We’re about to get some government in our internet
There’s been a lot of anxiety regarding the role of the internet in our lives since the last election. Whether or not the spread of fake news influenced the election. Politicians influencing the news cycle by jumping ahead of the message on Twitter. Internet detectives from Reddit harassing people they suspect of organizing international child-trafficking conspiracies.
It’s becoming clear that a lot of our traditional institutions — journalism, policing, politics — have been affected by our dependence on the internet in unanticipated ways.
For the last 20 years, the possibilities of the internet have been almost exclusively optimistic, and with good reason. An open and free internet allowed people to connect and share in new and efficient ways, and it seemed to do nothing but enhance our experiences in education, entertainment, and communication.
Last week I watched the summary of the hour-long testimony of security guru Bruce Schneier before Congress. The topic was the future of the internet, and what he had to say was hard to hear but even harder to deny.
He spoke about the interconnections of our physical devices, the Internet of Things, but much of what he said works perfectly as an analogy for our cultural institutions as well.
As the chairman pointed out, there are now computers in everything. But I want to suggest another way of thinking about it in that everything is now a computer: This is not a phone. It’s a computer that makes phone calls. A refrigerator is a computer that keeps things cold….Your car is not a mechanical device with a computer. It’s a computer with four wheels and an engine…
It happened fast, so fast we hardly noticed it, but it’s true. Anything that is not reliant on a computer now will be, likely in a matter of years. So what is the problem that Schneier sees with this?
Infinite connections means infinite vulnerabilities.
There was one story of a vulnerability in an Amazon account [that] allowed hackers to get to an Apple account, which allowed them to get to a Gmail account, which allowed them to get to a Twitter account. Target corporation, remember that attack? That was a vulnerability in their HVAC contractor that allowed the attackers to get into Target.
OK, but, we can just increase the security on all our devices right?
Our computers are secure for a bunch of reasons. The engineers at Google, Apple, Microsoft spent a lot of time on this. But that doesn’t happen for these cheaper devices. … These devices are a lower price margin, they’re offshore, there’s no teams. And a lot of them cannot be patched…We get security [for phones] because I get a new one every 18 months. Your DVR lasts for five years, your car for 10, your refrigerator for 25. I’m going to replace my thermostat approximately never. So the market really can’t fix this.
And vulnerabilities like this are hard to fix. No one system might be at fault. There might be two secure systems that come together to create insecurity.
So what’s the scope of the problem? My toaster stops working and my email gets hacked, right? Not the end of the world.
And this is more dangerous as our systems get more critical... The Internet of Things affects the world in a direct and physical manner: cars, appliances, thermostats, airplanes. There’s real risk to life and property. There’s real catastrophic risk.
Oh.
So what do we do now?
It was OK when it was fun and games. But already there’s stuff on this device that monitors my medical condition, controls my thermostat, talks to my car…Whether we like that the technology is coming, it’s coming faster than we think. I think government involvement is coming, and I’d like to get ahead of it. I’d like to start thinking about what this would look like.
When it didn’t matter — when it was Facebook, when it was Twitter, when it was email — it was OK to let programmers, to give them the special right to code the world as they saw fit. We were able to do that. But now that it’s the world of dangerous things — and it’s cars and planes and medical devices and everything else — maybe we can’t do that anymore.
Schneier may as well have added “our democratic process” to the list too, as we have seen. And he’s right. The changes the tech world have introduced have proven to be so consequential, and the interconnections of our digital lives has become so complete, it’s now in every single person’s interest to have a say in the source code of our favorite apps. And because our fundamental infrastructural security now relies on it too, that government regulation is essentially inevitable.
What’s it going to look like?
I’m not sure, but I know that the traditional forces are going to be aligned on the side of social control, as they have since the free internet has existed. It’s going to be up to us as individuals to think of the internet of the future that we want, and fight for it, because it’s all about to change.
