How that iPhone handset knows where I am

Treasure Island MapI’ve done a little bit of research to see how an Apple iPhone tracks my location – at least when i’ll be running iOS 8 later this autumn. It looks like it picks clues up from lots of places as you go:

  1. The signal from your local cell tower. If you switch your iPhone on after a flight, that’s probably the first thing it sees. This is what the handset uses to set your timezone and adjust your clock immediately.
  2. WiFi signals. As with Google, there is a location database accessed that translates WiFi router Mac addresses into an approximate geographic location where they’ve been sensed before. At least for the static ones.
  3. The Global Positioning System sensors, that work with both the US and Russian GPS satellite networks.  If you can stand in a field and see the horizon all around you, then your phone should have up to 14 satellites visible. Operationally, if it can see 2, you can get your x and y co-ordinates to within a meter or two. If it can see 3, then you get x, y and z co-ordinates – enough to give your elevation above sea level as well.
  4. Magnetometer and Gyroscope. The iPhone has an electronic compass and some form of gyroscope inside, so the system software can sense the direction, orientation (in 3D space) and movement. So, when you move from outdoors to an indoor location (like a shopping centre or building), the iPhone can remember the last known accurate GPS fix, and deduce (based on direction and speed as you move since that last sampling) your current position.

The system software on iOS 8 just returns your location and an indication of error scale based on all of the above. For some reason, the indoor positioning with the gyroscope is of high resolution for your x and y position, but returns the z position as a floor number only (0 being the ground floor, -1 one down from there, 1..top level above).

In doing all the above, if it senses you’ve moved indoors, then it shuts down the GPS sensor – as it is relatively power hungry and saves the battery at a time when the sensor would be unusable anyway.

Beacons

There are a number of applications where it would be nice to sense your proximity to a specific location indoors, and to do something clever in an application. For example, when you turn up in front of a Starbucks outlet, for Apple Passport to put your loyalty/payment card onto the lock screen for immediate access; same with a Virgin Atlantic check-in desk, where Passport could bring up your Boarding Pass in the same way.

One of the ways of doing this is to deploy low energy bluetooth beacons. These normally have two numbers associated with them; the first 64-bits is a licensee specific number (such as “Starbucks”), the second 64-bit number a specific identifier for that licensee only. This may be a specific outlet on their own applications database, or an indicator of a department location in a department store. It is up to the company deploying the Low Energy Bluetooth Beacons to encode this for their own iPhone applications (and to reflect the positions of the beacons in their app if they redesign their store or location layouts).

Your iPhone can sense beacons around it to four levels:

  1. I can’t hear a beacon
  2. I can sense one, but i’m not close to it yet
  3. I can sense one, and i’m within 3 meters (10 feet) of it right now
  4. I can sense one, and my iPhone is immediately adjacent to the beacon

Case (4) being for things like cash register applications. (2) and (3) are probably good enough for your store specific application to get fired up when you’re approaching.

There are some practical limitations, as low energy bluetooth uses the same 2.4Ghz spectrum that WiFi does, and hence suffers the same restrictions. That frequency agitates water (like a Microwave), hence the reason it was picked for inside applications; things like rain, moisture in walls and indeed human beings standing in the signal path tend to arrest the signal strength quite dramatically.

The iPhone 5S itself has an inbuilt Low Energy Bluetooth Beacon, but in line with the way Apple protect your privacy, it is not enabled by default. Until it is explicitly switched on by the user (who is always given an ability to decline the location sharing when any app requests this), hardware in store cannot track you personally.

Apple appear to have restricted licensees to using iBeacons for their own applications only, so only users of Apple iOS devices can benefit. There is an alternative “Open Beacon” effort in place, designed to enable applications that run across multiple vendor devices (see here for further details).

The Smart Watch Future

With the recent announcement and availability of various Android watches from Samsung, LG and Motorola, it’s notable that they all appear to have the compass, gyroscope but no current implementation of a GPS (i’ve got to guess for reasons of limited battery power and the sensors power appetite). Hence I expect that any direction sensing Smartwatch applications will need to talk to an application talking to the mobile phone handset in the users pocket – over low energy bluetooth. Once established, the app on the watch will know the devices orientation in 3D space and the direction it is headed; probably enough to keep pointing you towards a destination correctly as you walk along.

The only thing we don’t yet know is whether Apple’s own rumoured iWatch will break the mould, or like it’s Android equivalents, act as a peripheral to the network hub that is the users phone handset. We should know that later on this year.

In the meantime, it’s good to see that Apple’s model is to protect the users privacy unless they explicitly allow a vendor app to track their location, which they can agree to or decline at any time. I suspect a lot of vendors would like to track you, but Apple have picked a very “its up to the iPhone user and no-one else” approach – for each and every application, one by one.

Footnote: Having thought about it, I think I missed two things.

One is that I recall reading somewhere that if the handset battery is running low, the handset will bleat it’s current location to the cloud. Hence if you dropped your handset and it was lost in vegetation somewhere, it would at least log it’s last known geographic location for the “Find my iPhone” service to be able to pinpoint it as best it could.

Two is that there is a visit history stored in the phone, so your iPhones travels (locations, timestamps, length of time stationary) are logged as a series of move vectors between stops. These are GPS type locations, and not mapped to any physical location name or store identifier (or even position in stores!). The user has got to give specific permission for this data to be exposed to a requesting app. Besides use for remembering distances for expenses, I can think of few user-centric applications where you would want to know precisely where you’ve travelled in the last few days. Maybe a bit better as a version of the “secret” app available for MacBooks, where if you mark your device on a cloud service as having been stolen, you can get specific feedback on its movements since.

The one thing that often bugs me is people putting out calls on Facebook to help find their stolen or mislaid phones. Every iPhone should have “Find my iPhone” enabled (which is offered at iOS install customisation time) or the equivalent for Android (Android Device Manager) activated likewise. These devices should be difficult to steal.

The madness that is Hodor and Yo. Or is it?

Yo LogoOne constant source of bemusement – well, really horror – is the inefficiency of social media to deliver a message to it’s intended recipients. In any company setting, saying “I didn’t receive your message” is the management equivalent of “the dog ate my homework” excuse at school; it is considered a very rare occurrence and the excuse a poor attempt to seek forgiveness.

Sending bulk (but personalised) email to a long list of people who know you is just the start. Routinely, 30% of what you send will end up finishing short of your destination; no matter how many campaigns i’ve seen from anyone, none get higher than 70% delivery to the intended recipients. In practice, the number routinely read by the recipient normally bests at 20-30% of the number sent. Spam filters often over-zealous too. With practice, you get to find out that sending email to arrive in the recipients in-tray at 3:00pm on a Thursday afternoon local time is 7x more likely to be read than the same one sent at 6:00am on a Sunday morning. And that mentioning the recipients name, an indication of what it’s about and what they’ll see when the email is opened – all hooked together in the subject line -vastly improves open rates. But most people are still facing 70-80% wastage rates. I’ve done some work on this, but that experience is available to my consulting clients!

So, thank god for Facebook. Except that the visibility of status updates routinely only gets seen by 16% of your friends on average (the range is 2%-47% depending on all sorts of factors, but 16% is the average). The two ways to improve this is to make your own list that others can subscribe to, and if they remember to access that list name, then they’ll see the works. But few remember to do this. The other method is to pay Facebook for delivery, where you can push your update (or invite to an interest list, aka ‘likes’) to a defined set of demographics in specific geographic areas. But few guarantees that you’ll get >50% viewership even then.

So, thank god for Twitter. Except the chance of some of your followers actually seeing your tweets drops into the sub-1% range; the norm is that you’ll need to be watching your stream as the update is posted. So you’re down to using something like Tweetdeck to follow individual people in their own column, or a specific hashtag in another. You very quickly run out of screen real estate to see everything you actually want to see. This is a particular frustration to me, as I quite often find myself in the middle of a Tweet storm (where a notable person, like @pmarca – Marc Andreessen – will routinely run off 8-12 numbered tweets); the end result is like listening to a group of experts discussing interesting things around a virtual water cooler, and that is fascinating to be part of. The main gotcha is that I get to see his stuff early on a Saturday morning in the UK only because he tweets before folks on the west coast of the USA are headed to bed – otherwise i’d never catch it.

Some of the modern messaging apps (like SnapChat) at least tell you when that picture has been received and read by the recipient(s) you sent it too – and duly deleted on sight. But we’re well short of an application where you can intelligently follow Twitter scale dialogues reliably for people you really want to follow. Twitter themselves just appear happy to keep suggesting all sorts of people for me to follow, probably unconscious that routine acceptance would do little other than further polluting my stream with useless trash.

Parking all this, I saw one company produce a spoof Android custom keyboard, where the only key provided just says “Hodor”. Or if you press it down for longer, it gives you “Hodor” in bold. You can probably imagine the content of the reviews of it on the Google Play Store (mainly long missives that just keep repeating the word).

Then the next madness. Someone writing an application that just lists your friends names, and if you press their name, it just sends through a message to them saying “Yo!”.

Yo! Screenshot

Just like the Facebook Pokes of old. A team of three programmers wrote it in a couple of days, and it’s already been downloaded many thousands of times from the Apple App Store. It did sound to me like a modern variation of the Budweiser “Whats Up” habit a few years back, so I largely shook my head and carried on with other work.

The disbelief set in when I found out that this app had been subject to a $1.5 million VC funding round, which valued the company (this is their only “significant” app) at a $10m valuation. Then found out one of the lead investors was none other than a very respected John Borthwick (who runs Betaworks, an application Studio housed in the old Meat Packing area of New York).

His thing seems to be that this application ushers in a new world, where we quite often want to throw a yes/go-ahead/binary notification reliably to another entity. That may be a person (to say i’ve left work, or i’ve arrived at the restaurant, etc) or indeed a device (say ‘Yo’ to the coffee maker as you approach work, or to turn on the TV). So, there may indeed be some logic in the upcoming world of the “Internet of Things”, hyped to death as it may be.

John’s announcement of his funding can be found here. The challenge will no doubt be to see whether his investment is as prescient as many of his other ones (IFTTT, Bit.lyDots, Digg Deeper, etc) have been to date. In the meantime, back to code my own app – which is slightly more ambitious than that now famous one.

Paid Queue Jumping, San Francisco Style

Keep Calm and Queue Here Sign

There’s a fair amount of controversy about two mobile applications in San Francisco right now; MonkeyParking and ReservationHop. Both offer a twist on selling a place in a queue to a limited resource:

  • In an environment where it can sometimes take 45 minutes to find a car parking place, MonkeyParking enables someone currently occupying a space to sell this to another driver in the same proximity.
  • Likewise, where Restaurants having waiting lists that may extend to over a month, ReservationHop prebooks tables and sells these to customers who want to make a late booking

Transport authorities are objecting to the scalping of public parking spaces, and likewise there is concern about unsold restaurant bookings causing inefficiences when virtual diners don’t turn into real ones.

Besides the market for ticket touts, i’m also reminded that some customers will pay a hobo (tramp) to reserve their place in queues for new iPhones. I also recall Sir John Harvey-Jones, ex CEO of ICI plc, who once vented his frustration at the management of Morgan Cars, who maintained a multi-year waiting list for cars rolling off their production line. Customers would routinely sell their positions at greater than the cost of a new car, a practice resulting in much shrugging of shoulders at a practice that they felt wasn’t really cricket – but which they allowed to carry on regardless.

I guess the answer is to charge a premium for a standard car, and to discount personal customisations ordered up front. Customising something normally increases the value to the originally intended recipient, while decreasing the value to everyone else. Anyone who doubts that hasn’t looked at the value an iPad sale achieves on eBay between stock machines and ones engraved with the owners name.

But, same old. It’s happened from the dawn of time, and rarity of any resource (and timely access to same) normally attracts some value that scalpers can attribute a price to. The only thing I find distasteful is the name coined for mobile apps that enhance this process on the West Coast of the USA right now – that of “Jerkware”. Hopefully we can come up with a more appropriate name going forward.

Corning Glass, Android, Amazon then – surprise!

3D Glasses

One piece of uncharted territory in the mobile phone and tablet industry relates to how much Gorilla Glass (used for touch screens) that Corning manufacture, compared to an estimate of how many devices are physically shipped. Corning routinely publish the total area of glass produced, from which analysts attempt to triangulate with the relative sizes, and volumes, of the products that employ the technology.

The biggest estimated gap appears to relate to glass used to power “media tablets” in China. These tend to run the Open Source version of Android (aka “AOSP” – Android Open Source Project), don’t use any of the Google Play services (hence never need to authenticate with Google), and are assumed to be personal TVs that feed content from WiFi. Or suitable capacity SD memory cards traded (illicitly?) in some Chinese markets, preloaded with films or video from other sources.

The existence of these low cost WiFi personal TVs would explain why Apple, with a seemingly sub 15% unit market share, still drive a vastly disproportionate amount of web and e-commerce traffic that operators experience. However, such tablets – Kindle Fire being the most prominent exception – are fairly rare outside China and India.

There are rumours that Amazon are about to release a mobile phone – I don’t even think they’ve said phone themselves – but on their announcement invite video, folks are rocking their heads from side to side looking at a handheld device. All the bets are on showing items in 3D, as demonstrated by this (now Google) employee – who conjured the effect using a Nintendo Wii remote and matching sensor bar. A fascinating (less than 5 minutes) demonstration of what was possible some months back here: Head Tracking for Desktop VR Displays

Of course, by the time you read this, Amazon will have likely blown your head away with a ready to ship (soon) device, and some compelling content or applications. As an Amazon Prime customer, i’m looking forward to it. Not least having a 3D display without the need for special glasses!

Footnote: the Amazon Fire Phone was announced, two of it’s features described (in 80 seconds) in this BBC video. This neglected to mention that the WiFi can wind up to full dual channel 801.11ac speeds (as fast 300Mb/s), and that it already supports the UK LTE and HSPA+ bands out of the box. You can also throw video to your TV using Miracast (as present in a lot of modern TVs already, and in many set-top boxes). At the moment, like the Fire TV set top box, it has been announced for the US only.

I must admit, I did tap the US off contract price into Google: 649 usd in gbp – and it comes out £381.52 + VAT = £458 or so. As in the USA, that’s a 32GB phone for the price of a 16GB iPhone 5S. Then told myself off for doing this, as the USA cellular market is a strange beast (most business in $80/month contracts including handset subsidies – where the handset cost is $200 up front). Everything about the hardware is great, and the source of initial moans by the tech community around US pricing, being tied to AT&T for contract sales, no sign of a rumoured bundled carrier data contract etc – are things that Amazon could iterate at blinding speed – both in the USA and elsewhere.

It is a shopaholics dream phone – it can look up from a selection of millions of items visually, or by listening to music or TV shows – and to be able to order them for you (and deliver on a bundled Amazon Prime service) in a very, very slick fashion. About the only thing it can’t do yet is to value antiques. Or can it?

The Internet of Things withers – while HealthKit ratchets along

FDA Approved Logo

I sometimes shudder at the estimates, as once outlined by executives at Cisco, that reckons the market for “Internet of Things” – communicating sensors embedded everywhere – would be likely be a $19 trillion market. A market is normally people willing to invest to make money, save money, to improve convenience or reduce waste. Or a mix. I then look at various analysts reports where they size both the future – and the current market size. I really can’t work out how they arrive at today’s estimated monetary amounts, let alone do the leap of faith into the future stellar revenue numbers. Just like IBM with their alleged ‘Cloud’ volumes, it’s difficult to make out what current products are stuffed inside the current alleged volumes.

One of my sons friends is a Sales Director for a distributor of sensors. There appear good use cases in Utility networks, such as monitoring water or gas flow and to estimate where leaks are appearing, and their loss dimensions. This is apparently already well served. As are industrial applications, based on pneumatics, fluid flow and hook ups to SCADA equipment. A bit of RFID so stock movements can be automatically checked through their distribution process. Outside of these, there are the 3 usual consumer areas; that of cars, health and home equipment control – the very three areas that both Apple and Google appear to be focussed on.

To which you can probably add Low Power Bluetooth Beacons, which will allow a phone handset to know it’s precise location, even where GPS co-ordinates are not available (inside shopping centres as an example). If you’re in an open field with sight of the horizon around you in all directions, circa 14 GPS satellites should be “visible”; if your handset sees two of them, it can suss your x and y co-ordinates to a meter or so. If it sees 3 satellites, that’s normally enough to calculate your x, y and z co-ordinates – ie: geographic location and height above sea level. If it can only see 1 or none, it needs another clue. Hence a super secret rollout where vendors are offering these LEB beacons and can trade the translation from their individual identifiers to their exact location.

In Apple’s case, Apple Passbook Loyalty Cards and Boarding Passes are already getting triggered with an icon on the iOS 8 home screen when you’re adjacent to a Starbucks outlet or Virgin Atlantic Check-in desk; one icon press, and your payment card or boarding pass is there for you already. I dare say the same functionality is appearing in Google Now on Android; it can already suss when I get out of my car and start to walk, and keeps a note of my parking location – so I can ask it to navigate me back precisely. It’s also started to tell me what web sites people look at when they are in the same restaurant that i’m sitting in (normally the web site or menu of the restaurant itself).

We’re in a lull between Apple’s Worldwide Developer Conference, and next weeks equivalent Google I/O developer event, where Googles version of Health and HomeKit may well appear. Maybe further developments to link your cars Engine Control Unit to the Internet as well (currently better engaged by Phil Windley’s FUSE project). Apple appear to have done a stick and twist on connecting an iPhone to a cars audio system only, where the cars electronics use Blackberry’s QNX embedded Linux software; Android implementations from Google are more ambitious but (given long car model cycle times) likely to take longer to hit volume deployments. Unless we get an unexpected announcement at Google I/O next week.

My one surprise is that my previous blog post on Apples HomeKit got an order of magnitude more readers than my two posts on the Health app and the HealthKit API (posts here and here). I’d never expected that using your iPhone as a universal, voice controlled home lock/light/door remote would be so interesting to people. I also hear that Nest (now a Google subsidiary) are about to formally announce shipment of their 500,000th room temperature control. Not sure about their Smoke Alarm volumes to date though.

That apart, I noticed today that the US Food and Drug Administration had, in March, issued some clarifications on what type of mobile connected devices would not warrant regulatory classification as a medical device in the USA. They were:

  1. Mobile apps for providers that help track or manage patient immunizations by assessing the need for immunization, consent form, and immunization lot number

  2. Mobile apps that provide drug-drug interactions and relevant safety information (side effects, drug interactions, active ingredient) as a report based on demographic data (age, gender), clinical information (current diagnosis), and current medications

  3. Mobile apps that enable, during an encounter, a health care provider to access their patient’s personal health record (health information) that is either hosted on a web-based or other platform

So, it looks like Apple Health application and their HealthKit API have already skipped past the need for regulatory approvals there already. The only thing i’ve not managed to suss is how they measure blood pressure and glucose levels on a wearable device without being invasive. I’ve seen someone mention that a hi res camera is normally sufficient to detect pulse rates by seeing image changes on a picture of a patients wrist. I’ve also seen an inference that suitably equipped glasses can suss basic blood composition looking at what is exposed visibly in the iris of an eye. But if Apple’s iWatch – as commonly rumoured – can detect Glucose levels for Diabetes patients, i’m still agonising how they’d do it. Short of eating or attaching another (probably disposable) Low Energy Bluetooth sensor for the phone handset to collect data from.

That looks like it’ll be Q4 before we’ll all know the story. All I know right now is that Apple produce an iWatch, and indeed return the iPhone design to being more rounded like the 3S was, that my wife will expect me to be in the queue on release date to buy them both for her.

Start with the needs of the end user, and work back from there…

Great Customer Service

A bit of a random day. I learnt something about the scale of construction taking place in China; not just the factoid that they’re building 70 airports at the moment, but a much more stunning one. That, in the last 3 years, the Chinese have used more cement than the USA did in the 100 years between 1900 and 2000. The very time when all the Interstate and Road networks were built, in addition to construction in virtually every major city.

5 of the top 10 mobile phone vendors are Chinese (it’s not just an Apple vs Samsung battle now), and one appears to be breaking from the pack in emerging markets – Xiaomi (pronounced show – as in shower – and me). Their business model is to offer Apple-class high end phones at around cost, target them at 18-30 year “fans” in direct sales (normally flash sales after a several 100,000 unit production run), and to make money from ROM customisations and add-on cloud services. I’ve started hearing discussions with Silicon Valley based market watchers who are starting to cite Xiaomi’s presence in their analyses, not least as in China, they are taking market share from Samsung – the first alternative Android vendor to consistently do so. I know their handsets, and their new tablet, do look very nice and very cost effective.

That apart, I have tonight read a fantastic blog post from Neelie Kroes, Vice President of the European Commission and responsible for the Digital Agenda for Europe – talking specifically about Uber and this weeks strikes by Taxi drivers in major cities across Europe. Well worth a read in full here.

Summarised:

  • Let me respond to the news of widespread strikes and numerous attempts to limit or ban taxi app services across Europe. The debate about taxi apps is really a debate about the wider sharing economy.
  • It is right that we feel sympathy for people who face big changes in their lives.
  • Whether it is about cabs, accommodation, music, flights, the news or whatever.  The fact is that digital technology is changing many aspects of our lives. We cannot address these challenges by ignoring them, by going on strike, or by trying to ban these innovations out of existence
  • a strike won’t work: rather than “downing tools” what we need is a real dialogue
  • We also need services that are designed around consumers.
  • People in the sharing economy like drivers, accommodation hosts, equipment owners and artisans – these people all need to pay their taxes and play by the rules.  And it’s the job of national and local authorities to make sure that happens.
  • But the rest of us cannot hide in a cave. 
  • Taxis can take advantage of these new innovations in ways consumers like – they can arrive more quickly, they could serve big events better, there could be more of them, their working hours could be more flexible and suited to driver needs – and apps can help achieve that.
  • More generally, the job of the law is not to lie to you and tell you that everything will always be comfortable or that tomorrow will be the same as today.  It won’t. Not only that, it will be worse for you and your children if we pretend we don’t have to change. If we don’t think together about how to benefit from these changes and these new technologies, we will all suffer.
  • If I have learnt anything from the recent European elections it is that we get nowhere in Europe by running away from hard truths. It’s time to face facts:  digital innovations like taxi apps are here to stay. We need to work with them not against them.

It is absolutely refreshing to have elected representatives working for us all and who “get it”. Focus on consumers, being respectful of those afflicted by changes, but driving for the collective common good that Digital innovations provide to society. Kudos to Neelie Kroes; a focus on users, not entrenched producers – a stance i’ve only really heard with absolute clarity before from Jeff Bezos, CEO of Amazon. It does really work.

 

Uber in London: The Streisand Effect keeps on giving

Uber Logo

With the same overall theme as yesterday, if you’re looking at your future, step one is to look at what your customers would value, then to work back to the service components to deliver it.

I’ve followed Uber since I first discovered them in San Francisco, and it looks a simple model – to the user. You want to go from where you are to another local destination. You typically see where the closest driver is to you on your smartphone. You ask your handset for a price to go to a specific destination. It tells you. If you accept, the car is ordered and comes to pick you up. When you get dropped off, your credit card is charged, and both you and the taxi driver get the opportunity to rate each other. Job done.

Behind that facade is a model of supply and demand. Taxi drivers that can clock on and off at will. At times of high demand and dwindling available ride capacity, prices are ramped up (to “surge” pricing) to encourage more drivers onto the road. Drivers and customers with voluminous bad ratings removed. Drivers paid well enough to make more money than those in most taxi firms ($80-90,000/year in New York), or the freedom to work part time – even down to a level where your reward is to pay for your car for a few hours per week of work, and have free use of it at other times.

The service is simple and compelling enough that i’d have thought tax firms would have cottoned onto how the service works, and to replicate it before Uber ever appeared on these shores. But, with a wasted five years, they’ve appeared – and Taxi drivers all over Europe decided to run the most effective advertising campaign for an upstart competitor in their history. A one-day 850% subscriber growth; that really takes some doing, even if you were on the same side.

I’m just surprised that whoever called the go-slows all over Europe didn’t take the time out to study what we in the tech industry know as “The Streisand Effect” – Wikipedia reference here. BBC Radio 2 even ran a segment on Uber at lunchtime today, followed by every TV News Bulletin i’ve heard since. I downloaded the app as a result of hearing it on that lunchtime slot, as I guess many others did too (albeit no coverage in my area 50 miles West of London – yet). Given the five years of missed prep time, I think they’ve now lost – or find themselves in fast follower mode to incorporate similar technology into their service before they have a mass exodus to Uber (of customers, then drivers).

London Cabbies do know all the practical use of rat runs that SatNav systems are still learning, but even that is a matter of time now. I suspect appealing for regulation will, at best, only delay the inevitable.

The safest option – given users love the simplicity and lack of surprises in the service – is to get busy quickly. Plenty of mobile phone app prototyping help available on the very patch that London Black Cab drivers serve.

CloudKit – now that’s how to do a secure Database for users

Data Breach Hand Brick Wall Computer

One of the big controversies here relates to the appetite of the current UK government to release personal data with the most basic understanding of what constitutes personal identifiable information. The lessons are there in history, but I fear without knowing the context of the infamous AOL Data Leak, that we are destined to repeat it. With it goes personal information that we typically hold close to our chests, which may otherwise cause personal, social or (in the final analysis) financial prejudice.

When plans were first announced to release NHS records to third parties, and in the absence of what I thought were appropriate controls, I sought (with a heavy heart) to opt out of sharing my medical history with any third party – and instructed my GP accordingly. I’d gladly share everything with satisfactory controls in place (medical research is really important and should be encouraged), but I felt that insufficient care was being exercised. That said, we’re more than happy for my wife’s Genome to be stored in the USA by 23andMe – a company that demonstrably satisfied our privacy concerns.

It therefore came as quite a shock to find that a report, highlighting which third parties had already been granted access to health data with Government mandated approval, ran to a total 459 data releases to 160 organisations (last time I looked, that was 47 pages of PDF). See this and the associated PDFs on that page. Given the level of controls, I felt this was outrageous. Likewise the plans to release HMRC related personal financial data, again with soothing words from ministers in whom, given the NHS data implications, appear to have no empathy for the gross injustices likely to result from their actions.

The simple fact is that what constitutes individual identifiable information needs to be framed not only with what data fields are shared with a third party, but to know the resulting application of that data by the processing party. Not least if there is any suggestion that data is to be combined with other data sources, which could in turn triangulate back to make seemingly “anonymous” records traceable back to a specific individual.Which is precisely what happened in the AOL Data Leak example cited.

With that, and on a somewhat unrelated technical/programmer orientated journey, I set out to learn how Apple had architected it’s new CloudKit API announced this last week. This articulates the way in which applications running on your iPhone handset, iPad or Mac had a trusted way of accessing personal data stored (and synchronised between all of a users Apple devices) “in the Cloud”.

The central identifier that Apple associate with you, as a customer, is your Apple ID – typically an email address. In the Cloud, they give you access to two databases on their cloud infrastructure; one a public one, the other private. However, the second you try to create or access a table in either, the API accepts your iCloud identity and spits back a hash unique to your identity and the application on the iPhone asking to process that data. Different application, different hash. And everyone’s data is in there, so it’s immediately unable to permit any triangulation of disparate data that can trace back to uniquely identify a single user.

Apple take this one stage further, in that any application that asks for any personal identifiable data (like an email address, age, postcode, etc) from any table has to have access to that information specifically approved by the handset owners end user; no explicit permission (on a per application basis), no data.

The data maintained by Apple, besides holding personal information, health data (with HealthKit), details of home automation kit in your house (with HomeKit), and not least your credit card data stored to buy Music, Books and Apps, makes full use of this security model. And they’ve dogfooded it so that third party application providers use exactly the same model, and the same back end infrastructure. Which is also very, very inexpensive (data volumes go into Petabytes before you spend much money).

There are still some nuances I need to work. I’m used to SQL databases and to some NoSQL database structures (i’m MongoDB certified), but it’s not clear, based on looking at the way the database works, which engine is being used behind the scenes. It appears to be a key:value store with some garbage collection mechanics that look like a hybrid file system. It also has the capability to store “subscriptions”, so if specific criteria appear in the data store, specific messages can be dispatched to the users devices over the network automatically. Hence things like new diary appointments in a calendar can be synced across a users iPhone, iPad and Mac transparently, without the need for each to waste battery power polling the large database on the server waiting for events that are likely to arrive infrequently.

The final piece of the puzzle i’ve not worked out yet is, if you have a large database already (say of the calories, carbs, protein, fat and weights of thousands of foods in a nutrition database), how you’d get that loaded into an instance of the public database in Apple’s Cloud. Other that writing custom loading code of course!

That apart, really impressed how Apple have designed the datastore to ensure the security of users personal data, and to ensure an inability to triangulate data between information stored by different applications. And that if any personal identifiable data is requested by an application, that the user of the handset has to specifically authorise it’s disclosure for that application only. And without the app being able to sense if the data is actually present at all ahead of that release permission (so, for example, if a Health App wants to gain access to your blood sampling data, it doesn’t know if that data is even present or not before the permission is given – so the app can’t draw inferences on your probably having diabetes, which would be possible if it could deduce if it knew that you were recording glucose readings at all).

In summary, impressive design and a model that deserves our total respect. The more difficult job will be to get the same mindset in the folks looking to release our most personal data that we shared privately with our public sector servants. They owe us nothing less.

More evidence of the Relentless Migration from CapEx to OpEx

Google Self Driving Car

There’s been quite a lot of commentary in the last week following Google co-founder Sergey Brin’s presentation at the Re/code Conference; he got to show this video of the next iteration of their self driving cars. For a bit of history leading up to that announcement, i’d recommend watching two videos on the progress of this project to date, and then the video Sergey showed last week:

  1. Sebastian Thrun – the project lead – giving a presentation about self driving cars in 2011 and showing a few of them in action here (it lasts 4 mins, 14 seconds).
  2. A video that Google produced with a twist near the end here (3 mins 1 second long).
  3. And the video of the new exploratory design announced this week here (2 mins 53 seconds).

My brain diverted another way to most. Have you ever seen and experienced Uber? You open an app on your Smartphone, which identifies where you are located. You tell it where you’d like to travel to, and it will tell you (a) how long a wait until a taxi will arrive to collect you and (b) the fixed cost of the journey. If you accept both, your taxi is scheduled, collects you, drops you off and the charge made to your credit card. Done! The system is set so that both driver and passenger rate their experience, so that good service from both ends of the transaction is maintained.

It’s probably well known that most cars purchased are tremendously under utilised and taking up valuable parking space in Cities all over the world. There are separate innovations where drivers can clock on and off at any time they wish, and obviously less resources available results in the pricing rising – to encourage more Uber drivers back online to service the demand. There are also periods of exceptional demand where Uber will jack the prices right up – transparently to all – to ensure there are the right number of drivers available to service the very busy customer demand periods (like rush hours).

Uber have stirred controversy in the Taxi industry because anyone (with lack of bad references) can be a Uber driver, and part time working is a personal choice. Those who work full time, as self employed drivers, often get much higher pay than most routine licensed Taxi drivers; in New York, reckoned to be north of $90,000/year gross and (after car finance and depreciation costs) around $60,000/year. Drivers who operate part time can use the income to offset the cost of their cars, partly or completely, if that is their choice.

The bit that caught my imagination was what would happen if a City (or a private company) bought a fleet of these Google cars and hooked them into Uber. After use, they go to their next collection point or back to a well researched cache – ready for the best possible service to the next likely passenger. Or to the Petrol Station to be refueled (and I hope a manufacturer recall doesn’t end up with fleets of them working back to their factory, all at once!).

I guess in the early days, there will be idiots on the road who’ll try to psych them out, but once an integral piece of local life, I think a Google/Uber combination would be tremendous. Not least, as yet another glowing example that paying for a shared resource is much cheaper than the inefficiencies inherent in expensive, rarely used Capital assets.

CapEx is the past, OpEx is the future.

Email: is 20% getting through really a success?

Baseball Throw

Over the weekend, I sent an email out to a lot of my contacts on LinkedIn. Because of the number of folks i’m connected to, I elected to subscribe to Mailchimp, the email distribution service recommended by most of the experts I engage in the WordPress community. I might be sad, but it’s been fascinating to watch  the stats roll in after sending that email.

In terms of proportion of all my emails successfully delivered, that looks fine:

Emails Delivered to LinkedIn Contacts

However, 2 days after the email was sent, readership of my email message, with the subject line including the recipients Christian name to avoid one of the main traps that spam gets caught in, is:

Emails Seen and UnOpened

Eh, pardon? Only 47.4% of the emails I sent out were read at all? On first blush, that sounds really low to an amateur me. I would have expected it for folks on annual leave, but still not as low as less than half of all messages sent out. In terms of device types used to read the email:

Desktop vs Mobile Email Receipt

which I guess isn’t surprising, given the big volume of readers that looked at the email in the first hour of when it was sent (which was at around 9:00pm on Saturday night). There was another smaller peak between 7am-8am on Sunday morning, and then fairly level tides with small surges around working day arrival, lunch and departure times. In terms of devices used:

Devices used to read Email

However, Mailchimp insert a health warning, saying that iOS devices do handshake the email comms reliably, whereas other services are a lot more fickle – so the number of Apple devices may tend to over report. That said, it reinforces the point I made in a post a few days ago about the importance of keeping your email subject line down to 35 characters – to ensure it’s fully displayed on an iPhone.

All in, I was still shocked by the apparent number of emails successively delivered but not opened at all. Thinking it was bad, I checked and found that Mailchimp reckon the average response aimed into folks aligned to Computers and Electronics (which is my main industry), voluntarily opted in, is 17.8%, and click throughs to provided content around the 1.9% mark. My email click through rate is running at 2.9%. So, my email was 2x the industry norm for readership and 50% above normal click-through rates, though these are predominantly people i’ve enjoyed working with in the past – and who voluntarily connected to me down the years.

So, sending an email looks to be as bad at getting through as expecting to see Tweets from a specific person in your Twitter stream. I know some of my SMS traffic to my wife goes awry occasionally, and i’m told Snapchat is one of the few messaging services that routinely gives you an indication that your message did get through and was viewed.

Getting guaranteed attention of a communication is hence a much longer journey than I expected, and probably (like newspaper ads of old) relying on repeat “opportunities to see”. But don’t panic – i’m not sending the email again to that list; it was a one-time exercise.

This is probably a dose of the obvious to most people, but the proportion of emails lost in action – when I always thought it a reliable distribution mechanism – remains a big learning for me.