Partner Perspectives  Connecting marketers to our tech communities.
10/13/2016
11:42 AM
Carl Woodward
Carl Woodward
Partner Perspectives
50%
50%

Access, Trust, And The Rise Of Electronic Personal Assistants

App and device makers are working hard to deliver user control over privacy.

“You should leave in five minutes for your next appointment.”

“Traffic is heavy, leave at 11:30 for your flight to San Francisco.”

“Remember to buy bread and eggs.”

All of these reminders are commonplace today, thanks to electronic personal assistants on your phone, tablet, and computer. These aides get information from your emails, calendar entries, location, and other observations about you, your environment, and the immediate context. The more integrated they are with other apps and sources of data, the more effective they can be. But what about your privacy?

A human personal assistant can be the most valuable and trusted person in your life. The ultimate assistant not only knows your preferences, but can anticipate your needs. Like the emerging electronic ones, human assistants read all of your correspondence, know the full details of your calendar, and are privy to most aspects of your business and personal lives. But they have also been a source of gossip and intimate details for centuries. Non-disclosure agreements and lawsuits are still no guarantee of trust or confidentiality, and they cannot un-publish the tell-all book or interview. Trust is developed over time, based on experience and our personal judgment.

Electronic assistants are not really much different. What is different is their level of access and our control over the information and privacy settings. How do you give access and trust to a personal assistant app and its extended ecosystem, especially one whose priorities may be different from yours?

A fun and only slightly futuristic example could be asking your assistant to “Please book a skydiving experience for my anniversary.” In order for the personal assistant to make a good choice, it needs to know:

  • How much money you have in your bank accounts
  • If you have any bills or commitments coming up
  • What your calendar looks like for the suggested date
  • If you have any health issues that would prevent you from participating safely
  • If your partner is likely to think this is a good way to celebrate

Obviously, a security breach when there is this much data involved could be catastrophic.  App and device makers are working hard to deliver user control over privacy. There is a long list of settings available, as well as pop-up approvals for some types of data access. Using this power is an essential part of building a trustworthy relationship.

Next is data sharing among the ecosystem. Unlike your human assistant who is paid by you, your electronic one generates income from multiple sources, including ads, sales commissions, and selling your information to third parties. When you ask for dinner reservations, travel bookings, or other services, are you getting the best deal for you or the optimal deal for the ecosystem of partners? Does your assistant isolate different types of data, or are advertisers able to determine what you are doing, where, and with whom, perhaps to your detriment or embarrassment?

Finally, there is the role of personal assistant as gatekeeper. We are all familiar with human assistants that have controlled access to their principals, unnecessarily influenced information flow, or isolated them from their surroundings. An electronic assistant may be able to do this not only more subtly, but at the direction of ecosystem partners to their benefit.

Carl builds the future with the Office of the CTO's Innovation Pipeline Team in Intel Security. He is a security veteran with five years of top secret UK government experience, five years with his own company Sanctuary Software Limited, and over six years with McAfee/Intel. ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure Mentem,  7/19/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14492
PUBLISHED: 2018-07-21
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
CVE-2018-3770
PUBLISHED: 2018-07-20
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
CVE-2018-3771
PUBLISHED: 2018-07-20
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
CVE-2018-5065
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5066
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.