Why the Internet of Things Begs for a Paradigm Shift in Internet Security
The connectivity afforded by the internet has changed the world forever. While the increasing ‘corporatization’ of what many still feel is an open, non-hierarchical, largely uncensored and unfiltered ecosystem, this is increasingly not the case. The emergence of the ‘Internet of Things’ will soon throw into sharp relief who owns the internet and who owns the data we all generate when using the internet. Companies today have a vested interest in portraying their products as safe and secure with the consequence that people’s perception of the internet, apps, devices, networks and services are similarly safe and secure. As the Internet of Things continues to expand, we must step back and examine what it will mean to live in a world dependent on a connected technology that may or may not be impenetrable to hacks and exploitation.
The recent ‘distributed denial of service’ (DDoS) attack which used ordinary household consumer electronic devices to disrupt access to hundreds of major websites including EBay and Twitter, shows how fragile the foundations of the internet are when faced with the Internet of Things. If these foundations are not fixed, we will face further attacks with more severe consequences when, inevitably, the underlying technology fails. While it might seem like an outlandish plot in the TV show Mr. Robot, it is quite conceivable that a major cyberattack could bring down major companies and institutions entirely or cause direct physical harm to those around the devices.
It is unlikely that this most recent cyber-attack will have any real impact on most people’s perception of the internet, but we must embrace this new reality before it embraces us. We cannot continue to have the public relations departments of large technology companies reassure us that everything is fine. The emerging ‘Internet of Things’ only increases the attack surface.
To be clear, the Internet of Things is not new from a technology perspective. In fact, discussion around it began the late 1980s and early 1990s, which makes it a dinosaur in technological terms. The idea was to move away from express interaction with devices such as keyboards and screens toward implicit, sensed interaction — the so-called Disappearing Computer. Everything would be connected to the internet to benefit from pervasive sensing. People’s intentions and desires would even be sensed and predicted, so that, to give an equally mundane and profound example, if you were coming down with a cold your kettle would sense your mood and make you a cup of tea before you even realized this might help you to feel better. But therein lie the problems — how is access to sensory data mediated, who decides what our desires and intentions are, and what choice we are, and are not given? For example, the algorithmic biases of Facebook’s news feed is already well documented where the news you receive is no longer the news everyone else receives, but is curated based on what Facebook decides someone of your gender/ethnicity/status may be interested in, or even more worryingly what it decides you should be interested in.
When you couple the vulnerability of the entire internet infrastructure to cyber-attacks, with the proliferation of devices that sense and mediate our thoughts, moods and emotions and process them into everything from our buying choices or voting preferences, our private desires become a new frontier for multinational corporations and hackers alike to exploit.
And this will make the internet very ill.
Close parallels can be drawn with pandemics we have been threatened by in the past. From the perspective of a virus, the attack surface is the entire of humanity irrespective of age, race, location, or financial status. The hygiene of the world wide web must be drastically improved and every user, or more importantly every device, of the internet needs to be vaccinated against the avarice of actors who will want to manipulate and monetize thoughts that you will no longer even be typing into a search engine.
The Internet of Things necessitates a paradigm shift in thinking toward the internet and security.
And this is not just about privacy and security. This is also about free speech. A website is a platform for ideas and speech. One hacker with one vulnerability in a popular device can mute others’ free speech. What about when this happens around elections or used by state actors to silence dissent? Privacy and security are the mediators of freedom. If we are not in control of our data or our devices then we are at the mercy of actors with motivations that we have no awareness of, and the next internet pandemic will ensue.
We need to wake up to the reality that today’s data breaches are symptoms of security and safety being an afterthought in our devices, networks and services. We are at the mercy of companies to fix their products even though they are often complacent about our security, as long as their bottom line looks good. And this needs a global solution as the Internet of Things takes advantages of new networking technology, such as IPv6, where there are more IP addresses than stars in the observable universe. If data breaches, website take downs, and manipulation of our emotions and choices, do not motivate people to recognize the stark reality of the future, maybe the fact that cars, planes and even pacemakers are now connected to the internet will. If we don’t, the next pandemic could disable your brakes just as you hit 50 mph on the highway.