May II 2009

28 May 2009

Fredric Morris, Editor-In-Chief, Connect-World
Fredric Morris
Editor-In-Chief
Connect-World

Reflections on data security, job security and Abraham Lincoln

It was a good week – three virus attacks and my antivirus software stopped them all – I hope. I have rarely been caught, but despite twice-daily antivirus updates, it has happened. A virus is bad enough, but what really irks me are all the well intentioned (?) notes I get from those that received an infected email from me. You know the ones, ‘Hey (dummy) you’ve got a virus (he, he, he – my antivirus is better than yours), I just thought you should know’.

It was a good week, then I read How to Steal Secrets without a Network, an article in the May 2009 issue of Scientific American, and was reminded that no matter how smart and careful you are, someone smarter can always invent a can opener for your best armour-plated, totally secure, secret-holder.

The article shows that no matter how hard you try to lockdown access, determined hackers can still get to your data – and what they do is not easy to “defend against and impossible to trace”. The article centres upon a discovery by Michael Backes, a professor at Saarland University in Germany. He found that a wide range of objects that reflect – a spoon for example, a coffee cup, plastic bottle or even an eyeball – could let a spy read the data on your computer screen.

Today, the information readable at a distance is limited by the size of the telescope and the fancy electronics needed to correct for the distortions introduced by the reflecting surface. To read the image of large, 14-point, type reflected off your eyeball requires a 20-inch telescope at a distance of less than 15 metres – if reflected off a good size cup; the telescope could sit some 57 metres away. Not terribly worrisome? Well, a tiny, un-noticeable, high quality, high precision Webcam could be installed just a few meters away in a ceiling or a wall decoration – not even facing your computer screen – and read everything displayed as reflected in, say, the glass of a framed photo, a bit of jewellery, a plastic bottle or perhaps the sweat of your brow.

Commercially available optics and electronics are still rather limited, but one need only consider the details technicians coax out of satellite images captured a hundred or more kilometres away to understand what the future might bring. Readable images of computer screen reflections should easy to get with a camera in a window across the street.

Will there be a big market in non-reflective items for use in front of your computer or for spray-on fuzzy coatings. Will this sort of espionage end the open office, with its low partition stalls separating one worker from another, eliminating privacy in the name of better communications (supposedly), and low cost? Will computer screens come with draw screen hoods you stick your head into for a bit of privacy?

The battle to secure data cannot be won; the trick is to stay one step ahead of the forces of evil.

Quantum computers, it seems, will be able to crack almost any data encryption scheme except – they say – quantum encryption. I am not so sure about quantum encryption. It is supposedly unbreakable; the physics of quantum encryption guarantee it. Well, we have been told many times that physical laws do not allow this or that – chips cannot get smaller, data storage cannot get denser, data can only travel so fast on a copper wire, nothing escapes a black hole, etc., etc., etc. – only to see some clever workaround or exception to the rule when the context is changed. I will not be surprised if someone beats quantum encryption. Today, someone, somewhere, is surely working on it.

Even if quantum encryption proves unbreakable, the moment someone opens the message to read it; the information is once again there for the stealing.

The use of methods to sneak under the tent and bypass normal security measures – passwords, encryption, antivirus software, operating system ‘fences’ and the like – have long been common; reflection-peeping is just one more weapon in the hacker armoury. Few commercial security companies worry about ‘side-channel’ attacks such as these; they concentrate instead upon protecting information in computers and networks and pray that those that don’t play by their rules will go away. Only government security agencies and the military seem to concern themselves with non-traditional attacks – and they should – they invented most of them.

There are several ways to capture date from keyboards, printers, monitors and networks that do not depend upon virus installed software. Snoopers can detect the radio frequency signals emitted every time a key is tapped, read the noise from dot matrix printers (researchers are trying to do the same from super-silent ink-jet printers as well) and the low-level signals emitted by monitors have long been known as a backdoor entry for well-equipped hackers and spies. Military computers have been protected against this type of snooping since the late 1960s. A Webcam on the user’s computer can be co-opted and its images of a user typing can be recorded and deciphered. Even when part of otherwise secure encrypted systems, all computer devices enter and display unprotected raw data before it is encrypted or after it has been decoded.

The user – the user’s need for open data – is the primary weakness of all systems and the hardest to deal with. If something happens within a computer or a network, there are generally ways to control it or find traces; side-channel attacks leave no traces – there is no smoking gun, not even a body to show when murder has been committed. Even when it is possible to conclude that data might have been stolen – that a system’s Webcam might have been used – it may not be possible to know when and how often it was used or what data was stolen.

Technology – electronic or not – will advance and the bad guys will use and abuse it and us. Every time they come up with something new, the defenders of all that is good will defend and counterattack. Every counterattack calls forth a different, stronger, attack in response.

There is no end in sight, there is no end; prepare yourself. It may get to the point where the defence is so strong, the cost of an attack so high and the probability of success is so low that digital attacks will be few and far between. Still, this won’t put hackers out of business; they will just get better at ‘social engineering’, at fooling you and me into giving up enough vital data for them to operate. In the end, we all have our weaknesses and blind spots; hackers know that educating us, fixing us all, is a hopeless task, their jobs might get more difficult, but never impossible – they have job security even during the worst downturn.

Although, as Abraham Lincoln said, “…you cannot fool all of the people all of the time”, he also said, “You can fool some of the people all of the time, and all of the people some of the time…”, and that is what hackers count on.

The next issue of Connect-World Asia-Pacific will be published later this month. This edition of Connect-World will be widely distributed to our reader base and, as well, at shows such as CommunicAsia, Singapore (16-19 June); Broadband World Forum Asia, Hong Kong (July 15-18); P&T/Wireless & Networks Comm China, (23-27 September); and Indo ICT Expo & Forum, Jakarta, Indonesia (16-18 December).

The theme of this issue of Connect-World Asia Pacific will be- Information and Communication Business Technology.

Information and communications technologies, ICTs, have always had a significant impact upon businesses. Today, they can be the business. Virtual businesses abound and even their services or products can be virtual; only the money is real. The savings and earnings that advanced ICTs bring to businesses, both real and virtual, are transforming business models, creating new markets and providing new opportunities for millions of workers. The Asia Pacific region has long been among the earliest adopters and most effective users of technology. This issue of Connect-World Asia Pacific will explore the use and promise of ICTs for business in the region.

This issue of Connect-World Asia-Pacific 2009 will examine the implications of these far-reaching converged systems and the impact they have not only upon users, but upon the complex ecosystem that will make these innovative communications systems possible – the networks, communications equipment, user devices, software and business applications.

Asia-Pacific II 2009 Media Pack; Click here


May I 2009

7 May 2009

Fredric Morris, Editor-In-Chief, Connect-World
Fredric Morris
Editor-In-Chief
Connect-World

Telemedicine, ICT and a ‘Doc-in-the-Box’

In the mid eighties, when ‘artificial intelligence’, AI, seemed to promise a future full of miracles, I read about early AI medical diagnosis programs and about the possibility of using microcomputers and a variety of remote devices to let paramedics in remote regions deliver first class medical care. Bells – some cracked – went off in my head.

The idea of using this technology to guide paramedics in remote areas led me to speak with a number of doctors and read all I could find – not an easy task in those pre-Web days. The research did not get me very far, and discussing the possibility of computerised diagnostics was, with few exceptions, was surprisingly unsettling. At best, doctors looked as though they were thinking of committing me to a mental institution and an astonishing number were openly hostile to the idea and, by extension, to me. The few that took the idea seriously and understood the benefits, the need and the inevitability, soon convinced me of the hopelessness – at that time – of doing much of consequence with the available technology.

Reflecting upon some of the problems – the immaturity of AI, the lack of adequate telecommunications, the primitive PCs, the lack of reliable power supplies where most needed…, finally led me to discard the idea as impractical. Well, we all have our moments of irrational exuberance; I just control it better now than 20 years or so ago. Nevertheless, I believed then, and still do, that extensive, totally pervasive, use of telemedicine is inevitable. Indeed, I expect that medicine without the ‘tele’ attached will, with time, become as outdated as an office without a computer.

Some ten years later, I revisited the idea, spoke again with doctors and once again investigated telemedicine – this time on the Web. It still wasn’t practical – all the conditions were much better than the first time around, but still not nearly good enough – so nothing came of the discussion. Almost nothing, that is; one of the doctors I discussed this with came up with a great name for a telemedicine service, ‘Doc-in-a- Box’, but the name was never used or registered.

I looked up Doc-in-a-Box today on the Web and discovered that the Council on Foreign Relations came up with the same name for the cornerstone project of their global health programme. It is an interesting project, but shares few of the characteristics that I associate with telemedicine; it is simply a 20-foot shipping container with a doctor’s office pre-installed; the container is stocked and equipped to conduct a series of medical tests, administer vaccines and offer a number of simple medical procedures. The limited information I have about the project says little about its use of ICTs except that they hope to use it to amass data for a gigantic database about health problems (HIV, TB, malaria, etc) in the developing world.

Telemedicine, driven today by vastly cheaper and better software, PCs, wireless broadband connectivity, remote sensors, solar panels and other devices is slowly starting to take shape as a viable service.

There are types and degrees of ICT-aided medicine. Let’s start with the simpler services everybody uses or abuses, – such as call your doctor. Some patients, of course, constantly call their doctors anytime; day or night about everything from hangnail and hair loss to Hansen’s disease and the fax has long been used to send medical reports, but this is not really what telemedicine is about. I think of telemedicine as the use of ICTs to deliver many of the quality, sophisticated, health services one expects at a doctor’s office – but at a distance and with the help of no more than a nurse or paramedic.

Nowadays, telemedicine over the Internet is used not only for consultation, online collaboration between specialists and even remote examination and treatment, but for remote monitoring of homebound patients or even remote controlled – ‘robotic’ – surgery. Information and communication technology is also used for such related services as disease control – it is now on the frontlines of the Swine Flu battle, for example – public health education, continuing medical education for doctors, medical databases and the like. These supporting services are usually categorised as telehealth or eHealth; telemedicine is primarily concerned with making clinical services available at a distance.

Telemedicine, despite some very sophisticated technology, is still in its infancy, but in the coming years it will revolutionise the delivery of health care in remote and developing regions of the world. In highly developed regions telemedicine will provide increasingly sophisticated on-the-spot services.

Remote diagnosis and treatment will greatly upgrade medical care in remote regions where the few, if any, overworked medical professionals need to cover vast areas or treat great numbers of people. Using video conferencing technology linked by satellite, doctors at specialised medical centres elsewhere in the world can remotely examine people, diagnose and treat a wide variety of problems. The same systems let professionals remotely follow up and monitor the progress of patients in their care.

In developed regions, the use of devices to monitor patients at home – heart rates, blood pressure, and other vital signs – has been growing steadily for years. With video conferencing-like facilities professionals can observe and communicate with bedridden patients in their home. Broadband links connect the monitoring and video conferencing equipment to centres where professionals watch for signs of trouble. Based upon the data received at the remote monitoring site, emergency care can be rushed to the patient and medication and treatment regimes can be altered when indicated by the data gathered.

Home monitoring of patients, especially the elderly and those with chronic conditions, eases the task of healthcare professionals, frees hospital beds and greatly lowers costs for patients, insurers and the state.

Video conferencing technology in conjunction with specially designed remote devices let a physician see – and be seen by – the patient. With these devices, the doctor can speak with patients while checking (with the help of a paramedic to fit and adjust the devices) their heartbeat, looking into their pupils or ears, or examining their skin or a wound. This sort of technology has already been put to use by a wide variety of specialists including, among others, rehabilitation therapists, dermatologists, psychiatrists, gynaecologists, neurologists, cardiologists and, of course, family medicine practitioners.

Remote surgery, at one end of the scale, makes intense use of high-speed broadband links to remotely control the movements of the robotic arms that wield the scalpel, to transmit video and radiological images as well as vital sign monitoring data to the remote surgeon.

Nevertheless, not all telemedicine needs real-time connectivity. Images and test results can often be transmitted and stored until a specialist can examine and diagnose them at leisure.

Telemedicine still has a way to go, but I have no doubt that a doc-in-a-box will one day be a common sight. Perhaps, one day, each house, office, or car and such will have its own shoebox sized ‘doctor’ instead of a first aid kit.

The next issue of Connect-World Asia-Pacific will be published later this month. This edition of Connect-World will be widely distributed to our reader base and, as well, at shows such as CommunicAsia, Singapore (16-19 June); Broadband World Forum Asia, Hong Kong (July 15-18); P&T/Wireless & Networks Comm China, (23-27 September); and Indo ICT Expo & Forum, Jakarta, Indonesia (16-18 December).

The next issue of Connect-World Asia-Pacific will be published later this month. This edition of Connect-World will be widely distributed to our reader base and, as well, at shows such as CommunicAsia, Singapore (16-19 June); Broadband World Forum Asia, Hong Kong (July 15-18); P&T/Wireless & Networks Comm China, (23-27 September); and Indo ICT Expo & Forum, Jakarta, Indonesia (16-18 December).

The theme of this issue of Connect-World Asia Pacific will be – Information and Communication Business Technology.

Information and communications technologies, ICTs, have always had a significant impact upon businesses. Today, they can be the business. Virtual businesses abound and even their services or products can be virtual; only the money is real. The savings and earnings that advanced ICTs bring to businesses, both real and virtual, are transforming business models, creating new markets and providing new opportunities for millions of workers. The Asia Pacific region has long been among the earliest adopters and most effective users of technology. This issue of Connect-World Asia Pacific will explore the use and promise of ICTs for business in the region.

This issue of Connect-World Asia-Pacific 2009 will examine the implications of these far-reaching converged systems and the impact they have not only upon users, but upon the complex ecosystem that will make these innovative communications systems possible – the networks, communications equipment, user devices, software and business applications.

Asia-Pacific II 2009 Media Pack; Click here