Posted on Mar 16, 2018

GDPR – The Great Data Protection Rip-off

“Are you ready for GDPR?”. “GPDR, 6 steps you *must* take”. “Do you want to go to prison and never see your kids again?” As CTO of a software company, I get a variation of one of these emails every single day, and I strongly suspect I am not alone. The first thing I am […]

“Are you ready for GDPR?”. “GPDR, 6 steps you *must* take”. “Do you want to go to prison and never see your kids again?”

As CTO of a software company, I get a variation of one of these emails every single day, and I strongly suspect I am not alone. The first thing I am going to do when GDPR comes in (28th May), I’m having every single one of the companies who is spamming me thrown into jail. Or can I? What is the hype all about, and how much should you worry?

Yes it affects you. Even Americans, so read on.

GDPR, for readers outside of the EU, is the General Data Protection Regulation, which passed through the EU Parliament almost two years ago, and it is meant to harmonise, or possibly re-harmonise, data protection legislation across the EU. And, of course, it affects anyone from outside the EU who trades in EU.

Overhaul

The last major overhaul of data protection legislation was in 1995, under the Data Protection Directive, which sought to control how organisations used personal data, like telephone numbers, addresses etc. This meant that EU citizens were able to access what data was held on them by organisations (in the UK for a modest fee of £10), and to put in place a regulatory framework of what could be done with that data, e.g. could it be sold to third parties.

Since then, the world has changed, with the explosion of the Internet and cloud services: and here is the hidden danger of GDPR. If you are using cloud services, you need to know where your data is being held. Actually, you should always have known that, but when GDPR kicks in, the potential fines for non-compliance are huge, up to 4% of annual global turnover or €20 Million (whichever is greater). As The Register pointed out last year, 2016’s fines levied by the UK regulator (the Information Commissioner) would have risen 79 times.

Some companies, like Salesforce, have taken a very non-technical approach to some of their GDPR issues. Rather than ensuring that data is properly siloed and encrypted by geography, they have cut people off certain services, such as Salesforce IQ.

But what should you actually be doing to support your GDPR effort that you are not doing already?

Extra-territorial

Well, if you previously did business involving EU citizens and held their data, it was ambiguous as to whether you were affected by the EU Data Protection Directive. Well, as of May, that ambiguity goes, so if you are processing the personal data of an EU citizen, you must appoint a representative in the EU, and abide by the terms of GDPR.

Consent

It used to be easy to obfuscate your terms and conditions to obtain people’s consent to harvest and misuse their data. No more: consent must be clear and unambiguous. That has lead to some pretty interesting discussions. Twice this week, I have heard people say that data which has been obtained for “quality and training” purposes cannot be used for machine learning, because “you have to ask for specific consent for ‘machine learning’”. I think the world has gone mad. One of the ways we improve quality (and training) will be through the use of neural networks.

Hype and hysteria.

What a Difference Three Days Makes: 72 Little Hours.

If you think that there has been a data breach that is likely to “result in a risk for the rights and freedoms of individuals”, you have 72 hours to notify the breach and let your customers know. It will be interesting to see how the courts and regulators interpret this. You can see how a breach that leaks passwords is important, but what about names and addresses, data which is easy to obtain in any event?

Denial of Service Attack Access Rights

With GDPR comes new and shiny access rights. The biggest shift? You can get the personal data held on you for free, so the bar for the human DOS attack becomes much lower. What am I talking about?

Well, in my world, for example, we help people capture and monitor phone calls. Imagine if 10,000 people all at once contacted a large bank and said they had called into a call centre over a period of three weeks, two months ago.

And they want

Data Erasure

Or the “Right to be Forgotten”, another new right. You can ask any organisation to delete your data, and they must comply.

Or they want

Data Portability

The right to have all their data provided in a ‘commonly used and machine-readable format’
Sounds easy, right?

Not really.

First off, you only have a month to get the data back, or in exceptional circumstance three months (if, as the UK regulator puts it, “requests are complex or numerous”)
And then you have to identify it.

Voice is the hidden problem in any organisation. If you store it, even just voicemails, you must be able to label and retrieve it. You might think it is as easy as matching up a phone number. Not so. At any time, 5 people in my house could use the same landline. In my office, up to 25 people share the same external number. If I have a conference call, there could be all sorts of people on it. How the hell do I work out who is who? And if I Skype a telephone number? Quite often there is no Caller ID at all.

And what if 10,000 people asked the same question at the same time?

There are simple steps, obviously, like trying to capture the names and details of people who call in and store it against the voice record. In some cases that will work, but not for my conference call, or my casual enquiry to the bank (especially if I don’t want to give my name). In highly regulated environments like trading floors, every call is recorded, but at the moment, the metadata is frequently in a mess, and calls are just labelled with the name of the institution that called, or worse, nothing at all.

What I would do?

Set up a biometric database of people who call in (what people call a voiceprint). They are not fool proof, especially for authentication as the BBC demonstrated last year, by hacking HSBC, but they serve as a useful backstop to try to find people who may be trying very hard, and somewhat maliciously, not to be found.

What else?

GDPR does not end there. You need to ensure that your data storage is designed with privacy in mind, so ensuring proper access controls over data, and encrypting data at rest and in transit. People must be trained to understand the importance of data protection, and you need to have clear and defined policies in place.

Hype or not?

GDPR undoubtedly throws up new hurdles for businesses, but the real extent of that will only be found out as authorities start to enforce the regulations. Will they really use the maximum fines? And will it help? We have seen a steep rise in compliance for major banks in the wake of the massive fines levied by regulators in the wake of LIBOR, FX and other scandals. But those were multi-billion-dollar fines. The largest ever fine in the UK to date is a mere £400,000 ($560,000).

Posted on Feb 21, 2018

Alexa, what’s my bank balance? The 2018 state of voice.

Alexa, what’s my bank balance? The 2018 state of voice. All of a sudden voice assistants are everywhere. In our phones, cars, TVs, microwaves and refrigerators. If you don’t have at least one Amazon Echo, Google Home or Apple HomePod in your house at this point you might be in the minority: voice assistants have […]

Alexa, what’s my bank balance? The 2018 state of voice.

All of a sudden voice assistants are everywhere. In our phones, cars, TVs, microwaves and refrigerators.

If you don’t have at least one Amazon Echo, Google Home or Apple HomePod in your house at this point you might be in the minority: voice assistants have moved into our everyday lives in a big way, and they’re the new norm.

Google sold more than 6 million voice-assistant speakers just over the holidays, and Amazon was able to get tens of millions of speakers into homes within a single quarter. The race to be the dominant voice platform is underway, and at this point, anyone could win.

Given the rate of adoption, and the expansion of voice APIs for the masses, we thought it was time to look at the market, how it’s growing and where voice is headed next. 2018 is officially the year of the voice assistant.

How we got here, and the driving forces

Google Assistant - How can we help?

Google Assistant – How can we Help?

 

The story of how voice suddenly accelerated in 2017 must first skip back almost fifty years first. IBM, in 1962, introduced the first voice-activated computer named the IBM Shoebox which could do incredible things:

  • William Dersch’s Shoebox listened as the operator spoke numbers and commands such as Five plus three plus eight plus six plus four minus nine, total,” and would print out the correct answer: 17.

Since that demo, humans have dreamed of interacting with their devices in a more natural way for decades, but it always felt a little far off. Science fiction, like Star Trek, 2001: A Space Odyssey and Back to the Future 2, gave us visions of the future where we’d interact with the digital world by just speaking aloud — but it always seemed like nothing more than a fantasy.

There have been various attempts at building rich voice experiences many, many times, and you likely recall those from the 1990’s best. Those tools required you to sit in front of a computer and dictate for hours to train it before use, and even then it remained unreliable at best.

The real innovations that pushed voice forward to where we are now aren’t entirely obvious: cloud computing, and machine learning. Neither ideas were particularly new, but the way they were embraced changed everything.

If you wanted to build a voice assistant in 1996, you’d need vast server rooms of your own to perform basic interpretation — which required massive amounts of investment. In 2018, it’s as easy as clicking a few buttons on Amazon Web Services and poof you’ve got a massive, high-performance data-center ready to go.

Cloud computing has revolutionized the way applications and ideas are built: before, you’d need at least some metal to run your voice service on, but now you can build a vast service without ever actually seeing a server.

Machine learning alongside cloud computing created a potent combination: suddenly developers had access to vast amounts of processing power to experiment with teaching a computer how to think — and we had larger data sets to feed them.

The theory behind machine learning has been around since at least the 1980’s. Dr Hermann Hauser, scientist and director of Amadeus Capital, said in a presentation that much of the ideas used by modern machine learning were invented decades ago, but the raw power wasn’t available to do anything with them.

 

 

Working off of these initial ideas, a Google engineer, Jeff Dean, used the company’s vast infrastructure to experiment with building the first at-scale neural network. Ultimately becoming Google Brain, it transformed industries as we know them. Suddenly, computers were able to grasp basic ideas, if fed enough information.

  • “The portion of evolution in which animals developed eyes was a big development. Now computers have eyes.”

Equipped with an ability to grasp basic concepts, voice was inevitable for computers. Siri, which was released in 2014, was likely the first ‘modern’ voice experience consumers had — and while it was impressive, it was obvious that the technology was nowhere near usable on an everyday basis yet.

While Siri was a great early demonstration of what voice assistants could do, it was easy to stump it. Basic commands worked, but as soon as you asked it something unexpected — which happens as soon as humans feel comfortable — it would become stumped. Ultimately, the problem was that Siri wasn’t able to learn from its own mistakes until much later, in 2014.

It wasn’t until Amazon unveiled the Echo in 2014 that anyone started paying serious attention to voice again. It was by this point neural networks were beginning to find their way into consumer applications, and into the public eye — and it showed in the first reviews of Echo:

 

  • “Yet this is the future, I’m sure of it. Several times a day, the Echo blows me away with how well it converses, and how natural it feels to interact with a machine this way.”

Echo wasn’t just impressive because it was the first device on the market that made voice feel really natural, but also because of its hardware: the company combined far-field microphones, a decent speaker and made it look good.

Far field microphones in 2015 were a concept not many people were familiar with. The technology allows a device to combine microphones to increase the range in which it’s able to hear a voice, and block out noises around them. Combined with audio processing improvements, it’s a potent technological leap: suddenly computers could hear and understand, almost anywhere in a room with a satisfying level of precision.

The Echo came out of nowhere, at least to the consumer, and a whole new model of interaction was born overnight because Amazon was able to stand at the crux of three massive innovations intersecting with one another — it also, conveniently, runs the world’s largest cloud computing platform.

Modern voice assistants became possible because their makers were able to offload that heavy data-crunching required for interpretation of voice to their cloud brains. All your smart speaker does is listen for the hot word OK Google or Hey Alexa, which opens the pipe to their online brains for real-time recognition.

Almost nothing is done locally by these devices, bringing prices down, and making them possible to build in attractive, fabric-coated form factors for your kitchen.

The current state of voice

Google Home Device - Current State of Voice

Google Home Device – Current State of Voice

With these developments in mind, let’s look at where we are in 2018 from the consumer’s perspective: voice went from a cute tool, to a primary mode of interaction for the home. For the first time, people are comfortable — and even prefer — to use voice for interacting with digital devices.

This has been driven by aggressive competition between Google and Amazon. Echo was first to market, leaving Google reeling, and ultimately leading to the company investing billions in Home to build out what it sees as the next platform for search. If anything, Amazon Echo was the company’s first real existential threat, making Home all the more important.

As a result, we see a huge race to the bottom for voice, because it’s winner takes all.

What started out as Amazon Echo is now a multitude of products, including the smaller Echo Dot and the larger Echo premium speaker. Google has done the same, going down-market with Home Mini, and up-market with Home Max, which competes with Sonos and beyond. Apple is about to enter the game for the first time with the HomePod, which is set to ship in February.

Consumer Electronics Show was the first visceral evidence of how much this space is worth to those fighting for a spot on your bench:

  • The words Hey, Google” are currently plastered along the outside of the city’s public transportation system (the Las Vegas Monorail) that will shuttle thousands of attendees into the conference center all week. It’s a bold statement from the Mountain View, Calif.-based company, and makes one thing clear to all attendees at CES: Google wants you to get used to interacting with its digital assistant.”

All of the players in the voice space are pouring millions into it because, ultimately, they must. Google discounted Home Mini by more than half over the holidays, Amazon essentially gave Echo Dot away for free. For lower-end devices, they’re a gateway drug into the entire ecosystem: you’re almost guaranteed to expand later, so it’s not a big deal to sell at a loss.

If any one of these assistants ‘wins’ it means millions of people who will turn to that device, every day, before any other interaction model. These devices become the gateway to your home, as Internet of Things devices become prevalent, because they’re a natural way to interact with gadgets sans the need to pull out your phone.

They also vacuum up data at an unprecedented scale.

Google and Amazon are fighting over this space because it’s a fantastic, friendly vehicle for capturing data — the new gold. By becoming intimate with you to the point you turn to your voice assistant first, before your phone, these companies start getting closer to understanding your thoughts, and ultimately, your intent.

Almost everything you say to Alexa and Home is crunched, and stored, for later. That voice data is a goldmine for both companies because they’re able to use it both to train future algorithms, but also figure out how to get you to buy stuff.

Once you’re comfortable with voice, it gets even more interesting from there. The biggest advantage these devices have is they can make decisions on your behalf, while profiting from it, without your knowledge.

Here’s a theoretical example: imagine you’re planning to take an Uber to the office. When you ask Echo for a ‘ride to work’ it could, eventually, sell that term to the highest bidder and send whoever it feels like. Why would it default to Uber, if it’s not paying money? J

Just as Amazon did for the marketplace, thousands of brands will see their value diminished in a voice world, because assistants become the ultimate gatekeepers. Amazon, Google and Apple will decide who gets in front of you, and who doesn’t — and you probably won’t ever know.

Voice assistants are about to be everywhere. You probably have one sitting in the room you’re in now. But are we ready for this?

Privacy and your voice

Apple Home Device - Where to with Privacy

Apple Home Device – Where to with Privacy

 

The biggest challenge in voice is one that the biggest players aren’t really talking about: privacy.

Both Amazon and Google store recordings of your voice as you use their devices, and both companies are able to decrypt those recordings to perform analysis, ultimately creating the world’s biggest voice database.

In our rush to voice assistants, we’ve forgotten the importance of privacy, and what having this data at scale means in the future. While all of these improvements have begun happening, it’s become near trivial to recreate someone’s entire voice using a computer and a handful of snippets. If that’s not terrifying, I don’t know what is.

There are additional privacy implications as well. Due to the nature of how your voice is processed: we’re wiring hundreds of pieces of metadata up to the cloud, like our bank accounts, to use them with Alexa and Home, without really considering it.

As developers have rushed to enable the next big consumer experience, they’ve fallen over themselves to get experiences in your hands.

Alexa, what’s my bank balance is a real command, available from multiple banks. It’s a legitimately useful use case for the user, but it’s also a great way for Amazon to figure out how much money you have on hand, and an even better way for an attacker to find out more information about your bank account.

This is great for Amazon, but presents a new problem in terms of privacy and security for end users. If a simple attack on iCloud accounts can wreak so much havoc on people’s lives, what happens if that voice database, and the accounts connected, are compromised? Perhaps our most intimate moments, on tape, would be exposed — and could reveal more than you might think:

 

  • Dr Rita Singh from Carnegie Mellon University and her colleagues pieced together a profile of a serial US Coastguard prank caller solely from recordings of his voice[4]. This included a prediction of his height and weight, and also the size of room he was calling from, leading to his apprehension by the authorities. Dr Singh’s team are using this research to identify a person’s use of intoxicants or other substances, and also the onset of various medical conditions the speaker may not even be aware they possess.”

The only major voice player to advertise itself as encrypting your voice, identity and any associated data is Apple. As with Siri on the iPhone, Apple advertises HomePod as a privacy-focused device:

  • Only after Hey Siri” is recognized locally on the device will any information be sent to Apple servers, encrypted and sent using an anonymous Siri identifier.”

In other words, Apple won’t know who you are, and won’t be able to do much more with that data once it’s left your home. That claim, however, doesn’t paint the complete picture: because Apple doesn’t process locally, your voiceprint is still in the cloud, and they could almost certainly link it back to you if they were forced to.

The practices Apple uses add a layer of security, but don’t solve the problem — your data, and voice, now live in a cloud somewhere. Eventually, if Apple wants to move beyond relying on a local iPhone to process integrations, it’ll need to associate that data somehow and likely backpedal those claims in order to provide a connected experience.

So, what about the competition? Amazon doesn’t detail what it does with Alexa, but Google, for its part, says it encrypts data, but it’s also the one holding the keys. As a result, we don’t really know how far that promise of ‘encryption’ truly extends:

 

  • Your security comes first in everything we do. If your data is not secure, it is not private. That is why we make sure that Google services are protected by one of the world’s most advanced security infrastructures. Conversations in Google Home are encrypted by default.”

Siri, which has improved in recent years, is clearly behind in the voice assistant race as a result of this data access: it’s still unable to infer basic human ways of interacting with information, such as saying “where is that?” after asking “What’s a great taco spot nearby?”

If you had told people just a few years ago that you were going to place an always-on microphone in their home, they’d have balked, and refused. Now, it’s increasingly common, and people don’t seem to be concerned about the impact of that on their privacy — but Apple’s bet is that they will.

What remains to be seen is if Apple’s bet on that privacy will matter. While Apple is just taking its first steps with HomePod, Amazon and Google are busy putting their assistants in everything from cars to microwaves.

Soon, every device around you might be listening. Are you ready for that?

Where to from here?

Where to from here?

Where to from here?

Voice is the new interface, and isn’t going away anytime soon. For years, we’ve chased interacting with our computers in a more natural way, and the floodgates are open. So what next?

Privacy is the final frontier, and it’ll be a huge trend throughout 2018 relating to voice assistants. GDPR, the European Union’s biggest piece of new legislation in decades may drive that conversation forward, as it raises many questions about whether or not smart voice applications can be compatible with strong privacy law at all.

  • Companies will now have to ask for consent in simple terms, rather than buried in legalese terms and conditions. This creates many challenges, in particular for cloud-based voice assistants. Voice is considered to be personal data, therefore devices that listen ambiently should in theory ask everyone in the room for consent before sending their voice to the cloud. 
  • Imagine the nightmare of having 10 people over for dinner, and having your Google Home device asking each of them for consent!”

 

Over the coming year it’s likely the question of voice assistants, consent and voice security, will become a large part of the discussion. With GDPR, citizens of the EU will have the right to know where, and when their data is being used — as well as requiring their consent for expanded use of that stored data. It doesn’t matter if you’re building an experience from the US for EU customers: you’re still bound by the same rules.

Right now, most APIs for voice recognition are cloud-based, provided by Amazon and Google. This presents challenges for businesses looking to build experiences for their own apps with privacy in mind, especially with GDPR in the picture.

Local-only APIs, and on-premise solutions do exist, and may be worth considering as these concerns become even more important throughout 2018. Your customers may demand the peace of mind, and guaranteeing a level of predictable privacy is good business.

With Google, in particular, focusing almost all of its energy on voice as the next frontier for search, these questions are going to become more paramount. If we’re to imagine a future in which we’re talking to computers all day, like in the movie Her, we need to understand what happens with our voice once it leaves the room and goes online.

Its clear that voice is here to stay, and we’ll need to get comfortable with that reality for the foreseeable future. Privacy, especially when it comes to voice, is paramount, and the question really is wide open with consumer voice: where is the line?

With more than 50 million voice-enabled speakers expected to be shipped in 2018, and even more ambient smart devices, it’s an important question to ask before it’s too late.

 

Like this? For more about the future of voice at work, subscribe to our newsletter.

Posted on Nov 24, 2017

Once more unto the (data) breach

Once more unto the (data) breach by Dr Cornelius Glackin   1 in 4 companies will experience a data breach in the next 12 months according to the Ponemon[1] Institute’s “2017 Cost of Data Breach Study: Global Overview”. The perception is that the vast majority of data breaches involve on-premise infrastructure. As such, many companies […]

Once more unto the (data) breach

by Dr Cornelius Glackin

 

1 in 4 companies will experience a data breach in the next 12 months according to the Ponemon[1] Institute’s “2017 Cost of Data Breach Study: Global Overview”. The perception is that the vast majority of data breaches involve on-premise infrastructure. As such, many companies prefer to employ the cloud for storing their data; it makes sense in principle to outsource cyber security to a professional cloud provider. It is also lower in cost.  However, some of the largest and most costly breaches have been for cloud-based systems e.g. Apple iCloud, Dropbox, LinkedIn, Microsoft and Yahoo[2], each resulting in millions – and in some cases billions – of accounts being compromised.

Cloud computing means organizations allowing access to business-critical applications and sensitive data over the Internet. Recent advances in deep learning have revolutionised image and speech processing, making exciting new applications possible. Many of these applications require the support of cloud computing infrastructure to centralise the necessary computing power required to process video and audio data. There are numerous emerging examples of this such as Amazon’s personal assistant Alexa which employs cloud processing to support its voice recognition and dialogue management functionality. Whilst no breaches of this system have been reported, the implication is that unencrypted audio data must reside on the cloud, to enable it to be processed, and hence carries a substantial risk.

Earlier this year, an open database containing links to more than 2 million voice messages recorded on cuddly toys was discovered[3]. Personal pictures of celebrities were breached from Apple’s iCloud offering. In the majority of cases, cloud providers typically urge their customers to use stronger passwords, and add notification systems that look for suspicious activity.

Whilst personal photos of Jennifer Lawrence are seemingly of interest to hackers, the implications for leakage of audio data could be even more serious. Perhaps the largest unknown in this scenario, is what the future capabilities of deep learning will have on analysis of biometric signals like voice.

Dr Rita Singh from Carnegie Mellon University and her colleagues pieced together a profile of a serial US Coastguard prank caller solely from recordings of his voice[4]. This included a prediction of his height and weight, and also the size of room he was calling from, leading to his apprehension by the authorities. Dr Singh’s team are using this research to identify a person’s use of intoxicants or other substances, and also the onset of various medical conditions the speaker may not even be aware they possess. For instance, the biomarker for Parkinson’s Disease can be detected in a person’s voice long before any other symptoms arise. This raises the prospect of using voice recognition in the medical field to diagnose diseases with speech-related biomarkers.

This recognition of the usefulness of voice biometrics is now utilised by some banks to “secure” accounts. Banking has embraced voice authentication in order to make the banking customer’s experience frictionless. However, a recent BBC article detailed a voice biometric breach that occurred when a journalist gained access to his twin brother’s HSBC bank account. Whilst this flaw was attributed to legacy voice biometric solutions, one should be cautious with relying on voice as the principle mode for authentication, for no other reason than it is not difficult to record someone’s voice, and in the near future to use that recording to synthesise that voice to say anything. Start-ups like Lyrebird[5] are working on ways to replicate a voice using just a minute of recorded speech. In the very near future, any sample of your voice could be used to realistically impersonate you.

The implication is that the future will feature a significant arms race between AI-equipped adversaries’ intent on breaching cloud-based systems, and the intelligent algorithms designed to protect such systems. So, what is the answer? Well, first of all, organisations must understand the probability of being attacked, how it affects them, and even more importantly, which factors can reduce or increase the impact and cost of a data breach. One such way to mitigate the effects of a breach of audio or video data in particular is to encrypt it.

For sensitive data, there is the option of using encryption for the secure storage of data in the cloud. However, while we have become increasingly good at encrypting data at rest, in order to process the data on the cloud we first need to decrypt it, which in turn excludes the possibility for using the cloud’s resources to process sensitive data, unless it can be done in a secure way. Cryptography research has made some innovative strides with this issue in recent years.

Searchable Encryption (SE) is a relatively new form of encryption that enables encrypted data to be searched with encrypted keywords. In this way, the idea is that the cloud can be used to store sensitive data that has been encrypted. An authenticated user can then search that data using search terms that are also encrypted, and the Searchable Encryption protocol residing on the cloud is able to compare the encrypted search terms and match it to the relevant encrypted data without ever understanding either what was being searched for, or what data it contains. It is no surprise that the seminal paper[6] from Senny Kamara, the inventor of this revolutionary cryptosystem, is one of the most-cited security papers since 1981.

Searchable Symmetric Encryption (SSE) is also the basis of the Intelligent Voice’s encrypted search product CryptoSearch, with which large volumes of a users’ encrypted speech transcripts and their corresponding encrypted audio can be outsourced to the cloud for storage. For review, the audio database and its associated encrypted transcripts can be searched, and once the pertinent audio file has been found it can be downloaded and decrypted behind the client’s own firewall – without the need to download everything, decrypt it, find what you are looking for, re-encrypt and re-upload. At no point does the cloud server ever see the data or the search terms in the clear. In the event of a breach any data retrieved is encrypted and can only be decrypted with either prohibitively computationally costly brute force decryption, or the user’s private encryption key.

Ultimately it is advances such as Searchable Symmetric Encryption and Fully Homomorphic Encryption that will be the cloud defender’s most valuable asset for safeguarding our data in the cyber security threat climate we can expect in the very near future.

 

 

[1] https://www.ibm.com/security/data-breach

[2] https://www.storagecraft.com/blog/7-infamous-cloud-security-breaches/

[3] http://www.bbc.co.uk/news/technology-39115001

https://www.dhs.gov/science-and-technology/news/2017/09/26/snapshot-voice-forensics-can-help-coast-guard-catch-hoax[4] 

[5] https://lyrebird.ai/

[6] https://blog.cs.brown.edu/2017/05/09/kamaras-work-searchable-symmetric-encryption-2-most-cited-2006-security-paper/

Posted on Nov 10, 2017

No such thing as a free, er, trial

These days, no-one wants to pay for anything:  free email, free search, free storage, free social media, free everything. But let’s face it, it’s costing someone, somewhere. I got thinking more about this after a chance remark from someone who visited us at the AI Finance Summit this week in Zurich (https://theaisummit.com/finance/).  He said that […]

These days, no-one wants to pay for anything:  free email, free search, free storage, free social media, free everything.

But let’s face it, it’s costing someone, somewhere.

I got thinking more about this after a chance remark from someone who visited us at the AI Finance Summit this week in Zurich (https://theaisummit.com/finance/).  He said that his large insurance company was “overrun” with offers of free proof-of-concept systems from (and what he said is important) “VC-backed software vendors”.  He also pointed out that a lot of people had been “burned” by these “free trials”.

What it made me realise is that not only are the VCs paying, but so are the companies who are taking these “free” products on.

Getting a company off the ground is hard, whether you have $20 in the bank or $20 million.  No-one ever wants to be the first person to buy your new product, especially in the software space.  Even if you convince the business that what you are offering is genuinely the best thing since sliced bread, you then must convince the IT team, who are usually wedded to the current way of doing things, and will often throw every sort of FUD known to man in your path.

And the worst thing you can do is offer to do it for free.

That may sound counter-intuitive: Surely you want to make it as frictionless as possible for your prospective customer to take on your software? You don’t want them to have to go cap in hand to their boss asking for money for something that may be completely untried.

The problem you face, though, is that people do not ascribe any value to something they get for free.  So that means you cannot get the buy-in from all the stakeholders, because there is nothing at stake.  Stick some money in the pot, though, and suddenly you have everyone’s attention and motivation to make the project a success.

At this point, someone will no doubt give me an example of how they have offered a free proof of concept, and how the project was a success. And yes, I have on occasion gone down that route and yes, some interesting business has come from it. But it is the exception, not the rule.  Apart from once (ironically our first ever paid engagement), all other paid-for trials or PoCs we have run have turned into ongoing business.

The worst culprits?  Banks.

We have had some fantastic engagement with the occasional bank (who sadly I cannot name for confidentiality reasons), but we have had some horrors as well (who sadly I also cannot name for confidentiality reasons).  At one bank, we had hardware installed (that we had paid for) for two years before it became obvious that there was no project, just a consultant who was justifying his large fee by getting vendors to run endless free trials.  At another, we ran a mass of data (voice, email, IM, SMS, trades) through our system at very short notice to show what the art of the possible was (and we found some scary stuff). The bank didn’t buy anything from anyone:  I still cannot mention the name in the office without someone swearing loudly after all the late nights that were wasted.

We are even turning some RFPs away now, as so often our weeks are consumed with endless site visits, WebEx’s and meetings which do not amount to anything.  Sometimes you are a stalking horse for an incumbent vendor.  Other times, it is used as an excuse to make no decision at all.  The problem is that the procurement rules that are put in place to try to guarantee the best solution, often guarantee the very worst.

And that costs the customer money in terms of staff and lost opportunity.

There are some glimmers:  Some companies are beginning to recognise that they need to foster new innovations, and that the best way to do that is to collaborate with vendors, and help fund the projects.  This gets attention and engagement from all sides.  I’m much more likely to give my absolute best for the person who provides jam today, rather than the promise of it tomorrow.

In my ideal world, we would all do a little bit of something for free:  You should not just buy based on a few PowerPoint slides, and so opening the kimono just a little is a good idea.  Ideally, you should have a structured engagement program, where you give all customers the same story.  We, for example, offer to take customer data and run it through our system for free, and present the results back.   This allows us to a) get the best out of the data, and b) set expectations.

Then we offer a partner program for resellers for an annual fee (with benefits!), or a paid engagement with the customer (in effect, a small initial installation) at a fixed cost.  And if that all goes well, we go for the full roll-out.

It is so tempting to offer the world just to try to get business, but unless every engagement is properly scoped, and treated like a real project, and you don’t overstretch your own resources, it is almost always doomed to fail.

Posted on Jul 07, 2016

Chilcot: 6 million words in pictures

While we are known for our voice capabilities, we also process text in exactly the same way, teasing out interesting topics, just as we have since our Twitter trending days. So, we put the Chilcot Report through the system, and at the very top of the Topic Map?  Corruption Perceptions Index and Transparency International. Just […]

While we are known for our voice capabilities, we also process text in exactly the same way, teasing out interesting topics, just as we have since our Twitter trending days.

So, we put the Chilcot Report through the system, and at the very top of the Topic Map?  Corruption Perceptions Index and Transparency International. Just seemed very appropriate, somehow…

Chilcot

 

 

 

 

 

 

 

 

For anyone interested in exploring the dataset a bit more, contact us at [email protected] and we’ll give you a login