June 6, 2017

The Internet of Things Connectivity Binge: What Are the Implications?

Theme 7: Whether or not people disconnect, the dangers are real. Security and civil liberties issues are being magnified by the rapid rise of the Internet of Things

Many respondents to this canvassing said they are certain that there will be more attacks with more devastating results as billions more things and people become interconnected online and systems become more complex and difficult to manage. Some say these security concerns are likely to lead to regulation, although it might not take place until after a devastating attack or exploit. Even if an extreme “threat environment” does not emerge, some respondents believe that the protection of individual rights – of civil liberties – is greatly endangered by the Internet of Things, a world in which enormous quantities of granular data can be continuously collected, databased and analyzed, then used to form judgments about people, and to try to sell them things and ideas, and possibly even to manipulate them.

Threats are likely to turn into attacks and other acts, possibly some violent

Nigel Cameron, president and CEO of the Center for Policy on Emerging Technologies, observed, “The sky’s the limit; if you can hack a Jeep from a basement QWERTY keyboard you can take control of a nuclear power station or an aircraft or have a million cars turn left on cue. In principle.”

Hackers will hack. Criminals will plunder. We’ll lurch from crisis to crisis. It’s not clear whether it’s possible to make things more secure, or to limit damage. We may be facing a continuing arms race.
Miles Fidelman

An anonymous chief scientist wrote, “Hackable systems (that is all of them!) will be the basis of Chernobyl-type events in the connected world.”

Marc Brenman, managing partner at IDARE LLC, replied, “Failures will continue to occur, and grow worse. Cascading failures will occur. Cybersecurity will continue to be breached. Safety is illusory.”

An anonymous respondent who works in government said, “A natural disaster or EMP [electromagnetic pulse] may very well cause massive damage that cascades into all connected systems.”

Miles Fidelman, systems architect and policy analyst at Protocol Technologies Group and president at the Center for Civic Networking, commented, “Hackers will hack. Criminals will plunder. We’ll lurch from crisis to crisis. It’s not clear whether it’s possible to make things more secure, or to limit damage. We may be facing a continuing arms race.”

Thomas Claburn, editor at large at InformationWeek, replied, “Judging by the state of computer security today, there’s no reason to assume things will magically get better by adding more devices, particularly those that govern daily interactions like cars, alarm systems and medical devices. Imagine the harm that could be done by remotely turning on the engine of a car in a garage at night, flooding a home with carbon monoxide while the occupants sleep.”

An anonymous systems engineer working for the U.S. government predicted, “For significant systems – public infrastructure, health and safety – the risk may be high enough to prevent widespread adoption.”

An anonymous senior design researcher commented, “I worry about monopolies with code that is vastly distributed and controlling home systems failing, causing entire regions to become unstable due to a line of code.”

An anonymous professor at a state university commented, “It’s actually surprising that we haven’t already seen major disasters caused by hacking, of the sort that would close down cities or states.”

An anonymous senior software engineer at Microsoft wrote, “IoT security will be poor and it will become a target for cyberwarfare.”

Charles Perkins, senior principal engineer at Futurewei, wrote, “Loss of freedom is a very significant threat. It is possible to maintain safety but it requires big investment in product development, as well as a realistic vision for the customers.”

An anonymous respondent wrote, “The risk of totalitarianism will increase, as the power to control other people’s lives goes up and is accessible to corporations and governments.”

An anonymous software engineer replied, “Your average user sees exploits [hacks and attacks via networked devices] in the news on a regular basis. Recent court decisions say you have no expectation of privacy if your computer is connected to the internet. The combination of these would lead me to decide the potential gains are not worth being connected.”

An anonymous respondent commented, “The most-serious vulnerabilities involve the most-capable players. They can use stealth or blitzkrieg tactics on systems like infrastructure that no one can escape. The technology of an independent lifeboat does not exist on Earth.”

Tom Ryan, CEO of eLearn Institute Inc., replied, “The Internet of Things continues to grow, especially as new ways to connect machine to machine to automate provide more convenience. There is also a corresponding growth in industrial and governmental cybersecurity and international cybercombat that are driving threats and responses. There will most likely be a major event that will occur due to the opportunities that the Internet of Things provides to people that choose to do harm. My biggest concern is something that cripples countries’ infrastructure (electrical, communications, water, energy).”

Pete Cranston of EuforicServices.com commented, “There will be scares, genuine disasters, but the potential gains from interconnectivity are so great that we will continue to lurch into a future where we will have to confront issues of independent machine-machine decision-making much more actively. (This is also known as machine intelligence, but actually has more to do with interlocking algorithms exponentially increasing the complexity of machine response patterns.)”

Susan Mernit, CEO and co-founder at Hack the Hood, observed, “For many, these will be viewed as creature comforts and conveniences – until they don’t work as planned. The Big Brother aspects of the Internet of Things really scare me. I don’t want my self-driving car to control where I go.”

An anonymous CEO commented, “I don’t think it’s possible to network objects together to ensure they remain safe – a hacker is always one step ahead.”

An anonymous respondent commented, “The trend toward connectivity is irreversible, but there will be at least one major crisis where a widely used internet-connected thing is hacked/compromised with highly visible results that ‘bends the curve’ toward better security (primarily security practices) by vendors of internet-connected things. It’s going to take one or more crises in order to change the current situation with respect to widely deployed exploitable vulnerabilities. The [incorrect] view of ‘things’ as products (especially consumer products) as opposed to systems is why the reaction to this sort of ‘thing’ security crisis will be different as compared to the current acceptance of the existence of vulnerability after vulnerability for internet-connected items that hasn’t changed anything seriously [up to this point].”

The rise of the IoT and security concerns amplifies worries over civil liberties

Threaded throughout many respondents’ answers were concerns about the rights of the individual. They said the threat level for civil liberties is on the rise as more of the world and the objects therein become networked, intelligence-gathering nodes in the Internet of Things.

The government has been the most prolific user of people’s private information, phone calls, etc. While this is done in the name of safety, it nonetheless diminishes everyone’s privacy. I do not see things improving.
Anonymous chief legal officer

Masha Falkov, artist and glassblower, observed, “Encryption is key to protecting devices and the information they hold within, especially as everything becomes more interconnected. Yet governments and marketers alike wish to weaken privacy and encryption in favor of greater surveillance capability. This puts everyone in danger. Devices on whose consistent operation lives depend can be tampered with, sometimes by individuals whose sole purpose is just to see if they could, as well as terrorists and other people of malicious intent. I don’t believe it is possible to have 100% security because our operating systems are always evolving as we search for greater potential to our tech. But it is possible to improve security through several means. One is to require high security standards and encryption on all connectivity devices, and to make companies that create these devices and software liable for damages that may result. This will ensure to some degree that companies do not skimp on their security teams. Another means, which is happening right now, is to enlist hackers into helping companies and developers into finding security flaws through the use of cash prizes or employment. This also creates an outlet for people who love to hack to be productive individuals rather than a nuisance. Finally, make sure that the laws are set up so that hackers who find flaws but do not exploit them can report them without fear of prosecution.”

An anonymous chief legal officer replied, “The government has been the most prolific user of people’s private information, phone calls, etc. While this is done in the name of safety, it nonetheless diminishes everyone’s privacy. I do not see things improving.”

An anonymous sociologist at the Social Media Research Foundation wrote, “The need for security in IoT devices will lead toward oligopoly – only a few leading businesses will be able to provide a sufficient level of security. This will mean that the IoT world is one that leads toward monopoly.”

An anonymous respondent commented, “The drive toward a more highly connected world is being motivated by corporate profits. Highly automated and connected devices allow these companies to maximize profits. However, the everyday person has little to no say in how certain types of networked devices (e.g., water meter) are deployed in their lives. The biggest threat currently is the loss of personal information. However, the future threats will be loss of life due to companies taking shortcuts in how they connect all these devices. While technologists can create protocols and network services that can help minimize threats, it will fall on governments to regulate how certain types of network connections (e.g., medical devices, power grid) are deployed/maintained.”

Sam Punnett, research officer at TableRock Media, commented, “We are raising generations of people for whom the connected life is the norm. Increasing connectivity via IoT further complicates the environment and raises the potential for criminality and abuse. … I am not a network specialist but I have an appreciation for the world of IoT. If given the choice between a vision of the future made secure and safe I would be far more likely to ascribe to one put forward by the Electronic Frontier Foundation over one from any element of state surveillance and security.”

Wendy M. Grossman, an independent writing and editing professional based in London, said, “Going forward, many will not have a choice about it. … If you can only have one device and one communications network, that’s going to be a smartphone and a data plan, and if you can save money by consenting to let your refrigerator send the supermarket statistics on how and when you consume the groceries you buy, then you will. The problem is especially acute with respect to the technology underlying smart cities, because local authorities make operational decisions that don’t require public consultations that have later impact on civil liberties and human rights. A great example is the auto-dimming streetlights being installed in a number of cities. Local residents, if asked, certainly support the goal of reducing energy use and cost; but they aren’t consulted about the video and audio surveillance systems that form part of these systems. So: both of the statements we began with are true.”

Axel Bruns, professor in the Digital Media Research Centre at Queensland University of Technology, wrote, “As with other trust issues, users may have significant concerns about data security in engaging with such networked objects – but in some cases their opportunities for opting out by choosing a non-networked device are likely to diminish rapidly. It is increasingly difficult to find new cars that do not feature back-to-base position tracking and networking as a default, for instance – so, as older models are disappearing from the marketplace, users will be forced to accept the embedding of such surveillance technologies into their cars (or find ways to hack them, potentially voiding the warranty).”

What do internet companies do with the data they collect? They do business with it. Of course. Nearly all internet systems, devices and services are created to generate a profit. A number of the participants in this canvassing pointed out that algorithms written to individualize people’s experiences are narrowing choices for them in ways that are not to their advantage, not in the name of their personal convenience but in the name of generating corporate profits.

An anonymous respondent said, “I fear that data collected for marketing purposes will further narrow the range of products available to people, removing choice from the market and limiting options.” Another anonymous respondent observed, “Perhaps that is the largest danger – networking is welcomed in as a convenience, but it actually proves to be a choice-killer.”

An anonymous respondent observed, “There’s an open question that’s not quite about damage, safety or trust, but it will be fundamental. It’s about how people think about and interact with these agents that collect and often act on information.”

An anonymous coordinator said, “We already have these problems and people keep buying in. The greatest threats to me are the right to repair [IoT systems and devices] and the right to properly own your own purchased content.”

Another anonymous respondent warned, “Independence and privacy concerns will result in a fissure in society.”

An anonymous respondent urged, “There should be more ways to ensure that companies who make devices are ethically and civilly responsible to protect our data and that we can delete/erase/decide who gets it at every step. We don’t have that yet.”

An anonymous digital manager commented, “Privacy settings will be expanded if there are numbers indicating that people are disconnecting completely. Disconnecting in protest might be necessary in mass numbers to actually make this happen – it should be seen as a form of protest.”

D. Yvette Wohn, assistant professor at the New Jersey Institute of Technology, predicts that those with low socioeconomic status will have fewer options as the Internet of Things evolves. “The trend toward greater connectivity will take place among a majority of people (90%), but people who have very high income, are public figures or celebrities, or have very high adversity to technology will disconnect. The issue will not be about how we can make technology safer, but what is being done with the data that is collected. The government will come up with guidelines so that there will be different tiers of data that companies can use, based on the users’ preferences. People who are willing to have companies utilize their data more will receive stipends, creating a social imbalance where lower-income people will be more vulnerable to privacy relinquishment.”

Several other respondents said they expect that only the wealthiest people will find ways to disconnect and/or route around impositions on their civil liberties.

An anonymous project manager replied, “Connectivity will increase, and those able to pay more will be at the forefront of disconnecting or building isolated systems.”

An anonymous IT director wrote, “If people can afford to, they will disconnect and reduce the amount of digital ‘distraction’ or engagement in their lives. Paradoxically, it will be the most affluent who will be able to afford this ‘luxury.’”

Katharina Anna Zweig, a professor at Kaiserslautern University of Technology in Germany, commented, “As the connectivity promises more comfort, more safety, more savings, more almost anything (next to less privacy), most people will get more and more connected … I do not believe that there will be a larger group of people totally disconnecting from the internet. It might become a privilege of the very rich, but they can only afford it because the people surrounding them and in their service are connected.”

Luis Lach, president of the Sociedad Mexicana de Computación en la Educación, wrote, “People who decide to disconnect will be the ones with more information, but this will be an elite group of critical people. The market will win, no matter the consequences to our personal security and protection of personal data, and people will be connected. The more-concerning threat for the technological paradigm (positive or negative) is the evolution of global and local economies. Today, in the year 2016, … globalization is more of a risk to our lives than a social win. Fewer people are becoming richer in a stupid way, and a vast majority of the population is becoming poorer. We can see a map of world’s migration, just to note that people from underdeveloped countries are migrating to the richest places (Europe and USA), and that is not because those geographies are lands of opportunity, it is because the countries they are coming from are being devastated.”

An anonymous respondent replied, “We’ll wind up being spied on not just by companies and governments, but third-rate hackers. Any individual who draws the anger of the online mob can look forward to having their basic life hacked. Ordinary devices have no business being connected to the internet. There will be a smaller but healthy market for security-conscious devices with limited connectivity. This might mean that only the wealthy and/or sophisticated have access to secure or unconnected options.”

Dudley Irish, a software engineer, wrote, “This is a very complicated issue … but what I suspect will happen is that people will make changes that should lead to them being more disconnected, but in reality, they will be increasingly connected. I am a very knowledgeable technologist and I can’t keep track of all the ways that my behavior is tracked. I consciously avoid being tracked and suspect that I am tracked much more than I would like. Meanwhile, most of the people I know can’t be bothered to limit how much they are tracked because it just takes too much effort. And, it seems like every time I turn around I am reading about yet another privacy failure or technique for de-anonymizing data. This is a context in which regulation could help but is it very unlikely that any useful regulation will be done.”

Alan Cain, a respondent who shared no additional identifying background, said IoT companies have the view that, “Your privacy belong[s] to us; we know when you are sleeping, we know when you’re awake. We know if you’ve been naughty or nice, so be good for goodness’ sake – a Shirley Temple future.”

An anonymous learning systems and analytics lead wrote, “People will remain very skeptical but be left with fewer and fewer choices. Companies like Silent Circle cater to those who desire extreme measures around privacy, but it’s definitely a premium. This will continue to be the case. For example, it’s already economically silly to not accept the installation of driving-habit-tracking sensors. The iron cage of connected life will drive people to be more connected whether they want to or not – and many will not, or will at least have strong reservations.”

Christopher Wilkinson, a retired senior European Union official, commented, “Experience with algorithms is very mixed; [tech users] are naive. Privacy is not adequately protected. The algorithms create and retain personal information that is going to become intrusive over time.”

An anonymous software architect commented, “The surveillance state will only grow as the profit motive or ‘national security’ interests dictate. Most people will be unemployed and not be able to afford such conveniences or see them as time savers when they have too much time on their hands already (no jobs). This can come to no good end.”

Dan Caprio, co-founder of The Providence Group, commented, “We need to work together to protect privacy and security and enable innovation.”