Partner Perspectives  Connecting marketers to our tech communities.
10/13/2016
11:42 AM
Carl Woodward
Carl Woodward
Partner Perspectives
50%
50%

Access, Trust, And The Rise Of Electronic Personal Assistants

App and device makers are working hard to deliver user control over privacy.

“You should leave in five minutes for your next appointment.”

“Traffic is heavy, leave at 11:30 for your flight to San Francisco.”

“Remember to buy bread and eggs.”

All of these reminders are commonplace today, thanks to electronic personal assistants on your phone, tablet, and computer. These aides get information from your emails, calendar entries, location, and other observations about you, your environment, and the immediate context. The more integrated they are with other apps and sources of data, the more effective they can be. But what about your privacy?

A human personal assistant can be the most valuable and trusted person in your life. The ultimate assistant not only knows your preferences, but can anticipate your needs. Like the emerging electronic ones, human assistants read all of your correspondence, know the full details of your calendar, and are privy to most aspects of your business and personal lives. But they have also been a source of gossip and intimate details for centuries. Non-disclosure agreements and lawsuits are still no guarantee of trust or confidentiality, and they cannot un-publish the tell-all book or interview. Trust is developed over time, based on experience and our personal judgment.

Electronic assistants are not really much different. What is different is their level of access and our control over the information and privacy settings. How do you give access and trust to a personal assistant app and its extended ecosystem, especially one whose priorities may be different from yours?

A fun and only slightly futuristic example could be asking your assistant to “Please book a skydiving experience for my anniversary.” In order for the personal assistant to make a good choice, it needs to know:

  • How much money you have in your bank accounts
  • If you have any bills or commitments coming up
  • What your calendar looks like for the suggested date
  • If you have any health issues that would prevent you from participating safely
  • If your partner is likely to think this is a good way to celebrate

Obviously, a security breach when there is this much data involved could be catastrophic.  App and device makers are working hard to deliver user control over privacy. There is a long list of settings available, as well as pop-up approvals for some types of data access. Using this power is an essential part of building a trustworthy relationship.

Next is data sharing among the ecosystem. Unlike your human assistant who is paid by you, your electronic one generates income from multiple sources, including ads, sales commissions, and selling your information to third parties. When you ask for dinner reservations, travel bookings, or other services, are you getting the best deal for you or the optimal deal for the ecosystem of partners? Does your assistant isolate different types of data, or are advertisers able to determine what you are doing, where, and with whom, perhaps to your detriment or embarrassment?

Finally, there is the role of personal assistant as gatekeeper. We are all familiar with human assistants that have controlled access to their principals, unnecessarily influenced information flow, or isolated them from their surroundings. An electronic assistant may be able to do this not only more subtly, but at the direction of ecosystem partners to their benefit.

Carl builds the future with the Office of the CTO's Innovation Pipeline Team in Intel Security. He is a security veteran with five years of top secret UK government experience, five years with his own company Sanctuary Software Limited, and over six years with McAfee/Intel. ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11232
PUBLISHED: 2018-05-18
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVE-2017-15855
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in u...
CVE-2018-3567
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.
CVE-2018-3568
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.
CVE-2018-5827
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.