Eyes Above The Waves

Robert O'Callahan. Christian. Repatriate Kiwi. Hacker.

Thursday 26 December 2013

We Need A "Dumb Device" Movement

I'm habitually pessimistic about many things, and this year Snowden reinforced my habit. In the narrow sense of his obligations to the US government, he's a traitor, but to the human race as a whole he's a hero and a role model; he personally is inspiring, but what he revealed is depressing.

I think his most important lesson is that total surveillance is an explicit goal of the US and UK governments (and by extension other governments), and there's no real restraint in how that goal is being pursued, especially for those of us who aren't US citizens. Combine that with the cold truth that we are incapable of securing complex systems, and we're in a very bad situation. We have to start assuming that mass-market computing devices are compromised, or can be compromised at will.

When people talk about the "Internet of things", they're implying the situation is going to get much worse. Every device that is network-accessible and supports updateable software is a surveillance device ... if not all the time, then as soon as someone decides to turn it on. (Let's ignore for now devices that can be programmed to take hostile action against their users!) I am not in favor of the Internet of things in the present climate.

Unfortunately, factors of cost, convenience and cool will keep driving general-purpose, network-accessible computation into every nook and cranny of our world. It may help if a significant subset of customers (I hate the word "consumers", it's demeaning) prefer devices that don't have unnecessary computation jammed into them. I want to buy "dumb devices" --- meaning they are not unnecessarily smart, and don't talk about me behind my back. My refrigerator, clothes, and bicycle do not need network access or upgradeable software, and I don't want them. Of course, if my market segment's population is me, it's not economically viable. Therefore I need a mass movement.

One interesting product segment is cars. The computerization of cars is truly terrifying, and there is some great work detailing how modern cars can be subverted. I would pay a decent premium for a car that lacks any kind of over-the-air communications. A potential problem is that safety regulations require new cars to have sophisticated computers, and sooner or later a computationally secure car may become effectively illegal, if it isn't already.

I don't know what to do from here. Does this movement already exist? If not, I hope someone starts it, since I'm rather busy.


"A computationally secure car may become effectively illegal." Oh yes, laws are there to protect us. >_>
I am not aware of such a movement, but I surely hope there is one already or if not that there will be one soon!
tom jones
"My refrigerator, clothes, and bicycle do not need network access or upgradeable software, and I don't want them." if you live in the developed world, there is probably 50% chance that you already have a "mass-market computing devices [that] can be compromised at will", in the room where you: eat, sleep, pray, and/or have sex. i don't say i "like" that fact, but i don't think it's such a big deal, and that we need to get all alarmist -- like any other issue related to civilization and "progress", we are going to work on it (through technical and legal means), and we are going to be fine. not one of us can be 100% safe from other people (we have been capable of killing each other at will, from a distance, for hundreds of years), and yet, we manage to live with that, somehow. and specifically about things like cars, i firmly disagree with you. rejecting progress (safer cars) because someone might spy on you isn't any different from rejecting cars because of traffic accidents. if you live in a civilization, you don't get to play by your own rules. if we, as a society decide that reducing car accidents trumps the risk possible spying, you don't get to drive a less-safe car. as with all things, it's a simple cost/risk/benefit analysis. most of people value having a communication device on them at all times over the (diminutive) risk of being spied, and no movement is going to change that. in the end, if you don't agree with all that, you can always opt-out of owning a car, just like you can even (effectively) opt out of society laws by living in a cave. but no one does that..
>>> not one of us can be 100% safe from other people (we have been capable of killing each other at will, from a distance, for hundreds of years), and yet, we manage to live with that, somehow. <<< A key difference between the Internet and what came before it is that cyberattacks scale easily. Thirty years ago, if you wanted to spy on a lot of people all the time you needed a very large security apparatus. Collecting and analyzing, say, every single telephone call was simply infeasible. Now it's feasible. Likewise there's a qualitative difference between "with some effort I can hit people over the head with a stick, one at a time" and "I have an exploit that causes cars to crash, and the cost of crashing 1000 cars isn't much more than the cost of crashing one car." You're optimistic that we'll somehow just muddle through. I'm optimistic in a different way: I think that if we can create economic incentives for "dumb devices", clever engineering can get most of the benefits (e.g. car safety) without the risks.
Given the choice between better technology that can potentially be subverted, or the absence of better technology, I'll take better technology every time. I'll fight to keep that technology secure against all threats and subversions, but I refuse to fight technology itself; I will never become a Luddite. Technology doesn't surveil people, people surveil people.
Sorry, you lose points for playing the Luddite card. I even blogged about that recently: http://robert.ocallahan.org/2013/12/one-day-luddites-will-be-right.html "Luddites were wrong once, so improving technology is always a net win" just doesn't follow.
"if you save your soul, you'll loose it." Maybe society won't won't fine. Maybe surveillance is just one of many issues that'll ultimately push us toward toward the end times. Just remember that ultimately it's Gods job save us, not ours.
It is a simple choice between a technology that preserves your privacy and one that does not. Privacy-invading technology has a way of making itself increasing difficult to opt out of. Cell phones replaced planing for meet ups and social gathering, so opting out of cell phones also means opting out of many social gatherings. The technology changed how society communicates and socializes. Same with Facebook. Google Analytics used to be an simple decision to block, but then Google added JavaScript functions for webmasters to use in the normal functioning of their website. The decision expanded from privacy or spying, to broken website or spying. (Even your own website requires Google scripts for anyone that wants to participate in the conversation by commenting) Tom Jones' otherwise thoughtful comments (above) embrace the idea of this expanding decision. It is no longer a choice between a private car and a spying car, it is a choice between no car or a spying car. The choice of a car that is both safe and private is past consideration. Technology tends to expand from a simple choice between privacy or spying, to a larger decision about whether to participate in society or opt out of society. --DB
Franklin Chen
It's very interesting to me how many anonymous comments this post has inspired! It sounds like a lot of people do believe in privacy.
Jonas Finnemann Jensen
Poul-Henning Kamp, said it very well a few days ago: "If you think you can solve political problems with technical means, you're going to fail: Politicians have armies and police forces, you do not." Read the rest of his post here, but ignore the car analogy :) I know that going a little Amish may seem like a non-technical solution, I disagree. Long story short: this is a political problem it needs a political solution. Now, are you running for office?
That article is a bit of a mish-mash of separate points plus some generalizations, so it's hard to respond to. I'm not very worried about being watched by a massive fleet of drones, because that requires a lot of resources (hardware, energy) per target, whose cost is difficult to drive to zero. A political solution has its own grave difficulties. Since I'm a New Zealander, running for office has limited value since we don't have jurisdiction over the major players. Also, no matter how successful a political movement is there will always be defectors: non-cooperative nation-states and criminal gangs who will always have the will to exploit vulnerabilities in the system. Having said that, a multipronged approach is certainly needed, of which a "dumb device" movement is just one part.
My first thought is that your desire is some kind of dual or inverse of Cory Doctorow's fear of "the coming war on general-purpose computing" (http://boingboing.net/2012/08/23/civilwar.html). You're worried about (certain) devices that are (in certain ways) too powerful, and he's worried about (certain) devices that are (in certain ways) too limited. I guess there are many competing constraints and desires in play in many different circumstances.
Partially in line with this topic, I think you may like this article: http://www.theguardian.com/technology/2013/dec/31/email-broken-dark-mail-alliance-fix-silent-sircle-snowden
Well there is a low tech movement: http://www.lowtechmagazine.com/
Joshua Cogliati
Another related article: "If manufacturers won't commit to providing a lifetime of updates—and again, the experience with smartphones is, I think, instructive here—then these smart devices are a liability. Avoiding them entirely is troublesome, but we can certainly avoid using them." http://arstechnica.com/gadgets/2014/01/smart-tvs-smart-fridges-smart-washing-machines-disaster-waiting-to-happen/