Source Code: Your daily look at what matters in tech.
To give you the best possible experience, this site uses cookies. If you continue browsing. you accept our use of cookies. You can review our privacy policy to find out more about the cookies we use.
yesAdam JanofskyNone
Subscribe to
Want to better understand the $150 billion gaming industry? Get Shakeel Hashim's newsletter every Tuesday.
Are you keeping up with the latest cloud developments? Get Tom Krazit and Joe Williams' newsletter every Monday and Thursday.
David Wertime and our data-obsessed China team analyze China tech for you. Every Wednesday, with alerts on key stories and research.
Want your finger on the pulse of everything that's happening in tech? Sign up to get David Pierce's daily newsletter.
Do you know what's going on in the venture capital and startup world? Get the Pipeline newsletter every Saturday.
Do you know what's coming next up in the world of tech and entertainment? Get Janko Roettgers' newsletter every Thursday.
Hear from Protocol's experts on the biggest questions in tech. Get Braintrust in your inbox every Thursday.
Get access to the Protocol | Fintech newsletter, research, news alerts and events.
February 25, 2020
Yes, Equifax wants to talk about cybersecurity.
The credit reporting firm that suffered a colossal data breach in 2017 that exposed personal, sensitive data on 147 million people is making a deliberate effort to be front-and-center at this year's RSA conference in San Francisco. Executives from the company will be speaking on seven panels, and chief technology officer Bryson Koehler and chief information security officer Jamil Farshchi, delivered a joint keynote Monday afternoon.
Get what matters in tech, in your inbox every morning. Sign up for Source Code.
"We know we've been through something that few other organizations have, and we know we're taking a bold stand in our way of addressing it," Farshchi told Protocol in an interview before the event.
Unlike many of RSA's more than 40,000 attendees, Equifax isn't at the conference exclusively to learn. Instead, the company is pitching itself as a bonafide leader in cybersecurity that others should follow.
"Our goal is to say it's not just us, everyone is dealing with these threats, and the more we can share and the more we can teach you all, the better chance we have of being able to lift all boats in this space," Farshchi said.
Both Farshchi and Bryson Koehler said they're irked by the cybersecurity mistakes they see other companies make. One of them is "toolitis": the affliction of thinking that buying more tools will solve your problem," said Koehler.
"It happens all the time, it's so frustrating … people love the shiny toys and think whatever new tool is out there — artificial intelligence, blockchain applications — is going to solve all your problems," Farshchi said. "The solutions are staring you right in the face, and it's frustrating because we see so many folks in tech and security that aren't focused on what we think are the fundamentals."
Other common issues they see are companies that bolt cybersecurity solutions onto the organization instead of building them in from the beginning, and a lack of alignment between the cybersecurity team and the rest of the business.
"You'll find in every security organization out there the notion that it's two separate teams with different incentives marching towards different goals, but we ultimately should be striving toward the same thing," Farshchi said.
In addition to calling the company a leader in cybersecurity, the executives said Equifax has "best in class" patching practices and has a goal of making "the world a better, safer, more secure place"
This confidence may come off as puzzling to other professionals, said Ann Cleaveland, executive director of UC Berkeley's Center for Long-Term Cybersecurity. Companies rarely brag about being cybersecurity leaders because "it immediately paints a target on your back," she said.
Additionally, Cleaveland expects that many cybersecurity experts will be skeptical of the company's claims, given its history. "If their efforts now are genuinely about helping the industry learn from what they've learned, good for them," she said. "But a lot of people are going to see it as marketing."
In their Monday keynote, Koehler seemed to expect some doubt, inviting audience members' toughest assessments during a Q&A. But most of the questions were largely technical.
Farshchi and Koehler argue that there are plenty of reasons to take them seriously. Few security teams have dealt with an incident like the one they experienced, so there's a lot of lessons to be learned from the recovery efforts, they say.
Federal prosecutors said earlier this month that Chinese military hackers were behind the breach in 2017 that compromised personal data including names, birth dates and Social Security numbers of 145 million Americans. The hackers were also able to steal drivers license numbers for at least 10 million Americans, and credit card details for 200,000 Americans.
The attackers were able to access the data by exploiting a software vulnerability in Equifax's online dispute portal. A patch for the vulnerability had existed for months, but Equifax did not implement it. A 67-page investigation report from a Senate panel last March blamed the incident on Equifax's negligence.
The company has made huge cybersecurity investments and changes since the breach to reassure shareholders, customers and employees that it won't make the same mistakes twice.
The company has hired about 1,000 technology and cybersecurity specialists since the breach and committed $1.25 billion to security improvements, Farshchi said. The company's leadership has also changed. The company's CEO Richard Smith and several technology chiefs left the company in the weeks after the breach was announced. Both Farshchi and Koehler were hired in 2018, from Home Depot and IBM, respectively. Equifax changed its reporting line so that Farshchi and his team reports directly to CEO Mark Begor. They've also focused on making all employees feel responsible for cybersecurity by adding things like security measures that tie into employee bonuses.
Koehler said he's had to dismiss groups and replace about a quarter of his team for not taking security policies seriously. "We've had to break some glass to change and shift," he said.
Farshchi said he hopes that these efforts can serve as an example to the broader cybersecurity industry.
"I can't think of any other company that has been as forward-facing as Equifax has been. …" he said. "The ultimate goal [for us at RSA] isn't a self-serving one. It's really to try to help the security industry and all the companies trying to defend themselves against all the attackers hitting them every day."
Adam Janofsky
Adam Janofsky (@adamjanofsky) is the former cybersecurity and privacy reporter at Protocol. Prior to that, he was a reporter at The Wall Street Journal, where he covered cybersecurity, AI and other emerging technology. Prior to that, he worked at Inc. magazine and edited The Wall Street Journal's blog about startups and entrepreneurship.
People
Google’s trying to build a more inclusive, less chaotic future of work
Javier Soltero, the VP of Workspace at Google, said time management is everything.
With everyone working in new places, Google believes time management is everything.
Image: Google
March 4, 2021
David Pierce ( @pierce) is Protocol's editor at large. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.
March 4, 2021
Javier Soltero was still pretty new to the G Suite team when the pandemic hit. Pretty quickly, everything about Google's hugely popular suite of work tools seemed to change. (It's not even called G Suite anymore, but rather Workspace.) And Soltero had to both guide his team through a new way of working and help them build the tools to guide billions of Workspace users.
This week, Soltero and his team announced a number of new Workspace features designed to help people manage their time, collaborate and get stuff done more effectively. It offered new tools for frontline workers to communicate better, more hardware for hybrid meetings, lots of Assistant and Calendar features to make planning easier and a picture-in-picture mode so people could be on Meet calls without really having to pay attention.
<p>Soltero joined the Source Code podcast to talk about the new tools and how he's planning for the future of work both as a team leader and a product maker.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><div class="rm-embed embed-media"><iframe frameborder="no" height="200px" scrolling="no" seamless="" src="https://player.simplecast.com/c6b03386-d5b4-4fd3-97f3-648321bb9b14?dark=true" width="100%"></iframe></div><p><em>You can hear our full conversation in this episode of the Source Code podcast. The following excerpts from our conversation have been lightly edited for length and clarity.</em></p><p><strong><em></em>I was talking to somebody the other day who said, "We've never had clients ask us about burnout before." They care, but it's never been sort of a top-of-mind concern: How do I make sure my employees are happy, and that work-life balance is real, and that they're taking time off? These have just never been things that are top of mind when you think about quote-unquote productivity software.</strong></p><p><strong>But the whole universe of this stuff feels different now. And it seems like both for you as somebody who runs a large team, but then also having to build that kind of ethos into products, that would feel hugely complicated, and totally unlike anything we've ever done in this space before.</strong></p><p>Look, if you're lucky enough to love what you do for a living, you'll never work a day in your life. </p><p>Except now. </p><p>Right? Not everybody is lucky enough to work on something they're passionate about, but even to those that are, there's that new set of conflicts. You've now disassociated or disconnected work with a specific location, and that is both a blessing and a curse in its own way. And along with that, the need for time and attention management at the individual level becomes crucial. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>Both of these things were true before the pandemic, they were just not universally experienced. They were viewed as a mere speed bump: "Oh, yeah, I can check my email on on the road," or "Hey, today, I'm working from home because I have a doctor's appointment." And then on the time and attention management front, no shortage of products and apps and devices and so forth are calling to us, for different reasons. That was also a known problem before, but when that's happening in the midst of all these other demands, and you're already also emotionally spent, then the energy that normally kept us fired up about our work is harder to sustain. </p><p>Lastly, there's the absence of human connection, which I've personally found maybe the hardest of all things. I've got two executives on my team who I've never actually witnessed in three-dimensional space. Yeah, I'm leading a team of people around the world who have experienced me through a two-dimensional piece of glass, right, which is terrible. So that the absence of that human connection, which is felt, again, universally by everyone, in their own way, also saps at that, and there are no good ways, at least for now, to remedy that. Saying "Well, let's spend more time on video calls" isn't the answer.</p><p><strong>It's an underrated feature of a physical workplace that I can just walk over to you and ask you something. And when that's gone, what do we do? I feel like that's the next big question.</strong></p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>I saw some really creative applications of existing capabilities meant to try to address some of the problems that are at the heart of how this has affected us all. I'll give you a good example: I noticed that a group of people in my team were using their out-of-office email autoresponder to provide daily updates, to basically auto-reply to every message to set expectations with the sender about their working hours and their availability.</p><p>Then you get to the uneven application of that, and you ask, well, why? And part of the answer is a little scary, because it involves the courage that those people had to actually explicitly say, "No, I actually am not available, because I've got other responsibilities, other demands on my time." In pre-pandemic work culture, there was a question there about whether you will be perceived as a hard-charging, go-getter type of person, when you're even with the best of intentions trying to set expectations for other people. </p><p>And you get to the product opportunity around that. You say, well, this is a really crude instrument for this. So we've got this capability now to set working hours. And we introduced a bunch of enhancements around the minimal set of actions that I can take as an individual — to convey to others who want to collaborate with me and communicate with me — my availability. And it's really elegant and important in how we do it. </p><p>But what the usage of that feature represents is an aspect of a social contract that every company has, around how its workers behave with each other and how they respect each other's time. Very few, if any, companies that I've seen have taken the trouble to actually describe what that contract actually looks like. Much less to try and steer it.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="4">
</div>
</div></p><p><strong>So do you feel some responsibility to try to have and share a right answer inside the product?</strong></p><p>No, not a right answer. That's where people get it wrong. I think with productivity software, it's a very difficult needle to thread. Because you have to have a point of view. "Productivity Construction Kit" is not an answer, because actually what it leads to is you putting the burden on the client, on the user and on the team to establish that, and not everybody is thoughtful enough or equipped enough to do that. </p><p>And I think when you see customers struggle with products you find that the diversity of options you have creates, well, less than an orderly, predictable exchange of information. So the threading the needle part is, you have to be opinionated enough and in the right places, but leave room for the individual user and ultimately the organization they are a part of to express their own approach to communication and collaboration and express that social contract. </p><p><strong>Google Calendar is a good example of that, right? Calendar feels like the space in which to solve a lot of these things that you're talking about. If one of the core things we need to do is get a better understanding of where we are and who's available, Calendar seems like the place to do that, right? I feel like you guys are getting, if not more opinionated, then at least more, I don't know, tools-y about what you think a calendar can be.</strong></p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="5">
</div>
</div></p><p>Yes, tools-y in the sense that we know there's an opportunity, given what I told you about the time and attention management problem being crucial. Google Calendar has this unique role in being perhaps the only global-scale, personal and work calendar management service system of record. There's a responsibility, I guess, and an opportunity for us to continue to encourage people to not only use that, but to use it more effectively both in their own individual time management and in their time management across groups of people. </p><p>The best example to offer here is recurring events. I've long joked that you should be forced to do linear algebra before you are actually allowed to create a recurring event that involves multiple people. Possibly even just yourself. The reason for that is because exactly how far ahead can you plan? </p><p>You create a recurring event with the best of intentions that says, "I want to call my parents every week at 6 p.m. on Wednesday." Now, there's a segment of people for whom that proves to be very effective. They actually are rigorous enough about surrendering the entirety of their decision-making and their time management to a calendaring surface, digital or otherwise, that having that there helps. But to the vast, vast, vast majority of people, the calendar surface risks becoming a reminder of exactly how inconsistent and undependable you are as a human being. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="6">
</div>
</div></p><p>And so how you approach the task is to go back to the sort of toolsy-ness of Google Calendar, because there are a million things you can add to the calendar to create the absolute perfect, most comprehensive time management thing ever. You could even employ AI to this effect and get pretty far. But it's only successful if it's actually impacting behavior and if the person is actually being able to truly manage their time. The impact that actually has is what we're interested in measuring, not just "did we give you a lot of knobs to make you feel good as some kind of GTD pro."</p><p><strong>The first insight, back when it was G Suite, was to take all of these things that were single player and make them multiplayer, right? It still looks like an 8.5-by-11 inch sheet of paper when you open a Google Doc, but you can do it with another person. And that was a fundamentally new thing. </strong></p><p><strong>But now we're getting to the point where that thing is kind of table stakes. We're not all the way there yet, but that is clearly the future where all of this is going. And the next step, it seems like, is breaking the idea that all of those should be different products at all. That Workspace should be <em>a</em> thing, not a bunch of things.</strong></p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="7">
</div>
</div></p><p>Remember the show "Mad Men"? There's a picture I found on the internet of the set — no people — and you can see old-school intercom systems, typewriters, old-school inboxes, filing cabinets, a whole range of things. What we've done is we've digitized them, almost on a one-for-one basis. To be fair, there's been more innovation than that, but at heart, they're still treated in the same fashion. <br></p><p>We've now officially and irreparably broken away from that in a way that's going to create room for people to look at this problem space differently. It's by no means a finished job for us or anybody else. We still have to work hard to earn the right to be the choice of billions of people around the world, for all these important jobs. But yeah, I think we've kind of moved past that. </p><p>I don't want to have happy hours over video. There's a bunch of stuff about life in this particular period of time that people are going to look back and say, "Oh, that really sucked. Let's not go back to that." And I'm happy to turn the page on that.</p><p><strong>I've been talking to people all year about, what are the KPIs for remote work? The KPIs for regular work have always been just, like, "ass in chair," which is not good. But these questions of what it means to know you're working hard and doing well — or even just doing well, period — seem different now. And there are all these questions about what managers want to know versus what employees want to know and want to share. So I'm curious both for you as a boss, and you as a product maker, how you think about that stuff right now.</strong></p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="8">
</div>
</div></p><p>I don't believe that metrics about communication volume, frequency, depth of organizational graph, how information flows through the organization — that you can actually productize those insights in a way that is sufficiently unique to a company in a way that makes it actionable. </p><p>You may say, "Javier, you spent 72 hours in meetings last week." And I don't know the judgment of whether that is good or bad. It's very subjective, right? In addition to the understandable creepiness of, how is this information being used? Is my performance being assessed from the point of view of how many minutes am I spending in email or how much multitasking I'm doing during times where I'm otherwise supposed to be in a meeting? Some cultures and organizations and job responsibilities will reward them. Others would point at that and say, "Pay attention, man." </p><p>I'd rather put more emphasis, for example, on the rhythm of work. I'm from Puerto Rico, I love music. And there's a rhythm at which work takes place, it's not a universally-described thing, not by industry, not by company. There are lots of rhythms, even within my own organization, teams that for one reason or another move faster or slower, make more heavy use of real-time communication versus asynchronous communication. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="9">
</div>
</div></p><p>You don't just lay out the tools and say, "I don't know, pick what you need, go ahead!" You also don't just say, "Here's an adjustable wrench and a multi-headed screwdriver. Good luck!" You have to curate the set of tools that you offer. It's somewhere between an unbounded expanse, and a bike lane that says "This is the One True Way of collaborating." That's not not really for us or any other vendor to describe.</p>
Keep Reading
Show less
David Pierce ( @pierce) is Protocol's editor at large. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.
Sponsored Content
The future of computing at the edge: an interview with Intel’s Tom Lantzsch
An interview with Tom Lantzsch, SVP and GM, Internet of Things Group at Intel
February 28, 2021
Saul Hudson has a deep knowledge of creating brand voice identity, especially in understanding and targeting messages in cutting-edge technologies. He enjoys commissioning, editing, writing, and business development, in helping companies to build passionate audiences and accelerate their growth. Hudson has reported from more than 30 countries, from war zones to boardrooms to presidential palaces. He has led multinational, multi-lingual teams and managed operations for hundreds of journalists. Hudson is a Managing Partner at Angle42, a strategic communications consultancy.
February 27, 2021
An interview with Tom Lantzsch
Senior Vice President and General Manager of the Internet of Things Group (IoT) at Intel Corporation
Edge computing had been on the rise in the last 18 months – and accelerated amid the need for new applications to solve challenges created by the Covid-19 pandemic. Tom Lantzsch, Senior Vice President and General Manager of the Internet of Things Group (IoT) at Intel Corp., thinks there are more innovations to come – and wants technology leaders to think equally about data and the algorithms as critical differentiators.
In his role at Intel, Lantzsch leads the worldwide group of solutions architects across IoT market segments, including retail, banking, hospitality, education, industrial, transportation, smart cities and healthcare. And he's seen first-hand how artificial intelligence run at the edge can have a big impact on customers' success.
Protocol sat down with Lantzsch to talk about the challenges faced by companies seeking to move from the cloud to the edge; some of the surprising ways that Intel has found to help customers and the next big breakthrough in this space.
What are the biggest trends you are seeing with edge computing and IoT?
A few years ago, there was a notion that the edge was going to be a simplistic model, where we were going to have everything connected up into the cloud and all the compute was going to happen in the cloud. At Intel, we had a bit of a contrarian view. We thought much of the interesting compute was going to happen closer to where data was created. And we believed, at that time, that camera technology was going to be the driving force – that just the sheer amount of content that was created would be overwhelming to ship to the cloud – so we'd have to do compute at the edge. A few years later – that hypothesis is in action and we're seeing edge compute happen in a big way.
<p>The last 18 months have been a wild time to be in technology. We've seen edge compute come to life to help businesses adapt during the pandemic. At the same time, we are also seeing how 5G is going to drive up interest, especially from a networking perspective, rather than a use-case perspective. We also see lot of people that are focused on their data, but the <em>algorithms</em> that companies train with the data are going to be their critical assets. It doesn't matter what company or what industry; <em>this</em> will really become the differentiator for many companies.</p><p>And particularly amid the backdrop of the pandemic, we've seen how companies are using technology to either bring workers back in safely or <a href="https://www.intel.com/content/www/us/en/corporate-responsibility/covid-19-response-sensormatic-article.html" target="_blank">serve their customers in new ways</a>, <a href="https://www.intel.com/content/www/us/en/customer-spotlight/stories/brentwood-academy-customer-spotlight.html" rel="noopener noreferrer" target="_blank">educate children in new ways</a> -- all things that have accelerated the digital transformation that had been underway. I recently read a <a href="https://www.mckinsey.com/business-functions/strategy-and-corporate-finance/our-insights/how-covid-19-has-pushed-companies-over-the-technology-tipping-point-and-transformed-business-forever" rel="noopener noreferrer" target="_blank">McKinsey survey</a> that reported on the "speedup in creating digital or digitally enhanced offerings. Across regions, the results suggest a seven-year increase, on average, in the rate at which companies are developing these products and services."</p><p>And based on what we're seeing at Intel, those are lifesaving and industry saving investments happening today – completely re-designing the way that <a href="https://www.intel.com/content/www/us/en/corporate-responsibility/covid-19-response-mic-article.html" rel="noopener noreferrer" target="_blank">patients are treated</a>, and businesses operate.</p><h4>What are you particularly expecting to see this year?</h4><p>What I find most interesting is the work that combines IoT with networking capabilities – and I think this is going to be a year of expansive exploration and working with our customers to put these two things together to solve real business challenges.</p><p>When we first started the integration of networking technology and operational technology capabilities and layered that across the industry verticals, we could count the amount of interested customers and opportunities on one hand. Last year, it was five times that many and this year we see that number increasing significantly already. So, we're excited to see the industry continue to build excitement to scale those types of deployments.</p><h4>What role does AI play at the edge and in what way is Intel involved?</h4><p>An AI use case recently grabbed my attention: employees in a restaurant being screened by a device that checks temperature while the employees are washing their hands – and provides a determination on whether they'd done it adequately before they report to work. I have seen other applications using similar technology in the <a href="https://marketplace.intel.com/s/offering/a5b3b000000TiMSAA0/using-ai-to-make-construction-site-safer?language=en_US" rel="noopener noreferrer" target="_blank">construction industry</a>, where an AI algorithm scans to see if employees have their helmet, goggles, vest and other safety equipment on properly to determine if they are ready to work. And the best part is – that the employer can see aggregate data on these interactions to determine if more training on handwashing or helmet wearing is needed.</p><p>At Intel, in addition to providing the fundamental base technology to enable these applications, we work with a lot of third-party developers to create these applications. And we help the developers scale them across multiple industries with our salesforce. So, we may not make the scan technology that determines if you have the right gear on, but we orchestrate that coordination across our ecosystem with all of our partners to effectively put it into a <a href="https://marketplace.intel.com/s/?language=en_US" rel="noopener noreferrer" target="_blank">catalog</a> so that if customers are interested in that sort of application, we can provide them with different parties to make that happen.</p><h4>Is there a problem with fragmentation in the market and how can that be solved?</h4><p>It's very fragmented. I gave just two examples of totally different workers coming to work in different industries and I can give you five more that are different again. Although the base technology that Intel creates to enable this type of innovation is very horizontal in nature, the reality is that bringing those to life must be very "vertically-centered" and very "use-case centered" – and must take into account, geography. The two employee use cases I cited look very different if you are talking about employees in North America, India or Germany. So, all in all, this is a holistic ecosystem challenge – and an ecosystem solution.</p><p>At Intel, we're in a unique situation to orchestrate these solutions. </p><p><cite class="pull-quote">People tend to think of Intel as providing the technical footprint that enables edge computing – but we also have the developer reach – and we can use our ecosystem and scale to help our end customers get access to the best solutions.</cite></p><h4>What sort of challenges do customers face when they're attempting to adopt edge computing?</h4><p>There are two common challenges. One is the technical question of 'Who can I work with?' A customer may have a chip focus but actually, it's a more complex question than a chip. We like that complexity, because we can be an adviser to them and <a href="https://marketplace.intel.com/s/partners-by-industry?language=en_US" rel="noopener noreferrer" target="_blank">bring to the table partners</a> that they can work with to solve that complexity leveraging our technical knowledge and ecosystem network. </p><p>The second thing that companies struggle with is the challenge of how to fund getting into this space – even if the business case warrants the investment. The world has changed. Companies don't want to write a big capital check for these types of investments – they want a pay-as-you-go model, like you see with the cloud. We've been working with customers to find a way to make that happen – and I think that is going to be a bigger part of the conversation moving forward.</p><p>You can see it across almost every aspect of technology now. We rent compute more than we buy compute. Evidenced by the success of AWS, companies can rent compute from Amazon instead of building their own data center – and there are many benefits to that approach. In the old world, even for this video conference that we're having today we would have installed capital to do this. Now it's just a service. And I think that edge as a service is right around the corner.</p><h4>Do you have an example of that?</h4><p>A customer in Mexico wanted to deploy outdoor WiFi and add security features into it. So, it was an edge-based computing issue that was part connectivity. But there was actually way more to it than just installing it. We not only helped to solved the technological challenge creatively and coordinated the <a href="https://marketplace.intel.com/s/partners-by-industry?language=en_US" rel="noopener noreferrer" target="_blank">ecosystem of providers</a> to solve this, but we also found a way so that the customer could get into this market with a service-based model without needing to outlay a lot of capital.</p><p>Other semiconductor companies would have a difficult time partnering on both sides of that challenge, but Intel can do it because we have the scale.</p><h4>How do businesses identify which functions they do want to perform at the edge versus in the cloud?</h4><p>It really comes down to a question of what you're trying to do and how you do it at the lowest cost, highest quality and standard in computability.</p><p>If you have an application and it can perform what you need it to do in the cloud, you'll probably run it there. The cloud is a great thing - there's infinite compute and lots of choice in a well-understood developer environment.</p><p>But there are many things you can't or shouldn't do in the cloud for certain reasons. Take the camera example from earlier. Say you have eight high-density cameras, and you want an action on them immediately. You may not be able to afford the latency that comes with going up into the cloud. Or it may be a financial challenge – that its actually more expensive to send that data to the cloud over and over again, and it makes sense to invest in compute at the edge. There are nuances in the decision-making. It really comes down to what you want the application to do, how quickly and how much it should cost.</p><h4>How does Intel help developers to learn, to build and then test their solutions at the edge?</h4><p>To enable what we know to be interesting and challenging use cases at the edge, required us to change our focus on who these developers are and what they care about. We learned that they <em>really</em> don't care about what hardware they're running on. The modern developers are fairly well extracted from the hardware – they just assume the compute is going to be available for them to do their work.</p><p>To make sure we can deliver on that, we typically target developers by specific capability. The most advanced case that we've been studying on the edge recently is focused video and specifically, video inferencing and AI inferencing. We created a tool called <a href="https://software.intel.com/content/www/us/en/develop/tools/openvino-toolkit.html" rel="noopener noreferrer" target="_blank">OpenVINO</a>, which was developed in a way that developers didn't have to care about the hardware it runs on. It's a model optimization technology that enables them to easily scale out to different hardware platforms. That's proven to be an interesting value proposition to these developers.</p><p>Our goal with <a href="https://software.intel.com/content/www/us/en/develop/tools/openvino-toolkit.html" rel="noopener noreferrer" target="_blank">OpenVINO</a> is democratize AI activity and inference at the edge. We want to make it simple -- to put these tools in the hands of non-data scientists and make it work. As a part of that process, we're also creating an environment where they can develop anyplace, anytime, anywhere they want to be. We're so proud of our <a href="https://software.intel.com/content/www/us/en/develop/tools/openvino-toolkit.html" rel="noopener noreferrer" target="_blank">OpenVINO</a> community and are constantly working to grow the community and release new features and capabilities to edge developers.</p><h4>What's the possible next breakthrough that you see for Intel in edge computing and the IoT space?</h4><p>I'm looking forward to the big breakthrough when we show integrated 5G, Virtual Private Network and the edge workloads all in one unit. More to come.</p>
Keep Reading
Show less
Saul Hudson has a deep knowledge of creating brand voice identity, especially in understanding and targeting messages in cutting-edge technologies. He enjoys commissioning, editing, writing, and business development, in helping companies to build passionate audiences and accelerate their growth. Hudson has reported from more than 30 countries, from war zones to boardrooms to presidential palaces. He has led multinational, multi-lingual teams and managed operations for hundreds of journalists. Hudson is a Managing Partner at Angle42, a strategic communications consultancy.
Protocol | China
Here’s who has the ear of China’s most active cyber regulator
Alibaba and Huawei are dominating — while other big companies like ByteDance are sitting on the sidelines.
TC260's proposed standards have influence throughout Chinese government.
Image: Yuichiro Chino/Getty Images
January 27, 2021
Clara Wang is a Researcher - Data Scientist for Protocol | China. Previously, she worked as a data scientist for the Biden campaign and at Civis Analytics, and she spent a summer working for the John L. Thornton China Center at the Brookings Institution. She has conducted research on data privacy, misinformation, and information control in the digital age, and she is completing her Master's in Economics at the Yenching Academy program at Peking University.
January 27, 2021
Protocol | China tracks major Chinese standards and regulations with the power to affect your business.
China's economy is projected to be the world's largest by 2028, and Beijing is betting heavily on the power of technology to get it there. But China needs to build and sustain public trust in tech platforms if it wants a future with smart cities that run on the cloud, wide adoption of digital currency and increasing reliance on electronic devices that collect vast amounts of personal data. So it's hastily assembling a regulatory framework, and the organization doing much of this building is the National Information Security Standardization Technical Committee (also known as Technical Committee 260 or TC260). Despite its wonky name, it wields extraordinary power over Chinese cyberspace; as of December, it has issued more than 300 standards related to information security and cybersecurity, and it has about 700 more in the works.
<p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>TC260 isn't an enforcement body, but its influence is visible throughout Chinese government. For example, in October 2020, it released an updated <a href="https://www.tc260.org.cn/upload/2020-09-18/1600432872689070371.pdf" rel="noopener noreferrer" target="_blank">personal information security</a> standard with recommended practices for data governance and security. About three weeks later, the government released a draft of its updated <a href="https://www.newamerica.org/cybersecurity-initiative/digichina/blog/chinas-draft-personal-information-protection-law-full-translation/" rel="noopener noreferrer" target="_blank">Personal Information Protection Law</a> for public consultation, and two days after that <a href="http://www.cverc.org.cn/" rel="noopener noreferrer" target="_blank">China's National Computer Virus Emergency Response Center</a> published a <a href="https://baijiahao.baidu.com/s?id=1681330813286436015&wfr=spider&for=pc" rel="noopener noreferrer" target="_blank">list</a> of over 20 mobile applications in violation of existing personal information protection laws and urged users to be wary of downloading these apps. The list mostly includes Chinese apps, but also named <a href="https://www.amazon.cn/" rel="noopener noreferrer" target="_blank">Amazon</a>, a sign that foreign companies operating in China could also be swept up in coming regulatory crackdowns. <br></p><p>Multinationals have to ensure their technologies align with standards to pass regulatory checks if they want to maintain their operations in China.</p><p>This is surely one reason why dozens of foreign companies sit on TC260's working groups, as do hundreds of Chinese ones; these companies nervously await each new release, and often task their lawyers or outside firms with quick guidance. </p><p>TC260 is also more transparent than a typical Chinese government entity. The identities of its 81 committee members and corporate participants in its working groups are all public, as are the names of the companies and individuals credited with input on each of TC260's regulations. Protocol has collected and analyzed all information released by TC260 to unpack which companies have the regulator's ear.</p><h3>Chinese tech giants: Who's primus inter pares?</h3><p>China's largest technology companies have a large footprint. Among 81 committee members, Baidu, Alibaba, Tencent and Huawei (the "BATH") are all represented, as are Lenovo, ZTE and JD. Committee membership on TC260 is valuable, as committee members get the final say on standards coming out of various working groups, and they can vote to send standards back to a working group for revision. The committee member from Huawei also wields influence as the team lead for the working group looking at communication security standards, meaning that they can impact that group's standard setting deliberations. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>But even though all these large technology companies have representation on TC260's committee or one or more of TC260's working groups, not all of them play an active role in drafting TC260 standards and regulations. Instead, Huawei and Alibaba are preeminent among them. Both have their fingerprints on more than 20 released national standards.<br></p><p><img src="https://lh5.googleusercontent.com/CFpu8Uv-fjBPB8ML89ue6q8ZGyAm0U0-RtcqQmjpZ43HbbhofJNVhzjEVz-DC41ea8VNZw_5yrQncPARaxoJ_H6cmoANypmZnszdb3OuYMgFkeZDrvZ4GUFPGU09T6N7iPMkfnLC"> </p><p>China's big tech companies seem to have the greatest involvement in the Internet of Things. Of the 16 regulations that have been released or are currently in progress that relate to IoT, almost 50% of them have one or more BATH companies involved in drafting the regulation. As "smart" devices scale up into "smart" cities, IoT technology will play an even greater role in people's daily lives — from traffic congestion to water usage metrics — meaning that China's tech giants are helping to define standards that reach far beyond phone screens. </p><p>It's clearly an unequal bunch. Xiaomi and ByteDance sit on multiple working groups but are not credited with helping to draft a single standard or regulation. In fact, their peers may be using TC260 to undercut them. For example, a <a href="http://openstd.samr.gov.cn/bzgk/gb/newGbInfo?hcno=4568F276E0F8346EB0FBA097AA0CE05E" target="_blank">personal information security specification</a> that formally went into effect in October 2020 requires users be given a clear opt-out mechanism from their news filter bubbles so they can view generic, rather than tailored, content. While the specification impacts all the big technology companies that work with data, this new addition seems like it could be targeted at ByteDance's Toutiao product, which has dominated the personalized news space due to its <a href="https://www.ycombinator.com/library/3x-hidden-forces-behind-toutiao-china-s-content-king" target="_blank">novel, algorithmic recommendation system</a> that's juiced user engagement. Two contributors to that new regulation? Tencent and Alibaba, both ByteDance competitors. ByteDance itself is notably absent.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>Huawei's prevalence in TC260 may give the company a greater say in the country's future technology infrastructure. Huawei has been involved with TC260 regulations and standards related to telecommunications, data security and cloud computing, which fundamentally impact many organizations that work with or transfer data. The telecommunications giant has also been involved with standards such as <a href="http://openstd.samr.gov.cn/bzgk/gb/newGbInfo?hcno=F665694F939CE7DF87D50741E39E6BDA" rel="noopener noreferrer" target="_blank">the "Framework of smart city security system"</a> which sets foundational standards for China's smart city ambitions. Huawei's 5G technology is likely to form part of the key infrastructure for China's smart cities, as it enables faster and more reliable data transfers. </p><p>Meanwhile, many of the policies Alibaba and its subsidiaries, such as Taobao and Ant Financial, have helped draft generally involve safety standards and regulations for big data, cloud computing and cloud security. While Alibaba is currently involved in 40 of the projects in progress (about 6% of the total), it's unclear whether Ant's recent regulatory troubles could threaten its future involvement in certain regulations. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="4">
</div>
</div></p><h3>Enter the foreigners ... sort of</h3><p>While the standards that TC260 sets are unlikely to have the global impact of Europe's GDPR — which has <a href="https://www.crowelldatalaw.com/2019/06/at-the-gdprs-first-anniversary-the-impact-on-us-companies-grows/" rel="noopener noreferrer" target="_blank">compelled American companies</a> to change their cybersecurity practices and pushed tech giants like Twitter and Facebook to look <a href="https://www.protocol.com/big-tech-policy-priorities-2021" target="_self">beyond America's borders to</a> identify important compliance hurdles — Chinese standards will immediately impact foreign companies operating in China. They may also indirectly shape the regulatory standards in regions where China has invested heavily, particularly Africa and South America, which have young populations and are ripe for technological and economic growth.</p><p>TC260's regulations may also help China further wall itself off from the international community. As China sets more stringent cybersecurity standards, many of which fail to align with international standards, companies may just choose to build operations around two incompatible systems — China's and the rest of the world.</p><p>TC260 started allowing foreign companies to join the ranks of its working groups in 2016. But unlike some big Chinese tech companies, the foreigners are mostly window dressing. Protocol took a deep dive into the composition of TC260's committee and working groups, as well as all of the regulations currently being researched, revised or already released by TC260. Foreign companies make up just 6% of the working group members for which data are available.</p><p>Foreign companies are most prevalent in three working groups: information security evaluation, information security management and big data security. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="5">
</div>
</div></p><p> <img src="https://lh5.googleusercontent.com/NzJjSDQ1Nf9FArVRzM5cvDxipjp2sLwOXVLeTIH2_OkC3scpHy4owGyElZa_8bNYTJxDI4K-SrRjbZzpD0kMj_laQ6si3_5w6yyIiS3n40DSQYupGZuHpouYq-JZC9cc2MV_TbMy"></p><p>Qualcomm stands out as the only foreign member in every single one of the working groups that allows public participation. Other big players in the technology space such as Intel, IBM, Siemens, Dell, Oracle, Apple and even Google — many of whose services are blocked in China — are repeat members. Many of these companies are the same ones <a href="https://www.wsj.com/articles/chinas-cybersecurity-regulations-rattle-u-s-businesses-11564409177" target="_blank">most likely to be hurt</a> by tough cybersecurity regulations.</p><p>But as shown by China's big technology companies, representation in a working group doesn't equal influence. When we look at the standards and guidelines currently being researched, developed and revised by TC260, and who's credited for them, the involvement of foreign companies barely registers. Just four regulations have been released with acknowledged input from foreign companies. Foreign companies can contribute to TC260 regulations by submitting comments when TC260 solicits public suggestions, but it's unclear whether TC260 members give much consideration to external submissions.</p><h3>Reading the tea leaves</h3><p>TC260 currently has more than 700 projects "in progress." In many of these, TC260 is continuing work related to topics it has repeatedly emphasized, particularly security standards for cloud computing, passwords and verification, and trusted computing systems. To read the tea leaves of what TC260's new areas of focus might be for future standards and regulations, we looked at the terms and phrases that appear in the titles of projects in progress, but not in the titles of regulations that have already been released. This allows us to isolate new topics or technologies that future TC260 standards may cover. Here's what comes up: </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="6">
</div>
</div></p><p><img src="https://lh3.googleusercontent.com/uRNEZvLb8Wki0Noa42VwrXuuEa6HBRtWls6AENoOktwc1AdVi7C_igLnHivPl93pFla42yWagwoRqjKB8gS7bUtZDC_KAXOD_zBe0iQkXP0s1u8Tkfr1wilvwSDi6uoZ0CL1GMV1"></p><p>Many new projects revolve around TC260 tracking its current standards, streamlining its complex maze of rules and evaluating its standards against international ones. Currently, only about 15% of the standards released by TC260 align with global standards, creating a tangle of regulations for multinational companies that operate in both China's market and external markets. It looks like TC260 is trying to solve for that by adjusting its own standards, as well as proposing some of its standards for international adoption by the <a href="https://www.iso.org/standards.html" target="_blank">ISO</a>.</p><p>Some of the most prevalent new terms of note are "critical information infrastructure," "broadband," "metropolitan area network" and "malware," which suggest that TC260 is focusing its efforts on securing China's vast wireless network. As China's government shifts more critical functions to the digital sphere — from banking to education — the need to secure its digital space becomes increasingly pressing.</p><p>Some terms reflect new trends in China's tech space — "digital currency," "blockchain," "ecommerce system," "shopping" and "payments" — which all relate to China's digital economy and the country's efforts to develop a new <a href="https://www.reuters.com/article/us-china-currency-digital-explainer/explainer-how-does-chinas-digital-yuan-work-idUSKBN27411T" target="_blank">digital currency</a> backed by the central bank. </p><p>Other new terms of note are "finger veins," "gait" and "face," all of which relate to technologies for personal identification. These may be used for surveillance purposes, for which China is <a href="https://www.chinafile.com/state-surveillance-china" rel="noopener noreferrer" target="_blank">notorious</a>, but they are also critical for fintech. After all, citizens may only be comfortable using a digital currency if highly accurate identification technologies can ensure that their money is securely tied to their identity. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="7">
</div>
</div></p><p><em>This is the first in a series of Protocol | China analyses introducing our proprietary research methods. The methodologies above are also available for bespoke research.</em></p>
From Your Site Articles
Keep Reading
Show less
Clara Wang is a Researcher - Data Scientist for Protocol | China. Previously, she worked as a data scientist for the Biden campaign and at Civis Analytics, and she spent a summer working for the John L. Thornton China Center at the Brookings Institution. She has conducted research on data privacy, misinformation, and information control in the digital age, and she is completing her Master's in Economics at the Yenching Academy program at Peking University.
Transforming 2021
Blockchain, QR codes and your phone: the race to build vaccine passports
Digital verification systems could give people the freedom to work and travel. Here's how they could actually happen.
One day, you might not need to carry that physical passport around, either.
Photo: CommonPass
February 23, 2021
Mike Murphy ( @mcwm) is the director of special projects at Protocol, focusing on the industries being rapidly upended by technology and the companies disrupting incumbents. Previously, Mike was the technology editor at Quartz, where he frequently wrote on robotics, artificial intelligence, and consumer electronics.
February 23, 2021
There will come a time, hopefully in the near future, when you'll feel comfortable getting on a plane again. You might even stop at the lounge at the airport, head to the regional office when you land and maybe even see a concert that evening. This seemingly distant reality will depend upon vaccine rollouts continuing on schedule, an open-sourced digital verification system and, amazingly, the blockchain.
Several countries around the world have begun to prepare for what comes after vaccinations. Swaths of the population will be vaccinated before others, but that hasn't stopped industries decimated by the pandemic from pioneering ways to get some people back to work and play. One of the most promising efforts is the idea of a "vaccine passport," which would allow individuals to show proof that they've been vaccinated against COVID-19 in a way that could be verified by businesses to allow them to travel, work or relax in public without a great fear of spreading the virus.
<p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>But building a system that everyone agrees with — and can access — is no small task. There are several companies working on competing projects to verify vaccinations. But beyond that, there are more than a few hurdles that could prevent vaccine passports from succeeding, from antiquated medical records systems to interoperability issues and privacy concerns. Here's how they could actually succeed. </p><h3>Competing projects, similar standards</h3><p>Pretty much since the first blockchain white paper, people have been looking for perfect examples of where a distributed, immutable ledger could be valuable. There's obviously the push to use it for currencies, and companies have tried to use it for things like tracking <a href="https://www.protocol.com/ibm-blockchain-supply-produce-coffee" target="_self">food production</a> and <a href="https://www.govtech.com/products/Blockchain-Voting-Debate-Heats-Up-After-Historic-Election.html" rel="noopener noreferrer" target="_blank">voting</a>, but there are few use cases that have truly taken off, at least so far. "We've been working on this since 2014; we never thought that health care would be the kind of the use case that we take this mainstream," Jamie Smith, the senior director of business development at Evernym, a company focused on using the blockchain as a basis for verifying identities, told Protocol. </p><p>Smith said Evernym had been discussing its concepts with automakers, retailers, telcos, governments, loyalty companies and banks prior to the pandemic. One of those companies was IAG, the airline group that owns British Airways, which had been interested in the idea of contactless travel based on a single identity credential that follows you from the airport check-in to your gate. With the pandemic, that morphed into thinking about ways to verify that passengers have had negative COVID tests, and eventually, that they've received a vaccine. "From our perspective, it was a really easy lift to see," Smith said. "We're doing contactless travel, and we just added verifiable credentials for test results."</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>It's a similar genesis for IBM's Digital Health Pass initiative, which leader Eric Piscini said started about two years ago as a way to store people's entire health records in a safe, accessible platform. It also relies on the blockchain for its immutable record of proof, and both Evernym and IBM are part of an open-standards group called the Good Health Pass Collaborative, which aims to bring private credentialed vaccine records to business and people around the world. Companies are working on their own implementations of the standards, but Evernym's Smith said the data is meant to be portable from one passport to another. </p><p>Most of the companies working on passports say their systems are private by design, especially given that they're mainly working off the same open standards. In most cases, the health information only ever remains on a user's phone, but where it asks to verify that the user's information meets a system's standards — such as whether this person has had two COVID vaccines and should be allowed into an office — that information is recorded on a blockchain. "You can, using blockchain technologies, verify that someone has been tested recently, without having access to the underlying data," Piscini said. "I don't know any other technology where you can do that."</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>Similarly, the nonprofit Commons Project's CommonPass, backed by the likes of Oracle, Microsoft and Salesforce, started out as a project to bring an analog to Apple Health for Android. JP Pollak, a senior researcher at Cornell and founder of the Commons Project, first launched CommonHealth to bring the sort of data and insights that Apple Health offers to iPhone owners to Android users. Last summer, the group started building an app that could take health data and privately share it with others — in that case, it was to help truckers stuck at the borders in <a href="https://www.newtimes.co.rw/opinions/digital-technology-re-opening-africa" rel="noopener noreferrer" target="_blank">East African countries</a> who couldn't easily prove they'd taken COVID tests. This morphed into vaccine credentialing, with the group now working to pull together the various data streams needed to get a project like this off the ground. </p><p>"Health care institutions, EMR vendors, retail pharmacies, state vaccine registries, all issuing people a digital verifiable credential of their vaccination record that they could then use in the app of their choice, to be able to get access to various kinds of services," Pollak said. CommonPass is also working with the Mayo Clinic, as well as Epic Systems and Cerner, two of the largest EMR vendors. </p><h3>Something for everyone </h3><p>With so many competing efforts to become the world's digital vaccine passport, it might seem that the country is heading for some sort of VHS versus Betamax format war for proving everyone has had COVID vaccines. But given that so many of the efforts are using the same standards, and in many cases, looking to embed their tech in someone else's app rather than their own, the race might be less about the best tech winning, and more about various approaches working in different situations. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="4">
</div>
</div></p><p>"The intent is not to be the only company; we don't want to be the proprietary platform that everybody has to use because they have no choice," IBM's Piscini said. "That's not who we are right now: That's the IBM from 30 years ago, not the IBM of today."</p><p>For IBM, though, the selling point is that the company already works with so many other massive companies. Why look elsewhere for a vaccine passport solution if your airline booking system is already powered by IBM? "We believe our network is going to be more valuable than any other because of our scale and our ability to integrate the platform with CRM systems, building systems or stadium systems — we can do that every day," Piscini said.</p><p class="shortcode-media shortcode-media-rebelmouse-image">
<img type="lazy-image" data-runner-src="https://assets.rebelmouse.io/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy8yNTY2NTc3NS9vcmlnaW4uanBnIiwiZXhwaXJlc19hdCI6MTYyMTM1MjYyM30._ykxxCyx3_wDbZrYgCcmK0QT2Ue1tZFdP5pf60kOmPU/img.jpg?width=980" id="c81c9" class="rm-shortcode" data-rm-shortcode-id="3967636652192acfdaad341861263bc8" data-rm-shortcode-name="rebelmouse-image">
<small class="image-media media-caption" placeholder="Add Photo Caption...">IATA's digital passport app.</small><small class="image-media media-photo-credit" placeholder="Add Photo Credit...">Photo: IATA</small></p><p>For other companies, it's about securing new partnerships with major players in the hopes of finding that scale. Evernym, for example, is working with International Air Transport Association, the airline industry's trade association, on an air travel-specific app called Travel Pass. IATA is working with airlines and local governments to ensure it has the latest requirements to feed the app's rules engine. "It will say, 'Hey, you're flying JFK to Heathrow, you need a PCR test 48 hours in advance before you can land,'" Evernym's Smith said. "And of course, those policy changes are changing every day." Qatar, Emirates and Etihad Airways are all <a href="https://simpleflying.com/qatar-iata-travel-pass-launch/" rel="noopener noreferrer" target="_blank">expected</a> to start trialing the app in the next few weeks.<br></p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="5">
</div>
</div></p><p>In other instances, the technology will live inside other companies' existing apps; why make someone download yet another app and add another hurdle to compliance? Instead, the experience will be rather like adding a loyalty account or TSA PreCheck number when booking a flight. Airlines and other venues restricting access will require uploading negative test results or vaccine records using one of these services. "You're going to be using the United or the Delta app, and they'll be using our solution or somebody else's, but you will do it via their app," IATA's Travel Pass lead, Alan Murray Hayden, told Protocol.</p><p>The World Health Organization is also working on its own offering, and recently convened the <a href="https://www.who.int/groups/smart-vaccination-certificate-working-group" rel="noopener noreferrer" target="_blank">Smart Vaccination Certificate Working Group</a>. It's built upon the WHO's nearly century-old notion of the "yellow card" vaccination record, which first was used to document that travelers had been inoculated against diseases such as cholera and yellow fever. Evernym Chief Trust Officer Drummond Reed is part of the working group; he said there should be more to share in the coming months. </p><h3>What could go wrong?</h3><p>It's entirely possible that as more people start to get vaccinated, vaccine passports start to become the norm. You walk to work — still masked, of course — scan a QR code reader in the lobby, and are let in. You go out for lunch, and your loyalty card app has a discount for in-store shoppers verifying they're vaccinated. Your concert ticket is also tied to health pass information that you shared earlier in the day with Ticketmaster. But there are more than a few hurdles ahead of the companies rushing to turn these concepts into realities. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="6">
</div>
</div></p><p>First off, there's the … reality … of the real world that any digital system has to contend with. For anyone without access to the internet, digital vaccine credentials will prove difficult to acquire, though all the companies Protocol spoke with said they would offer a paper-based QR code for people who don't have smartphones. But there's also the issue of having to corral so many different stakeholders into one system, especially when some health care providers are still reliant on antiquated database systems or <a href="https://www.protocol.com/manuals/health-care-revolution/electronic-health-records-after-coronavirus" target="_self">even paper records</a>. "The amount of inefficiency in the system is tremendous," IBM's Piscini said. </p><p>But in the U.S. at least, all vaccinators are required to report COVID-19 vaccines to their state. Piscini said that even for people who just received a paper copy of their vaccine records, systems like IBM's can likely link up to the state's immunization registry and allow people to import records to a vaccine passport.</p><p class="shortcode-media shortcode-media-rebelmouse-image">
<img type="lazy-image" data-runner-src="https://assets.rebelmouse.io/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpbWFnZSI6Imh0dHBzOi8vYXNzZXRzLnJibC5tcy8yNTY2NTc4My9vcmlnaW4ucG5nIiwiZXhwaXJlc19hdCI6MTYzNzg3MTM2M30.RZtqR7F_FuXK1S24V6jVaqUZ0xOSG-gCwj00xU3fxcM/img.png?width=980" id="b0bd3" class="rm-shortcode" data-rm-shortcode-id="11d8002d92c0cd6ef39b12fc7b8dccf8" data-rm-shortcode-name="rebelmouse-image">
<small class="image-media media-caption" placeholder="Add Photo Caption...">How CommonPass's app shows your records. </small><small class="image-media media-photo-credit" placeholder="Add Photo Credit...">Image: CommonPass</small></p><p>And states are willing to help out, Pollak said, adding that CommonPass has started working with Hawaii to roll out its offering for would-be tourists. "We're seeing a lot of state governments stepping up and doing a really good job with this," Pollak said. "It would be surprising if there wasn't a coordinated federal effort very soon." That being said, while <a href="https://www.cbc.ca/news/canada/north/iceland-covid-passports-canada-1.5904828" rel="noopener noreferrer" target="_blank">many countries around</a> the world are committing to working on vaccine passports, getting a straight answer out of the U.S. government on what it's doing has proven difficult. The State Department, which maintains America's traditional, analogue passports, referred me to Homeland Security, which referred me to the White House. The acting director and chief of staff of the White House's Office of Science and Technology Policy, Kei Koizumi, told Protocol that "OSTP can't discuss projects we are working on before they are publicly announced."</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="7">
</div>
</div></p><p>But even with systems in place at a federal level, there's still a fair amount of education that needs to happen before people will trust systems like these. "There's a substantial gap in understanding and knowledge of how these systems work, and people's views, in terms of who should get access to which data," Pollak said. </p><p>"We assume there's a Facebook Borg in the sky, monitoring every interaction," Smith said. "The emergence of verifiable credentials breaks down that mental model, where actually it becomes more like decentralized bits of paper that I can carry around, and no one's to know that I've been sharing this information."</p><p>"Our belief is that if you do the right thing, from a platform point of view, protecting your privacy, and giving you control and access to the platform to everybody who wants to use it," Piscini said. "I think those are very basic things that allow the core of the platform that we build to generate adoption by the individuals."</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="8">
</div>
</div></p><p>Even with a system that works, there may still be holdouts to this potential new normal. "Some people are saying, 'I will never get vaccinated,'" Piscini said, "and I don't know if the airlines are going to say, 'Well, maybe you will never fly again.'"</p>
Keep Reading
Show less
Mike Murphy ( @mcwm) is the director of special projects at Protocol, focusing on the industries being rapidly upended by technology and the companies disrupting incumbents. Previously, Mike was the technology editor at Quartz, where he frequently wrote on robotics, artificial intelligence, and consumer electronics.
Protocol | Enterprise
Don’t worry about the cybersecurity fallout of the Capitol breach
Members of Congress can't access classified information on their work computers, and the chances that Wednesday's mob contained a few moonlighting cyberspies are slim.
Any lasting cybersecurity damage from the breach is likely to be limited.
Photo: Louis Velazquez/Unsplash
January 11, 2021
Tom Krazit ( @tomkrazit) is a senior reporter at Protocol, covering cloud computing and enterprise technology out of the Pacific Northwest. He has written and edited stories about the technology industry for almost two decades for publications such as IDG, CNET, paidContent, and GeekWire. He has written and edited stories about the technology industry for almost two decades for publications such as IDG, CNET and paidContent, and served as executive editor of Gigaom and Structure.
January 7, 2021
Among the disasters that visited Capitol Hill on Wednesday, the fact that the people who infiltrated Congressional offices had unfettered access to IT assets for several hours ranks rather low.
One of the most iconic images of Wednesday's events was a picture of the home screen of Speaker Nancy Pelosi's office computer, abandoned in haste after a mob broke into the Capitol building, forcing Congress and staffers to retreat to safer locations. By design, nothing on Pelosi's computer was classified: Members of Congress have to enter a protected area room in the building to view secret documents, as you'll recall from last year's impeachment proceedings when several House Republicans stormed into such a room in protest because they were denied access to documents their leaders could access.
<p>There could have been plenty of unclassified information that would still be considered sensitive, such as Pelosi's contacts and email correspondence. And it's fair to say that congressional IT practices are somewhat haphazard; some computers might have been encrypted, while some might not have even had password protection, according to security experts.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>As Katie Moussouris, CEO and founder of Luta Security, <a href="https://www.washingtonpost.com/politics/2021/01/07/cybersecurity-202-riot-capitol-is-nightmare-scenario-cybersecurity-professionals/" rel="noopener noreferrer" target="_blank">told The Washington Post</a>: "There's an old saying, if an attacker has physical access to your computer, it's not your computer anymore."</p><p>Still, any lasting cybersecurity damage from the breach is likely to be quite limited.</p><p>A <a href="https://www.reuters.com/article/us-usa-election-cyber/u-s-senator-says-capitol-building-rioters-made-off-with-laptop-idUSKBN29C2GA" rel="noopener noreferrer" target="_blank">laptop from Sen. Jeff Merkley's office was taken</a>, but there were no other reports of missing computers. Representatives from Merkley's office did not respond to an inquiry as to whether or not that laptop was encrypted; computers purchased for Senate offices after October 2018 were <a href="https://www.zdnet.com/article/us-senate-computers-will-use-disk-encryption/" rel="noopener noreferrer" target="_blank">required to have encryption technology turned on</a> at the urging of Merkley's fellow Oregon senator, Ron Wyden, but it's not clear when the laptop in question was purchased.</p><p>There's a far greater threat to information security in the Capitol Building, and it doesn't require access to the building itself. As we've seen with the SolarWinds hack that infiltrated several executive branch agencies last year, the biggest threats to government information security aren't wearing red hats and breaking windows; they're coming from overseas through the internet to steal sensitive data.</p><p>And in any event, the Capitol Building is not exactly the most secure facility controlled by the government, as Wednesday's events show. Any foreign intelligence agent bent on figuring out what the House Committee on Ways and Means is up to would probably have better luck accessing computers by infiltrating the cleaning staff or mingling with visitors on a post-pandemic tour of the building.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>The incident does shine a light on congressional cybersecurity practices, which are far less robust than the requirements of the executive branch.</p><p>In the House, members of Congress are responsible for procuring their own IT assets just like any of us, whereas in the Senate, technology purchases are made through the office of the <a href="https://www.senate.gov/reference/office/sergeant_at_arms.htm" rel="noopener noreferrer" target="_blank">Sergeant at Arms</a>. Email and file servers in the House are managed by the chief administrative officer, a non-partisan position. In the Senate, that duty falls to the Sergeant at Arms, who serves at the pleasure of the party in power.</p><p>"Images on social media and in the press of vigilantes accessing congressional computers are worrying," said Rep. Anna Eshoo, a Democrat from California, in a statement. "I asked the Chief Administrative Officer of the House to conduct a full assessment of threats based on what transpired yesterday, and the CAO has already taken important steps to that end. I have confidence that House and Senate IT and cybersecurity professionals are taking the matter seriously."</p><p>On Thursday afternoon, the <a href="https://twitter.com/ericgeller/status/1347303258180751364/photo/1" rel="noopener noreferrer" target="_blank">CAO updated members of the House</a> saying that administrators took "efforts including issuing commands to lock computers and laptops and shutting down wired network access to prevent inappropriate access to House data." It's not clear what, if any, action was taken on the Senate side.</p><p>Executive branch staff are almost universally required to use two-factor authentication to log into their work computers, but such a requirement does not exist in the legislative branch. Congresspeople are essentially small-business owners who can require their staff to follow whatever cybersecurity practices they deem necessarily, including, well, nothing.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>There's certainly a chance that a few individuals among the mob that breached the Capitol Building could have read less-than-flattering emails sent by or to members of Congress, and could use those emails to damage a few reputations.</p><p>But the most likely outcome of Wednesday's breach is that a lot of passwords have already been changed, or will be changed in the next few days.</p><p><em><strong>Update: </strong>This article was updated at 4:07 p.m. PT to include a statement from Rep. Anna Eshoo, and corrected at 5:17 p.m. PT to fix the spelling of her first name.</em><br></p>
From Your Site Articles
- The other reason Facebook silenced Trump? Republicans just lost ... ›
- Pressure mounts on social media giants to suspend Trump as rioters ... ›
- Social networks didn't create a coup. But they helped. - Protocol ›
- How Biden’s cyber policy could differ from Obama’s - Protocol — The people, power and politics of tech ›
Keep Reading
Show less
Tom Krazit ( @tomkrazit) is a senior reporter at Protocol, covering cloud computing and enterprise technology out of the Pacific Northwest. He has written and edited stories about the technology industry for almost two decades for publications such as IDG, CNET, paidContent, and GeekWire. He has written and edited stories about the technology industry for almost two decades for publications such as IDG, CNET and paidContent, and served as executive editor of Gigaom and Structure.
Latest Stories
See more
Most Popular
Bulletins
Get Source Code in your inbox
David Pierce's daily analysis of the tech news that matters.