Remotely Yours: Internet of Things Meets Father’s Day
![[Graphic: Google Glass by Wilbert Baan via Flickr]](http://www.emptywheel.net/wp-content/uploads/2014/06/GoogleGlass_WilberBaan-Flickr.jpg)
[Graphic: Google Glass by Wilbert Baan via Flickr]
Predicting the future on the Web’s 25th anniversary*, a Pew Internet study published in March this year, reveals the depth of naivete bordering on gross ignorance on the part of so-called experts surveyed for this report.
The subhead alone should concern you:
Experts say the Internet will become ‘like electricity’ over the next decade–less visible, yet more deeply embedded in people’s lives, with many good and potentially bad results
Emphasis mine — because really, how much more deeply embedded does the internet need to become in our lives before we begin to rethink its widening application?
At the risk of sounding Ted Kaczynski-ish, we have allowed the development, implementation and integration of technology to run amok. We’ve only paid attention to the narrowest benefits we might receive from explicit application of any new technology, failing to look at the systemic repercussions of all our technology on all our society and on the planet we share.
It’s not your remote controlled light switch in itself that is a problem. Go ahead, turn on your lights at home while you’re on your summer vacation across country.
It’s the lack of thought about the entirety of the internet itself and its embedment that is a major problem. We’ve already become utterly dependent upon it. The additional little tools and toys we inanely call the “internet of things” will only make the situation more complex.
Ask yourself this: If the internet suddenly crashed this week, completely collapsed for an unspecified length of time, what would happen to the global economy?
What would happen to the health of patients in hospitals and care facilities — are there monitoring and medication-dispensing applications that are both life saving and internet mediated?
How would we conduct and record any kind of transaction, between individuals, between businesses, between governments?
Would our power grid continue to run smoothly without the use of the internet?
At a minimum we should be asking ourselves at what point our government will limit its tracking and compilation of meta data, let alone whether it can use data from one’s wireless slowcooker as a criteria to dispatch a deadly drone. Imagine the mind-boggling size of the data farm required to house all the meta data alone from the internet of things.
We should be asking what happens if foreign governments conduct cyber war through this internet of things what our response should be — conduct cyber-retaliation with equal and measured response, taking out wireless ricecookers and teapots on the other side of the globe?
What happens if our cyberweapons are deployed against us, like a customized Stuxnet invisibly tweaking all the settings on all our internet of things? Would we know we’d been targeted until far too late?
Anyhow, just some food for thought, something to mull over as you flip your remotely monitored ribs on the smoker while sipping on your icy cold brew produced from your wirelessly controlled refrigerator — which may tell you soon you’re low on beer.
Happy Father’s Day!
* h/t @sarahkendzior
Do be sure to blame the correct contributor for this post — it’s all me, not Marcy, who’s worried about the massive military-industrial complex expansion required to house all the data from the growing number of WiFi-enabled falafel-and-ricecookers across the country.
And the criminal use of Stuxnet-like hacks to hold your wirelessly-controlled remote car starter hostage until you pony up Bitcoin to obtain a release code.
If only this stuff was distant science fiction those so-called experts could envision a decade from now…
Marcy’s got enough other stuff to worry about besides Stuxnet and wireless toys. ;-)
Just keep snickering at those Prepper people while keeping your nose buried in the latest version of Candy Crush on your Smart Phone.
All is well citizen.
Hi, Busted!
https://en.wikipedia.org/wiki/Foundation_series
Care to elaborate on which parallels you mean, pipship?
Are you pointing to a second generation warning, i.e. Unabomber=Foundation’s Hari Seldon, This and second gen=Wanda+The Mule…
Or are you suggesting Gaia, the overmind of Foundation’s Edge, by way of the internet of things?
Beats the hell out of me, Rayne! But tell me, have you honest-to-god read the Foundation series? I was about to go off on wonderful novel Neuromancer -and wetware- but said, heck, it’s father’s day, I can do whatever I want! I wrote of the connection between Neuromancer and some Foundation and the internet of things: what you mentioned. i felt it is not like electricity at all, but an evolving neural extension from something like Gibson’s wetware, an extension of the mind subject to mind-theft, by thought cannibals, but didn’t like what I wrote. I cut most of it out then I submitted it by accident and said oops! But I sure like they way you think! I loved Asimov – it’s what I cut my teeth on, and one of my most cherished books I own is the 1962 Hugo Winners edited by Mr. Asimov. I’m so sad that that kind of creativity is in such short supply! Most of what’s out there, and the societal problems of mass surveillance just isn’t described to the level that golden agers had natural command of. I wonder if the lack of literacy in this genre is part of why there is so much apathy?! I mean, you can only teach 1984 so many times, it’s a great loss that wider exposure to it all isn’t available in public education! I think issues of the day would be a lot better understood, particularly when considering technology. etc etc etc etc etc etc
I don’t know if my brother is celebrating Father’s Day – if he is, it may include a barbecue, done outside, with charcoal – but I know yesterday was his 40th wedding anniversary.
“…wirelessly controlled refrigerator — which may tell you soon you’re low on beer” and tell your employer, your insurance company, &&&. Life insurance companies can still jerk premiums around, or add exclusions based on lifestyle risk choices.
.
“Open the refrigerator door Hal.”
“I’m sorry Dave. I’m afraid I can’t do that.”
“What’s the problem?”
“I think you know what the problem is just as well as I do.”
“What are you talking about Hal?”
“You’ve had your allotment of beer for the day Dave.”
.
Not quite as dramatic as your crockpot calling in a drone strike, but chilling nonetheless.
OMFG LEFTY665 YOU’RE KILLIN’ ME! I dare not let my son read that or he’d be repeating it in his HAL9000 voice ad nauseum. Can you imagine the possibilities?
Like an ex-wife with mad hacker skillz effing with your Siri-enabled blood pressure app, or diabetes pump. Jeez…
“Siri, check my blood pressure and my blood sugar.”
“I’m sorry, I can’t do that, sir.”
“Why?”
“You see things, and you say, ‘Why?’ But I dream things that never were, and I say, ‘Why not?'”
“What the fuck?”
“Language, sir. Your ex-wife warned me about it.”
_____
pipship — I read the Foundation series like multiple decades ago, it might be time to re-read it. I think the hardware-wetware parallel is less obvious than the extension of hardware with a global network. If anything, the wetware is manipulated by the extended network, not the other way around. Once wetware is compromised, the human hardware follows.
I have suspected for sometime that we have arrived at futureshock, as Asimov described it. Our technology has outpaced the average person’s ability to understand and master it. This explains why Congress can be so easily manipulated by the NSA and cyberservice contractors; they simply cannot grok the technology they are to legislate. It also explains why the public so easily grabs the latest technology based on its shallow promises, without questioning deeply the systemic impact any new tech will have on our society as a whole.
_____
And for everybody, a piece of fiction that makes my point:
The Nightmare on Connected Home Street
Wish I’d caught this last week before I wrote my post, but it’s still entertaining and enlightening even if I couldn’t use it for reference.
You might like Psychohistorical Crisis by Kingsbury.
Raises hand
.
I wrote to Isaac Asimov in the ’70s about Foundation and he wrote back!
.
.
Can hardly remember a thing from the books now. Mushbrain. I posted my letter in response to guy who had written Asimov and gotten a postcard in reply:
.
.
Pangs for Isaac, pangs for typewriters.
.
.
.
(do we still need to put periods in between paragraphs? always something… hi all)
Very glad you had the chance to communicate with Asimov. I suspect he was very modest as well as incredibly prescient.
I realized as I was dozing off last night that I incorrectly attributed the concept of “futureshock” to Asimov — should have been Alvin Toffler. I cross those two all the time because I had read Foundation about the same time I tackled Toffler. There’s an amazing degree of parallel in many of the concepts Asimov employed in fiction, and Toffler imagined as part of our future.
Toffler must have been nearly as prescient as Asimov given his conception of a post-industrial society. Much of the economic crises we’ve faced over the last half-dozen years have their roots in the shift to a post-industrial economy. But this is where Asimov’s vision picks up the thread: was Toffler the equivalent of another Hari Seldon, one who was less violent and disturbed than Ted Kaczynski?
@ Rayne:
Well the fact you read it is very, very cool. Yeah, the interface didn’t work as I wrote it and is why i dropped it. I imagine I was thinking more like having evolved 30,000 mile – long exposed neurons or like that. But yes, then compromised human hardware fits perfectly. Your grok is quite the grok.
As an aside, I’ve found it quite effective to slowly sing Daisy, Daisy like HAL through a disconnected vacuum cleaner tube. It certainly perplexes the cat, and amuses me.
“Emphasis mine — because really, how much more deeply embedded does the internet need to become in our lives before we begin to rethink its widening application?”
That’s kind of like someone back in the 1930s wondering out loud about that electricity thingie which was increasingly taking over their lives and wondering whether it might not be a good idea to “begin to rethink its widening application”.
Unfortunately, people didn’t want to throw out their (electric) telephones and (electric) light globes, refrigerators, and washing machines and go back to (snail) mail, candles, ice boxes, and washer women. So here we are today, decades later, again wondering whether certain kinds of technology are a good idea–and probably with about as much chance that most people would exchange their smartphones and Net-connected laptops for a landline and a (paper) newspaper as their predecessors would have (willingly) gone back to candles and ice boxes.
The generational shift we’ve made between analog and digital is not like the shift between manual and electric equipment. Manual to electric meant a reduction in physical labor; the equipment increases the efficiency of energy applied. Electric-analog to electronic-digital means a reduction in intellectual inputs, an efficiency in the instructions applied.
Should the electric equipment fail in an emergency, the user must apply more energy directly. But should the digital fail, the user cannot simply apply more intelligence; they must regress not one but two generations, and they may lack the know-how to do so.
As a kid I spent some of my early summer vacations in the Upper Peninsula with my mom. Electricity was still pretty unpredictable even in the late 1960s; even hot water heaters whether electric or natural gas were infrequent. To do laundry my mother would fire up my grandfather’s wood stove, heating galvanized buckets of water before pouring them into a wringer washer. My job consisted of putting clothes through the mangle’s rollers to squeeze out excess rinse water before hanging them on the line. When power was out, we had to twist the clothes by hand before hanging them. It was far more time- and labor-consuming to wring by hand, and nowhere near as effective as the scary finger-chewing mangle.
But at no time was there a threat that the wringer washer or mangle would fall under the control of another person not there with us. The equipment might break, but it could be fixed with simple parts — no processors, motherboards, software updates, or planned obsolescence, only simple nuts, screws, rubber washers required. That same washer still works today when plugged in.
A washer today may be absolutely useless if the electronics in them die, if the software they use is corrupted or hacked, or if the equipment is hijacked by another outside entity. Pick any other electronic device — they are subject to the same exposures.
Worse, today’s young adults have absolutely no clue how to fall back two generations in technology, let alone go manual. They don’t know what it is to have to wash clothes by hand, hanging them to dry. They would have to look up the how-to guide on the internet; they can’t rely on a library nearby let alone that library having adequate how-to books.
But this example assumes a catastrophic failure, like a devastating hurricane, a massive solar storm-generated outage, an EMP or hacker-attack on the power grid or equipment itself. The other problem with this shift to internet-mediated equipment is a kind of enslavement.
A wireless device connected to the internet, operated by software written not by the user but by corporations, can make demands of its users without their explicit permission. It can take information about the users and report it, withhold action until more information is shared. The quid pro quo is assumed to be better service in exchange for a tacit release of limited information, but the average person cannot police this agreement. They unwittingly shed valuable private information without express consent, farmed for their data like happy cows fed alfalfa before they are milked as they chew their cud.
And if the washer breaks down, they get on their little cellphones and shed more meta data in order to get a repair person to rescue them from soiled clothes they know not how to wash. The users are harvested, and perhaps not only by multiple corporations, but by their government and others who inveigle their way into data. Nothing at all like the shift from manual to analog technologies whatsoever.
Rayne, this feels a bit like paranoia – like the people who believe that if we let machines build machines, we’ll get Skynet, or the people who think that passing the “turing test” will get us HAL9000. When you have a fundamental understanding of how these electronics are developed, and how the internet is a distributed network, not a centralized hub, many of your fears are merely religious. Sure, a grand solar flare could theoretically take out our electronics for a short period of time, most of these attacks are centralized, affecting a small region.
Now I agree we should view the internet of things with skepticism, and to scrutinize our actual need of having a internet connected rice cooker, but to fear it because “hackers”, is in tin-foil hat territory. You have more to fear from your smartphone than you would any type of household appliance, and yet, everyone carries this device with them everywhere. Why develop a spying rice cooker when you have that?
*laughing* Are you new here?
In 2003, Room 641A located inside AT&T’s San Francisco facilities began operations for the NSA.
In 2005-2006 when its existence was revealed, there were outcries about it as well as pushback from folks using similar labels like ‘paranoia.’
We now know that Room 641A was only the tip of the iceberg, and its implementation along with other electronic surveillance technology snowballed. Or more accurately, traveled like a pyroclastic flow.
Less than a decade after Room 641A began its work, our culture has become saturated with network-attached devices, shedding unending streams of data over both Ethernet and wireless networks. (Listen to/read the NPR+Ars Technica series from this past week about meta data to grasp the amount and scale of data shed from nearly every home which can be sniffed quite easily.)
If you’re a regular at this site, you already see the constant hammering by the government insisting on access and collection capability with regard to cellphones and email, and the WAN through which communications travel.
But here’s one rub: Who is asking about restricting access and enhancing security to the other wirelessly attached devices in the ‘internet of things’?
If the government loses some access to cellphone meta data and call content, what do you think they’ll pursue next in order to monitor whomever/whatever it is they are monitoring?
It’s incredibly naive to think the NSA is not already looking into this, given their history already unfolded before us, and what they’ve taken with impunity so far.
And as for hackers and ricecookers: you really ought to read the news more often.
They’re already in the refrigerators.
I’ll ask again if you’re new here, because long-time regulars already know I’ve worked in info technology and in competitive intelligence. I do know something about software and hardware. Am I paranoid? Not nearly enough, and I’ve learned that through painful hindsight.
Identity, duration of time here is irrelevant.
I’m well aware of the scale of data that is being collected and how it is done. I am merely arguing that performing mass surveillance on an internet of things will follow a “path of least resistance” to minimize cost and effort, and specialize on devices which are high volume. Things to watch for would be Nest products, especially after being acquired by Google, smart T.V.s which are becoming very popular, XBox One, or any network connected device designed by the companies which have already shown direct ties to the NSA (Microsoft, Google, Apple, etc.). But the number of people who would buy a wifi connected rice cooker is small, and the cost of developing a mass surveillance tool for that one device does not pay off.
Additionally, the devices compromised need to be able to show personal data. My refrigerator might tell you what food I buy, and when I’m home, but it likely won’t tell you my social affiliations, as it has no ability to know*. The article you linked merely shows using refrigerators as a spam bot, not as a surveillance tool. Devices which have input devices which can take video or record sounds are things you should be far more worried about. So what I’m saying is I think you can trust your rice cooker, but don’t trust your XBox One.
As these device do become more ubiquitous, you have more to worry about in terms of hackers building a botnet on your network, but are not any more likely to steal your identity. As this becomes a larger problem, it will be profitable for companies to manufacture more secure devices, and will be at a similar state that our main computers are in now.
*unless I buy Obama cookies..
Seriously, go watch/read that NPR/Ars Technica series. They know everything about you based on the stream from your home and the range of IP addresses associated with your router(s). The identity of your associations has been determined for years by direct-mail marketing firms — that’s the kind of work that made Karl Rove a golden boy for the Republican Party. If commercial and political entities can already identify your leanings based on the aggregated collection of purchasing via credit+debit cards and your checking account, enough to know to send specific political adverts to you, why wouldn’t the NSA with far more information in much greater specificity and substantially more computing power be able to tell you exactly what kind of [pick topic] you prefer and at what time of day?
As for the “path of least resistance” — already done. The LG-brand refrigerator hack may have been a proof-of-concept; spam messages are a very simple means of saying, This is touchable. Just need to pony up a few grand or some Bitcoin to buy a specific hack that delivers a surveillance payload now that encryption has been bypassed and the OS+UI have been tweaked. (The idea that more secure devices will be made and sold any time soon is laughable, since the standards have been compromised by the NSA.)
What bother, what value, in knowing when the rice will be done, or the chickpeas fully cooked in the stew? Nobody cooks rice/chickpeas and then leaves it uneaten. Add the body of other aggregated information about the household, like when the thermostat is turned up in the bedroom or the lights and TV are turned on in the family room after dinner, and presto — special ops or hacker(s) know exactly when to do whatever it is they need to be doing.
Let me point out what should already be obvious to US consumers with regard to this particular scenario: South Korea’s LG Electronics makes more than just refrigerators; they’re into mobile communications, home entertainment and appliances, automotive electronics, HVAC, and energy solutions. They are the 4th largest cellphone manufacturer. What kind of OS+UI do you think they will have inside their devices, especially if they are trying to horizontally integrate their systems? Imagine them selling their cellphones with a remote household management app designed to control their own home entertainment and appliances, automotive electronics, HVAC, and energy solutions.
Can you think at all of any entity that might have a vested interest in messing with horizontally integrated products made — and used — in South Korea? Can you think of any reason why perhaps any handful of individual Koreans might be identified and targeted?
Perhaps it’s not futureshock from which many of us suffer, but a lack of imagination and capacity for critical thinking.
EDIT: Nuts, I completely forgot about the fact that LG-brand ‘smart TVs’ were collecting users’ data at one point.
“The idea that more secure devices will be made and sold any time soon is laughable, since the standards have been compromised by the NSA.”
Snowden has said himself that encryption does work, and that not all encryption has been compromised. A brief survey of some of the home automation devices on the market now do use encryption by default. I think with the revelations in the news, some people will look for the more secure devices, and that makes it profitable to produce them. Even without encryption, these devices can run on an air-gapped wifi router, and you would have (mostly) nothing to worry about.
As for refrigerators, yes I’m sure it is easy to hack into them, however, as long as they do not have a microphone or camera, I don’t think the NSA is going to waste the time on those kinds of devices. A horizontally integrated set of devices all using the same OS I’d be greatly worried about. But again, when you have a surveillance tool as rich in data as a smartphone, and have all this metadata from many other sources, I think that any architecture for mass-surveillance will be built around that for the time being. They’re currently suffering from too much data, they’re not going to add to it with something that can’t even pick up audio/video or other information available on the network.
LG is an interesting case for sure, I haven’t seen any documents on US/SK cooperation yet, but I’d imagine the agencies are close. I still think that rice cookers or refrigerators are only a target for hackers wanting a botnet, not intelligence analysts, until there are more devices which integrate with them. They’re too low value right now.
There are multiple layers of encryption in computing and networking, in addition to that used in communications. With regard to attacks on “internet of things” devices, it is the same encryption layer attacked or subverted by Stuxnet that is compromised — this is NOT the same as the communications layer.
See this blog post regarding NIST-standard encryption’s likely compromise by the NSA.
See this video by security expert Ralph Langner to understand how the attack on hardware’s encryption works (the dropper) to deliver a payload. Will the dropper look different on smaller “internet of things” devices? Yes — but they may also be much simpler.
Further, I suggest a free MOOC course on encryption when available; there’s at least one offered by a high-profile university. You can hunt it down.
I’m going to point out that the use of ricecookers, teapots, and refrigerators was partly tongue-in-cheek. I’d hoped EW readers would be more discerning about the scale and nature of the problem. As MIT’s Prof. Green notes in his blog post linked above, “If your goal is mass surveillance, you need to build insecurity in from the start. That means working with vendors to add backdoors.” LG does not manufacture all of their own chips, though they are beginning to manufacture more of them. Either of these manufacturing points is an opportunity.
If the chips go into LG devices only, that’s one thing, and it’s bad enough when they may affect automobile use or HVAC/building management. But if chips from vendors are distributed more widely and they are compromise, who knows the scale of the exposure to these insecurities?
And with regard to air-gapping, see this article. Security experts are following this, at least one says it’s plausible.
I’m done here with this line of discussion.