BlackBerry, hardly a company that is in a position to deny its services to customers who want them, is close to leaving Pakistan because of a dispute about privacy. A blog by COO Marty Beard – that has since been updated -- said that the company had been told on July that it would no longer be allowed to operate in the country as of Nov. 30.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=iBlackBerry, Beard writes, was told that the cause was security issues. He disagrees:
The truth is that the Pakistani government wanted the ability to monitor all BlackBerry Enterprise Service traffic in the country, including every BES e-mail and BES BBM message. But BlackBerry will not comply with that sort of directive. As we have said many times, we do not support “back doors” granting open access to our customers’ information and have never done this anywhere in the world.
Beard wrote that BlackBerry was willing to help in criminal matters but not compromise the security and privacy of its legitimate users. The government, he said, was trying to monitor all its traffic in the country, and that BlackBerry was not willing to comply.
The company added a note to the blog that said the shutdown order had been delayed until December 30, and that it would stay for that period. Negotiations are likely ongoing.
Security and Privacy on the IoT
Jay Cline, the leader of the privacy and consumer-protection practice at PricewaterhouseCoopers LLP, posted a commentary at Computerworld about the risks of the Internet of Things (IoT). He identifies “five privacy linchpins.” They are use of tested security, data minimization, controlled and transparent disclosure, data portability and users’ “right to be forgotten.”
A lot is at stake, Cline suggests, for the future of the IoT:
Vanderbilt, Rockefeller and Carnegie ignited the Industrial Revolution that changed the global balance of power. The architects of the IoT stand at the dawn of an even larger opportunity. The degree to which they make the connection between trust and adoption will determine the magnitude of that realization.
Fitbit, Apple Watch Leads Wearable Sector
IDC third-quarter numbers, released this week, put the number of wearable devices shipped at 21 million, which is a hefty increase of 197.6 percent compared to the 7.1 million units during the year-ago quarter.
The big gains, of course, are a function of the immaturity of the category. It is no surprise that the Fitbit – which leads with 22 percent of the market -- and Apple Watch are dominating. The story at InformationWeek said that it is a surprise that Xiaomi, a Chinese company, finished the quarter threatening to move into second place.
Applications Highly Insecure
Veracode this week released a supplement to its 2015 State of Software Security. The reports says that four out of five applications written in PHP, Classic ASP and ColdFusion failed at least one of the OWASP Top 10, an industry standard security benchmark.
The release points out that WordPress, Drupal and Joomla – the top three content management systems (CMS) – use PHP. This, the release said, raises concerns about the security of millions of websites. The percentages are disconcerting:
Veracode’s analytics show that 86 percent of PHP-based applications contain at least one Cross-Site Scripting (XSS) vulnerability and 56 percent have at least one SQL injection (SQLi) when initially assessed by Veracode. These vulnerability trends are also seen across the wider family of web scripting languages, where applications written in Classic ASP and ColdFusion are nearly twice as likely to contain these flaws compared to more modern languages such as .NET and Java.
The release also notes that less than 26 percent of organizations have mandated, ongoing security coding education programs, according to the SANS Institute.
Powering the IoT
The bad news is that the billions of IoT devices in the field will need to be powered. In addition to being so numerous, many of these endpoints will be in places where changing batteries is impracticable or impossible.
The good news is that these devices don’t require much power and that there is research ongoing to address the issue.
Network World reported this week that two concepts are being researched at The University of Washington. One, Power over Wi-Fi (PoWi-Fi), aims to harvest enough power from Wi-Fi radio waves to keep the devices going. The other is predicated on using changes in temperature and atmospheric pressure to generate energy.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at firstname.lastname@example.org and via twitter at @DailyMusicBrk.