Thursday 26 December 2013
I'm habitually pessimistic about many things, and this year Snowden reinforced my habit. In the narrow sense of his obligations to the US government, he's a traitor, but to the human race as a whole he's a hero and a role model; he personally is inspiring, but what he revealed is depressing.
I think his most important lesson is that total surveillance is an explicit goal of the US and UK governments (and by extension other governments), and there's no real restraint in how that goal is being pursued, especially for those of us who aren't US citizens. Combine that with the cold truth that we are incapable of securing complex systems, and we're in a very bad situation. We have to start assuming that mass-market computing devices are compromised, or can be compromised at will.
When people talk about the "Internet of things", they're implying the situation is going to get much worse. Every device that is network-accessible and supports updateable software is a surveillance device ... if not all the time, then as soon as someone decides to turn it on. (Let's ignore for now devices that can be programmed to take hostile action against their users!) I am not in favor of the Internet of things in the present climate.
Unfortunately, factors of cost, convenience and cool will keep driving general-purpose, network-accessible computation into every nook and cranny of our world. It may help if a significant subset of customers (I hate the word "consumers", it's demeaning) prefer devices that don't have unnecessary computation jammed into them. I want to buy "dumb devices" --- meaning they are not unnecessarily smart, and don't talk about me behind my back. My refrigerator, clothes, and bicycle do not need network access or upgradeable software, and I don't want them. Of course, if my market segment's population is me, it's not economically viable. Therefore I need a mass movement.
One interesting product segment is cars. The computerization of cars is truly terrifying, and there is some great work detailing how modern cars can be subverted. I would pay a decent premium for a car that lacks any kind of over-the-air communications. A potential problem is that safety regulations require new cars to have sophisticated computers, and sooner or later a computationally secure car may become effectively illegal, if it isn't already.
I don't know what to do from here. Does this movement already exist? If not, I hope someone starts it, since I'm rather busy.