Partner Perspectives  Connecting marketers to our tech communities.
10/13/2016
11:42 AM
Carl Woodward
Carl Woodward
Partner Perspectives
50%
50%

Access, Trust, And The Rise Of Electronic Personal Assistants

App and device makers are working hard to deliver user control over privacy.

“You should leave in five minutes for your next appointment.”

“Traffic is heavy, leave at 11:30 for your flight to San Francisco.”

“Remember to buy bread and eggs.”

All of these reminders are commonplace today, thanks to electronic personal assistants on your phone, tablet, and computer. These aides get information from your emails, calendar entries, location, and other observations about you, your environment, and the immediate context. The more integrated they are with other apps and sources of data, the more effective they can be. But what about your privacy?

A human personal assistant can be the most valuable and trusted person in your life. The ultimate assistant not only knows your preferences, but can anticipate your needs. Like the emerging electronic ones, human assistants read all of your correspondence, know the full details of your calendar, and are privy to most aspects of your business and personal lives. But they have also been a source of gossip and intimate details for centuries. Non-disclosure agreements and lawsuits are still no guarantee of trust or confidentiality, and they cannot un-publish the tell-all book or interview. Trust is developed over time, based on experience and our personal judgment.

Electronic assistants are not really much different. What is different is their level of access and our control over the information and privacy settings. How do you give access and trust to a personal assistant app and its extended ecosystem, especially one whose priorities may be different from yours?

A fun and only slightly futuristic example could be asking your assistant to “Please book a skydiving experience for my anniversary.” In order for the personal assistant to make a good choice, it needs to know:

  • How much money you have in your bank accounts
  • If you have any bills or commitments coming up
  • What your calendar looks like for the suggested date
  • If you have any health issues that would prevent you from participating safely
  • If your partner is likely to think this is a good way to celebrate

Obviously, a security breach when there is this much data involved could be catastrophic.  App and device makers are working hard to deliver user control over privacy. There is a long list of settings available, as well as pop-up approvals for some types of data access. Using this power is an essential part of building a trustworthy relationship.

Next is data sharing among the ecosystem. Unlike your human assistant who is paid by you, your electronic one generates income from multiple sources, including ads, sales commissions, and selling your information to third parties. When you ask for dinner reservations, travel bookings, or other services, are you getting the best deal for you or the optimal deal for the ecosystem of partners? Does your assistant isolate different types of data, or are advertisers able to determine what you are doing, where, and with whom, perhaps to your detriment or embarrassment?

Finally, there is the role of personal assistant as gatekeeper. We are all familiar with human assistants that have controlled access to their principals, unnecessarily influenced information flow, or isolated them from their surroundings. An electronic assistant may be able to do this not only more subtly, but at the direction of ecosystem partners to their benefit.

Carl builds the future with the Office of the CTO's Innovation Pipeline Team in Intel Security. He is a security veteran with five years of top secret UK government experience, five years with his own company Sanctuary Software Limited, and over six years with McAfee/Intel. ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cybersecurity Must Be an International Effort
Kelly Sheridan, Associate Editor, Dark Reading,  12/6/2017
NIST Releases New Cybersecurity Framework Draft
Jai Vijayan, Freelance writer,  12/6/2017
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.