating the development of new ones that are suited for medical deployment.

What’s the Diagnosis, Doc?

Traditional controls definitely fall short in certain medical settings, but that can encourage innovation from developers working under specific constraints, noted Colin Morgan, director of product security at
Johnson & Johnson.

“Sometimes the difference in this environment is we need to make sure that the security control doesn’t affect the intended use of the device,” Morgan said. “Let’s say a session lock on your machine. You walk away from your desk for 15 minutes, your screen locks. On some medical devices, that could defeat the intended use of that, and our job — which is the fun part of the job — is to figure out, ‘If we can’t do that control, what other controls are there to mitigate the risk?'”

As much as the unique requirements of medical hardware have invited creative new security controls, the initiative often has been undermined by an inadequate incentive structure for doing so.

Current regulation, while leaps and bounds from where it once was, doesn’t always dissuade manufacturers from dismissing potentially life-threatening vulnerabilities, particularly in a landscape where there is, thankfully, as yet no precedent for what happens when they are exploited in the wild.

“I don’t think this is intentional, [but] think about this: If I was a device manufacturer and I’ve got a malfunctioning device, would I write a policy to do a deep forensic investigation on every device to look for malware?” Dameff asked.

“The answer is no,” he said, “because once I find out that there’s been a compromise, and that there’s a vulnerability, I’m required to report that to the FDA, which could result in exorbitant recalls, fines, etc. So the incentive to find these types of patient harm situations, it just doesn’t exist.”

An absence of incentive is in some respects the best case scenario, since the present regulatory framework diverts resources away from engendering a holistic security posture, and sometimes precludes avenues for discovering flaws entirely.

No legislation looms larger in healthcare regulation than the Health Insurance Portability and Accountability Act, better known as “HIPAA.” It is undoubtedly a landmark in patient protection in the digital age, but its singular focus on privacy and the fact that it its authorship predates widespread medical IoT has yielded some unintended detrimental consequences for device security.

Dameff put it bluntly: When breaching the privacy of patient data can cost companies significantly more than the breach of a device’s security controls, companies order their priorities accordingly.

“Healthcare’s scared of the HIPAA hammer, and that drives all of the security conversations,” he said. “Securing the patient healthcare information gets all their resources, because risking a breach has consequences that pay out in dollars and cents.”

HIPAA’s preeminence not only tips the scale in favor of overwhelmingly addressing privacy, but it occasionally can obstruct security research altogether. In scenarios where privacy and security are mutually exclusive, HIPAA dictates that privacy wins.

“If [a device] malfunctions and we’ve got to send it back to the device manufacturer [to figure out] what’s going on with it, by principle and because of HIPAA, they wipe the hard drive or remove the hard drive before they send it to them.” Dameff said.

“By policy, malfunctioning devices that have malfunctioned so bad they get sent back to the manufacturer can’t even go with the operating system, the software in which it malfunctioned,” he noted.

Time for Treatment

In spite of the many facets of medical IoT security woes, there are encouraging signs that the industry has been finding its footing and coalescing around next steps. One such course that has received much praise is the FDA’s issuance of two guidance documents: “Design Considerations and Pre-market Submission Recommendations for Interoperable Medical Devices” and “Postmarket Management of Cybersecurity in Medical Devices” — or Pre-Market Guidance and Post-Market Guidance for short.

“I will say that the FDA has come a long way in terms of giving guidance to medical device makers on how they should interpret regulations, how the FDA is interpreting regulations,” Woods said.

“So when the FDA puts out things like its Pre-Market Guidance for Cybersecurity of Medical Devices or its Post-Market Guidance for Cybersecurity of Medical Devices, that helps both the regulatory side and the device makers figure out how to build devices that do take these lessons learned into account,” he added.

More than perfunctorily complying with the guides’ requirements, a few players have made a point to incorporate many of the optional recommendations they outline. Speaking specifically for his organization, Johnson & Johnson’s Morgan remarked that his team has benefited from a mutually reinforcing relationship with the FDA.

“From our perspective, we have seen a lot of work that has been done over the past [few] years that has initially been driven through the FDA,” he said. “We work very closely with them — we have a very collaborative relationship with the FDA cybersecurity team — and through the starting of the guided documentation around pre-market and then post-market … there’s been a bit of a shift, and [we] are really building [them] into our quality systems.”

This climate of cooperation between regulators and manufacturers is vital to bolstering security industry-wide, because it changes the dynamic from jockeying for competitive advantage to ensuring a basic level of patient safety.

Collaboration shouldn’t, and soon won’t, stop there, Morgan suggested. One ongoing endeavor, spearheaded by the Health Sector Coordinating Council, is to create a “playbook” comprised of expertise contributed by healthcare providers, device makers, trade associations and others.

It would provide guidance on what organizations of all types could do to improve security practices. By disseminating knowledge derived from the work of large companies, smaller ones could solicit collected wisdom.

In the meantime, there is as much to be learned and absorbed from the information security and developer communities outside of healthcare as there is from the extant guidance documentation.

Considering the lag between development and release due to regulatory oversight, it is that much more important for manufacturers to get it right the first time, and that means changing security from a supplemental exercise to one that is intrinsic to development.

“I don’t think we need medical security specialists. We just need these good practices to be built into the architectures, engineering and operation of the devices from the get-go,” said I Am The Cavalry’s Woods, “which is going to take, I think, some rethinking of what we’ve always thought of as the traditional way.”

The way medical device developers adopt this approach is by further engaging and integrating the independent research community, Dameff added.

“I think you need to be open to security researchers’ input and independent security testing of your devices before it hits market,” he suggested. “Even if the device manufacturer releases a patch for it, maybe the hospital won’t actually deploy it. So we need to be doing a lot of work up front to get these as secure as possible before they hit market.”

Even as companies have grown more comfortable with processing bug disclosures from independent researchers, some companies remain stubborn, as last month’s Black Hat talk demonstrated. The presenters stated that the manufacturer they had disclosed their findings to had not acted, as of more than 500 days after receiving notice.

“There are horror stories,” Dameff said. “I feel like healthcare device manufacturers realize they can’t scorn researchers … this much anymore, partly because there’s a DMCA exemption for medical devices that’s currently in place.”

The DMCA, or Digital Millennium Copyright Act, exempts good faith researchers testing medical devices from the legal peril of probing into proprietary software, a lifeline for bug bounty hunters.

However, for researchers to make the most of the exemption, it’s essential not only that manufacturers take their input seriously, but also that the industry and its regulators allow access to as much real-world data as possible.

Woods’ organization, I Am the Cavalry, outlines measures for meeting those requirements.

“One of the things that we’ve got in the [I am the Cavalry] Hippocratic Oath is an affirmatively sound evidence capture capability that allows you to trap potential security issues, or really any kind of failure of the device, in a way that preserves privacy,” Woods said.

“So we’re not throwing privacy out for the sake of safety, because I think they’re not mutually exclusive,” he continued, but it’s critical “to be able to get the types of logs and information that you need off the device — like firmware state, was it tampered with, was it the latest version, were there any extra programs, unexpected software.”

Finally, as Morgan put it, all of this has to meet the care providers’ needs, which can be done only by bringing them fully into the conversation.

“One of the biggest challenges we face is the post-market management,” he noted. “How can we roll our security patches to devices better in customer environments? Customer environments are all so different. So we have to constantly talk to and understand from our customers what they’re looking for from us, what their expectations are, and how we can partner better with them to roll patches out, build in what they’re looking for, so that we’re constantly reducing risk together.”

Scheduling Checkups

Ultimately, treating the poor state of medical device security is like treating patients themselves: The overall treatment must be holistic, and the various treatment measures must not conflict.

Where regulators, manufacturers and providers are in accord, there has been marked security improvement. It is where their perspectives conflict that conditions have yet to improve.

Jonathan Terrasi has been an ECT News Network columnist since 2017. His main interests are computer security (particularly with the Linux desktop), encryption, and analysis of politics and current affairs. He is a full-time freelance writer and musician. His background includes providing technical commentaries and analyses in articles published by the Chicago Committee to Defend the Bill of Rights.

Let’s block ads! (Why?)

Link to original source

To Resist Manipulation, Ask One Question

It should be pretty clear by now that the level of effort devoted to manipulating our opinions is unprecedented at the moment. Granted, a lot of this has to do with the fact that most of the “free” online services we use aren’t free at all. They are trading our ability to make measured opinions for advertisers’ money, and some of these “advertisers” are foreign governments.

With all of these attempts to manipulate us into doing things we otherwise don’t want to do — many of which are surprisingly successful — there is one question we should be asking of any inflammatory story: Why?

We focus on the what, where, and when almost exclusively, but it’s become increasingly important for us to know the motive behind the news. Last week’s
op-ed in The New York Times is a good example, because the “why” is likely far more interesting than what is said in the piece.

I’ll close with my product of the week: Cinego, an impressive head-mounted streaming video system.

Understanding Manipulation

Sales, marketing and politics — in governments, companies and a lot of family dynamics — are all about manipulation. Understanding the need to manipulate and being able to identify it are critical skills to becoming successful in most any field. Both
confirmation bias and
argumentative theory have at their cores an inbred programmed foundation of needing to manipulate others, which often overcomes good sense and even self-preservation.

The ability to manipulate is a form of power and status, and it currently revolves around an ever-changing but still growing group of people we call “influencers,” which is just a nice way to say “manipulators at scale.” You can profit handsomely from this, particularly if you are good at it, but if you allow yourself to be manipulated by someone who doesn’t have your best interests at heart, the results can be personally damaging.

One of the painful trends now is the ramped-up activity of folks who attempt to manipulate you — a less kind term is defraud you — into sending them money. Facebook
seems to be up to its armpits in folks like this at the moment. It has
a reporting structure in place. Email and, particularly, the age-old scam phone calls are variants of this game.

The defense is to simply ask “why” they are calling you. In most cases, they want your money or your information. For instance, you get a note on Facebook from someone you’ve never met who wants a relationship. The person doesn’t know you, probably hasn’t even read your profile, and really doesn’t care what you look like. Chances are the “why” is they want you to send them money. Knowing this you don’t engage.

The Trump Resistance Op-Ed

The op-ed The New York Times published last week spotlights a presidency in crisis — so much so that apparently there is an internal “resistance” trying to make sure the president doesn’t screw up. I’ve worked in a lot of companies and the idea of having a group of executives and assistants working to keep the CEO from doing something stupid isn’t as unusual as you might think. This is likely something
Elon Musk should have in place before he gets himself fired.

The new
Bob Woodward book does suggest the White House is a bit of a mess. That shouldn’t be a huge surprise, even if you only look at the
unprecedented turnover rate of cabinet members.

The book is pretty damning, and it appears to be well written and well researched — but it doesn’t really cover that much new ground. The New York Times op-ed doesn’t really add much to the book, or to other recent books, except for the idea of an organized “resistance.”

The result of an op-ed like this typically would not be a change in behavior. Rather, it would trigger an all-out effort to find and fire the writer, not to mention pretty much render the “resistance” moot.

Can you imagine an op-ed in a French newspaper during the Second World War talking about how the French Resistance was secretly blocking German efforts to govern France? The person who wrote it likely would be shot by the French Resistance.

If your effectiveness as a group is predicated on your secrecy, why would you break secrecy, unless you wanted to torpedo the group or someone in it? We are a few months from a critical election. If you could get one party to go on a witch hunt inside itself, you likely could distract it enough so that it would be far more likely to lose.

This would be an important question for The New York Times, because these things tend to come out, and the Times trying to manipulate an election would be problematic for that publication, regardless of whether it knew this or not.

Another answer to the “why” question might involve a disgruntled employee who was passed over for a promised raise. (Money is a lousy motivator when you add it, according to Maslow, but if you take it away it works incredibly well at motivating employees against you.) The president effectively
just took raises off the table for all federal workers (which should result in a huge number of them wanting him gone).

The op-ed could be a play to tarnish someone else with Mike Pence
the seemingly obvious target, given some unusual wording. (But why target Pence?)

A scarier thought is that the Times op-ed was designed specifically to do what it is doing. However, instead of influencing the upcoming mid-term elections, its purpose might be to eliminate the effort to keep the president from doing something massively stupid.

In other words, the op-ed’s goal might be to render ineffective any effort to prevent a catastrophic presidential decision. Now whether that is the intention or not, that is the likely outcome. That doesn’t bode well for the United States, if the president’s judgment is massively compromised, as Woodward’s book and the op-ed suggest.

The actual “why” behind this op-ed may be far more important than what it says.

Wrapping Up

We are under an almost constant barrage of companies and people who are trying to get us to do things we otherwise wouldn’t do. From scamming us for money or information to scamming us to vote against our own best interests, the level of effort going into manipulating us is unprecedented.

What concerns me about The New York Times op-ed is that, regardless of whether it is true or not, it will disable efforts to prevent a presidential mistake. In the future, anyone who should attempt to play that role likely would be fired.

The “why” is always important. In this case, the answer to “why” may be that someone wants to do the country harm. I doubt this will end well at all. In any case, to protect ourselves from the increasing waves of manipulation, we need to channel our inner 3-year-olds and ask “why” far more often.

Rob Enderle's Product of the Week

I get really bored when I have my teeth cleaned. I have to sit in the chair for up to an hour (my tartar likely could be used in building construction, it is so hard), and I get really bored watching the ceiling fan and waiting for surprise pains.

My last appointment wasn’t so bad, however, as I brought my
Goovis G2 Cinego headset with me. Rather than watch the fan, I watched the sci-fi movie Serenity, and I was disappointed the appointment didn’t last longer.

Goovis Cinego VR Headset

Goovis Cinego VR Headset

What makes the difference with Cinego is the combination of high resolution displays for each eye. You can adjust for the distance between your pupils and for focus individually. This result is a crystal-clear high-resolution image that is impressive in use.

I ordered my Goovis G2 Cinego through Indiegogo when the product was first launched and got a decent deal — under US$500. Currently they are on Amazon for close to $800, but for those of us who like to enjoy high-quality personal video in tight places, this is still a decent product for the money.

Cinego isn’t without issues. For instance, I can’t seem to raise support to save my life. The software update function currently is not working, and I can’t log into Google or Amazon from the device at the moment. (Issues such as these often arise with the initial run of a product.)

When Cinego does work, mostly with Netflix, it is brilliant. Navigation is pretty easy, as is streaming content. Viewing downloaded content is a bit more difficult. Both the picture and sound are wonderful. Battery life is about two movies, suggesting that you’ll want a charging cable (micros USB) or a portable battery backup product for long trips.

Except for poor support and the inability to use Amazon or sign into Google, I really am impressed with the performance of this product. As a result, the Goovis G2 Cinego headset is my product of the week.

I’ll add this cautionary advice, though: Before you buy one, I suggest you send a note to Goovis to see if you get a response. The lack of support is troubling.

Rob Enderle has been an ECT News Network columnist since 2003. His areas of interest include AI, autonomous driving, drones, personal technology, emerging technology, regulation, litigation, M&E, and technology in politics. He has an MBA in human resources, marketing and computer science. He is also a certified management accountant. Enderle currently is president and principal analyst of the Enderle Group, a consultancy that serves the technology industry. He formerly served as a senior research fellow at Giga Information Group and Forrester.
Email Rob.

Let’s block ads! (Why?)

Link to original source

Cinnamon Mint for Debian Just as Tasty

Cinnamon Mint for Debian Just as Tasty

The official release of version 3 of
Linux Mint Debian Edition hit the download servers at summer’s end, offering a subtle alternative to the distro’s Ubuntu-based counterpart.

Codenamed “Cindy,” the new version of LMDE is based on Debian 9 Stretch and features the Cinnamon desktop environment. Its release creates an unusual situation in the world of Linux distro competition. Linux Mint developers seem to be in competition with themselves.

LMDE is an experimental release. The Linux Mint community offers its flagship distro based on Ubuntu Linux in three desktop versions: Cinnamon, Mate and Xfce.

The Debian version is different under the hood.

For example, the software package base is provided by Debian repositories instead of from Ubuntu repositories. Another difference is the lack of point releases in LMDE. The only application updates between each annual major upgrade are bug and security fixes.

In other words, Debian base packages will stay the same in LMDE 3 until LMDE 4 is released next year. That is a significant difference.

Mint system and desktop components get updated continuously in a semi-rolling release process as opposed to periodic point releases. So newly developed features are pushed directly into LMDE. Those same changes are held for inclusion on the next upcoming Linux Mint (Ubuntu-based) point release.

Using LMDE instead of the regular Linux Mint distro is more cutting edge — but only if you use the Cinnamon desktop. LMDE does not offer versions with Mate and Xfce desktops.

Personal Quest

Linux Mint — as in the well-established Ubuntu-based release — is my primary computing workhorse, mostly thanks to the continuing refinements in the Cinnamon desktop. However, I spend a portion of my weekly computing time using a variety of other Linux distros on a collection of “test bench” desktops and laptops dedicated to my regular Linux distro reviews.

The most critical part of my regular distro hopping is constantly adjusting to the peculiar antics of a host of user interfaces, including GNOME, Mate, KDE Plasma and Xfce. I return to some favorites more than others depending on a distro’s usability. That, of course, is a function of my own preferences and computing style.

So when LMDE 3 became available, I gave in to finding the answer to a question I had avoided since the creation of Linux Mint Debian Edition several years ago. I already knew the issues separating Debian from Ubuntu.

The dilemma: Does Debian-based versus Ubuntu-based Linux Mint really matter?

Linux Mint Debian applications menu

Linux Mint Debian is a near-identical replication of the Ubuntu-based Standard Linux Mint Cinnamon version.

Confusing Scenario

Does a Debian family tree make Linux Mint’s Cinnamon distro better than the Ubuntu-based main version? Given the three desktop options in the Linux Mint distro, does a duplicate Cinnamon desktop choice involving a Debian base instead of an Ubuntu base make more sense?

Consider this: Ubuntu Linux is based on Debian Linux. The Linux Mint distro is based on Ubuntu, which is based on Debian.

So why does Linux Mint creator and lead developer Clement Lefebvre care about developing a Debian strain of Linux Mint Cinnamon anyway? The Debian distro also offers a Cinnamon desktop option, but no plans exist for other desktop varieties.

Clarifying Clarity

I have found in years of writing software reviews that two factors are critical to how I respond to a particular Linux distribution. One is the underlying infrastructure or base a particular distro uses.

A world of differences can exist when comparing an Arch-based distro to a Debian- or RPM- or Slackware-based distro, for instance — and yes, there are numerous more family categories of Linux distributions.

My second critical factor is the degree of tweaking a developer applies to the chosen desktop environment. That also involves considering the impact of whether the distro is lightweight for speed and simplicity or heavyweight for productivity and better performance.

Some desktop options are little more than window managers like Openbox or Joe’s Window Manager (JWN), IceWM or Fluxbox. Others are shell environments patched over GNOME 3 like Mate and Cinnamon.

Assessing performance gets more involved when a distro offers more than one desktop option. Or when a distro uses a more modern or experimental desktop environment like Enlightenment, Pantheon, LXQt or Budgie.

Reasonable Need

What if the Ubuntu base went away? The Ubuntu community is headed by a commercial parent company, Canonical. The road to Linux development is littered with used-to-be Linux distros left abandoned. Their users had to move on.

When the Ubuntu community years ago made its new Unity desktop the default, Lefebvre created Linux Mint as an alternative and replaced Unity with the infant Cinnamon he helped create. Ironically, the Ubuntu community recently jettisoned Unity and replaced it with the GNOME desktop.

In Lefebvre’s release notes for LMDE 3, he noted the development team’s main goal was to see how viable the Linux Mint distribution would be and how much work would be necessary if Ubuntu ever should disappear.

Same Difference Maybe

The challenge is to make LMDE as similar as possible to Linux Mint without using Ubuntu. I am not a programmer, but it seems to me that what Lefebvre has been doing is make square pegs fit into round holes.

It seems to be working. Debian, Linux Mint and Ubuntu all hail from the Debian repositories. Ubuntu also is derived from Debian. However, the base editions are different.

The main difference between editions, Lefebvre explained, is that the standard edition may have a desktop application for some features. To get the same features in LMDE, users might have to compensate by altering a configuration file using a text editor.

So far, that makes LMDE less polished than the standard (Ubuntu-based) edition, just as Debian tends to be less polished on the first bootup than Ubuntu, he suggested.

His point is well taken. Linux Mint modifies the base integration to create a better user experience. That is why years ago, as an Ubuntu user, I crossed over to Linux Mint. It also bolsters what I previously said about my two essential factors in reviewing Linux distros.

From Lefebvre’s view, LMDE likely is a smarter choice over the Ubuntu-based version for users who prioritize stability and security. Users looking for more recent packages likely will be less satisfied with LMDE 3. Despite the more rigorous updates, some packages on LMDE could be several years old by the time the next release comes out.

Linux Mint Debian screen shot

Some software package delays and other minor differences lie under the surface of the Debian edition of Linux Mint, but you will look long and hard to find them.

First Impressions

“Cindy” installed and ran without issue. Its iteration of the Cinnamon desktop displayed and performed like its near-twin from the Ubuntu family. That was a pleasant surprise that reinforced my longstanding reliance on the Cinnamon desktop over other options.

To say that the Cindy release *just works* is an understatement. The menus and configuration settings are the same. The panel bar is an exact replica in terms of its appearance and functionality. The hot corners work the same way in both versions. So do the applets and desklets that I have grown so fond of over the years.

Even the Software Center remains the same. Of course, the location of the repositories points to different locations, but the same package delivery system underlies both LMDE 3 and the Ubuntu-based Tara version of Linux Mint Cinnamon.

My only gripe with functionality centers on the useless extensions. I hoped that the experience with Cindy would transcend the longstanding failure of extensions in the Ubuntu-based Cinnamon desktop. It didn’t.

Almost every extension I tried issued a warning that the extension was not compatible with the current version of the desktop. So in one way at least, the Debian and the Ubuntu versions remain in sync. Neither works — and yes, both Cinnamon versions were the current 3.8.8.

Other Observations

I was disappointed to see LibreOffice 5 preinstalled rather than the current LibreOffice 6.1. Cindy has both Ubiquity and Calamares installers.

I suggest using the Calamares installer. It has a great disk partitioning tool and a more efficient automated installation process. For newcomers, the Linux Mint installer is easier to use, though.

As for the kernel, the Cindy version is a bit behind the times. It ships with kernel version 4.9.0-8; my regular Linux Mint distro is updated to 4.15-0-33.

Also consider the basic hardware requirements for LMDE. They might not be as accommodating as the Ubuntu version of Linux Mint Cinnamon.

You will need at least 1 GB RAM, although 2 GB is recommended for a comfortable fit. Also, 15 GB of disk space is the minimum, although 20 GB is recommended.

Here are some additional potential limitations for your hardware:

  • The 64-bit ISO can boot with BIOS or UEFI;
  • The 32-bit ISO can only boot with BIOS;
  • The 64-bit ISO is recommended for all computers sold since 2007 as they are equipped with 64-bit processors.

Bottom Line

If you are considering taking Cindy for a joyride, be sure to check out the release notes for known issues. Also, thoroughly test the live session before installing LMDE 3 to any mission-critical computers.

If you do follow through and install the Debian version of Linux Mint, consider the move a short-term computing solution — that is, unless you like doing a complete system upgrade. LMDE is not a long-term support release.

Unlike the five-year support for the regular LTS release with the Ubuntu-based version, Cindy’s support runs out perhaps at the end of this year. The developers cannot project an exact release schedule for LMDE 4, either.

Lefebvre warned that several potential compatibility issues loom in the near future. For example, Cinnamon 4.0 is likely to be incompatible with Debian Stretch. A contemplated change in the Meson build system may get in the way as well.

Want to Suggest a Review?

Is there a Linux software application or distro you’d like to suggest for review? Something you love or would like to get to know?

email your ideas to me, and I’ll consider them for a future Linux Picks and Pans column.

And use the Reader Comments feature below to provide your input!

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.
Email Jack.

Let’s block ads! (Why?)

Link to original source

E-Scooters: On a Road to Nowhere

As summer winds die down here’s hoping one of the season’s most ridiculous
and unnecessary fads goes with them.

Bird and Lime e-scooters — the vehicles for the two rival companies’ Mobility as a Service scheme — are just the latest twist on the foot-powered Razor Scooters that took America by storm in 2000.

Unlike Razor, which introduced electric-power models back in 2003, Bird and Lime utilize a subscription model instead of ownership.

Bird, Lime and another competitor, Spin, have similar business strategies — namely to provide simple, cheap transportation for the
“last mile” — whether that means from a parking lot on the edge of a
downtown district, or from subway or other mass transit stop — to the final destination.

The concept is similar to bike share programs that allow users essentially
to rent equipment for a short trip. However, in the case of the scooters, there are no central docking stations.

Moreover, the companies have introduced their respective scooters in
various cities around the country without considering infrastructure,
and currently there are no designated drop-off points. Instead the scooters seemingly are “abandoned” around urban areas.

Apparently this is exactly what
the companies had in mind. The idea was that those
curious individuals who stumbled upon one would try it out, and in the process create buzz that could turn these scooters into the next big thing.

The venture capital funding the companies have attracted, combined, so far has exceeded US$250 million. Clearly someone believes scooters could be the

I hope they are wrong!

Been There

Bird, Lime and Spin are hardly the first to think of MaaS as a
solution to crowded roads, lack of parking and poor
mass transit.

By providing a
reasonably affordable way for individuals to get from point A to point
B, Uber and Lyft have showcased that fleets of
taxis aren’t necessary for mid-sized cities. Moreover, consider the vast amounts of dollars being spent on autonomous vehicle development.

Clearly there is a recognition that not everyone wants to drive or own a car. However,
scooters aren’t the solution — at least not for America.

The original push scooters were little more than wheels attached to
boards. They typically were used only by children — in part due
to the cobblestone roads of the era, which made riding precarious at best!

The first successful motorized scooter was the Italian-made
Vespa, which was introduced in the aftermath of World War II. At the time, Italy’s economy was ruined. As the country struggled to recover from the war, few people could afford cars.

motorcycles, scooters were something that women as well as men could
ride to work, school and the market. Vespa and various competitor
models spread throughout Europe.

At the same time, Americans were
moving to suburbs and buying cars. Had it not been for the 1952 film
Roman Holiday, which featured Audrey Hepburn and Gregory Peck riding a
Vespa, those scooters might have gone unnoticed in the United

Done That

Fast forward to 2001, when inventor Dean Kamen rolled out the Segway
PT — a device that Steve Jobs reportedly expected to be as big
a deal as the PC. John Doerr, the venture capitalist behind
Netscape and Amazon, proclaimed it would be bigger than the Internet.

There were even proclamations that cities might be retrofitted, as Segways
could alleviate congestion on the roads and be an alternative to cars.

Some of that probably sounds familiar, even if the Segway doesn’t ring a bell

For those who don’t have Segway memories, it is a two-wheel platform
with a handle. Instead of spurring a transformation in cities, it largely
has been relegated to tourist destinations. Occasionally it is used by
police officers in urban areas.

Segways, much like today’s Bird and Lime scooters, have a
fundamental flaw: They lack the required infrastructure to
make them practical.

Sidewalks — especially in the crowded urban centers of New York, Philadelphia, Boston, Chicago, San Francisco and cities — aren’t ideal for a motorized vehicle that moves at a speed far faster than people can walk.

The Segway PT has a maximum speed of 12.5 miles per hour, which is
just under a 5-minute mile! The new e-scooters from Bird, Lime and
Spin can carry an adult weighing up to 200 pounds at a maximum speed
of 15 mph. At that speed, an accident involving a pedestrian and a
rider could be serious — even fatal.

There have been suggestions that perhaps these devices should be
relegated to the bike lanes in cities, but that raises another issue.
Shouldn’t the bike lanes be for bicycles?

The Cyclist View

As an avid cyclist, I am the sort of rider who has spent
a not-so-small fortune on bicycles. I wear cycling kit, including
shorts and jersey, helmet and gloves. I don’t just look the part when I
ride, however — I know the rules of the road.

Most states and many communities have laws
against adults riding on the sidewalk, especially at high speeds —
which is taken to be anything over 10mph.

As a cyclist, I am used to
sharing the road with cars, even if the cars aren’t always eager to
share them with me. So maybe I’m a bit smug or even self-righteous,
but in the few cases so far where I’ve seen e-scooters in the bike
lanes, it hasn’t made me happy.

First and foremost, as someone used to dealing
with cars, I’m very aware of my surroundings when I’m on my bicycle. However, many of the drivers of e-scooters I’ve observed have seemed almost oblivious to the world around them — as if mobility gave them the right to tune out.

Second, I’m prepared for a crash or accident with gloves and
helmet. Those riding on e-scooters are not.

Finally, bike lanes are far from ideal even for bikes. Too often, they’re strewn with broken glass and debris. They have way too many potholes and large cracks. A bicycle
has large wheels and tires that can navigate the obstacles.

Accidents Will Happen

To date it is unclear how many accidents there have been involving e-scooters, but sadly, at least one individual already has been killed already in an accident involving one. A 24-year-old man was
killed this past week in Dallas after he fell while riding an e-scooter home,
The Washington Post reported.

Although this is the first reported death, more accidents are waiting to happen.
Several media outlets reported that a woman was spotted on an
e-scooter on I-77 in Charlotte, North Carolina!

Bicycles and mopeds are prohibited on Interstates, of course — with the exception of some
rural parts of New Mexico –and it should be obvious that e-scooters would fall into that category. However, given the influx of
these devices we shouldn’t be surprised to see these in places not
deemed appropriate or even legal.

At the City Level

The legal issues certainly will be resolved as cities across the
country are faced with how to regulate use of e-scooters and enforce the new rules.

The Los Angeles City Council this week voted 13-0 to approve a new set
of rules for dockless e-scooters, along with a citywide cap of
3,000 e-scooters in total.

That number could be increased if the
companies agree to operate in disadvantaged communities. In addition,
all the companies will be required to carry $5 million commercial
general liability insurance.

Other cities have made it clear that e-scooters aren’t
welcome. Beverly Hills and West Hollywood have voted to ban them, and other communities across the country have instituted their own rules.

Perhaps some communities see a potential revenue stream from the
e-scooters via parking tickets. The Indianapolis City Council this summer
approved a $25 fine for scooters parked in doorways, alleys,
handicapped spots, bus stops and even rain gardens.

The University of Texas in Austin recently announced that it will
impose a $150 fine for improperly parked e-scooters on campus. While the fines will be addressed to the companies, there is
speculation that those fines could be passed down to the last user. As
e-scooters do rely on GPS, it would be easy enough to determine who
left the scooter where and when.

Understanding the Infrastructure Issue

Companies such as Bird, Lime and
Spin — and others that are bound to pop up — need to understand
that America’s infrastructure isn’t designed for e-scooters. Bike lanes aren’t meant to be catchalls, and sidewalks are not ideal either.

The Vespa didn’t catch on in America because Americans could afford
cars in the 1950s and 1960s, and the Segway didn’t catch on in 2001
because inner cities already were retrofitted to adapt to
cars. The suburbs were made possible by car ownership!

Of course, it may not always be this way. The thing to remember is
that human cities have been around literally for eons. Damascus, Syria — widely believed to be the oldest continuously inhabited city in the
world — dates back at least 11,000 years.

That city certainly was
retrofitted many times for the transportation of the era, from
horse-drawn carts to railroads and cars.

In those 11,000 years of human cities, cars
have been around only for 150 years. In most cities, they have been
plentiful and common for less than 100 years. Even after World War I,
horse drawn wagons were common in New York and certainly across

Much attention has been given to the progress of bicycles in cities such as
Amsterdam and Copenhagen, but that is largely because those cities never were all that car-friendly in the first place,
and bicycle use evolved side-by-side with the car. That hasn’t happened in America,
and in fact barely has happened even in other parts of Europe.

Cities where Vespa-style scooters remain popular — Naples, Rome,
Florence, Barcelona and Lisbon, among others — have mild weather, small
city centers where people often don’t live in far-flung suburbs, and
roads that aren’t ideal for cars. That is why the motorized scooters
became, and remained, popular — not because the scooter replaced the

American inventors and proponents of MaaS need to look at what makes
Uber and Lyft popular in the cities and suburbs alike. It provides a
quick, affordable ride.

E-scooters are a novelty. They threaten to crowd sidewalks,
bike lanes and roads alike, and people could get hurt, even killed in the
process. Before anyone else dies, the e-scooter should sputter and die instead.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.

Peter Suciu has been an ECT News Network reporter since 2012. His areas of focus include cybersecurity, mobile phones, displays, streaming media, pay TV and autonomous vehicles. He has written and edited for numerous publications and websites, including Newsweek, Wired and
Email Peter.

Let’s block ads! (Why?)

Link to original source