Internet of Things (IoT) has been all the rage the last couple of years, and I really don’t understand it. Let’s summarize some objections:
-
Any 1 added feature to a [n]etwork increases the risks to it exponentially: n+(n+1).
The connectivity is the feature and any security measures decrease connectivity so is at odds with it’s main purpose, which becomes an inherent security problem when there’s a plethora of new products and services which compete to be first to market.
IoT turns our behaviours into data which can be mined without our own interests at heart.
IoT further pushes the idea of a “citizen” as a “consumer” into a “consumer as product.”
Any 1 added feature to a network [n] increases the risks to it exponentially: n+(n+1)
If you add one IoT lightbulb to your home, giving it access through your own network, any mistake on the part of the manufacturer or nefarious activity targeting your lightbulbs services, exposes the rest of your network for potential attacks. Your lightbulb becomes the vector, and suddenly the rest of your IoT household and network can be attacked in ways which circumvents whatever gateway security you’ve setup at ISP or router level. And should your lightbulb get patched, that new firmware you download for your microwave oven is corrupted because someone got to their repository and now your oven is compromising your own network. The complexity of policing all these IoT services also increases exponentially.
One current example is the massive DDOS attack which squashed Twitter which used an IoT botnet.
The above example uses corrupted IoT devices to orchestrate an attack outward, but that usage is arbitrary from a security point – your hoover is no longer your friend.
The connectivity is the feature and any security measures decrease connectivity so is at odds with it’s main purpose, which becomes inherent security problem when there’s a plethora of new products and services which compete to be first to market.
The same market forces which govern regular product development, marketing, distribution and the inevitable ambition for hegemony, act on the development of IoT, but since the turnover and innovation cycle is getting ever shorter, and the main feature of IoT devices is their connectivity and user friendliness, security is not a priority and will always be lacking. Especially in the knockoff devices which try to compete with the bigger actors by lowering prices. Look no further than cheap USB chargers that keep catching on fire as an analogy — it’s not that the factories and engineers who crank out these crap chargers are incompetent, it’s just that their priorities don’t include “safety.”
IoT turns our behaviours into data which can be mined without our own interests at heart.
IoT allows for those who would like to leverage a deeper knowledge of us to further their own ends. The data that private and state actors mine to better track our habits and wants becomes more granular and nigh impossible to escape. Even if you live in a faraday cage, most of your friends probably don’t, nor will you be able to escape your own buspass or the facetracking software your store is using.
The brouhaha over surveillance fifteen years ago, when we had demonstrations against Echelon and city-wide video surveillance, seems like ancient history, but the same arguments still apply. Personal sovereignty is an important principle, and abuses which we historically have fought tooth and nail to curb are being implemented as features.
IoT further pushes the idea of a “citizen” as a “consumer” into a “consumer as product”
Today when you’re taking the train you are not a passenger but a customer. You are not a patient at a hospital but a consumer of health services. With the increased focus on identity politics in the social sphere we are not political actors but cheerleaders for our brand of conspicuous political consumption.
Going forward, you are the facilitator of a commercial transaction. You have become the programmed agent, being acted upon by machines with little loving grace but plenty of data points on how best to serve you –using their own definition of “serve” of course. You are become a node through which resources flow.
Of course you are still human, and you can choose to act outside the boundries of IoT and the network, but it takes increasing amount of work to do and as soon as these models are being used for our everyday infrastructure you’re being affected with or without your approval.
A free service is never free. The most apparent cost of “free services” is your attention for advertisements. But the way to think of these ads is not that this is what you put up with in order to use a free app — you as a user are the product that the software company is providing their real customers. (This isn’t new, this is how the newspaper industry has operated for more than a century). The difference with IoT is that the service that you are providing to the IoT company is an inherent feature of their products, and you are not even required to actively participate in providing work for them; you are a node, you are the “thing” in the term “Internet of Things”.
And I can’t for the life of me understand how this is a good thing.