Trademarks, trust and privacy

Posted on November 12, 2009

3


After a meeting with Tijs Teulings and Robert Gaal, regarding the trademarking of Roomware, I wrote an investigative article about Trademarking in this blog. When speaking with my girl, I broke asked myself and her the question: “If you look at Roomware: why trademarking it at all?”

I see Roomware to be and become an emerging technology exploding into different uses and put to different use. If not by us, then by other people: where people will develop their own versions and variations without us ever knowing. You can not control anything using trademarks. You can not police the use or the code that will be produced by X, Y or Z.

The bottom line is trust. The trust that people who will USE roomware can rely on a certain set of protection. And specifically regarding this:

  1. Part of Roomware is the use, linkage and presentation of your data to something or someone else
  2. Part of  Roomware is the linkage of your personal identity to a device that actively or passively states or broadcasts a machine-identity (your RFID Oyster card, your phone IMEI, your Bluetooth device in your phone). For instance: when you join a social game in a club you trust and link your name and e-mail (“Peter Kaptein” “peter@myEmailAddress.com”) you become tracable via your devices by anyone who can setup a scanner and can access the data.
  3. Part of Roomware is the POSSIBILITY to link all that data together: who you are, where you went, what  and sell it to any random other person and abuse it for other means than the fun we intended by creating these possibilities in the first time. Stalking people via their devices is just a mild version of that.

When you look at the Creative Commons, Linux and Arduino one of the major reasons to trademark those names is to guerantee that anything that bares that name is created via a specific set of rules, via a specific set of ethics. They did not WANT to do it: they HAD to.

If anyone can present their own “creative commons” the entire and original concept of Creative Commons becomes void of value and meaning. If any version of “Linux” is released by anyone the quality of the original Linux brand becomes void. Linux becomes a hollow name. If anyone can release and sell “Arduino boards” the same happens there.

Our responsibility: protection of personal privacy

When you look at banks, supermarkets and telecom providers: each hold very specific data about us. Where we were when (mobile operators, banks, supermarkets), what we bought (supermarkets and shops / banks). Through this data I can reconstruct parts of your life. Combining this with the online data you produce and leave behind on (social) sites I can refine this with psychological profiles giving me an impression of the type of person you are (“naive”, “angry”, “angry at a specific thing”) I might then use that data to start working on you personally.

What protects you now are privacy laws. Neither of these institutions are allowed to disclose this data to “anyone” (the exception: law enforcement). If they do, they will be sued and pay a shitload of money.

Imagine the following scenario:

An extreme christian sect or a group of Nigerian scam-artists has bought Roomware data including that of you: linked to your devices and linked to your personal profiles like Twitter and such. Based on your online data they have made several profiles of all people in that data set. Next they have scanners (IMEI or bluetooth) which tells them whom of those profiled people are in the vincinity. As the providers of that data can be anyone using Roomware, an Identity broker and active RFID/IMEI/Bluetooth scanners, this trade of information can be done unmonitored.

To aggregate this data is easy.

Just switch the scanner on, store all machine identities and wait until you can connect the owners identity to it. If you own several locations or are a networked organization that is fairly easy to do.

If – for instance – you state your identity at a store which offers you “discounts of 10% and more if you use your RFID card or give them your phone IMEI address” you might have given away more than you think you bargained for.

So: there you walk and a person you know from the past – an ex classmate or whomever – approaches you. You start talking, reminiscing memories. And you discover that “there are a lot of similarities that bind you” (the confidence trick. To give you a brief of that article and concept: Confidence tricks exploit typical human qualities like greed, dishonesty, vanity, honesty, compassion, credulity or naïve expectation of good faith on the part of the con artist.).

Within 6 months you are up to your ears into this sect without ever understanding where it ever started.

Identity Broker, trademarks and trust

When I started thinking about this side of the coin, I started re-evaluating the Roomware Identity Broker. Brief about that: (Wikipedia) An i-broker [or Identity Broker] is a “banker for data” or “ISP for identity services” — a trusted third party that helps individuals and organizations share private data the same way banks help exchange funds and ISPs help exchange e-mail and files.

The first and naive approach was: “you get recognized by a location / roomware installation and the Identity Broker will reveal your social identity based on the trust you give that place”.

The problem is that once you release a persons Identity and connect it to a device, that data can be instantly copied and distributed. Not specifically via Roomware. Via any means. The problem is not Roomware. You do not need “Roomware” to make this happen. By killing Roomware and the Roomware project and things like Roomware now, this possible and doable development will not be stopped, and maybe only slowed for 2 or 3 years.

Also: how can you trust that broker? Who are they? What values do they share? How is your provacy guarenteed?

So there is something else here: which is finding solutions and working on awareness. Disclosing the scenarios which are doable now. Showing the possible ways of abuse. As ignorance in this will create the same situation we have now with people who go online, have no clue, have no firewall, have no virus scanner and click and download opens anything that makes sounds, looks funny or has a funny name. Thus becoming yet another server in a zombie cluster for spam or DoS attacks on eBay or Google. Avoiding ignorance.

No illusions

I have no illusions about this. It happens already on small scale now and in controlled environments like shopping malls in Britain. It will happen even more in the future. It can not be prevented. Because it is very simple to build. Because we all have phones. Because we all, at some point, disclose our identities. Because we will not switch off our telephones. Because we will use more and more RFID cards to identify ourselves for discounts and loyalty programs offered by cafe’s and the lot. Because we rather use one card for everything than having a wallet the size of a brick for any and all loyalty program we like to be part of. Because a setup like Roomware makes it easy, cheap and affordable for any venue to have a loyalty system based on RFID and Oystercards there for 350 euro’s using an Eee PC and a cheap ass RFID reader.

The world will not go down in flames though and 666 is just another number like 123 and 8.

Back to the ID broker

An Identity broker is handy. It allows you to connect to services fast and release data that is clunky to transfer in other ways. Think of things like registering at a hotel you did not book beforehand. Instead of having to state your name and address in a langueage you do not master you simply grant them access to that part of your identity. Blam! Done. In less than a second the Hotel form is filled in and you can go upstairs.

With applications like Roomware there will be identity brokers emerging. If it is not tomorrow, then 3 years from now. It is HANDY. It saves time. It saves you effort. “Can I send you some information?” “Sure. Here you go.” Blam. Done.

One thing you want is to be in control of at least WHO will be able to access that data, via a security handshake that requires EXPLICIT action from you. Next, you do not want the data in that identity broker to be sold to just anyone. You need something or someone who you can trust. Who has a solid solution.

(I am not saying that the Roomware project should provide this. I AM saying that I personally see this as something that might become an emerging responsibility related to Roomware installations mixing personal data with data in the room. And I believe that this issue has to be addressed at the moment it becomes relevant working with parties or people who are already proven to deal with that stuff in a proper manner)

Trust and trademarks

Where you do not neccessarely have to follow up on any trademark-infringements, what you do do is crate a stable ground to protect your core label and your core values. Like Arduino can not stop all copycats selling “Arduino” boards to the market, they CAN take distance from these copies, state that they are in no way associated to the BRAND Arduino which they represent as they own the Trademark.

Also, the trademark is only limited to the countries where it is registered. To persue malicious users will cost big amounts of money and still will not protect people from this kind of abuse.

So where do you shop? Roomware, trust and trademarks

In this emerging jungle where linking identities to devices is becoming more and more easy, the Roomware brand/name – or another we invent – could be a provider of “roomware solutions which are created with a clear code of ethics” and a code of conduct to respect when you build Roomware stuff. Also by promoting the privacy issues that come with the availability of more and more private data online be a starting point for smart people to find smart solutions.

I can not foresee how Roomware stuff will be used by others, nor about copyright or patents. I do not care about “how I will make my money” nor is my goal “to be bought by Google”. I do care about the stuff regarding the increasing ease to connect your personal identity to any of your active devices.

As said in this post Creative Commons, Arduino and Linux had a reason to trademark their name. Not because they expect to make shitloads of money, but simply because they believe they are doing something valuable and wit that that they are obliged to protect the name from abuse, to protect the things they build and the value that that name represents.

Working on the next phase of Roomware brought the realization of how vulnerable your- and my privacy is, how easy it is to find out who you are and trace you anywhere you go.

To close this post

I have no clue what role “Roomware” as a brand will play in this. Maybe a better choice is to bring the identity-part into a different entity. Still, as Roomware definately deals with- and can cater- any of the privacy-identity issues mentioned in this post I think Roomware itself should be extremely clear about where it stands.

One of the reasons I believe the Roomware project should go full throttle instead of holding back is that we can inspire the “good” hackers to create new solutions to keep this world safe. The more people are aware of how to hack this in both the good and bad way, the more scenarios will evolve to avoid crap-scenarios of abuse due to ignorance by keeping this quiet.

Advertisements
Posted in: Legal