The intersection of AR, IoT, and Apps in the legal realm
Thursday, April 27, 2017
|
Adam Grant |
The Intersection of AR (Augmented Reality), IoT and Apps: Challenges, Opportunities and the Legal Pitfalls.
In 2007 the Apple gave us the iPhone and Apps became the rage. While the term “Internet for things” was first coined 1999 by Kevin Ashton (one of the founders of the original Auto-ID Center at MIT), in 2013 the Global Standards Initiative on Internet of Things defined the term as “the infrastructure of the information society.” AR, or Augmented Reality, unlike virtual reality, combines the physical world with an overlay of computer generated visual, audio and haptic interfaces. Many identified 2016 as the “The year of augmented reality.” Snapchat used geofilters to allow users to overlay a digital effect on the photos or video, Snap introduced “Spectacles,” and Poke’mon Go blasted onto the summer gaming market. In 2017 with each of these firmly entrenched, we can reflect on the legal implications on the three technologies.
What are some of the challenges and opportunities presented when AR, IoT and Apps intersect in the legal world? At one level, the existing challenges for IoT and Apps are directly applicable to AR. On-device and network encryption and access controls for data are common. One of the greatest challenges is likely the need for AR applications to be always-on. For example, an application that detects QR codes to provide the user with immediate price information or price comparison requires constant access to video stream data. Consequently, the privacy risks associated with the continuous video stream are much greater than a static platform contained in desktop or smartphone operating systems.
Another challenge stems the hardware and the need for human input on hardware that does not have a keyboard, mouse or touch screen. With AR, you need to look through a screen to the world around you which can result in the consumer feeling detached from the surroundings and other individuals. A third challenge is content: Apps and IoT have endless amounts of available content, but AR has not caught up. There are literally millions of Apps and an endless stream of “things” to connect. However, the world of AR needs 3D content which has not caught up with the fast pace of the technology.
The opportunities are truly endless and stem from what can be done when all three technologies work together. An App connects you to a “thing” which can be controlled by AR in you “spectacles.” AR provides information about the “thing” which allows you to connect with other using the same type of object allowing each user to learn from the other.
From a legal perspective, the intersection of the three technologies is also fraught with challenges and opportunities. Logically, adapting from mobile app solutions appears to be the most likely vehicle to initially address the challenge, but a wholesale adaption is simply not possible. Obtaining permissions for geo-locating as soon as you log onto an AR application should suffice in the short term. At the initial start up of the technology, the user could provide a certain level of permission.
However, in the long term, there are many other problems to consider. For example, when geo-locating is being used by more than one application, will the user need to provide permission for each platform or can the AR device seek permission in a global sense each time the user accesses the technology. Additionally, what types of permissions will be required as AR is used constantly. Much like the landscape problem developers encountered with Apps, the program has a certain flow and style, so how and when is the user experience interrupted by the legal requirements of informed consent.
A very timely concern involves “tracking” across platforms. Developers and users are becoming more familiar with the “do not track” options required by various laws and how it impacts a user’s experience. However, when relying upon AR/IoT/Apps how does that occur and who is responsible when the tracking still occurs?
As recent as April 21, 2017, the FTC provided yet another example of how it will enforce one intersection of AR, IoT and Apps; targeted digital advertising. Earlier, the FTC filed a complaint against Turn, Inc. alleging that Turn advertises itself as the “largest independent company in the advertising technology section” and claims to reach “over 1.3 billing unique users per month via mobile.” Turn used cookies and web beacons to track consumers across the Web for advertising and other purposes. Turn used advertising identifiers such as Apple iOS’s Identifier for Advertisers and Google’s advertising ID to track users across mobile apps. Turn correctly permitted the users to disassociate themselves from their previous tracking history by resetting the advertising identifier at any time. However, in 2013 Turn participated in a Verizon Wireless program that allowed Turn to obtain certain demographic information provided by Verizon Wireless about its users. To implement this program, Verizon Wireless put certain identifiers into all unencrypted web requests for more than 100 million consumers on its network. The users had no way to prevent the transmission of the identifier. Turn then synced this Verizon identifier with our identifiers it used to keep track of the Verizon Wireless Consumers, thereby linking the consumer’s browser or device and identified various behavioral, demographic or tracking data – even after the consumer deleted the cookies and reset the device identifiers. This synchronization allowed Turn to recreate what the consumer sought to delete, without obtaining the consumer’s permission. As a result of the action, Turn and the FTC entered into a settlement agreement which required Turn to post on its homepage a clear and conspicuous hyperlink that states “Consumer Opt Out of Targeted Advertising.”
Turn’s case demonstrates the need for developers using multiple platforms such as AR/IoT/Apps to insure they work together and not undo what the other has done. In the consumer opts out of the geo-location tracking in an App, once the consumer interfaces with the AR platform, the technology should not start tracking the consumer’s location without permission.
In the long term, AR specific solutions really need to be created. Raw sensory data such as audio data, or recognition data such as facial recognition, pose particular privacy concerns. These types of data present new concerns regarding privacy which will require innovative notices and opt in/out permissions.
While AR/IoT/Apps present privacy concerns, their intersection also creates unique security opportunities. While the strict use of an App to interact with the physical environment invites another to shoulder surf, the personal display associated with an AR system completely eliminates the easiest security breach, the curious, yet nefarious, person sitting next to you. Additionally, because of the ability to use multiple platforms, security could be enhanced by leveraging these different platforms. Consider the possibility that an AR platform can actively detect privacy and security concerns. Rather than relying on a screen protector which makes a screen difficult to read at a distance, an AR system can actively scan the surrounding area and alert the user if it finds a camera lens pointing at it. The countless biometric or behavioral characteristics can be used provide authentication when using the system. You can smile at your phone instead of using a thumb print!
The FTC is looking to the future of AR/IoT/Apps in 2017, by holding a workshop on June 28, 2017 which will address all of these issues in relation to Current and Future cars. The FTC believes that these autonomous cars will general 4,000 gigabytes of data per day (vs. 650 mb of data an average person generates.) They are looking for input on “what privacy and security issues might arise from consumer operation of connected vehicles, including use of third-party aftermarket products that can plug into vehicle diagnostic systems, geolocations systems, or other data-generating aspects of connected vehicles.” Additionally, the FTC is looking for information on how the cars will integrate the data into their functionality and what privacy and security harms can arise from the connected vehicle manufacturers and their service providers’ collection and use of data. It is clear, pop up displays are a form of AR and the FTC is looking to insure that automated cars with such displays that interface with car’s controls through an App downloaded to the car’s system will be front and center in the June workshop.
At first, cars had am radio, then fm, then satellite, then dvd players for entertainment – now with wireless technology and “smart cars” AR in your care for entertainment or even for assisting with the driving is likely the next. The intersection of these ever changing platforms provides very real challenges. However, as the consummate optimist, the author sees limitless opportunities.
Read more: http://www.alpertbarr.com
This content is made possible by a guest author, or sponsor; it is not written by and does not necessarily reflect the views of App Developer Magazine's editorial staff.
Practical Challenges and Opportunities
What are some of the challenges and opportunities presented when AR, IoT and Apps intersect in the legal world? At one level, the existing challenges for IoT and Apps are directly applicable to AR. On-device and network encryption and access controls for data are common. One of the greatest challenges is likely the need for AR applications to be always-on. For example, an application that detects QR codes to provide the user with immediate price information or price comparison requires constant access to video stream data. Consequently, the privacy risks associated with the continuous video stream are much greater than a static platform contained in desktop or smartphone operating systems.
Another challenge stems the hardware and the need for human input on hardware that does not have a keyboard, mouse or touch screen. With AR, you need to look through a screen to the world around you which can result in the consumer feeling detached from the surroundings and other individuals. A third challenge is content: Apps and IoT have endless amounts of available content, but AR has not caught up. There are literally millions of Apps and an endless stream of “things” to connect. However, the world of AR needs 3D content which has not caught up with the fast pace of the technology.
The opportunities are truly endless and stem from what can be done when all three technologies work together. An App connects you to a “thing” which can be controlled by AR in you “spectacles.” AR provides information about the “thing” which allows you to connect with other using the same type of object allowing each user to learn from the other.
Legal Concerns
From a legal perspective, the intersection of the three technologies is also fraught with challenges and opportunities. Logically, adapting from mobile app solutions appears to be the most likely vehicle to initially address the challenge, but a wholesale adaption is simply not possible. Obtaining permissions for geo-locating as soon as you log onto an AR application should suffice in the short term. At the initial start up of the technology, the user could provide a certain level of permission.
However, in the long term, there are many other problems to consider. For example, when geo-locating is being used by more than one application, will the user need to provide permission for each platform or can the AR device seek permission in a global sense each time the user accesses the technology. Additionally, what types of permissions will be required as AR is used constantly. Much like the landscape problem developers encountered with Apps, the program has a certain flow and style, so how and when is the user experience interrupted by the legal requirements of informed consent.
A very timely concern involves “tracking” across platforms. Developers and users are becoming more familiar with the “do not track” options required by various laws and how it impacts a user’s experience. However, when relying upon AR/IoT/Apps how does that occur and who is responsible when the tracking still occurs?
The FTC’s Take on the Intersection
As recent as April 21, 2017, the FTC provided yet another example of how it will enforce one intersection of AR, IoT and Apps; targeted digital advertising. Earlier, the FTC filed a complaint against Turn, Inc. alleging that Turn advertises itself as the “largest independent company in the advertising technology section” and claims to reach “over 1.3 billing unique users per month via mobile.” Turn used cookies and web beacons to track consumers across the Web for advertising and other purposes. Turn used advertising identifiers such as Apple iOS’s Identifier for Advertisers and Google’s advertising ID to track users across mobile apps. Turn correctly permitted the users to disassociate themselves from their previous tracking history by resetting the advertising identifier at any time. However, in 2013 Turn participated in a Verizon Wireless program that allowed Turn to obtain certain demographic information provided by Verizon Wireless about its users. To implement this program, Verizon Wireless put certain identifiers into all unencrypted web requests for more than 100 million consumers on its network. The users had no way to prevent the transmission of the identifier. Turn then synced this Verizon identifier with our identifiers it used to keep track of the Verizon Wireless Consumers, thereby linking the consumer’s browser or device and identified various behavioral, demographic or tracking data – even after the consumer deleted the cookies and reset the device identifiers. This synchronization allowed Turn to recreate what the consumer sought to delete, without obtaining the consumer’s permission. As a result of the action, Turn and the FTC entered into a settlement agreement which required Turn to post on its homepage a clear and conspicuous hyperlink that states “Consumer Opt Out of Targeted Advertising.”
Turn’s case demonstrates the need for developers using multiple platforms such as AR/IoT/Apps to insure they work together and not undo what the other has done. In the consumer opts out of the geo-location tracking in an App, once the consumer interfaces with the AR platform, the technology should not start tracking the consumer’s location without permission.
In the long term, AR specific solutions really need to be created. Raw sensory data such as audio data, or recognition data such as facial recognition, pose particular privacy concerns. These types of data present new concerns regarding privacy which will require innovative notices and opt in/out permissions.
While AR/IoT/Apps present privacy concerns, their intersection also creates unique security opportunities. While the strict use of an App to interact with the physical environment invites another to shoulder surf, the personal display associated with an AR system completely eliminates the easiest security breach, the curious, yet nefarious, person sitting next to you. Additionally, because of the ability to use multiple platforms, security could be enhanced by leveraging these different platforms. Consider the possibility that an AR platform can actively detect privacy and security concerns. Rather than relying on a screen protector which makes a screen difficult to read at a distance, an AR system can actively scan the surrounding area and alert the user if it finds a camera lens pointing at it. The countless biometric or behavioral characteristics can be used provide authentication when using the system. You can smile at your phone instead of using a thumb print!
AR and the Automated Car
The FTC is looking to the future of AR/IoT/Apps in 2017, by holding a workshop on June 28, 2017 which will address all of these issues in relation to Current and Future cars. The FTC believes that these autonomous cars will general 4,000 gigabytes of data per day (vs. 650 mb of data an average person generates.) They are looking for input on “what privacy and security issues might arise from consumer operation of connected vehicles, including use of third-party aftermarket products that can plug into vehicle diagnostic systems, geolocations systems, or other data-generating aspects of connected vehicles.” Additionally, the FTC is looking for information on how the cars will integrate the data into their functionality and what privacy and security harms can arise from the connected vehicle manufacturers and their service providers’ collection and use of data. It is clear, pop up displays are a form of AR and the FTC is looking to insure that automated cars with such displays that interface with car’s controls through an App downloaded to the car’s system will be front and center in the June workshop.
At first, cars had am radio, then fm, then satellite, then dvd players for entertainment – now with wireless technology and “smart cars” AR in your care for entertainment or even for assisting with the driving is likely the next. The intersection of these ever changing platforms provides very real challenges. However, as the consummate optimist, the author sees limitless opportunities.
Read more: http://www.alpertbarr.com
This content is made possible by a guest author, or sponsor; it is not written by and does not necessarily reflect the views of App Developer Magazine's editorial staff.
Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.
MEMBERS GET ACCESS TO
- - Exclusive content from leaders in the industry
- - Q&A articles from industry leaders
- - Tips and tricks from the most successful developers weekly
- - Monthly issues, including all 90+ back-issues since 2012
- - Event discounts and early-bird signups
- - Gain insight from top achievers in the app store
- - Learn what tools to use, what SDK's to use, and more
Subscribe here
