Five Thoughts on Privacy and Security

Apple’s been in the news this week because hackers apparently forced their way into various celebrities’ iCloud accounts and stole photos, which have now been released to the public. It’s still not clear exactly how the hacks were perpetrated, although that hasn’t prevented plenty of clueless reporting on the topic. In the absence of clarity about exactly what happened, I think it’s useful to focus on a few general points about privacy and security that provide some context for this sort of news.

If Apple really is at fault, it needs to remedy the situation fast

If it becomes clear, as has been reported, Apple’s systems for securing accounts are inadequate in that they either lack rate limiters or are otherwise open to brute force attacks, they need to fix this ASAP. As others have pointed out, these are basic precautions any online service ought to put in place and if Apple hasn’t had them, that’s a massive oversight. There should be (and almost certainly is) an internal review under way at Apple right now looking at all the potential vulnerabilities in Apple’s online sign-on systems and patching them as soon as possible.

The impact to Apple will be very limited

Every time a story like this blows up, I get calls from journalists asking whether this will (A) damage the company concerned, (B) make people warier of similar services in future, (C) dramatically change behavior. And every time, I tell them no to all three questions, for one simple reason: people have extremely short memories when it comes to this sort of thing. Just look at the Google Trends data for the search term “privacy”:

Google Trends privacy

What you see is interest in the topic is actually declining over time, though there are periodical spikes in interest, usually triggered by specific news stories such as the one this week. Interestingly, there’s no spike this month even though the equivalent Trends data for the word “hack” has spiked enormously as a result of the news story. In other words, overall concerns about privacy as measured by this data remain low (and are in fact falling) and although there are brief spikes in interest, they don’t last. As such, this story will likely blow over like all the others before it, and there will be little to no lasting impact on Apple.

What is certain is that, if you were looking to orchestrate a campaign to hobble Apple’s announcements this coming week, this would be about as good an attack vector as you might conceive of. It hits Apple where it’s thought to be weakest (cloud services) ahead of what’s likely to be a series of announcements about particularly sensitive data sets (health, home and financial). But my guess is by this time next week it will be forgotten – the public has a very short memory when it comes to this sort of thing.

Privacy attacks are very targeted

One reason why these attacks tend to blow over so quickly is they affect so few people. This particular attack, like most of them, was very targeted – the Guardian reports only around a dozen celebrities were affected and a total of around 400 photographs and videos leaked so far. The overall scope of the hack may have affected “over 100 individuals” and their personal data. That’s a tiny, tiny fraction of the overall populace, and what all these people have in common is they’re famous.

All of these attacks require three things to be a threat: motive, means and opportunity. And, unlike the sort of financial hacking that has affected Target and others in recent months, all three simply don’t apply to most members of the general population. There’s little motive for hackers to access my personal photos or videos, because the market for images of my kids is non-existent outside my own family. These attacks take considerable time and it’s simply not worth the means required if there’s no payoff. There’s also little opportunity because the kind of personal data necessary to perform social engineering for someone who isn’t famous is hard to come by.

As such, though celebrity photos make for big news stories, most people can easily brush them off since they’re unlikely ever to be affected by them. Financial hacking stories, on the other hand, have far more wide-reaching effects, and the likelihood that many ordinary individuals will be affected is far higher. But that doesn’t apply to this sort of very targeted and therefore, limited, hacking.

The difference between careless and deliberate privacy invasions

Another thing to bear in mind is there’s a very important difference between personal information obtained by third parties despite the best efforts of a provider, and information actively shared with third parties by a provider. I’ve written previously about how business models either create alignment between users and those paying the bills or tensions between them, and the implications that has for security. What’s most damaging with these sorts of stories is when they start to create in people’s minds a pattern of breaches, and that’s far more likely to happen when a company’s business model depends on enabling sharing of personal data than when a company is doing everything it can to protect users’ data from third parties.

What no one is accusing Apple of here is deliberately pushing the boundary on sharing personal information with third parties, and in fact Apple has spent the past week clarifying developer guidelines around HealthKit, HomeKit, Extensions and other functions in iOS 8 which have the potential for privacy invasions and violations. One of the things I was most struck with as I watched some of the individual sessions from WWDC was how carefully Apple has thought through some of the privacy implications of HealthKit. One example I’ll highlight that’s representative: apps can check whether they have write permission for HealthKit data, but not whether they have read permission, because the very fact a user has denied an app read permission to their blood sugar data might be an indication they are storing such information and therefore they’re diabetic. That kind of attention to detail is critical if Apple is to gain the trust of its users around HealthKit, HomeKit and whatever payment solution it will launch next week. The details that have emerged this week about the limits placed on what developers can do with HealthKit and HomeKit data are further illustrations of how seriously Apple is taking all of this. I don’t know if the timing is a coincidence – if the iPhone launch weren’t next week, I’d say it might have been moved up, but I suspect it’s just fortuitous timing.

Both Apple and Microsoft have taken advantage of Google’s focus on advertising to hammer it over privacy invasions. Microsoft’s Scroogled campaign was a good example of this strategy and it works because it reminds users of the inherent tension that exists between the needs of users and advertisers. Both Apple and Microsoft have been highlighting their commitment to keeping user data private, as I mentioned in my business models piece. While this week’s iCloud story may hurt Apple for a few days, it’s in a fundamentally different category from the regular stories about Facebook and Google privacy invasions, because those are about deliberately shifting the boundaries between what’s personal and what’s not. While Apple bears responsibility if poor security precautions allowed the iCloud hack to take place, it’s certainly not leaking that data deliberately to third parties.

Users are always the weak point in security

Lastly, we as the end users are always the weak point in security. That’s not to absolve tech companies of blame: in fact, it’s a key challenge they should all be working to overcome, while managing the balance between removing the barriers to good security and maintaining strong protections for users. I’ve had good discussions on Twitter about this over the last few days, and several themes have emerged:

  • The vast majority of users will always seek the path of least resistance when it comes to security – this means simple, often reused passwords and an aversion to things like two-factor authentication which might strengthen security
  • TouchID and other new forms of authentication can be very helpful in this respect, but they only go so far, as long as PIN codes and passwords are used as alternatives, and as long as they’re only used for on-device security, leaving the web as a whole, and non-enabled devices back in the current username-password model
  • Two-factor authentication which automates one of the factors – e.g. by using a fingerprint sensor or iris scanner on a device to authenticate on the web, or for mobile payments, could be a significant step forward. Two-factor authentication is being held back by its sheer awkwardness: waiting for an SMS or opening an app, manually entering a code etc. and something which makes the second factor easier to confirm could increase adoption.

There are no easy solutions in security, which is characterized by constant tradeoffs between ease of use and prevention of breaches. But better security and privacy protections are essential focus areas for all technology companies, and we can do much better than we currently are.

Trouble in the Cloud: Lessons from AP and Bloomberg

Its been a bad week for the cloud. Businesses of all sizes are under a lot of pressure to save money by moving IT operations into the cloud. for many companies, it can be a lot cheaper and more efficient to pay someone else to manage your email, storage, and servers  and provide other IT services than to do it yourself. But the disclosure of of phone surveillance of the Associated Press by the U.S. Justice Dept. and snooping on customer activities by Bloomberg News reporters, neither of which has anything obvious to do with cloud computing, might give you some pause about trusting your data to a third party.

The issue isn’t security, and least not in the conventional sense of protecting your data and operations from malicious hackers and other no-goodniks. In truth, most service providers are better at that sort of security than businesses from whom IT and IT security are not core competencies. The problem is the amount of control you surrender when a third party hold your information.

In the AP case, the government subpoenaed call records for 20 phone lines used by AP reporters and editors, apparently as part of an investigation of leaks about the disruption of a terrorist plot in Yemen. I’ll leave it to others to discuss the legality and the First Amendment implications of DOJ’s actions. But the implications for privacy are disturbing.

The government was able to obtain the phone records by issuing subpoenas to carriers–and neither the government nor the carriers bothered to inform the AP of the request. The news service found out only because regulations require eventual, after-the-fact notification–but only for news organizations. If you are any other sort of business, you might never find out about the surveillance.[pullquote]If you control the data, you can make your own choices, including going to jail to protect it. If a third party has it, the choice is theirs, not yours.[/pullquote]

Phone records are always highly vulnerable. You don’t have the options of operating your own telephone system. And telephone carriers have a history of giving up call records, and sometimes a lot more, to the government on the slightest provocation. But what about e-mail? Here things get murky. The Electronic Communications Privacy Act which covers email, was written in 1986, in the MCI Mail era. Under the government’s interpretation of it, mail stored on third-party servers that is more than 180 days old or that has been opened can be obtained without a subpoena. That interpretation is currently tied up in several law suits. But the government could also subpoena current mail records and there is no requirement that you be notified.

AP was lucky. It apparently hosts its own email, so there is no way the government could read it without a direct request to AP, which it then could have fought. There’s hardly a guarantee of success, but at least it would have known what was going on. If you control the data, you can make your own choices, including going to jail to protect it. If a third party has it, the choice is theirs, not yours. (Twitter has an admirable policy of notifying users of government data requests; most other service providers do not.)

You have equally little control over data stored on third-party servers. And the Obama Administration is pushing for new rules requiring internet service providers to retain more data on customer activities and to keep it for longer. The more you outsource, the more data you have out there under third-party control.

I’m not arguing against cloud computing or outsourcing of services. The benefits may very well outweigh the risks. But businesses (and individuals, for that matter) should be aware of just what those risks are.

The Bloomberg case exposes a completely different risk. Using third-party services necessarily exposes a lot of your information to the service provider. Even if you use the best security practices and encrypt all of your data both in flight and at rest, you traffic is moving over their networks and, as any good intelligence analyst will tell you, you can learn a great deal just from traffic analysis.

The standard Bloomberg contract, like the one obtained by Quartz, contained language allowing Bloomberg to monitor customer use of the system “solely for operational reasons.” Such language is typical in service provider contracts and is usually interpreted to mean that monitoring is allowed to the extent technically necessary to provide the service. But whether it is a rogue employee or, as appears to be the case with Bloomberg, a matter of policy, it is all but impossible to prevent the misuse of customer data. All you can do in the end is choose your vendors carefully and trust them.

 

 

Making the Cloud Safe for Consumers: Time for Apple To Step Up [Updated]

iCloud illoThis has been the Year of the Cloud.  Apple, Microsoft, and Google, the three companies that matter most to consumers, have all been rushing headlong to establish personal clouds that will link consumers’ data across multiple devices, making it available anywhere, any time. What could possibly go wrong?

We learned the answer in dramatic fashion this week when a hacker, apparently just out for kicks, wreaked havoc on the digital life of journalist Mat Honan, wiping his iPhone, iPad, and MacBook, deleting data from his iCloud and Google Apps accounts, and sending out a stream of ugly tweets from the account of his former employer, Gizmodo. Honan’s Wired account of just what happened and how is long but well worth reading.

A watershed event. It’s rare that a single incident marks a true tech watershed, but this may well be one. The personal cloud is definitely looking like the Next Big Thing. But the problems raised for cloud purveyors including Microsoft, Google, and above all, Apple are not just issues of public relations or marketing. They are going to have to make some real changes to assure safety.

Apple bears the biggest initial burden because of the ease with which the still unidentified attacker winkled Honan’s password out of Apple technical support and the company’s utterly incompetent handling of the issue once Honan discovered his problem. (Amazon played a relatively small but critical role in the attack, which relied entirely on social engineering rather than a technical assault. Wired Gadget Lab reports  that Amazon has quietly plugged the hole.) But Apple, as it its wont, has remained stonily silent on the matter. According to Gadget Lab,  Apple appears to have shut down telephone iTunes password resets, the crucial point of attack against Honan, but the company has announced no policy changes.

UPDATE: Apple spokesperson Natalie Kerris confirms that the company has stopped providing password resets over the phone. It plans to resume the service at some unspecified point in the future, but when it does so, users will be required to provide stronger authentication.

By his own admission, Honan made several serious mistakes in this episode, the most serious being the way he linked his Apple iTunes, iCloud, and Google accounts. That allowed a successful attack on one to be used against all. But if a savvy and experienced tech journalist couldn’t get this right, how much greater is the risk for the average consumer? Apple all but forces you to use the same username and password for iTunes and iCloud; the password you use to secure 99¢ song purchases can open the way to someone wiping out the data on a Mac.

Friction isn’t always bad. Apple’s goal in setting up iCloud was clearly to make transactions of all sorts as frictionless as possible. But friction is by no means always a bad thing, especially when it slows down an attackers. There is nearly always a tradeoff between convenience and security, and its clear that the dial is going to have to be turned toward security.

Keeping the focus on iTunes/iCloud, iTunes itself does not require a very high security barrier. Although you have a credit card on file, it’s hard for an attacker to buy very much very quickly. The main change needed is that Apple should greatly speed up the process of sending email purchase notifications. On Amazon these are nearly instantaneous, but I sometimes don’t get iTunes Store or App Store notifications until a day after the transaction. Your best protection is to get immediate notice if someone is making unauthorized use of your accounts.

Changing account settings, especially the email address associated with the account, should require a much higher level of protection, as does access to any iCloud data and the Find My Mac, iPhone, and iPad features. These features are used infrequently, and introducing a little, or better yet, a lot of friction will provide protection with minimal inconvenience. And password recovery procedures need a top-to-bottom reconstruction. For example, an individual who cannot produce acceptable credentials online or on the phone might be required to go to an Apple Store with government-issued ID and a credit card to establish identity. Yes, it is inconvenient; it’s supposed to be. (In Honan’s case, stronger passwords would not have helped in the least since the attacker was able to obtain his password.)

Unintended consequences. Another issue the industry as a whole has to come to grips with is unexpected interactions among different cloud services. This is an old and very difficult problem in security. Amazon’s policy on revealing information on existing credit cards when you entered a new one was mildly dumb. But combined with a totally unrelated Apple policy that let anyone use the last four digits of a credit card number to recover an iTunes password, it became catastrophic. Honan thought linking iCloud to Google was an innocent choice, but it, too, proved to have disastrous consequences.

The personal cloud is far too valuable to put it at risk through stupid security practices like those that clobbered Honan. It’s time for the services to take the lead and fix the problems in a public and transparent way (I’m looking at you, Apple.)

Final bit of advice to users: Honan says his biggest regret in this episode was the loss of photos of his child’s first year. As useful as the cloud is, it is no substitute for a secure local backup or backup to a dedicated service. Sync is great, but it is not backup. You should understand how different sync services work. I’m a big fan of SugarSync, which not only stores data in the cloud but, for important files, creates up-to-date local copies of files on multiple PCs. For important data, a belt, and suspenders, and maybe a second belt isn’t too much.

 

The PC is Not Dead

I chose this title because so many still associate the term PC with a notebook or desktop computing form factor. Let me first start by re-affirming my conviction that tablets as well as smartphones are in fact personal computers. The reality is that consumers are using a multitude of devices to accomplish what we have always considered computing.

It is no secret that I am bullish on tablets growth potential. With all the data I am seeing around consumer adoption of tablets world wide, it is hard not to be. But my perspective on the tablet form factor has always been that the tablet, and even to some degree the smartphone, does not replace a computer with a larger screen like a desktop or notebook. Rather these other devices simply take time and even some tasks away from the classic PC.

I still believe consumers will own computing devices with larger screens, more processing power, more storage, etc. However, the big struggle many in the industry are facing is the reality that the classic PC is no longer the only device in consumers lives. When the category for notebooks was a huge growth segment, it was being driven by two things. First, the fact that the category was maturing and prices were coming down. Second, because notebooks were the only mobile personal computers in consumers lives. All of this has been turned on its head with tablets and with smartphones to a degree.

The perspective that needs to be emphasized on this topic is that although the classic PC is not going away, its role is changing.

There is No Longer a Dominant Screen

The classic PC for many years was what we liked to call the “hub of the digital lifestyle.” It was the primary screen used for computing tasks in consumers lives. Other devices like iPods and early smartphones for example, had a level of dependence on the notebook or desktop. Even when the iPad first came out this philosophy was employed and was dependent on the PC to an extent. The desktop or notebook was the center and other devices revolved around them in this role. This is no longer the case for many and will soon no longer be the case for the masses. As more consumers fragment their computing tasks to be done on a number of screens, each screen will find a role as a part of a holistic computing solution.

The Cloud Becomes the Center

Although no single screen becomes the center of a consumers computing lifestyle, another solution takes the place. And that is the cloud. Personal clouds will be the glue that tie all our devices together. This is clearly evident with Apple’s latest OS release OS X Mountain Lion. This is the first classic PC OS which embraces the paradigm I just described, where no single computing device is the dominant screen. Many of the same apps, the same data, the same media, all available on every Apple screen.

Whatever screen is the most convenient for a consumer to use to look at an email, answer an email, browse the web, watch a movie, listen to music, check Facebook etc., at the exact time they want to do it, is the right screen for the job. The important word here to understand is convenience. Our research shows that people grab the screen that is closest or easiest to access to do a task the second they want to do it.

If I am in line at Disneyland and I want to do the above tasks, then my smartphones becomes the right screen for the job. If I am on the couch with my tablet near me, then it becomes the right screen for the job. If I am sitting at my desk with my notebook or desktop then it becomes the right screen for the job.

The beautiful thing about OS X Mountain Lion is that it enables and even encourages this computing philosophy I just described. Which is:

– let the consumer choose the right screen for the job
– make sure they have access to any and all programs, documents, and media
– anytime, anywhere, on any Apple device
– so that no matter which of their Apple screens they have or choose to use, IT becomes the right screen for the job.

This is the beauty of the cloud and the clouds role as the center of our personal computing infrastructure.

The classic PC used to be the center to which other screens depended on. But now that role as shifted to the cloud. This reality, not just tablets, is what is disrupting the classic PC.

The market is embracing this concept of screens (whether they know it or not) and will soon be conditioned to depend on the cloud rather than any one screen. It is for this reason, that in Apple’s case, iCloud is just as important of a platform as iOS and OS X. Other platform and hardware providers need to confront this reality and find their place in it.

The Classic PC Still Plays a Role

This is why I am emphasizing that the classic PC still plays a role. It does not go away but its role does change and, perhaps more importantly for hardware companies, the classic PC lifecycle has changed. Some hardware manufacturers may emphasize its role more than others. Some software platforms may embrace its role more than others.

Consumers will not abandon the classic PC. Because of this role change in classic PC usages, I believe some classic PC manufacturers will be confronted with some very challenging pricing economics in the very near future. (More on this in a later column)

My conclusion, however, is that anyone who does not have a clear focus on the cloud as the center and has a weak strategy for the rapidly changing role of hardware is headed for some very rough waters.

Very Quick Office Reaction: Getting the Cloud Wrong

Office 13 logoI’ve just spent about half an hour playing with the new Office 2013 preview, so obviously this is a very preliminary reaction. There will be a lot more to say in coming weeks and months. But I do think that in its understandable enthusiasm to bring Office applications to the cloud, Microsoft has made a fundamental mistake.

I very much like the idea of syncing copies of documents to the cloud. But I want first and foremost to retain a local copy, especially when working on a laptop rather than a tablet. Here’s how I do it now:  My Office apps are set to save files by default to the Documents folder  on both Windows and Mac. The Documents folders, along with its many subfolders, is set up to sync automatically with SugarSync and the non-tablet systems that I use regularly are set up for full two-way sync; when I upload a new or updated document from system A, that same document is silently, but quickly, downloaded to system B. This gives me up-to-date local and cloud copies. (You can do something similar with other sync services such as Dropbox, but I have been using SugarSync since it was in beta.)

The new Office apps save by default only to CloudDrive, meaning that no permanent local copy of the file is created (a temporary file is created to save any changes made while not connected to the network.) This makes sense on Windows tablets, though not as much sense as it does on a iPad, which lacks a real user-accessible file system. It makes no sense whatever on a laptop. You can easily override the default setting to store files locally, but then you have to manually create a cloud copy. Based on lots of experience, for reasons of both security and availability, I want that local copy.

What a really want from CloudDrive integration is something that works like SugarSync and automatically saves locally and syncs to the cloud. In fact, it could usefully go a step further and check before opening a local copy to see if there is a newer version on CloudDrive and give you the choice of which one you wanted to edit. This wouldn’t be hard to implement and would provide a much better experience.

 

We Have Personal Clouds, Now We Need Family Clouds

Prior to the launch of iCloud last year I wrote a column looking at ways that iCloud might work well for families not just individuals. I have a houseful of Macs and other iOS devices and I like to keep them in sync. The problem is they aren’t all mine. Some are my kids and some are my wife’s. There are digital assets that we own that are communal and shared and there are ones that are personal. I had hoped that iCloud would address these issues more fully than it currently does but unfortunately iCloud is designed to be more a personal cloud than a communal one. It is the communal or family cloud that I think needs to be addressed.

Synchronization is at the foundation of any good personal cloud. If I have a multitude of connected devices which I use regularly I want them all to stay in sync. The power of this lies in software that contains what we call a change and detect engine. That means that when a change is made on one device, it makes a change across all devices. Take a photo on one device, it is already on the others. Buy a song on one device, it is already on the others. Edit a document on one device it is already on the others, etc. This solution has manifested itself in the marketplace for quite some time but only recently has it been any good. Personal clouds are evolving nicely but we need hardware and software makers to start thinking more communally as well.

Communal Clouds

One of the things that needs to be pointed out about personal clouds is that they only matter when you have more than one connected device which you use on a regular basis. If I only used one personal computing product, I wouldn’t really have a need to keep it in sync with other devices. But once you get a desktop/ notebook, smart phone and or tablet then the cloud data synchronization becomes important. This is also true with communal clouds.

When only one member of the family has multiple computing products then the notion of the person cloud works. But once several members of a family start getting connected devices then the problem grows. Link that up with the reality that not all family members share a same roof and you can see how a communal cloud could be of value.

There is certain data that is communal and of value to a larger group and there is certain data that is valuable to just the person. A solution in the market needs to exist that makes communal data sync as easy as personal data sync.

For Apple, they have built iCloud with mostly the personal cloud in mind. There are of course ways to sync libraries of photos or other digital data but they are mostly manual processes. iTunes library sync is great and to some degree. Home Sharing is a good start but what about photos for example? Perhaps some of the most communal content in any family ecosystem is photos and currently keeping photo libraries in sync across a number of devices and iCloud accounts in the family is a pain. My wife constantly complains that none of our photos are ever on her computer because I download them all to mine. My iCloud account helps me to a degree but she has her own iCloud account and both act and sync independently of each other.

Other areas of shared sync that could be of use are things like family calendar, chores or to do lists, family documents or spread sheets which can be worked on collaboratively– just to name a few.

Interestingly this is a concept Microsoft has actually marketed to a small degree. There was a line in commercial I saw earlier in the year during a commercial for Windows which said “It’s good to be a family again.” In the commercial the father was using a Word document on his Windows Phone as a shopping list. As he was shopping, new items kept appearing on the list for things like candy and other junk food items. He quickly realized what was going on and the commercial ended showing his kids adding to his shopping list from their Windows PC at home. Changes they made to a document were instantly there in real time on his phone. This idea of how a family uses the cloud in a more holistic way is one that I think needs further development in this new era of commuting.

This extends outside the home as well. It would be great if new photos I took were not just synced across mine and my wife’s iCloud account but also with my parents and her parents and her grandparents. I am constantly putting photos on thumb drives and moving them or uploading chunks the cloud or to DropBox to get them from one place to another. There are solutions in the market but I want the manual processes removed and key communal data to simply stay in sync with those for whom it is relevant.

The bottom line is personal clouds are great but if they only work for me personally than they are useless at a communal level. People don’t use technology in a vacuum and we need hardware and software manufactures to not only solve problems for the personal computing ecosystem but for the family computing ecosystem as well.

A personal note to readers

 

A personal note to Tech.pinions readers:

I’m honored by the invitation from Ben and Tim Bajarin and Steve Wildstrom to write for Tech.pinions. I’m also delighted to have this opportunity to reconnect with many old friends from my New York Times and Fortune years, and to make many new friends, and to resume a dialogue about technology that started back when 640K was enough for everyone.

Notice the word “dialogue.” I spell it the old-fashioned way, not the currently fashionable “dialog” – readers of my blog will discover I’m something of a work freak — but the meaning is the same: A conversation between two or more persons; an exchange of ideas and opinions.

A roundabout looks like ...

Journalism is now a two-way conversation, unlike the old “one-to-many” broadcasting model that for centuries applied to troubadours, town criers, book publishers, newspapers, magazines, radio, television, and Web 1.0. Ideally Web 2.0+ journalism is even more than that, triggering not just two-way dialogue between writer and reader, but also many-to-many discussions among readers.

In other words, I don’t want my writing for Tech.pinions to be just a two-way street; I want it to be a roundabout in downtown Cairo or Rome at rush-hour.

So let’s get started: What shall I write about? You tell me.

What’s the next big thing? What’s happening now in technology, or looming on the horizon, that we need to be discussing now?

... a dendrite, don't you think?

Background: In 1984 I started writing a column about personal computers for The New York Times, where I was assistant science editor. In 1992 I convinced the Times to assign me full-time to report about “cyberspace.” I quit to do an Internet startup in 1996. As the Great Wayne Gretsky advised, I’ve tried to skate ahead of the puck, journalistically speaking.

Here’s where I think the puck is going, in terms of technology:

  1. Bioengineering and its impact on global health and life sciences.
  2. The Cloud, the reinvention of enterprise IT, and software as services.
  3. Data security, hackers, cyberwarfare, privacy.
  4. Robots. When people talk about the post-PC era, they say “tablets” and “smartphones” when they should be thinking robots.
  5. Environmental sciences and the role of technology.

These are just my Top Five; there will be fascinating developments in mobile technology, commercial spaceflight, nanotechnology, electronic payments, and all sorts of other areas.

Which ones do you think will be most important for the next five years? What am I missing?