net.wars: Here there be midget porn
by Wendy M Grossman | posted on 20 December 2013
It's hard not to listen to outlines of the smart connected future we're facing and go "EEK! Dragons!" This is particularly true in the context in which these predictions are being made: caught between the Snowden revelations of endemic electronic spying and the UK government's censorship plans.
For the last several months David Cameron & Co. have been threatening ISPs with regulation if they don't do something about protecting children; on Friday, as The Register reports, BT turned on a system supplied by Nominum. Now, Nominum is an interesting company: its founder is Paul Mockaetris, who created the domain name system. Go and look at their Web page, and yes, one of the services they sell companies is parental controls. The American origins may explain some of the odder categories parents can select in the filter, including this gem, which is provoking widespread objection:
"Sex Education will block sites where the main purpose is to provide information on subjects such as respect for a partner, abortion, gay and lesbian lifestyle, contraceptives, sexually transmitted diseases and pregnancy."
If that's Scylla, Charybdis is the reinvention of the Internet into a giant surveillance machine (as Bruce Schneier has put it).
The one good thing to come out of *that* is the US's public self-examination in public - this week the government published the review of the NSA's activities (PDF), which contains 46 recommendations for reigning the agency back in. We can - and probably should - be skeptical about how much the agency will really change, but it's a start. Compare and contrast to the UK, where, Guardian editor Alan Rusbridger writes, the authorities are still behaving as though stifling any such discussion is an essential part of national security.
Off to the future. Last week, the latest in the lengthy series of Westminster eForums tackled smart living. Much of the discussion revolved around smart meters and various types of energy saving. Some of it was plain how-to-sell-this-to-consumers talk (for example, Susan Furnell, from British Gas). Some was thoughtful about the changes redesigns would bring (such as BMW's Dominik Fromm, who imagined a world full of electric vehicles topping up wherever and whenever). The most exceptional was Glasgow land and environmental services director Brian Devlin, who is masterminding a remarkable project to reinvent Glasgow.
The most thoughtful, however, was Gus Hosein, the director of Privacy International, who noted that he's wanted a smart meter long before anyone saw such things as a market opportunity.
"I worry that I don't want the technologies on show," he said. "I want a better form of smart. I want technology that deals with the full spectrum of risks - that's secure, deals with surveillance ambitions, that's private, and allows individuals to have control. It's not easy."
Cut to one of science fiction writer Charlie Stross's latest rants, an risks inherent in giving rather ordinary things communications connections
Hosein was concerned about a related set of imminent dark-side Internet of things risks. In just the last few weeks we've seen a new malware attack on Androids that leverages the ad network to charge calls and SMSs to the owner's account. The FBI can secretly turn on Mac webcams. And LG's smart TVs collecting and passing on behavioral data on the TVs' owners and sending it on, unencrypted.
This is where midget porn came in. (Note: if you want to see a crowd of business people listening to a string of technical presentations perk right up, throw in a term like "midget porn".) The guy who got curious about what his LG TV was doing noticed that it seemed to be investigating the contents of a USB stick plugged into the TV. So he checked by creating a file with a name he thought was unlikely to be duplicated by any other source: "midget porn". Gotcha!
"Smart devices are not good at letting you know what's happening under the hood," Hosein commented. These tiny devices people are talking about won't have user interfaces. So: how will you do updates or security patches? How will you figure out what your devices are doing behind your back when the information streams are tiny and pervasive? Keith Osman from Birmingham City University raised another good question: when you combine data from different applications and market sectors with streaming data (as you might for a routing application), where does the liability lie? Who's responsible for data accuracy, or if the routing application lands me in a dangerous place?
Let's return to the twin monsters we began with. In a network with pervasive censorship would "midget porn" have been filtered out, helping hide this bad behavior? Granted, you could come up with some other term, but the uncertainty matters. As the network increases logmarithmically in complexity, what will it hide from us? And as cyberspace invades real life and makes physical objects into simultaneous virtual ones, how do we stop them all from joining the giant surveillance platform? If that street light doesn't like my profile, will it stay off when I pass by?
Technorati tags: smart living smart cities privacy international
Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, follow on Twitter or send email to netwars(at) skeptic.demon.co.uk (but please turn off HTML).