I was just checking for updates for my NAS device, when I thought about the Internet Of Things, and how it promises much, but is also a surveillance nightmare that would make George Orwell cringe.
The Internet of What-now?
The Internet Of Things is a blanket term for all things related to linking a growing number of devices to the internet. How many Wifi enabled devices are in your house? Some laptops probably, a PC, a media center, and some phones. But that’s just the tip of the iceberg. Lamps are now networked for mood-lighting, you can measure your household energy consumption through the cloud, and even Barbie is becoming networked. The future is a growing number of simple devices that connect to the internet to do fancy stuff. On the one hand this brings us much comfort, on the other, it is extremely disturbing for an IT guy like me.
All these interconnected devices offer a lot of benefits. An online graph of your energy consumption (and production) is very useful – I worked on such a cloud-based application myself. I can walk to my car and open my locked door without turning a key, because the car recognizes that I have a valid key close by and does it for me. When I turn on the car it connects my phone through Bluetooth and I can press play on my cloud-music service to start streaming my favourite playlist through the car audio system. When I’m hanging out with friends, we can order from a range of take-out restaurants in our vicinity with a few clicks on that same phone and track the food real-time all the way to the house. Then we can settle the payment with a few clicks as well. This was impossible only ten years ago, and twenty years ago it was pure science fiction.
Where we’ll be in another twenty years is still a question mark, but while the computer revolution is drawing to a close, the Internet Of Things revolution seems to be just beginning. Interconnection of devices is rapidly becoming cheaper, leading to ever-increasing possibilities. Soon we’ll be able to travel by bus or train by just walking onto it and off with our phone in our pockets, without ever buying a ticker or even swiping an NFC phone – I worked on that kind of technology too. PCs are possibly going to vanish to storage closets in most homes. Connected through the local network and providing processing power where needed as media center, audio center, or for playing games. When we want to work, we pair our phone with a fold-out monitor and wireless keyboard and mouse from the cupboard.
All this could happen, but peering into the future is always a risky venture. Things change. You get blind-sided by unexpected inventions, public sentiment changes, or – in rare cases- you’re dead-on. At the very least, it’s good to realise that the Internet Of Things also has a dark side.
Do you really want to have your child talking to a networked barbie? It’s coming close to passing the Turing test, at least for children. Your son or daughter might not see the difference between a real friend and their barbie any more. Do we really want that?
The shit-storms that hit through Facebook and Twitter are slowly chocking the life out of social media. We compulsively check our e-mail, tweets, and what-apps on our mobile phone. We are exchanging social contact for technological interconnection. Worse, we are exchanging social debate for a mob-ruled jungle where political policy is determined by Twitter trends. People not conforming to the norm of a self-appointed group of people get destroyed online. You only have to look at Gamergate to see the dangers of this.
The Internet of Things is making us even more dependent on technology. We are under surveillance all the time through all these devices, and we have to give up our privacy to reap the benefits of all this high-tech. Worse, it is very hard to see what is actually being done with our data and who might be abusing us. And that is where it gets really ugly.
It’s only a few years since Edward Snowden blew the whistle on the true extent of surveillance of the US on its own citizens and those of the rest of the world. It soon turned out, they were not alone and I personally believe most intelligence agencies in the world are just as bad. There is evidence that China and Russia are even more aggressive in hacking their way into our homes. Although there has been some outrage, it was not near enough to change anything. Efforts in the US have been limited to curtailing the spying on its own citizens instead of making the internet more secure. Me being European, that doesn’t help me one bit. On the flip side, it doesn’t help US citizens in the long run either; they’ll just be spied on by Europe, Russia, and China instead of the US.
It’s not just governments, though. Hackers are equally able to abuse our fully interconnected society. This ranges from leaking of private photos of celebrities to cyber theft. Estimates put the annual damage to the economy at hundreds of billions of dollars. The discussion is difficult, because people outside of the IT sector have trouble grasping the underlying problems.
Software engineers have been trying to put the dangers we all face with our interconnected phones and Internet of Things devices into analogies that everybody can understand, but that’s very hard. Television and books paint almost exclusively wrong views of what hacking is.
No, hacking is not done by well-styled user interfaces that cycle through password prompts until all the letters have been found. Hacking is done through command prompts and with social engineering. Do you know how you can find leaks in many websites? Enter a ‘;’ character in the password field. If this starts returning weird errors, you’ve got what is called an ‘injection vulnerability’. Social engineering is done by mail, phone, or simply walking into a building and pretending to work there. A website with an alluring link that infects your computer with a virus that steals your credit card data – a virus you can buy from real hackers so you don’t even need to be a savvy programmer.
To put it in simpler terms: all a computer can do is run software, and every non-trivial piece of software has vulnerabilities. The best analogy might be that a piece of software is like a naked person covered in bleeding wounds and the internet is like an ocean with millions of hungry sharks. And the only way we get to protect that software is with tiny bandages that we have to put on all the wounds. If the programmer forgets even one scratch, the software becomes vulnerable. And a computer runs hundreds to thousands of pieces of software. Of course, here it turns out the reality is even worse than the analogy, because if one programmer doesn’t protect one piece of software enough, an entire computer, phone, or even network becomes vulnerable. And once the sharks can scent the blood, each shark can simultaneously attack every person around the world that is bleeding.
Do virus scanners and firewalls help? Yes, of course, but these are still pieces of software. To continue the analogy, if your computer is like a group of bleeding people, then your virus scanner is an extra naked bleeding person trained to fight sharks. They are still vulnerable, but they can protect the group… to an extent.
Are you starting to see the problem? It is bad. And we keep connecting more of our private life to the internet. The Hello Barbie – or 1984 Barbie as I like to call it – is a surveillance device we give to our children. The NSA could be listening to what your child (or you) say near the doll. The recordings might exist in ‘the cloud’ for years.
And it’s not just a government listening in – which would be bad enough. It could be online gangs that try to blackmail you with that time you had a rant about that asshole of a boss. It could be a pedophile hacker talking through the doll to convince your child to go into the car with the nice man that just drove up outside. It could be religious fanatics trying to indoctrinate him or her. Or a burglar asking where all the valuables are. The number of attack vectors on Internet Of Things devices is staggering.
The Internet of Things is a promise for more revolutionary convenience. It’s also a dark nightmare of hacking opportunities that eclipse what George Orwell wrote about in 1984. Only time will tell which way it ends up swinging. We should invest heavily in making it all secure and privacy-protecting and not focus on the legal aspect. Neither foreign countries or hackers will be stopped by a local law.
Personally, I feel Edward Snowden is a hero for sacrificing so much to make us aware of those threats, and he did it as safely as he could – but I’m not a judge, or even a US citizen. I can only share my opinion on the matter – which might be dangerous enough in itself.
Anyhow, I’m going back to checking my Twitter feed and Facebook now.