Smart security – what else?

SmartSecurity_2000x1000_vog.photo, Credit: vog.photo

Our everyday life is increasingly accompanied by smart companions – mobile phones, fitness trackers, Smartwatch, Alexa, smart home devices. They should all make our lives easier, relieve us of burdensome duties and make our environment a centrally controllable unit. As part of the theme weekend “Departure into a New World – The Digital Geography of the 21st Century” at the new Ars Electronica Center, Robert Kolmhofer, Professor at Hagenberg University of Applied Sciences, will talk about data security in an increasingly networked world and explain this using vivid examples.

Everybody is talking about the “smartification of everyday life”. What are the peculiarities and challenges of digitisation, especially in the private sector?

Robert Kolmhofer: The biggest challenge is the security of the systems versus the ease of use. The “smart things” should be easy to install and use by end users, usually without expert knowledge. In addition, installation and use take place in completely different scenarios, networks and configurations, so that there can be no standard recommendation for secure setup and operation.
And then there is the data protection aspect: the smart product manufacturers are naturally interested in learning as much as possible about the users, their usage behaviour etc. in order either to generate new products and/or business models or simply to sell the data to other interested parties.
After all, data is the modern “gold”.

Smart Devices support human existence to a high degree, but at the same time make us transparent. Are there solutions for the conflict between data storage and privacy?

Robert Kolmhofer: The conflict between data collection/storage and privacy is hardly solvable. End users want personalized products that are also easy to use – which usually happens via CloudSerivces. It is difficult to avoid the central storage, processing and analysis of personal information, albeit perhaps in an abstract form.
Since 2018, the EU has introduced a minimum level of data protection with the Basic Data Protection Regulation, but all too often this remains purely theoretical. When any smart device is put into operation, users have to nod off the respective data protection/use conditions in order for the product to function at all. In doing so, they agree – virtually unread – to the various processing methods. Many smart products or mobile apps cannot be used later without data output – I would just like to refer here to the eternal discussion about exporting address books to WhatsApp (Facebook) when using Messenger.
So the protection of privacy is quickly obsolete.


Credit: vog.photo

What are the significant differences in data security between the private and industrial sectors?

Robert Kolmhofer: In the private sphere, the protection of personal data is particularly relevant – protection against publication and misuse, protection of confidentiality and protection against manipulation. As a rule, the first priority is the protection of confidentiality.
In an industrial environment, on the other hand, availability is primarily important, but so are integrity and confidentiality. Confidentiality is primarily concerned with company secrets in the areas of research & development, customer data, contracts, production data, plans and software and with protection against competitors or industrial espionage.

So far, the privacy debate has been strongly USA/economic or China/state oriented. What would be a possible European way?

Robert Kolmhofer: The EU has actually provided a clear European way through the basic data protection regulation from 2016, which also applies to suppliers of products from the USA and China who process personal data of Europeans. If these requirements for the marketing of products and services were strictly controlled or punished, this would also have an impact on all non-EU countries.

Do you have a tip for us what the next Smart Devices will be for everyday use?

Robert Kolmhofer: The current trends are very much in the direction of home automation and comprehensive cross-country integration, i.e. from heating to access, from body fat scales to smart household appliances, from fitness trackers to smart bicycle locks; not forgetting the long runners such as Amazon Alexa and Co. What will certainly be a challenge for the future is the integration of these many applications into a single operating solution. The big players like Google, Amazon and Apple have had solutions ready for this for quite some time.
And at the same time, it’s exactly the big ones who have access to a lot of user data, which once again raises the issue of data protection and privacy protection.

https://vimeo.com/306044007
The winning project of the STARTS prize “Project Alias” empowers the self-determined rule over privacy.

DI Robert Kolmhofer moved to the FH-OÖ Campus Hagenberg in 1998 after his studies of physics and computer science and subsequent activity as head of the department “Supercomputing” at the computer centre of the JKU Linz (1991-1998). Since 2000 he has been head of the Department Secure Information Systems with the Bachelor/Master courses “Secure Information Systems” and the part-time Master course “Information Security Management”. As managing director of the ICT consulting company UNINET it-consulting GmbH (since 1994) and court expert in the field of information technology/communications technology (since 2004), DI Kolmhofer is active in his area of responsibility as a university of applied sciences professor (system architecture and security, network technology, forensics) with close practical relevance.

,