Red Hat Mobile talks low code in the enterprise $5.95

OUTSIDE US $15.95

Social media influencer marketing through the eyes of #HASH OFF

GAZIN

•

The intersection of AR, IoT, and Apps in the legal realm

BY ADAM GRANT

In 2007 the Apple gave us the iPhone andApps became the rage. While the term“Internet for things” was first coined 1999by Kevin Ashton (one of the founders ofthe original Auto-ID Center at MIT), in2013 the Global Standards Initiative onInternet of Things defined the term as “theinfrastructure of the information society.”AR, or Augmented Reality, unlike virtualreality, combines the physical world with anoverlay of computer generated visual,audio and haptic interfaces. Manyidentified 2016 as the “The year ofaugmented reality.” Snapchat usedgeofilters to allow users to overlay a digitaleffect on the photos or video, Snapintroduced “Spectacles,” and Poke’mon Goblasted onto the summer gaming market.In 2017 with each of these firmlyentrenched, we can reflect on the legalimplications on the three technologies.

Practical Challenges andOpportunities

What are some of the challenges andopportunities presented when AR, IoT andApps intersect in the legal world? At onelevel, the existing challenges for IoT andApps are directly applicable to AR.On-device and network encryption andaccess controls for data are common. Oneof the greatest challenges is likely the needfor AR applications to be always-on. Forexample, an application that detects QRcodes to provide the user with immediateprice information or price comparisonrequires constant access to video streamdata. Consequently, the privacy risksassociated with the continuous videostream are much greater than a staticplatform contained in desktop orsmartphone operating systems.

Another challenge stems the hardware andthe need for human input on hardware thatdoes not have a keyboard, mouse or touchscreen. With AR, you need to look througha screen to the world around you whichcan result in the consumer feeling

detached from the surroundings and otherindividuals. A third challenge is content:Apps and IoT have endless amounts ofavailable content, but AR has not caughtup. There are literally millions of Apps andan endless stream of “things” to connect.However, the world of AR needs 3Dcontent which has not caught up with thefast pace of the technology.

The opportunities are truly endless andstem from what can be done when all threetechnologies work together. An Appconnects you to a “thing” which can becontrolled by AR in you “spectacles.” ARprovides information about the “thing”which allows you to connect with otherusing the same type of object allowingeach user to learn from the other.

Legal Concerns

From a legal perspective, the intersectionof the three technologies is also fraughtwith challenges and opportunities.Logically, adapting from mobile appsolutions appears to be the most likelyvehicle to initially address the challenge,but a wholesale adaption is simply notpossible. Obtaining permissions forgeo-locating as soon as you log onto anAR application should suffice in the shortterm. At the initial start up of thetechnology, the user could provide a certainlevel of permission.

However, in the long term, there are manyother problems to consider. For example,when geo-locating is being used by morethan one application, will the user need toprovide permission for each platform orcan the AR device seek permission in aglobal sense each time the user accessesthe technology. Additionally, what types ofpermissions will be required as AR is usedconstantly. Much like the landscapeproblem developers encountered withApps, the program has a certain flow andstyle, so how and when is the userexperience interrupted by the legalrequirements of informed consent.

A very timely concern involves “tracking”

across platforms. Developers and usersare becoming more familiar with the “donot track” options required by various lawsand how it impacts a user’s experience.However, when relying upon AR/IoT/Appshow does that occur and who isresponsible when the tracking still occurs?

The FTC’s Take on theIntersection

As recent as April 21, 2017, the FTCprovided yet another example of how it willenforce one intersection of AR, IoT andApps; targeted digital advertising. Earlier,the FTC filed a complaint against Turn, Inc.alleging that Turn advertises itself as the“largest independent company in theadvertising technology section” and claimsto reach “over 1.3 billing unique users permonth via mobile.” Turn used cookies andweb beacons to track consumers acrossthe Web for advertising and otherpurposes. Turn used advertising identifierssuch as Apple iOS’s Identifier forAdvertisers and Google’s advertising ID totrack users across mobile apps. Turncorrectly permitted the users todisassociate themselves from theirprevious tracking history by resetting theadvertising identifier at any time. However,in 2013 Turn participated in a VerizonWireless program that allowed Turn toobtain certain demographic informationprovided by Verizon Wireless about itsusers. To implement this program, VerizonWireless put certain identifiers into allunencrypted web requests for more than100 million consumers on its network. Theusers had no way to prevent thetransmission of the identifier. Turn thensynced this Verizon identifier with ouridentifiers it used to keep track of theVerizon Wireless Consumers, therebylinking the consumer’s browser or deviceand identified various behavioral,demographic or tracking data – even afterthe consumer deleted the cookies andreset the device identifiers. Thissynchronization allowed Turn to recreatewhat the consumer sought to delete,without obtaining the consumer’s

Page 48App Developer Magazine May 2017

permission. As a result of the action, Turnand the FTC entered into a settlementagreement which required Turn to post onits homepage a clear and conspicuoushyperlink that states “Consumer Opt Out ofTargeted Advertising.”

Turn’s case demonstrates the need fordevelopers using multiple platforms suchas AR/IoT/Apps to insure they worktogether and not undo what the other hasdone. In the consumer opts out of thegeo-location tracking in an App, once theconsumer interfaces with the AR platform,the technology should not start tracking theconsumer’s location without permission.

In the long term, AR specific solutionsreally need to be created. Raw sensorydata such as audio data, or recognitiondata such as facial recognition, poseparticular privacy concerns. These types ofdata present new concerns regardingprivacy which will require innovativenotices and opt in/out permissions.

While AR/IoT/Apps present privacyconcerns, their intersection also createsunique security opportunities. While thestrict use of an App to interact with thephysical environment invites another toshoulder surf, the personal display

associated with an AR system completelyeliminates the easiest security breach, thecurious, yet nefarious, person sitting nextto you. Additionally, because of the abilityto use multiple platforms, security could beenhanced by leveraging these differentplatforms. Consider the possibility that anAR platform can actively detect privacy andsecurity concerns. Rather than relying on ascreen protector which makes a screendifficult to read at a distance, an ARsystem can actively scan the surroundingarea and alert the user if it finds a cameralens pointing at it. The countless biometricor behavioral characteristics can be usedprovide authentication when using thesystem. You can smile at your phoneinstead of using a thumb print!

AR and the AutomatedCar

The FTC is looking to the future ofAR/IoT/Apps in 2017, by holding aworkshop on June 28, 2017 which willaddress all of these issues in relation toCurrent and Future cars. The FTC believesthat these autonomous cars will general4,000 gigabytes of data per day (vs. 650

mb of data an average person generates.)They are looking for input on “what privacyand security issues might arise fromconsumer operation of connected vehicles,including use of third-party aftermarketproducts that can plug into vehiclediagnostic systems, geolocations systems,or other data-generating aspects ofconnected vehicles.” Additionally, the FTCis looking for information on how the carswill integrate the data into their functionalityand what privacy and security harms canarise from the connected vehiclemanufacturers and their service providers’collection and use of data. It is clear, popup displays are a form of AR and the FTCis looking to insure that automated carswith such displays that interface with car’scontrols through an App downloaded to thecar’s system will be front and center in theJune workshop.

At first, cars had am radio, then fm, thensatellite, then dvd players for entertainment– now with wireless technology and “smartcars” AR in your care for entertainment oreven for assisting with the driving is likelythe next. The intersection of these everchanging platforms provides very realchallenges. However, as the consummateoptimist, the author sees limitlessopportunities.

Page 49App Developer Magazine May 2017