Naked Security Naked Security

Concern and confusion over privacy and security of AR technology

AR has more to offer business than just Pokémon Go, but consumers need reassuring on privacy

A new study from ISACA has found consumers to be far more positive about the benefits of augmented reality (AR) than IT professionals. While 60% or more of consumers agree that a range of suggested AR applications would improve their life, only 21% of the thousands of business and technology professionals surveyed believe AR benefits outweigh the risks.

We’ve highlighted on Naked Security the concerns about AR that arose when the Pokémon Go craze hit on Naked Security. It seems those haven’t gone away as the craze has abated.

Security and privacy top concerns

The survey found that while

39% of the professionals surveyed said their employers aren’t planning to make use of AR within the next year

In contrast

25% said their organization has a way to detect pictures, posts and videos geotagged to their business locations or ads

So what were the professionals’ main concerns?

Security concerns top the list of barriers to opting AR adoption, accompanied by insufficient ROI, insufficient budget and a lack of skills and knowledge. Findings show:

  • 87% of global respondents say organisations should be concerned about AR privacy risks
  • 63% say their employers don’t have a policy to address the use of AR apps in the workplace
  • Only 6% have a program in place to monitor negative comments on virtual graffiti apps

If you’re new to virtual graffiti apps, they use augmented reality (in its loosest sense) to allow users pin graffiti to images and share them with other users as well as on social media. The virtual graffiti can be viewed through a wide variety of devices, from PCs and smartphones to smart glasses and set-top boxes.

Not all doom and gloom

ISACA, however, reveals in InfoSecurity Magazine report that it expects perspectives to change in the not too distant future. It quotes Rob Clyde, board director of ISACA and executive advisor at BullGuard Software, as saying:

We expect to see these numbers change in the very near future as businesses begin to view AR as a valuable technology that can deliver positive business outcomes, such as improving training, education, marketing and customer experience.

After all, AR does have a lot to offer business, as the ISACA survey highlights. It could open up new business models, improve collaboration and marketing, increase efficiency … and lots more besides.

What is AR?

Before we go any further, let’s explore what AR actually is.

I’m sure you’re already familiar with AR – Pokémon Go got everybody talking about it – but let’s just get back to basics and remind ourselves what it’s all about. Wikipedia describes AR as:

Augmented reality (AR) is a live direct or indirect view of a physical, real-world environment whose elements are augmented (or supplemented) by computer-generated sensory input such as sound, video, graphics or GPS data.

My view is that the applications the researchers shared with the consumers surveyed were actually a mix of real augmented reality and simple geotagging. They included:

  • training guides and remote workplace learning
  • retail healthcare geolocation
  • 65% workplace safety guides
  • product demonstrators

I personally wouldn’t include geotagging under augmented reality.

Consumer concerns around privacy

The study shows consumers also have some concerns – primarily when AR is connected to Internet of Things (IoT) devices. Around 77% are concerned that

AR enhancements may make IoT devices more susceptible to a privacy breach

But why should AR make IoT devices more susceptible to a privacy breach? Which sort of IoT devices are we talking about here? A smart meter? A temperature sensor? A wearable? I’m guessing they’re thinking of specific types of end-user IoT devices in some specific use context.

Are we talking about IoT devices gathering information that is then displayed to users through AR? Surely AR is simply a medium to display information and it is no different to that information being displayed on any other medium.

Or is AR gathering loads of information about its user in tandem with sharing information to that user. Feel free to enlighten me.

Or consumer confusion?

I decided to do some research to try and understand what those consumer concerns might be. Wikipedia explained:

The concept of modern augmented reality depends on the ability of the device to record and analyze the environment in real time. Because of this, there are potential legal concerns over privacy. … Legal complications would be found in areas where a right to certain amount of privacy is expected or where copyrighted media are displayed.

OK, so we’re talking about information about an individual that could be accessed using facial recognition technology. We’re talking about someone walking down the street with AR tech in their hand being able to find out information about each person they come across – whether they’re married, where they come from, what they like to do, …

But surely, that’s a different matter entirely. It’s about the use of facial recognition technology. It’s about using that technology to recognise the person in front of you and access information about them.

No wonder consumers are confused. I am.

The study bears that out. There’s been a drop of 10 percentage points in consumers considering themselves knowledgeable around AR – down to 73% in the US in 2016 from 83% in the US in 2015.

Mixed messages

One of the main conclusions we can draw from this study is that people are getting mixed messages about what AR actually is. And the study itself has only exacerbated that problem.

Please, please, please, manufacturers, journalists, researchers … just stop getting your technologies mixed up. It’s not only confusing everyone, it’s also slowing down adoption of some really cool kit that could make a real difference to our lives.