Tech Friday With Dave Hatter

Is a software apocalypse coming?:

Our world is increasingly reliant on software, in fact, it's been said that "software is eating the world"

An ever increasing number of systems that were controlled by human beings, or mechanically controlled are now controlled by software

These older systems had a known and observable number of states that could be easily understood and tested exhaustively

Software is becoming increasingly complex and increasingly interconnected

"When we had electromechanical systems, we used to be able to test them exhaustively" said Nancy Leveson, a professor at MIT who has been studying software safety for decades

For six hours in 2010, the entire state of Washington had no 911 service due to a software bug

In the summer of 2015 United Airlines entire fleet was grounded due to a bug

On the same day, trading was halted on the NYSE

Six patients were killed by a Therac-25 radiation therapy machine due to a software flaw

Software failures tend to be failures of understanding and planning

Leveson says "The complexity is invisible to the eye"

Software enables us to make the most complex machines that have ever existed, and all that complexity is buried in millions of lines of code

"The programmer has to be able to think in terms of conceptual hierarchies that are much deeper than a single mind ever needed to face before" - Edsger Dijkstra

In 2007, a Toyota Camry accelrated out of control which lead to the death of a passenger and a lawsuit

Experts spent 18 months analyzing the code that controlled the car. They described it as "spaghetti code", programmer speak for code that has become complex, convoluted and difficult to understand and maintain

The team of experts demonstrated that there were more than 10,000,000 ways for the onboard computer to cause the unintended acceleration

The code that was supposed to prevent such a thing couldn't handle every possibility and failed. The plaintiff was awarded $3,000,000

Programmers and scientists are working on tools and techniques to reduce complexity and increasing visibility and testability

What "anonymous" location data reveals:

The Snowden NSA revelations exposed the extent of the government’s smartphone location tracking records

The Washington Post reported in 2013 that the NSA is gathering 5 billion records per day on people’s cell-phone locations

Sen. Dianne Feinstein (D-CA) remarked that collecting metadata is "not surveillance."

Both Feinstein and the NSA have maintained there is no harm in the government collecting this information because it’s "anonymous"

Advertisers and tech titans suck up our location information through our apps

Recent studies by MIT and Stanford have demonstrated that this is patently false

The MIT study found that four bits of metadata can be used to identify nearly 95% of people

MIT researchers reviewed 3 months of credit card transactions and records of 1.1 million people who shopped at 10,000 locations

They discovered that even without price information, two data points were enough to determine identities of more than 40% of the people. 5 data points and price information got them to near 100% identification

A recent Stanford study also illustrates how trivially easy it is to de-anonymize information

Two Stanford computer science graduate students acquired detailed information about people's lives using telephone metadata from 546 volunteers using the MetaPhone app they created. It collects call logs and social media information

The students, Jonathan Mayer and Patrick Mutchler, remarked "Phone metadata is inherently revealing" on the Stanford Law School blog

Using phone records containing 33,688 unique numbers, they matched those against Yelp and Google Places to see who was called. 18% were matched to a specific identity

Mayer and Mutchler say their research illustrates metadata from phone calls can yield a wealth of detail about family, political, professional, religious and sexual associations

Mayer said “Phone metadata is unambiguously sensitive, even over a small sample and short time window. We were able to infer medical conditions, firearm ownership and more, using solely phone metadata”

"Companies often claim to have 'anonymized' your location history by taking your name off it,” said Peter Eckersley, chief computer scientist of the Electronic Frontier Foundation (EFF)

"But that is totally inadequate because you’re probably the only person who lives in your house and who works in your office, and it’s easy for any researcher or data scientist to look at a location trace and figure out who it belonged to" - Eckersley

Gilad Lotan, vice president of BuzzFeed’s data science team analyzed a month’s worth of two different users’ anonymized location data and was able to demonstrate that people are easily identifiable

Two "anonymous" users downloaded their data from Google Maps Timeline and it was deliverer to Lotan for analysis

The two users in question had their Android phones set collect location data continously

Lotan was able to identify both people correctly in a few hours

Learn more information here:

Your phone is most likely tracking everywhere they go with extensive detail including location and time

Many apps tell you they are collecting location information, some don't and some do it even if you have denied access such as Accuweather

The location data is very detailed, it includes latitude and longitude within a few feet or meters

Since most people keep their phone turned on and with them at all times, a very detailed and easily accessible log is being kept

iOS (Apple):

Apple says “Your iPhone will keep track of places you have recently been, as well as how often and when you visited them, in order to learn places that are significant to you. This data is kept solely on your device and won't be sent to Apple without your consent. It will be used to provide you with personalized services, such as predictive traffic routing.

You automatically consent when you allow Apple to “use your frequent locations” to improve your maps feature.

To find your locations, follow these steps

Select on “Settings”

Choose “Privacy”

Choose “Location Services”

Choose “System Services”

Choose “Frequent Locations”

Select each city and location to view the places you’ve been

To disable it:

Select Settings

Choose Privacy

Choose Location Services

Choose System Services Choose Frequent Locations.

Turn it off

Android (Google):

Has a similar capability. If you use an Android phone, you can view your location history at

You can delete all of the stored history at that link

Google says “Google Location History lets Google save your location to provide benefits like improved map searches and tailored commute information.”

Google’s location services have two parts, Location Reporting and Location History

Location Reporting makes your location available to apps and services such as navigation and your camera. If you disable this feature it will impact the usability of the phone.

Location History logs where you’ve been

To disable Location History:

Go to Settings

Select “Location”

Select “Google Location reporting”

Select “Location History”

Slide the slider to “Off”

Optionally, you can click “Delete Location History” to clear the logged data

Your "smart" device may rat you out:

The use of smart devices continues to rise

An estimated 8.4 billion devices were connected to the Internet in 2017, a 30% increase over 2016!

Gartner predicts roughly 3 smart devices for each person on earth by 2020

Any number of devices such are becoming "smart", containing sensors and supporting Internet connectivity

These devices are collecting increasingly large amounts of data about us

Police and attorneys are turning to these devices to collect evidence. For example:

Prosecutors sought recordings from a suspect's Amazon Echo in 2015

Police in Lancaster County, PA used Fitbit data to determine that a 43 -year-old woman who filed a report about being attacked in her home was lying

She claimed she was sexually assaulted by a man who entered her home at midnight

Officers said they found overturned furniture inside the home as well as a knife and bottle of vodka

The woman told police she was sleeping when the attack occurred. She described the assailant as in his 30s and wearing boots

Officers found no boot prints in the snow outside the house. Additionally, they reviewed the woman's Fitbit data and it revealed that she had been "awake and walking" the time of the alleged attack

Investigators determined that the attack was unfounded based on the evidence available from the Fitbit and the lack of boot prints. She was charged with three misdemeanor counts for prompting the emergency response and manhunt

The woman and her attorney recently waived a preliminary hearing on the charges

This is not the first case where activity tracker data has been used to in criminal and civil cases

A law firm in Calgary has taken the first known personal injury case to use activity data from a Fitbit to illustrate how an accident impacted their client

As more devices get “smart”, the data they collect will increasingly be used in criminal and civil cases

In another case, police found Richard Dabate beaten and tied to a chair in his home, his wife was dead. He claimed the perpetrator was still in the home

When the perp was not found and police investigated, they were able to piece the details together from the wife's FitBit, the home's alarm system, Facebook, cellphones, email and a key fob

He was charged with her murder and has plead not guilty

In another case, a Middletown Ohio man's home was destroyed in a fire which caused roughly $400,000 in damages

Law enforcement officials became suspicious after details of Ross Compton's escape from the fire emerged

Compton has an artificial heart linked to an external pump. A cardiologist said that "it is highly improbable Mr. Compton would have been able to collect, pack and remove the number of items from the house, exit his bedroom window and carry numerous large and heavy items to the front of his residence during the short period of time he has indicated due to his medical conditions."

Police obtained a search warrant to collect the pacemaker's electronic records which were used to review heart activity prior to and during the incident

Experts determined that Compton's story did not align with his heart activity at the time

Compton has since been charged with arson and fraud

Middletown police said this is the first time data from an embedded medical device has been used to charge someone

"We are entering an era of 'sensorsurveillance'" - Andrew Ferguson, University of DC law professor

Virginia State Police Special Agent Robert Brown III said the current trickle of such smart-device cases will likely become a flood. "It will definitely be something in five or 10 years, in every case, we will look to see if this information is available" - Robert Brown

This raises questions concerning the Fifth Amendment which protects individuals from self-incrimination, but was not written with these devices in mind

Courts have held that people who voluntarily disclose information to a third party have no reasonable expectation of privacy

Ferguson said the transfer of information from smart devices transfer data 3rd-party servers could make the invalidate the expectation of privacy

Privacy advocates are warning that many consumers are unaware of the information these devices are harvesting

They also point out that there are few laws that control how enforcement officials can use this data

Ferguson said "In a world of truly ubiquitous connectivity where we are recording our heartbeat, our steps, our location if all of that data is now available to law enforcement without a warrant, that is a big change"

"That's a big invasion of what most of us think our privacy should include" - Ferguson

Rest assured that this won't be the last time a device snitches on it's user