interoperability per se. They relate to what people do with the interoperable systems.4.4.1 Increased security risks As described above, systems can increase interoperability by:• providing greater opportunities for technical interconnection;• being more open about the types of systems and services that can interconnect;• supporting a greater variety of data; and by • making it easier for humans to leverage the interconnections.Unfortunately, each of these forms of interop can also increase the opportunities to exploit the system. A system that has more points of access allows (1) more types of systems to connect, (2) processes data with fewer limitations, (3) increases potential attack vectors and (4) creates more opportunities for nefarious actors to exploit data or to inject bad code. For example, single sign-on systems like “Login With Facebook” are convenient for end users, but they can also mean that a single stolen credential gives an attacker access to numerous online systems, instead of just Facebook itself.32 This security concern is not precisely a problem with interoperability, nor is it insurmountable. The fact that the systems can interoperate does not per se mean that more people have access to underlying data in a given system. But increased interoperability between systems can lead to vulnerability if sound security measures are not taken. For example, it was recently discovered that Apple Pay’s mobile payment system was being misused to commit credit card fraud.33 The problem was not caused by interoperability, but rather because some banks were not properly verifying account credentials when users set up Apple Pay accounts. Criminals were able to take advantage of this by registering stolen credit card numbers in Apple Pay. Interoperability may increase the number of opportunities for security breaches, or the potential fall-out from such breaches, but it does not cause the security vulnerabilities. By the same token, systems that are not interoperable at all are just as likely to have damaging security breaches if proper precautions are not taken. 4.4.2 Decreased privacy The possibility, in certain situations, that interoperability might reduce individual privacy is among the most commonly voiced concerns. It is true that increased interoperability may raise the number of individuals with access to one’s personal information. Single sign-on systems are the most obvious ways that interoperability might lead to less privacy. If technical and user controls are not well established, giving multiple service providers access to a user’s online identity increases the risk of misusing that data. In the electronic health records context, where privacy is of the utmost importance, an interoperable standard may allow the capture or theft of highly sensitive personal data. Interoperability builds more complex ecosystems, with more participants, creating more risk vectors. Against that backdrop, however, interoperability per se does not give rise to increased privacy risks. Rather, it is the specificities of its implementation. Even if one assumes a technically waterproof interoperability solution cannot be achieved—a highly debated assertion—one can imagine effective organizational or legal tools, such as privacy regulation, successfully addressing privacy concerns. 4.4.3 Increased homogeneity Interoperability might lead to less diversity in a market. A single platform for many interoperable systems might become a de facto standard that constrains innovation. Again, it is not interoperability per se that causes such homogeneity, but rather the economic consequences of market actions made easier by the interoperability. The Internet is a wonderfully interoperable system that has led to tremendous innovation, but the protocols that underlie it represent a form of homogeneity. Most of the interconnected systems that people use today rely on TCP/IP at some level to connect to the Internet. The protocols themselves do not include security components 108 Trends in Telecommunication Reform 2016