The internet of things, security and inevitability

Spanish-language technology website Microsiervos recently published an article of mine about the internet of things, contrasting it with another by the great Bruce Schneier highlighting the evident lack of online security, prompting me to think about the relationship between this issue and the speed with which certain technologies are adopted.

As Bruce points out, the internet of things is a jungle. There are no rules: we are talking about devices of all types created by a wide range of manufacturers, many of them with little experience (the number of digital devices entering the market has exploded thanks to a myriad of newly created companies using sites like Kickstarter or Indiegogo), all using using different communication protocols, technologies, and systems.

The growth in the number of devices, all of a different nature, in our homes will doubtless give rise to any number of vulnerabilities, as well as to all kinds of related possibilities for those wishing to exploit them, from simply ruining your day to trying to make money somehow. Like death and taxes, this is unavoidable. It’s going to happen.

That said, as Bruce points out in his article, the current situation is not really that different from the one we faced when the personal computer and the internet were being taken up en masse. During that time, and even today, we have been living in an extremely insecure environment: the computers that we use are utterly unprotected and subject to all kinds of vulnerability, they are connected via routers that can easily be hacked (I’m no hacker at all, but when I decided to look for weak spots on my router so as to change its configuration last week it was as easy as 1,2,3: it’s scary).

We need to face up to the fact that every security update also offers the chance to attack those of us who have not yet installed it, and although manufacturers send updates directly, which improves things, the situation is still far from perfect. Basically, we can say with almost total certainty that if somebody is sufficiently interested in entering your operating system, they will.

Which poses the question as to whether this lack of security has in anyway slowed down or stopped take up of PCs or the internet. For years and years now we have known that the systems we have been using for anything from storing holiday snaps to connecting with our friends or work colleagues are completely insecure… And? Has this in any way prompted us to stop using them? Has it delayed or threatened the popularity of this technology by one iota?

The answer is a loud NO. The weaknesses and security issues of our computers are an intrinsic part of technological development that we have learned to dismiss as variables. The risks we take are clear and evident, but we ignore them, seemingly blissfully unaware of the dangers we face. But let’s face it, this is what we do with all new technology: the inherent risks of driving are clear in the weekend’s traffic statistics, but that doesn’t stop us from getting behind the wheel whenever we have to.

When technology reaches a certain level, the adoption chain kicks in, and nobody can stop it. The fact that security or safety is still not 100% guaranteed, or is even minimally acceptable can perhaps think about the possible consequences, but it does not stop us when we decide that we want to use it. I’m not sure if this is a good thing, but after studying countless adoption curves, I can safely say that this is indeed the case.

The internet of things is coming. And it comes with any number of weaknesses and risks. We will install all kinds of stuff in our homes, wear it, and have it in our cars, fully aware that this may bring any number of problems, invasions of our privacy, and other consequences such as them not working properly to more dangerous questions such as personal safety or getting into debt. And yet we will install these devices and use them.

It’s like pushing a rock up a hill: when you get to the top, nothing and nobody is going to stop it from rolling all the way back down. In terms of their impact on adoption, security problems will only be addressed later on, when the magnitude of a particular issue prompts action. In the meantime, have no doubts about it: there will be adoption, even if it leads us to the abyss of widespread insecurity. If you had to bet on it, whether as an investor, entrepreneur, or user, you know: security problems will not interfere with mass take up. The best we can hope for is that they will be addressed sooner rather than later; in all probability, much later. Humankind loves a house of cards, and they are usually built on utterly unstable foundations.

Irresponsible, yes; but that’s where we are.

(En español, aquí)