The Framing Effect: you make your choices depending on how information is presented

ElevenPaths    19 November, 2018
The Framing Effect image
You have received an alert from cyber intelligence. A terrible and enormous cyberattack is approaching. You must ensure the protection of 600 positions within your organization. You don’t have much time, so you must decide on the implementation of one of two potential security programs, but the decision must be taken now!
  1. If you choose program A, you will be able to protect 200 positions. 
  2. If you choose program B, there is a 1/3 chance to protect the 600 positions and a 2/3 chance of not protecting anyone.
An important number of people surveyed usually choose the 1st option: they would rather protect 200 positions with certainty than risk and not protecting anyone.
Let’s see a new cybersecurity scenario. You face the same issue, so you need to protect the same 600 positions. You can choose between the following two new programs:
  1. If you choose program A’, 400 positions will be compromised. 
  2. If you choose program B’, there is a 1/3 chance of not compromising any position, and a 2/3 chance to compromise the 600 positions.
Read carefully this second scenario. Did you notice that is the same as the first one? Considering that they were successively presented, you may have noticed it. Both A and A’ consequences are the same. This also applies for the B and B’ ones. Nevertheless, for this second scenario most people tend to choose program B’ (perhaps even you did it). This example highlights how powerful Frames are: the context of the choice impacts the choice made.
When you catch reality with your smartphone, is the resulting photo objective? The simple fact of taking such photo from one position or another will make your audience to perceive just the “reality window” that you decided to show. This window, or “frame”, does not necessarily distort reality, but it organizes such reality in a biased manner. People watching reality through your frame will perceive a different image than if they watch reality through another frame: same reality, two different ways to perceive the world.
Just as a photo can show different versions of the “objective reality out there”, we regularly use “mental frames” to mentally represent reality. The fact of choosing, consciously or unconsciously, these frames will strongly govern our decisions. Indeed, frames build the reality that you perceive.
Frames can be created in several different ways when formulating cybersecurity decisions:
  • Choice positivity (income) or negativity (loss) 
  • The order followed to present the choices 
  • The context within choices are presented 
  • The type of language (semantics) used to formulate the choices 
  • Additional information included or left out when formulating the choices
Let’s see them individually.

Choice positivity (income) or negativity (loss)
This effect was deeply described along the last entry: You are less rational than you think when you take decisions under uncertain conditions. The conclusions can be summarized as follows:
If the choice is framed as an income, people will tend to avoid risk and to seek sure profits, even if they are low. However, by framing the choice as a loss, people would rather risk a high loss than lose with certainty, even if such certain loss is low.
The two scenarios proposed at the beginning constitute an example of the frame we are talking about. Anyway, we see continuously similar examples in our everyday life. How would you advertise a firewall?

  1. It provides protection aainst 99,9 % of the attacks
  2. Only 0,1 % of the attacks are succeeful
It is clear that the first ad will have a higher success than the second one, even though both frames provide exactly the same information (known as “pure frames”). Just the focus is different. Therefore, in this case there is not a “right” frame. Both are equally valid, although their effects on the choice made can be predicted.
Which sentence would you choose to convince the Board to invest in your Security Plan?
  1. With the new Security Plan, we will save 350,000 € next year
  2. With the new Security Plan, we will avoid a loss of 350,000 € next year
Taking into account how we are, the second sentence is more likely to get the approval.

The order followed to present the choices
Did you never ask yourself, over an event for example, if it was better to be the first or the last to give your talk? Sometimes, information presented at the beginning has a greater influence: the priming effect. Nevertheless, information presented at last has often a higher impact: the recency effect.
For instance, imagine that you must hire a security manager. The first candidate is described in their psychological record as: Intelligent, Hard-working, Impulsive, Critical, Stubborn and Jealous. How would you define this candidate? It is more than likely that your interpretation of the last adjectives will be conditioned by the two first ones, Intelligent and Hard-working. At least initially, they are positive characteristics that will make your first impression positive. They set up a filter that will positively sift through the remaining adjectives. For instance, you may interpret Stubborn in a positive manner, meaning that the candidate is a determined person who does not stop when facing difficulties.
However, imagine that you had read the adjectives in the following order: Jealous, Stubborn, Critical, Impulsive, Hard-working, Intelligent. In such a case, even if they are the same adjectives, the reverse order would probably have made a bad impression of the candidate, since the two first adjectives, Jealous and Stubborn, are considered as negative. Therefore, the resulting mental filters would be negative, as well as your interpretation of the subsequent adjectives. For instance, in this case you would probably have added “as a mule” to Stubborn. How different can be the interpretation because of the order!

candidates imagen
Thus, if you are describing a potential solution to a client or your boss, consider that the order followed to present information will determine their feelings towards such information. If you start presenting the positive elements, you will be setting up a positive initial frame, so they will be more permissive regarding the further negative aspects. And the other way around: start presenting the negative elements and you will be setting up a negative frame that will make them see the remaining elements under a negative light.

The context within choices are presented
Imagine the following scenario: you have been invited to dinner by a wine-fanatic friend, but you are not keen on wines. Anyway, you want to buy one. When you go shopping you have three choices: the first wine costs 1.50 €; the second one 9.50 €, and the third one 23.50 €. Which one would you buy? If you are like most people, you will choose the second option. We tend to avoid extremes. This is the technique used when someone wants to palm something off on you: they frame it between extremes.
So, imagine now that you need your boss to approve a security budget of 1 M€ for next year. How would you increase the probabilities of approval?
  1. You present three potential budgets: 500 K€, 1 M€ and 2 M€
  2. You present three potential budgets: 250 K€, 500 K€ and 1 M€
Without a doubt, the first option will be more successful. Avoid extremes. And, if you only have one option to present, make up two more options and place them on either side of your proposal.

The type of language (semantics) used to formulate the choices
You can announce your girlfriend’s pregnancy in two ways:
  1. Mum! My girlfriend is pregnant!
  2. Mum! You are going to be a granma!
The mental frame chosen to transfer your message can determine your audience’s emotional reaction: you can say the same thing but framing it in different ways, thereby raising opposed feelings.
We continuously see it with politics. It’s not the same to discuss about “gay marriage” than about “marriage freedom”. In Spain, politicians talk about “adjustments” (ajustes) instead of using “cuts” (recortes) and, within the European Union framework, they rather use “relief measures” (medidas de estabilidad) than “rescue mesures” (medidas de rescate). Within the framework of war, the term “collateral damages” (daños colaterales) is used instead of “killing of civilians” (matanza de civiles).
Following the same line, “bombardment” (bombardeo) is called “reactive defence attack” (ataque de defensa reactiva). These frames seek the activation of strong emotions such as hatred, anxiety, fear or euphoria.
Now, think about your work. When you are talking about a firewall, there is a big difference when defining it as:
  1. An essential protection layer
  2. A basic survival mechanism
The second option will arouse the strongest response. Consider that, when framing, you are selecting and highlighting particular aspects of the events or matters concerned, as well as setting relations between them in order to promote a particular interpretation, assessment or solution.

Additional information included or left out when formulating the choices
On July 2013 an Alvia high-speed train had a terrible accident near to Santiago de Compostela. In your opinion, do the following sentences provide the same information about the engine driver’s behavior at the moment of the accident?
  1.  The engine driver was on the phone 
  2. The engine driver was answering a call from a RENFE controller 
In the second case, the additional information drastically changes your view about the engine driver’s performance. So, adding or leaving out information can completely bias your decision. Imagine the following scenario:
You are the security manager of a multinational company with more than 100,000 workers. A malware is spreading through the workers’ computers, causing damages. Most infections occurred in a unit with 5,000 workers from the same country, although such malware has touched other unities in different countries as well, but in a subsidiary manner. The Board has approved a Budget for you to stop the infection, so you have two options:
  1.  Plan A will save 1,000 computers from the first unit having 5,000 workers from the same country, where most infections occurred, that is, you will save 1/5 computers, 20% of the computers of that country, the most affected by the malware. 
  2. Plan B will save 2,000 computers, but from the whole organization, that is 100,000 workers, in other words: you will save 1/50 computers, 2% of the computers. 
What would you do? Which plan do you think is the best? Please, take a decision before reading on.
Consider now the same scenario, but framed as follows:
  1. Plan A will save 1,000 computers 
  2. Plan B will save 2,000 computers 
What would you do now?
When the first version of this scenario is presented, most people choose plan A, which would allow to save 20% of those being most at risk. Nevertheless, when the second frame is formulated, they have a light bulb moment and then opt for Plan B. In such a case, leaving out information (the percentages) make surveyed people’s minds up regarding the right option. 
Therefore, the “right” option can sometimes be reached by adding or leaving out information. Be careful when framing choices, because the choice made will depend on the frame chosen.

Your choice will depend on how information is presented
As you can see, we are not as free as we would like to be. We don’t assess options with full objectivity, evaluating the potential impacts and probabilities and optimizing the functions of the expected value. Not at all. Our decisions are conditioned by the kind of information available, by how such information is verbally formulated as well as by its context and its order.
We are victims of our own biases and heuristics. Next time you must make an important choice on security, take a moment to analyse the context of the choices. This may lead you to take better decisions.

Gonzalo Álvarez Marañón
Innovation and Labs (ElevenPaths)

CapaciCard: an Elevenpaths’ own physical technology materializing simple identification and authorization

ElevenPaths    19 November, 2018
Can you imagine to be able to authenticate or authorize a payment just by placing a plastic card on your mobile phone screen? (without circuitry, neither NFC connection nor additional hardware are required). So now try to imagine the same scenario but placing that card on a laptop touchpad. Over the last Security Innovation Day, we presented several technologies developed by our team, of which we are especially proud. Along this entry we will talk about CapaciCard.
CapaciCard, tecnología física de identificación y autorización de forma sencilla



CapaciCard
CapaciCard enables authentication, identification or authorization of users by taking advantage from the inherent capacitive features of multitouch screens, which are present in almost all the smartphones and laptop touchpads available on the market. Neither NFC, connection, BlueTooth, nor additional hardware are required, just a cost-effective card.

Cost-Effective
CapaciCard is a simple plastic card with some capacitive points inside creating a unique graph for each user. Any capacitive screen (like these from smartphones or laptop touchpads) can read them.

Different services available in one device

CapaciCard enables many dispositions inside, so just with a card you will be able to be authenticated in any web. The web will only need to be slightly modified to take advantage of this technology, as it is usually done to integrate any identity provider.

Paired with your device

Leave passwords and coordinate cards behind. CapaciCard is simple and easy to use. Do not fear to lose your card: it has been previously paired with your devices with a simple process, preventing third parties from using it.

Our technology has been registered as a patent and was presented at the Security Innovation Day, where we showed other projects we are currently working on. Further information can be found in capacicard.e-paths.com



Innovation and Labs team of ElevenPaths 

Movistar+ launches a pioneering advertising innovation project in Spain

AI of Things    16 November, 2018

Post written by Milena Quintana Pinto, Marketing of Mobile Advertising – LUCA

This initiative by Movistar+ will allow households watching #0 (in linear TV) to enjoy ads adapted to the configuration of their home, interests and preferences, versus the traditional television model where all viewers see the same block of advertising.

The future is here. Telefonica, with Movistar + at the forefront, is focusing on new modes of consumption, both for television and advertising content by launching a pioneering advertising innovation project in Spain, which offers specific advertising for each viewer, according to their tastes, characteristics and consumption habits, at a household level.

This initiative, carried out in partnership with Procter & Gamble, means #0 (Canal 0) viewers have been segmented into three types of household. Each household, based on its linear television consumption will only see the campaigns for which it is the target audience, allowing the advertising blocks to be customized therefore reinforcing the relevance and suitability of each spot for each home, and avoiding saturation.

Figure 2. Movistar+ is available across different devices

It has been launched in #0, a Movistar+ owned channel, so that all viewers of the platform can be participants in this experience. It is the first case in Spain of segmentation in linear television consumption, an important step in the convergence between linear television and the digital world.

“Thanks to its constant commitment to innovation, Movistar + is leading the change in content consumption and, with it, the change in advertising. We are consolidating a unique advertising model, in which Movistar + is a reference in advertising planning with innovative, interactive, integrated content and branded content solutions that unique in the market “, pointed Yolanda García Masiques, Director of Advertising for Movistar + .

Technological capacity and knowledge of the viewer

All this has been possible thanks to three characteristics in which Movistar + is a point of reference: its great technological capacity, its knowledge of the viewer, and experience in big data processes and methodologies. In addition, to carrying out the first campaigns and personalization experiences, P & G, a true reference in the advertising market, has joined the project, contributing with its huge multi-brand experience, together with its media agency Carat Spain. Three iconic brands, Dodot, Ausonia and Olay, have been chosen and the profile of homes that match these brands selected.

“At a time when the consumption of traditional media is changing, and is increasingly fragmented, the use of Big Data and technology like this opens the possibility of getting the relevant information effectively. Programmatic is already a reality in our media strategy, and the personalization of television advertising is another step in our commitment to precision marketing, to reach all our consumers at the right time, with a relevant message and with the right frequency “, Cristina Guisasola, Senior Media Manager Procter & Gamble Spain.

Don’t miss out on a single post. Subscribe to LUCA Data Speaks.

You can also follow us on TwitterYouTube and LinkedIn

m33tfinder: a vulnerability on Cisco Meeting Server detected by ElevenPaths

ElevenPaths    16 November, 2018
On November 7th, while we were holding our Security Innovation Day, Cisco published a security advisory with CVE-2018-15446 associated to a vulnerability on the software Cisco Meeting Server reported by our Innovation and Labs team. Such
vulnerability could allow a remote attacker to gain access to sensitive
information as well as to join those meetings held through this
software. Cisco Meeting Server (previously named “Acano”), is a video
conferencing software enabling users to held meetings through different
clients, such as Cisco Jabber, Cisco Meeting App, Skype for Business or
via WebRTC with a supported browser.
m33tfinder: a vulnerability on Cisco Meeting Server detected by ElevenPaths imagen

Over the testing we performed, we detected that active conferences from a Cisco Meeting Server can be listed, remotely and without previous authentication. This provides a wealth of information on the conference stored in the system, for example:  
By analysing all this information, a company’s agenda could be revealed:topics to be addressed, people involved, etc. At this stage, it is an information access problem that the attacker could use to better develop further attacks. Moreover, we also detected that it is possible to perform a brute-force passcode attack remotely and without authentication –depending on Cisco Meeting Server configuration– against those conferences having a passcode, so the server will not be able to stop it, regardless of the number of attempts: just by getting the passcode the attacker could join the meeting.
The attacker would be able to detect (through the name) conferences without passcode where critical issues –such as those related to the budget, the executive board, strategic meetings, etc.– are being addressed. From identification of the targeted conference, the attacker could enter the Conference ID and subsequently join the meeting as a guest by using a non-suspicious username (social engineering).
Technical details
So, let’s see some details in context. Firstly, an attacker could identify Cisco Meeting Servers available in the Internet, for instance by using Shodan. An example of characteristic JavaScript enabling to discover this kind of software would be:
html:”scripts/script_switcher_join_a_call.js”

Once the target’s URL has been identified, the attacker could send a POST request to the following URL: https://[urlmeetingserver]/guestConference.sf and send the potential conferences IDs as parameters. The attacker would have to attempt by sending, for example, the conference ID: 0000, 1000, 2000, 3000, etc. to identify the conferences ranges used, and then precise them. The server response will be different depending on whether the range is being used or not.
The range is not being used (left). The range is being used (right). img
The range is not being used (left). The range is being used (right).
Once the valid conferences ranges have been identified, the attacker could send HTTP POST requests including as many conferences IDs as possible within the range and a null passcode on the identified ranges to https://[urlmeetingserver]/guestConference.sfin order to detect the existing conferences. Once again, conferences in the server can be identified by taking advantage from the different server responses, as you can see in the following image:
"Success" response when there is a conference in the server img
“Success” response when there is a conference in the server
According to the Cisco Meeting Server configuration considered, this technique will only return those unprotected-by-passcode video conferences or all the existing ones. This will depend on the “Guest access via ID and passcode” configuration.
  • If such parameter has a “legacy” mode configuration, the conference ID to join the meeting will firstly be required, and then the passcode. In this case, the technique described would return all the existing meetings, regardless of whether they are protected by passcode or not.
  • If it has a “secure” mode configuration, both conference ID and passcode will be required to join the meeting. In this case, only those unprotected-by-passcode conferences are returned (i.e., with null passcode) since the server verifies both (conference ID and passcode) when responding if the conference exists or not.

Guest Access via ID and Passcode Parameter Configuration img
Guest Access via ID and Passcode Parameter Configuration
Attempt as many passcodes as you wish
It is worth clarifying that by “passcode” we mean a numerical value that may consist of up to 100 figures, even though passcodes consisting of 4 or 6 figures are generally used, since they are more convenient for users to join conferences. It must be numerical so that it can be introduced from a mobile phone by means of DTMF (Dual tone multi frequency).
In those cases where the conference has a passcode and the “Guest access via ID and passcode” parameter has a “legacy” mode configuration, the attacker could perform a brutal-force passcode attack to get it. There is no blocking of any kind for failed access attempts. Such attack can be performed by sending a POST request to https://[urlmeetingserver]/guestLoginRequest.sf with the parameters belonging to the targeted conference, so the passcode will be taken from a passcodes list generated by the attacker.
Server response due to invalid passcode img
Server response due to invalid passcode

In cases of valid passcode, the response will also be “failure” because the queries are being sent from a Python script and not from a browser. Even so, the “reason” variable returns ‘unsupportedBrowser’ instead of ‘invalidPasscode’ as we saw above, so we can gather it is the appropriate passcode. Once the passcode has been obtained, the attacker could kick off social engineering mechanisms to join the meeting. 
Conference access in secure mode img
Conference access in secure mode
Conference access in legacy mode img
Conference access in legacy mode
Cisco Meeting Sercer protections
It has two parameters to prevent this kind of attacks:
  • The “Guest access via ID and passcode” parameter with the “secure” value already mentioned.
  • An alphanumerical “secret” parameter included in the invitation link, enabling direct connection to the video conference. Actually, this parameter does not increase security on Cisco Meeting Server, since unauthenticated remote users can see it from the conference weblink, as you can notice in the following image:
Conference WebLink displayed to unauthenticated users img
Conference WebLink displayed to unauthenticated users
Proof of concept
In order to perform an appropriate testing, the ElevenPaths’ Labs team has developed two simple tools written in Python: m33tfinder.py, enabling to remotely detect and list the conferences from the Cisco Meeting Server, and m33tbreak.py, a tool enabling to perform a brute-force passcode attack over the targeted conference.


To use m33tfinder you only need the Cisco Meeting Server URL considered. The tool will find the conferences ranges used first, and then it will detect, by each conferences range, the existing and ongoing conferences. In those cases where the Cisco Meeting Server has a legacy mode configuration, m33tfinder will detect and return information on all the conferences from the server. When the Cisco Meeting Server has a secure mode configuration, m33tfinder will only detect and return information on unprotected-by-passcode conferences.
m33tfinder functioning when detecting conferences, both in legacy and secure mode img
m33tfinder functioning when detecting conferences, both in legacy and secure mode
To use m33tbreak you need both the Cisco Meeting Server URL considered and the conference ID over which the brute-force passcode attack is going to be performed. The tool will firstly verify that the conference exists and is protected by passcode, and then it will perform the brute-force passcode attack through a pins file. This pins file contains by default all the existing four-figures combinations, although it can be modified so that it contains passcodes of different lengths.
m33tbreak functioning when performing a brutal-force attack over a conference img
m33tbreak functioning when performing a brutal-force attack over a conference

By using m33tbreak,there are two potential results:
Uso de M33tbreak para el ataque de fuerza bruta a una conferencia img

Countermeasures and solutions
Following our report through the official channels, Cisco appreciated it and promptly launched a security patch fixing this vulnerability. It has been qualified as a medium-seriousness vulnerability with a CVSS score of 5.3. The official explanation is read as follows:
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this vulnerability by sending meeting requests to an affected system. A successful exploit could allow the attacker to determine the values of meeting room unique identifiers, possibly allowing the attacker to conduct further exploits.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Yamila Levalle
Innovation and Labs (ElevenPaths)
[email protected]

The IoT to protect shipments

Cascajo Sastre María    14 November, 2018

Connectivity allows a greater efficiency of the messaging services. The devices are used to geolocate packages, monitor their environment conditions or alert of the existence of incidents during transport processes.

Leave a Comment on The IoT to protect shipments
Cascajo Sastre María
Cascajo Sastre María

Born in Valladolid but always lived in Irún. I have a degree in Journalism and two Masters: one in Journalism in Television and another in Marketing and Digital Advertising. I have touched different branches before taking root in Telefónica, where I work since 2015. Currently workig in the Mkt & Comms department of Telefónica IoT. My little pleasures of life: play music at full volume on the car and chocolate. My motto: "Maybe not every day is good, but there is always something good every day".

The Chief Data Officer: What can they do for your company?

AI of Things    12 November, 2018

Written by Antonio Pita Lozano, Operations & Solutions Director at LUCA Consulting Analytics. Head of Big Data Science

Data economy, Big Data, Machine Learning, Artificial Intelligence or Internet of Things are some of the topics that are increasingly featured on the steering committee. But not only do these words appear in top management circles, but also with new figures. This is the case of the Chief Data Officer, a newly created profile in many companies.

The Chief Data Officer (CDO) is responsible for the data of a company at the highest level, both from a technological and business point of view, including security. They help with managing the data as a corporate asset; among its functions is the strategy for data exploitation and data governance; that is, defining security policies in the management and storage of data, privacy policies, as well as keeping up with the latest developments in regulatory issues that are set by the country, or in this case, the European Union.

The versatility of the CDO is opening a debate on the role that they should occupy within the organizational structure of the company. Theoretically, all companies should have a CDO since nowadays all companies use data, but it is not mandatory to have this figure at regulatory level. In SMEs this figure does not usually exist and falls to the business director or IT director. In contrast, all large organizations already have a CDO.

For those companies that have decided to incorporate the role of the CDO, there are various currents about the position it should hold within the organization. In some cases the profile of the CDO is ICT, in those cases the focus is on the processes and the quality of the data. In other companies, the CDO has a business profile, in these cases the attention goes to use cases and application of data. But, where is the best option to place the Chief Data Officer (CDO) in the organizational structure of the company?

We should start from the basis that the transformation of companies is horizontal as it affects all business units and where data is the most valuable asset in the evolution of any business model, the current IT-business binomial must end and we must accommodate to the trinomial business-science-technology, with the data as the basis of knowledge. Thus, the profile of the CDO must be hybrid: technological, business and with regulatory knowledge, a profile that is very versatile at business level. That is why the CDO is usually chosen among the profiles that already work within the company, given the depth of knowledge of the business that they should have.

The Chief Data Officer (CDO): the new bridge between IT and business

The CDO must act as the bridge between business and technology. Regardless of the ‘background’ of the CDO, its role is always to be the guarantor of the unique truth of the data, ensuring that there is no inconsistency in this regard. For this, it is usual for the CDO to have a technical team and a functional team that knows the business. 

Within its team, the Data Steward is key, responsible for implementing all the policies promoted by the CDO in each of the company’s organizational units. In addition, the CDO must have an expert team in advanced analytics and an Analytical Center of Excellence to extract knowledge from the data and make it available to the entire firm.

The CDO has become the person in charge of the data governance of the company, and they must act as a bridge between business and technology. They should decide what data is used, when it is used and for what purpose, validate the technologies used, to assure and agree on the traceability of the data to be aware of any transformation suffered and all the users that make use of them, as well as the business application that has the use of data. 

Gradually, this profile is gaining weight within the organization and in some cases they are already part of the Board of Directors, but without any doubt the capacity of the CDO  as a ‘translator’ between the business and technology areas places him in a global position with Direct line of reporting to the CEO.

Don’t miss out on a single post. Subscribe to LUCA Data Speaks.

You can also follow us on TwitterYouTube and LinkedIn

Analysing tourist profiles in Spain with INE

AI of Things    12 November, 2018

Tourism is one of the main sectors of economic activity in Spain. According to the National Institute of Statistics (INE), an autonomous body under the Ministry of Economy in Spain, received in 2017 a record number of 81.8 million foreign tourists, 8.6% more than in 2016. Now, thanks to the use of mobile data, and the more accurate insights obtained from this information, it responds to variables that are otherwise not possible.

Why does the INE need insights obtained from mobile data, in addition to conventional opinion surveys? This is how the INE applies Big Data techniques to complete the information they already obtain from traditional sources:

The National Institute of Statistics (INE), is the autonomous body of Spain in charge of the general coordination of statistical services for the General State Administration and the supervision, control and oversight of technical procedures. Thus, its function is to provide data to the population, trying to respond to information needs related to demography, economy, and Spanish society.

According to the INE, Spain ranks third in the number of tourists received according to the ranking of the World Tourism Organization (WTO), and the contribution of tourism to the state economy has gradually increased in recent years to reach 10.9% on GDP; in addition to having more than 2.3 million people working in the tourism industry, becoming the sector that employs 12.99% of the employed population in Spain.

In this context, Belén González Olmos, Deputy Director General of Statistics of Tourism and Science and Technology for INE explains that:

“We receive requests every day related to tourism, a very important sector economically for Spain, employing many people. And, therefore, it is necessary to respond to those requests on time, and with greater granularity. The INE surveys do not allow such an immediate response, they need at least a month to have that information. On the other hand, thanks to solutions such as LUCA Tourism, we can respond to these other needs. “

The traditional surveys respond, among others, to variables required by the regulations governing the INE, such as the qualitative variables, but combined with the insights offered by LUCA, through Telefónica’s mobile data, the value of the Data is greater. As it offers greater immediacy (LUCA offers data in 24 – 48 hours, while the INE would take a month), it improves efficiency by reducing costs and increasing punctuality whilst expanding the information they produce in a more detailed breakdown.

In this way, tourism being one of the main economic activities in Spain, the INE decided to create a pilot study with big data techniques to help and complement the data obtained through conventional surveys and offer a more detailed analysis with LUCA.

Figure 2: Tourists looking at city map

Tourism Statistics Systems in Spain

All the methodologies of the surveys carried out with the INE are published on the INE website, so anyone who wants to consult these data can do so. From the demand side, the three most important tourism surveys, from which they obtain data and are then published, are the Resident Tourism Survey; FRONTUR, a survey that is given to all tourists that enter Spain; and EGATUR, the Tourism Expenditure survey in Spain. While on the supply side, occupancy surveys are carried out in hotels, apartments, campsites and rural tourism locations.

Need to use big data in official statistics:

Big Data can be used both in surveys of supply and demand, and in this case the studies worked with LUCA, have been part of the demand following the recommendations of the European regulation, with variables and concepts recommended by the international tourism organization. Thus, we have worked on an integrated system with the INE according to the principles of quality and confidentiality established and also offering relevant data; opportunity and punctuality; comparability; coherence; completeness and transparency.

Commitment to quality and confidentiality of data

It is important to highlight that the INE is obliged by the Public Statistical Function Law to protect the confidentiality of data provided by informants. Therefore, before a possible collaboration with other institutions or companies that work with data, as in this case the collaboration with LUCA, it is guaranteed that all the data that is handled is subject to this Statistical Secret. In addition, the insights obtained through the mobile data of LUCA are also anonymized, aggregated and extrapolated for their treatment.

5 in 5: How AI can benefit your business (EP 1)

AI of Things    12 November, 2018

Over the last 10 years, we have experienced a monumental shift in the way in which businesses operate. Terms such as Big Data and Artificial Intelligence are common place, and as the full potential of AI comes to light, firms are gearing up for a technological business revolution.

What is Artificial Intelligence?

Artificial Intelligence (AI) is the fundamental application of the ideology of creating a computer that is capable of solving a complex problem in the same way a human would. It is comprised of a multitude of factors, including machine learning, deep learning, neural networks and Big Data. 

AI is inspired by the human brain and, like the human brain, it is made of up of layers of neural networks, designed to replicate it´s complexity and functionality. Like us, AI systems aren´t perfect. They have to learn in the same way we do; by taking in information, processing it, and storing it for future reference.

1) Reduce Human error: Improve efficiency 

Although we may not like to think it, we all make mistakes. Even the brightest minds in the world aren’t immune from errors. AI has the ability to significantly reduce this risk. By combining human cognitive features and complex algorithms, the AI can improve efficiency by doing multiple calculations and functions simultaneously, with a lower rate of error than the human brain.  

The extraction of real-time data, and the analysis and description of this, will likely give a firm a competitive advantage over others in the market. Whilst Data Scientists are still crucial and their skills incredibly useful, the human brain would simply not be able to do all of these functions as fast or as consistently as the AI.

2) Automation of tasks: Time saving 

We all know the famous saying; time is money. By implementing AI into a business, time will be saved in a multitude of areas, such as analysis and processing.

AI uses its trained algorithms to store and interpret this data, with human intelligence only needed to use this data to whichever advantage they choose as, although computers are able to store a lot of data efficiently, humans are still needed to correlate and correct this data to then be analysed and used to aid the business. Taking out steps drastically changes the time needed for each task.

3) Combat the data deluge: Optimise resources

The quantity of information in the world is growing daily, and many firms are unable to utilise this data efficiently. Due to the information explosion we have experienced in recent years, along with the Big Data Boom, companies are unable to filter all of this data and turn it into useful information, which ultimately results in an unproductive use of resources.

By using smart insights, the AI is able to extract valuable data that can be used to stream-line the marketing process and make the most out of the data available to them, optimising resources efficiently and effectively.

4) Positive shifts: Increase employment

A common fear surrounding AI is that jobs will become redundant with the automation of tasks that are currently carried out by humans. Echoing a previous article by AI Ambassador Richard Benjamins, in which he explains five common fears of AI, if we look back through history we see that any revolution affects employment.

Whilst yes, some jobs will be lost, new jobs will be created, and the existing nature of jobs will adapt to these changes. Although the exact description of new roles is relatively unknown to us, experts say it is likely we will see a sharp increase in the demand for roles surrounding data, such as Data Scientists. These changes make space for a re-structuring of current business practices, which as history show us again, often has positive results for both employers and employees.

5) Identify and maximise sales opportunities (Marketing): Increase revenue

One of the most valuable areas of data to marketers is customer behaviour. With this knowledge, they are able to optimise marketing campaigns. For example, achieving more personalised marketing; AI has access to millions of data and can access it simultaneously and help create targeted strategies with higher success rates.

AI is able to decode raw customer data and segment this by behavioural patterns and/or traits. By using this technology, companies will be able to improve pricing models and delegate time to the creation of specific strategies; thus giving themselves a higher chance of executing them and reaching desired sales targets and maximising revenue.

Figure 2, Businesses must be innovative to compete

Overall, if implemented correctly and used with integrity and transparency, AI has the potential to greatly benefit companies. It is clear that the combination of Human and Artificial Intelligence is incredibly powerful. The simply unnnatainable processing speed of AI compared with the human brain, along with the unprecedented experience and adaptation of the human brain, can combine to create a powerful corporate force. Businesses should look at AI as an opportunity to grow and improve their practices.

Don’t miss out on a single post. Subscribe to LUCA Data Speaks.

You can also follow us on TwitterYouTube and LinkedIn

Mobility patterns in Lima and Callao based on Big Data technology

AI of Things    11 November, 2018
We often think of Big Data as something exclusive to private companies. But one of the clearest applications is that of public bodies who want to improve the lives and services of their citizens. In line with this, we are working with the Ministry of Transport and Communications of Peru and AATE in the analysis of urban mobility in the city of Lima, with the objective of optimizing its metro line in Lima and Callao.

The population growth of cities is ever-increasing, forming a new urban landscape in which the management of an efficient transport system has transcended the institutions to become a matter that has a direct impact on the daily lives of its´ citizens. In this sense, transport is a determining factor in the development of cities and, with the growing boom of the so-called Smart Cities, transport infrastructures must gain an increasing presence in decision-making regarding the location or type of transport to be implemented in the cities.

The Autonomous Authority of the Lima Electric Train (AATE), an entity that reports to the Ministry of Transport and Communications of Peru, is in charge of planning, coordinating, supervising, controlling and executing the implementation of a massive and efficient electric transport system in the metropolitan area of Lima and Callao.
According to Carlos Ugaz Montero, Executive Director of AATE, the city of Lima was one of the few cities that lacked a transportation plan, being ranked as one of the top 50 most populated cities of the United Nations. For this reason, the AATE is immersed in the planning of new metro lines, basing the planning on a Demand Study, based on surveys, but that needs to be complemented with data that reflects the behaviour and the real, and more specific, needs of the population.

Based on the insights obtained from mobile data, through the LUCA Transit solution, we have analysed the journeys made by these mobile users, which once anonymized extrapolated and aggregated, allow us to estimate the number of trips throughout Lima and Callao.

Thanks to the definition of user behaviour patterns, and the generation of a database and a viewer, the AATE can perform additional analysis, which have allowed us to see how the groups of inhabitants in the city of Lima move, knowing their routes and patterns of mobility along with their segmentation.
All the insights obtained through the LUCA Transit solution will be very valuable as input for the new demand study. According to Carlos Ugaz, “the project carried out jointly with LUCA has offered us very valuable information that has allowed us to make better decisions, in order to implement a massive transport system in the city, to make the most efficient projects for the benefit of all citizens; reducing the risk of making bad investments. ”

This analysis has been carried out over four specific months and has allowed us to categorize the journeys according to the origin and destination of the travellers, as well as the sociodemographic variables, the purpose of the trips, and temporary segmentations. In this way, we have been able to generate the following results:

  1. Generation of a database that represents the real journeys made by the users.
  2. Development of a visualizer, which allows analysis according to specific needs.
  3. Technical documentation of the project, including both the methodological part and analysis of results, patterns and conclusions.
  4. Training sessions, advice and support with the aim of making the most of the points detailed above.
The study allows us to see how the inhabitants of the city of Lima move, knowing their routes and also allowing us to see their different mobility patterns. In addition, the segmentation of the inhabitants helps to implement a transport system that is more integrated and responds according to the needs of the city. Thus, they will be able to optimize the construction of the metro network, strengthening communications between the points with the greatest demand and adapting the schedules.

This will allow users to make fewer transfers, which will make travel more comfortable and quicker.

As that the patterns of user behaviour have been generated, a database and visualizer have been generated, which allows AATE to perform additional analyses, depending on different needs.

Among the main results obtained are:

  • Identification of the main polls both generators and travel attractors
  • Identification of the days and average hours with the highest demand, depending on the reason for these trips
  • Segmentation of travellers by sociodemographic variables
  • Analysis of commercial areas

LUCA transit, allows us to analyse the trips made by the population based on real, undeclared data, allowing the client to know the real needs of the population.

You can also follow us on TwitterYouTube and LinkedIn

Interview with Vicente Muñoz Boza, Chief IoT Officer of Telefónica

Cascajo Sastre María    8 November, 2018
  • Is the Internet of Things established in our daily lives?

Internet of Things is a reality applied in more areas than we can imagine, both in our country and internationally. In fact, many customers with whom we collaborate are transforming their businesses thanks to the application of this new technology.

From Telefónica we want to offer our knowledge and experience in this process, since we are aware that the digital transformation entails a great challenge. We believe it is a trend that will continue to rise and, therefore, we are betting on it and working with different companies to extend the advantages of connectivity to all possible sectors.

Among some of the examples of the technology that we are developing, we can highlight the connectivity applied to the automotive sector. In this case, thanks to Telefónica, thousands of vehicles currently have the necessary connectivity so that drivers have all the information regarding the status of their car. This allows drivers to detect in advance any anomaly in the vehicle before it becomes an issue.

As you  can see, connectivity has already been implemented in the most common aspects of our daily lives.

“we are aware that the digital transformation entails a great challenge. We believe it is a trend that will continue to rise”

  • What advantages of IoT are common to the company and the user?

Our vision from Telefónica is for connectivity to be implanted in all levels of society so that we can connect with what is really important and simplify different tasks. That is, the objective for the objects themselves to have the ability to take care of their functions. For example, the garbage can has the capacity to warn you that it is full so you do not have to worry about checking it.

This gives us greater efficiency and control of everything that happens around us and to better spend our time. Thus, we can focus on those things that distinguish us and differentiate us as humans and machines can work more effectively in those things that are more mechanical and routine. All this is clearly reflected in the performance within the work, both for the company and for the employees, who save time in tasks that are now in charge of the machines and can dedicate their time entirely to their job.

On the other hand, IoT connectivity collects information as things connect with each other. This allows us, based on the collected data, to have a sketch of our behavior and thus we can know ourselves in a much more complete way. As a consequence of this knowledge, we can make sound decisions in a much faster and safer way. This is something that we all benefit from, especially companies, since IoT is the ideal means to improve processes, be more efficient and even to detect business opportunities that until now remained hidden.

Precisely adapted to companies, we have designed the Kite Platform tool for greater control in the management of business. The Iot connectivity platform supports new technologies, manages devices and facilitates the integration of IoT clouds.

“IoT is the ideal means to improve processes, be more efficient and even to detect business opportunities that until now remained hidden”

  • Ten years ago we started using the smartphone, what do you think will be the situation in the IoT sector in ten years?

It is true that the technological sector is evolving exponentially. If this trend continues, in the coming years connectivity will have extended to practically all aspects of life and, possibly, we will not understand the function of objects that are not connected, as we do not contemplate our day to day without smartphones . In fact, according to Machina Research, in 2025 we could reach the quantity of 27 billion connected objects.

Although it is difficult to estimate all the possibilities of IoT in the future, today its contribution to companies is a reality. In fact, we could even talk about a change of era. The companies that are developing the most in this aspect are building a clear advantage over their competition and are contributing to substantially improve the possibilities of users on a day-to-day basis.

Even so, the challenges and opportunities in the IoT environment do not stop appearing. For this reason, at Telefónica we are working to anticipate them and be able to provide the most complete response possible. For this, we are building a solid base of partners with whom to continue developing new initiatives, but to do it optimally we need the best professionals in our team. That is why we are building an environment where these professionals coexist or, as we call them, “Thingnovadores”, with the aim of facilitating collaboration between them and enhancing creativity, since we believe it is the perfect climate for Telefónica to follow championing the change that implies the incorporation of IoT.

Leave a Comment on Interview with Vicente Muñoz Boza, Chief IoT Officer of Telefónica
Cascajo Sastre María
Cascajo Sastre María

Born in Valladolid but always lived in Irún. I have a degree in Journalism and two Masters: one in Journalism in Television and another in Marketing and Digital Advertising. I have touched different branches before taking root in Telefónica, where I work since 2015. Currently workig in the Mkt & Comms department of Telefónica IoT. My little pleasures of life: play music at full volume on the car and chocolate. My motto: "Maybe not every day is good, but there is always something good every day".