A generation back, in the July 2000 edition of Harper’s Magazine, Dennis Cass wrote (in an article on Silicon Valley) about “the kinds of things you’ve heard bores like Nicholas Negroponte drone on about in Wired magazine, like shoes that can send e–mail to other shoes”. I wrote this down at the time, because I had previously met Nicholas (who wasn’t boring at all) and remember thinking that Dennis' was an interesting perspective from a non-technologist looking at what technologists were doing. And it was a funny example.
Shoes that can send e-mail to other shoes! Ridiculous. And yet a couple of years ago, through the miracle of Twitter, I found a piece on bluetooth connected “smart” shoes. The dystopia is here. It’s only taken a couple of decades to get this point, but it’s something to celebrate. I can confidently predict that our shoes will be getting hacked from now on. After all, if the makers of bluetooth connected sex toys are unable to keep them secure, the makers of shoes haven’t a prayer.
This is a confident prediction. I remember reading an article about the Internet of Things (IoT) in the New York Times. It was about the poor state of IoT security and it referenced noted security expert Bruce Schneier, who was arguing that the economic and technical incentives of the internet-of-things industry do not align with security and privacy for society generally. He has previously said that given that lack of alignment the government must step in. He says the lack of security is a kind of invisible pollution and that "like pollution, the only solution is to regulate”.
(I made a podcast with Bruce around a decade ago and can tell you straight that he has already forgotten more about computer security than I will ever learn — and is a very nice guy. From what I know of the topic he is of course completely correct: this misalignment not only means we have no real security at present, it means that things can only get worse.)
As Bruce points out in his excellent new book "Click Here to Kill Everybody: Security and Survival in a Hyper-connected World”, we are now in a situation where the lack of any security infrastructure means that anything that can be connected to the internet can be hacked. And since everything is connected to the internet, everything can be hacked.
Oh dear.
Of course this isn’t just about sex toys. This isn’t just about hackers having some fun or commercial rivals causing trouble. I don’t want to be overlay dramatic, but I think you can argue that World War III has already started, it’s just that we haven’t noticed because it is in cyberspace. And as noted media theorist Marshall McLuhan observed way back in 1970, "World War III is a guerrilla information war with no division between military and civilian participation”. In other words, there’s a cyberwar going on, and we are all participants.
It’s not a one-off, either. Bruce says in his chapter on "Everybody Favours Insecurity” that cyberwar in the new normal. I think he is once again spot on. We need an infrastructure for everything, because everything is at risk.
So if the only solution is for the government to do something, what should it do? Well, there are all sorts of things I am sure, but surely one of them must be to act to facilitate the introduction of a digital identity infrastructure of some kind. Identity isn’t just about people, it’s about everything. And unless there is some way for my sex toy to know that it is me calling, or for me to be sure that it’s my sex toy I’m talking to, then the friction attendant on the online economy will be so great as to dissipate the benefits.
Now, an infrastructure doesn’t mean a single solution. There’s a payment infrastructure that both me and my local shops tap into, but within that infrastructure I can use my Barclays debit card or John Lewis MasterCard, my American Express charge card or my Barlcaycard. And I can use any of those cards in many different kinds of terminals connected to many different networks and acquirers. And it all works.
We need a digital identity infrastructure that is as effective as this payments infrastructure. That is, most of the time you won't need to think about it. Just as I have half a dozen cards that's all function within this infrastructure but under my control(In other words, knowing that they will all work) it seems reasonable that within I should have half a dozen different digital identities and I can choose from one of her transaction basis, safe in the knowledge any one of the more work. So what is it that is stopping us from getting to this infrastructure?
There is, however, one important difference colon the digital identity infrastructure has to be for everything full stop now, that is a much more complicated goal then it sounds at first full stop take my car for example colon there's the identity of my car comma defined in terms of its relationship with me. But what about the components of the car? Suppose I want my car to be able to check where it's components of come from or to assess whether the components are real or counterfeit?
Comments
Post a Comment