Long-time readers know that I have a rather varied set of interests and that I’ve got a “thing” for history, particularly military history. Knowing that, it shouldn’t come as a surprise that I was recently reading an article titled “Cyber is the fourth dimension of war” (ground, sea and air being the first three […]
By Jim Hietala, VP, Business Development and Security, The Open Group Risk Practitioners should be informed about the Open FAIR body of knowledge, and the role that The Open Group has played in creating a set of open and vendor-neutral … Continue reading →
One of the benefits of being a regular on Tom Cagley’s Software Process and Measurement (SPaMCast) podcast is getting to take part in the year-end round table (episode 426). Jeremy Berriault, Steve Tendon, Jon M. Quigley and I joined Tom for a discussion of: Whether software quality would be a focus of IT in 2017 […]
By Steve Nunn, President & CEO, The Open Group As another new year begins, I would like to wish our members and The Open Group community a happy, healthy and prosperous 2017! It’s been nearly 15 months since I transitioned … Continue reading →
On November 7, China’s top legislature adopted a cybersecurity law to safeguard the sovereignty on cyberspace, national security, and the rights of citizens. The law has seven chapters that define specific regulations in various areas, such as network …
Through ten years of working with dozens of companies, we have seen a lot of good and some not so good developments related to Enterprise Architecture. In recognition of those 10 years, those dozens of companies, and continued success, we would like t…
The Open Group, the vendor-neutral IT consortium, is hosting its next global event in Paris, France, between October 24-27, 2016. The event, taking place at the Hyatt Regency Paris Étoile, will focus on e-Government, as well as how to address … Continue reading →
I recently went into a High Street branch of my bank and moved a bit of money between accounts. I could have done more, but I didn’t have any additional forms of identification with me.At the end, the cashier asked me for my nationality. British, as it…
By Loren K. Baynes, Director, Global Marketing Communications, The Open Group During the week of July 18th, The Open Group hosted over 200 attendees from 12 countries at the Four Seasons hotel on the beautiful banks of Lady Bird Lake … Continue reading →
I have been discussing Pay As You Drive (PAYD) insurance schemes on this blog for nearly ten years.
The simplest version of the concept varies your insurance premium according to the quantity of driving – Pay As How Much You Drive. But for obvious reasons, insurance companies are also interested in the quality of driving – Pay As How Well You Drive – and several companies now offer a discount for “safe” driving, based on avoiding events such as hard braking, sudden swerves, and speed violations.
Researchers at the University of Washington argue that each driver has a unique style of driving, including steering, acceleration and braking, which they call a “driver fingerprint”. They claim that drivers can be quickly and reliably identified from the braking event stream alone.
Bruce Schneier posted a brief summary of this research on his blog without further comment, but a range of comments were posted by his readers. Some expressed scepticism about the reliability of the algorithm, while others pointed out that driver behaviour varies according to context – people drive differently when they have their children in the car, or when they are driving home from the pub.
“Drunk me drives really differently too. Sober me doesn’t expect trees to get out of the way when I honk.”
Although the algorithm produced by the researchers may not allow for this kind of complexity, there is no reason in principle why a more sophisticated algorithm couldn’t allow for it. I have long argued that JOHN-SOBER and JOHN-DRUNK should be understood as two different identities, with recognizably different patterns of behaviour and risk. (See my post on Identity Differentiation.)
However, the researchers are primarily interested in the opportunities and threats created by the possibility of using the “driver fingerprint” as a reliable identification mechanism.
- Insurance companies and car rental companies could use “driver fingerprint” data to detect unauthorized drivers.
- When a driver denies being involved in an incident, “driver fingerprint” data could provide relevant evidence.
- The police could remotely identify the driver of a vehicle during an incident.
- “Driver fingerprint” data could be used to enforce safety regulations, such as the maximum number of hours driven by any driver in a given period.
While some of these use cases might be justifiable, the researchers outline various scenarios where this kind of “fingerprinting” would represent an unjustified invasion of privacy, observe how easy it is for a third party to obtain and abuse driver-related data, and call for a permission-based system for controlling data access between multiple devices and applications connected to the CAN bus within a vehicle. (CAN is a low-level protocol, and does not support any security features intrinsically.)
Miro Enev, Alex Takakuwa, Karl Koscher, and Tadayoshi Kohno, Automobile Driver Fingerprinting Proceedings on Privacy Enhancing Technologies; 2016 (1):34–51
Andy Greenberg, A Car’s Computer Can ‘Fingerprint’ You in Minutes Based on How You Drive (Wired, 25 May 2016)
Bruce Schneier, Identifying People from their Driving Patterns (30 May 2016)
See also John H.L. Hansen, Pinar Boyraz, Kazuya Takeda, Hüseyin Abut, Digital Signal Processing for In-Vehicle Systems and Safety. Springer Science and Business Media, 21 Dec 2011
Identity Differentiation (May 2006)
The FBI, with the help of a third party, has managed to gain access to Syed Farook’s iPhone. In a court filing Monday, the FBI stated that they did not require Apple’s help any longer. Apple, on the other hand, now has a need to know what vulnerability was exploited to access the phone. Whether […]
By The Open Group Security is at the forefront of the IT industry today. Customers are looking for secure solutions that solve their IT challenges. Permissions and privacy are just a few of the security features that are highly sought … Continue reading →