IoT information security will never come under the prevailing business model

The business model for smart devices in the home is shaping up to be simple and bad: cheap hardware and no service contracts. That sounds great for consumers — after all, why should I pay $100 for a smart power outlet made of a $0.40 microcontroller and a $1 relay, and why should I have to pay a monthly fee to switch it — but it is going to have serious negative ramifications.

Let me start by saying that many bits have already been spilled about basic IoT security:

  • making sure that messages sent to and from your device back to the manufacturer cannot be faked or intercepted
  • making sure that your IoT device is not hacked remotely, turning it into someone else’s IoT device
  • making sure that your data, when it is at rest in the vendor’s systems is not stolen and misused

 

As things stand, none of that is going to happen satisfactorily, primarily because of incompatible incentives. When you sell a device for the raw cost of its hardware, with minimal markups and no opportunity for ongoing revenue, you also have no incentive for ongoing security work. Or any kind of work for that matter. If you bought the device on the “razor + blade” model, where the device was cheap, but important revenue was based on your continued use of the product, things might be different.

Worse than that, however, in order to find new revenue streams (immediately, or at potential future streams), vendors have strong incentives to collect all the data they can from the device. You do not know — even when the devices are operating as designed — exactly what they are doing. They are in essence little listening bugs willingly planted all over your home, and you do not know what kind of information they are exfiltrating, nor do you know who is ultimately receiving that information.

I think there is a solution to this problem, if people want it, and it requires two basic parts to work properly:

1.

We need a business model for smart devices that puts strong incentives in place for vendors to continue to support their products. This will never happen with the cheapie Fry’s Electronics special IoT Doohickey of the Week. Instead, we probably need a real engagement with sticks (liability) and carrots (enhanced revenue) that are driven by ongoing contractual engagement. That is, money should continue to flow.

2.

We need a standardized protocol for IoT that provides for a gateway at the home, and encrypted data on both sides of the gateway, but with the gateway owner having access to the encryption keys on the inner side of the gateway. The standardized protocol would have fields for the vendor name and hosts, as well as a human readable json-style payload — and a rule that nothing can be double-encrypted in the payload, keeping it from the eyes of the user.

Under such an arrangement, users, or their gateways acting as proxies for them, could monitor what is coming and going. You could program your gateway, for example, to block unnecessary information from http messages sent by your device.

Of course, the vendors, seeing the blocked information might decide not to provide their service, and that’s their right, but at least everyone would know the score.

 

Will this happen? Well, I think vendors with the long view of things would probably see #1 as appealing. Users will not, perhaps. But that is because users are not fully aware of the consequences of inviting someone else to monitor their activities. Perhaps people will think differently after a few sensational misuses of their data.

Vendors will fight #2 mightily. Of course, they could ignore it completely, with the potential antidote that a large number of users who insist on it becoming excluded from their total available market. With a critical mass of people using gateways that implement #2, I think we could tip things, but it right now it seems a long shot.

 

I am quite pessimistic about all this. I don’t think we’ll see #1 or #2 unless something spectacularly bad happens first.

 

For the record, I do use a few IoT devices in my home. There are two flavors: those I built myself and those I bought. For the self-built, they exist entirely within my network and do not interact with any external server. I obviously know what they do. For those I bought, they they exist on a DMZ style network up with no access to my home network at all (at least if my router is working as intended). This mitigates the worry of pwned devices accessing my computer and files, but does not stop them from sending whatever they collect back to the mothership.

 

STEM vs STS

IEEE Spectrum (what, you don’t get it delivered?) recently published a short article about the relationship between STEM and STS.

STEM, as most of us know, is Science Technology Engineering and Mathematics. Pundits the world over like to remind us how important it is that we graduate as many STEM folks as possible. (That notion is wrong, by the way. We should encourage people who like STEM to pursue STEM.)

STS is less commonly known. That’s “Science and Technology in Society,” and the name describes well enough. STS people study science itself: its processes, people, culture, and outcomes.

I believe I am one of a relatively small cohort of people who are both STEM-y and somewhat STS-y. The former, I get from my engineering degree and my natural proclivity to figure out how things work and to make my own working things. The latter I get from my policy training, which included an introduction to some of the basic concepts in that field. (My wife, an STS scholar herself is also a big factor!)

But I think the seeds of my STS-orientation came much earlier in life, when I was still an undergraduate in engineering school. My engineering program, at the University of Virginia, required all undergraduates to write a thesis, and that thesis had to address important STS concepts like engineering ethics. It was not just the thesis, either. My BSEE required several classes at SEAS’s own engineering humanities program, with required books, such as To Engineer Is Human: The Role of Failure in Successful Design (Petroski),  The Design of Everyday Things (Norman), Normal Accidents (Perrow), The Civilized Engineer (Florman) and, of course, Frankenstein (Shelly). At the time we wondered, why, at a world-class university, would the school of engineering host its own humanities classes? Now I can see that there was something truly cutting-edge about it. (It’s not like we were barred from taking classes outside the engineering school.)

Perhaps because I was indoctrinated at a young age, or because the concepts are right, I firmly believe that an engineer who works without considering the consequences of his creativity is at risk of creating less valuable things than he might. We can all easily conjure a list of the “blockbuster bad ideas” of the 20th century (mustard gas, nuclear weapons, etc). But even when the engineering output is an unalloyed good, with a bit of STS consideration, it is entirely possibly that something even better could have been created. Also, I just find it kind of bizarre that STEM folks might be discouraged from thinking about what there work means. I guess its part of the myth of the objectivity of science that there is no meaning to think about. That’s wrong about science, and it should be prima facie obviously incorrect about engineering, which is by definition, a process directed by human desires.

But this kind of more holistic thinking isn’t particularly common, and as a result, places like Silicon Valley seem to be pretty bad at considering consequences. When you’re racing to create something, who has time to stop and think about its implications, much less let those implications determine the course of development? One simple example: hundreds of years of history led to the universally accepted notion that the integrity of a sealed letter should be maintained by all couriers involved in its delivery. When email came along, no such consideration was made. Why? How would the Internet as a means of communications have evolved if privacy were a consideration from the get go? Could the Internet have been “better?” (Yes, duh.)

Anyway, the IEEE article seems to conclude that most of the barriers to getting STEM folks to take on STS thinking are due to the culture of STEM. Though there is truth to that, it’s not the whole story, by far. For example, STS, philosphy, and policy folks have their own jargon and shibboleths, and it’s not easy for someone not trained in the game to participate. Furthermore, even when you do have something to add, I have found the policy crowd rather hostile to direct participation from STEM folks. One reason is that STEM folks are very analytical, and want to talk about all sides of an issue. On the other hand, policy people, at least non-academic “practicing” policy people are usually focused on a predetermined desired outcome, and the whishy-washiness of the engineers is not very welcome or useful to their campaign. It doesn’t help that engineers often expect carefully curated analysis to “speak for itself.” It doesn’t. I can also attest, again, from firsthand experience, that analysis is not highly prized in policy circles. Analysis comes with strings attached: subtlety, complexity, and confounding factors that are of no help when you are trying to persuade.

It’s also important to remember that most engineers work for someone else. They make their living realizing others’ goals. As such, their leeway to affect the direction of their work is limited and to engage in too much STS thinking is to risk their livelihoods.

And finally, in our toxically overspecialized world, it’s just punishing to be a “boundary spanner.” There are no rewards, and it’s a lot of work. If you have the skills, it is very difficult to find employment that will draw meaningfully on both reservoirs of knowledge. This, perhaps, has been the biggest frustration of my career, as I have bounced between these worlds repeatedly, missing one while in the other.

Finally, a parting shot: If you want to bring STS concepts to the fore, you need to bring them to the people with power. Those are not the heads-down STEM practitioners, those are the C-suite masters of the universe. Let’s see some STS thinking more deeply integrated into the curricula at top business schools. Not just an ethics class to check a requisite box, but something more integrated that leads students to think holistically about their companies’ activities and products rather than, say, applying some post-hoc greenwashing or CSR.

How to pay for the Internet, part 0xDEAF0001

Today’s Wall Street Journal had an article about Facebook, in which they promise to change the way the serve advertising in order to defeat ad blockers. This quote, from an FB spokesperson was choice:

“Facebook is ad-supported. Ads are a part of the Facebook experience; they’re not a tack on”

I’ll admit, I use an ad block a lot of the time. It’s not that I’m anti ads totally, but I am definitely utter trash, garbage, useless ads that suck of compute and network resources, cause the page to load much more slowly, and often enough, include malware and tracking. The problem is most acute on the mobile devices, where bandwidth, CPU power, and pixels are all in short supply, and yet it’s harder to block ads there. In fact, you really can’t do it without rooting your phone or doing all your browsing through a proxy.

The ad-supported Internet is just The Worst. I know, I know, I’ve had plenty of people explain to me that that ship has sailed, but I can still hate our ad-supported present and future.

  • Today’s ads suck, and they seem to be getting worse. Based on trends in the per ad revenue, it appears that most of the world agrees with this. They are less and less valuable.
  • Ads create perverse incentives for content creators. Their customer is the advertising client, and the reader is the product. In a pay for service model, you are the customer.
  • Ads are an attack vector for malware.
  • Ads use resources on your computer. Sure, the pay the content provider, but the cpu cycles on your computer are stolen.

I’m sure I could come up with 50 sucky things about Internet advertising, but I think it’s overdetermined. What is good about it is that it provides a way for content generators to make money, and so far, nothing else has worked.

The sad situation is that people do not want to pay for the Internet. We shell out $50 or more each month for access to the Internet, but nobody wants to pay for the Internet itself. Why not? The corrosive effect of an ad-driven Internet is so ubiquitous that people cannot even see it anymore. Because we don’t “pay” for anything on the Internet, everything loses its value. Journalism? Gone. Music? I have 30k songs (29.5k about which I do not care one whit) on my iThing.

Here is a prescription for a better Internet:

  1. Paywall every goddam thing
  2. Create non-profit syndicates that exist to attract member websites and collect subscription revenue on their behalf, distributing it according to clicks, or views, or whatever, at minimal cost.
  3. Kneecap all the rentier Internet businesses like Google and Facebook. They’re not very innovative and there is no justification for their outsized profits and “revenue requirements.” There is a solid case for economic regulation of Internet businesses with strong network effects. Do it.

I know this post is haphazard and touches on a bunch of unrelated ideas. If there is one idea I’d like to convey is: let’s get over our addiction to free stuff. It ain’t free.

 

 

Nerding while sweating

I was slowly cranking my way of Claremont Avenue the other day on my trusty Bianchi when I started wondering why I was so slow. Well, that was easy. I’m pretty heavy and I’m somewhat out of shape. But which is more important, which would have a bigger impact if improved?

First, I used a website like this one to determine the average grade over a certain familiar portion of the route. In this case, it was 13.3%. I also have a speedometer on my bike that tells that I average about 5 mph over that stretch. Finally, I weigh about 100 kg, and my bike is another 10 kg.

So, given that the energy to raise a mass up h height is m*g*h, the power to raise a mass at r rate is m*g*r.

Result:

claremont_power: 317.67222 (watts)

That is, that’s how much power it takes to lift my mass up a hill at that rate. Note the trig to change my speed up the hill to a vertical speed. There are losses in pedaling a bike, and on the tires on the road, etc, but this is a good estimate of the overall order of how much power I can comfortably sustain. Let’s call it 300W.

Now, another thing I’ve noticed while riding is that on flat ground, I can maintain about 17 mph. In that case, I’m not adding power to climb a hill at all, all of my power is overcoming road friction and drag.

It happens that power going to aerodynamic drag goes by the cube of the velocity. (There is more going on here than wind drag, but, eh, it probably dominates at higher speeds…) So, if we assume that on level ground I’m capable of the same ~300W that I do while climbing, I can calculate the constant in:

P = c * v^3

This is a simplification of the more general equation linked above, assuming constant air density, yadda. For 17 mph and 317 W, I get about 0.72376 kg / m. kg/m is a strange dimension, but it it what it is.

So then, I wondered, how fast should I be able to go with a given power budget while climbing different grades?

I created this equation which combines the power to climb and the power to overcome drag

P = c v^3 + m g v sin(theta)

where P  is power, c  is the drag power constant calculated above, m  is mass, g  is the acceleration of gravity, and theta is the angle of the hill. (The angle is the arctangent of the grade, by the way.) Oh, and v  is my speed.

It turns out that my brain doesn’t perform the way it once did and I can’t solve that cubic equation on my own, so I resorted to a Python-based solver which is part of the sympy package.

This function gets the job done:

Note this equation has three solutions, two of which are complex. Only interested in the “real” solution.

Now, this is finally where the fun starts. Want to know how fast I can climb different grades, or how actual athletes who can summon more power than me can get up?

How fast I might get up hills if I could make more power.
How fast I might get up hills if I could make more power. (mass = 110 kg)

Like I said, I can make about 300W, but I saw a youtube video of a dude who could make about 1kW, at least for long enough to make toast.

Then I was wonder, would losing weight help much? It does. Interestingly, it helps on the middle grades. On the highest grades, I’m nearly stopped, and the numbers get small. On flat grades, drag (a function of my shape, not my size) dominates. But in the middle, yeah, there’s an effect.

Dave might go faster if we was less fat.
Dave might go faster if we were less fat.

So there you have it. If I lost 10 kg and could increase my power output by 15% I could go from about 5 mph on Claremont to about 6 mph.

Actually, that’s depressing.

The code we unwittingly run

This will come as no news to tech-savvy people, but when you open a webpage, you are running a metric shit-ton of code from all over the Internet.
A bunch of garbage nobody needs.
A bunch of garbage nobody needs.
Since I’ve been doing some Chrome Extension development over the past couple of days, I’ve been opening up the dev tools that let you see the “console” output of all the javascript that runs on a page. It’s a lot. I have an ad-blocker running, so most of those GETs and POSTs generate error messages and go nowhere. But there are a lot of them. And the code keeps trying over and over.
And it’s from a lot companies, too. On the NYT alone, I get messages from various systems from google, amazon, facebook, doubleclick, moatads.com, brealtime.com.
Aside from the privacy and tracking aspects, it feels like a theft of resources, too. They’re using my CPU to do work that has nothing to do with rendering their page.

Marriage proposal from Jezebel

The fine folks at Jezebel want to marry me! Though I am married in Real Life, I see no reason that should preclude an Internet-based group arrangement.

Because this is clearly the beginning and end of my fifteen minutes, I will paste a few comments from the post:

  • This is basically a marriage proposal to us as a group, right? We accept so hard.
  • This is the best thing that has ever happened in the known universe, space, and time. Ever.
  • I am not going to get any work done for the rest of the day…
  • this is making me positively giddy
  • Firmly believing that the entire Gawker Media empire was brought into existence specifically so this moment could happen. This is fantastic. BRING ON THE AMBITIOUS CORNDOGS, Y’ALL.
  • Whoever made this is a goddamn genius.
  • You are doing a wonderful service for your country! Love love love this.
  • Somebody please tweet this to Colbert? He’s been doing incredible take-downs of Trump and I’m sure would love to demo this on the Late Show.
  • Installing this on my work PC was a mistake. I’m crying.

In the words of Ken Burns, I think this really is my Best Idea.

 

Agnotology

I like discovering a new word, and am excited to see this one: Agnotology. I learned it today in this profile of Stanford University researcher Robert Proctor, an agnotologist.

Very succinctly, agnotology is the study of intentionally inducing ignorance, or as people I used to work with would put it: spreading FUD.

That is, the daily work of thousands of people, employed in a large segment of corporate America. Their job it is to make sure that people do not understand something, say, like vaccines safety or climate change that might interfere with profitability. I guess if “it is difficult to get a man to understand something when his salary depends on his not understanding it” then some corollary says it should be easy for another man to help many men not understand something if his salary depends on how many other men do not understand it.

Or something.

Anyway, with so much intentionally-induced ignorance pervading our universe these days, like the dark side of the force, I was happy to see that at least the activity has a name. I wish the agnotologists well, and hope they will come up with some kind of cure or vaccine that will help us contain the stupid-industrial complex that has come to so pervade our lives and politics.

A different kind of techno-utopianism

What follows is a rather meandering meditation.

Bah, techno-utopianism

There’s a lot of techno-utopianism coming out of Silicon Valley these days. Computers will do our bidding, we will all be free to pursue lives of leisure. Machines, amplifying human talent, will make sure we are all rewarded (or not) appropriately to our skills and effort.

You already know I’m skeptical. Technology today seems to take as often as it gives: you get slick, you give up control. You get free media, you are renting out your eyeballs. A lot of people seem to express powerlessness when it comes to computing.

And why shouldn’t they? They don’t control the OS on their phone, they don’t even know exactly what an OS is. They didn’t decide how Facebook should work. If they don’t like it, they can’t do much about it, except not use it — hardly an option in this world.

A better techno-utopianism

But I am a techno utopian in my own way. In my utopia, computers (and software) become flexible, capable building blocks and people understand them enough to put recompose them for their own purposes.  These blocks would be honest, real, tools, that people — programmers and non-programmers — can wield skillfully and without a sense that there is anything hidden or subtle going on underneath the hood. Basically, that we’d all be masters of our technology. I’m not saying it’s realistic, it’s just my own preferred imaginary world.

How Dave Thinks of Computers

When I started my tech career, I was an engineer in the semiconductor business. We had  computer aided design (CAD) software that helped us design chips. Logic simulators could help us test digital logic circuits. Circuit simulators could help with the analog stuff. Schematic capture tools let us draw circuits symbolically. Graphic layout tools let us draw the same circuits’ physical representation. Design rule checking tools helped us make sure our circuits conformed the manufacturing requirements. The list of CAD tools went on and on. And there was a thing about CAD tools: the were generally buggy and did not interoperate worth a damn. Two tools from the same vendor might talk, but from different vendors — forget it.

So we wrote a lot of software to slurp data from here, transform it in some way, and splat it to there. It was just what you had to do to get through the day. It was the glue that made a chip design “workflow” flow.

These glue tools were not works of software engineering art. They were hacks thrown together by skilled engineerins, but not skilled software engineers in order to get something done. The results were not handsome, not shrink-wrap ready, and not user-friendly, but were perfectly workable for our own purposes.

That experience really affected the way I view computing. To this day, I see people throw up their hands because Program X simply is incompatible with Program Y; the file formats are incompatible, undocumented, secret. Similarly, people who might write “just ok” software would never dream of trying because they do not have the time or knowledge to write Good, Proper Software.

In my utopia, that barrier would mostly go away.

The real key is knowing “how computers work.”

Khan!!!!

There is a push to teach “coding” in school these days, but I see it as simultaneously too much and too little. It’s too much in that the emphasis on learning to write software is going to be lost on many people who will never use that skill, and the knowledge of one programming language or another has a ridiculously short half-life. It is not important that every high school senior needs to be able to write an OS, or even a simple program. They do not need to understand how digital logic, or microprocessors work. And teaching them the latest framework seems pointless.

But I do want them to understand what data is, how it flows through a computer, the different ways it can be structured. When they ask a computer to do something, I want them to have a good, if vague notion of how much work that “thing” is.

That is, they should understand a computer, in the same way Kirk wants Savvis to know, “why things work on a starship.”

See, Kirk doesn’t understand warp theory or how impulse engines work, but he knows how a starship “works,” and that makes him a good captain.

How things work on a computer

Which brings me back to my utopia: I want everyone to know how things are done on a computer. Because anyone who has spent any length of time around computers knows that certain patterns emerge repeatedly — and a lot of programming has a constant vague feeling of deja-vu. That makes sense, because, more or less, computers really only do a few things (these overlap a lot, too):

  • reading data from one (or more places) in memory, doing something with it, and writing the results to another (or more) places in memory.
  • reading data from an external resource (file, network connection, usb port) or writing it to an (file, network connection, usb port, display, etc)
  • waiting for something happen, then acting

With regard to data data itself, I want people do understand basic data structural concepts:

structs, queues, lists, stacks, hashes, files — what they are and why/when they are used. They should know that they can be composited arbitrarily: structs of hashes of stacks of files containing  structs, etc.

And finally, I want people to understand something of computational complexity — what computer scientists sometimes refer to as “big-O” notation. Essentially, this is all about knowing how the difficulty of solving a problem grows with the size of the problem. It applies to the time (compute cycles) and space (memory) needed to solve a problem. Mastering this is an advanced topic in CS education, which is why it is usually introduced late-ish in CS curricula. But I’m not talking about mastery. I’m talking about awareness. Bring it in early-ish, in everyone’s curriculum!

Dave’s techno-utopia

Back to my utopia. In my utopia, computers, the Internet would not be the least bit mysterious. People would have a gut-level understanding of how it works. For example, what happens when you click search in Google.

Anyone could slap together solutions to problems using building blocks that they may or may not understand individually, but whose purpose and capabilities they do understand, using the concepts mentioned above. And if they can’t or won’t do that, at least they can articulate what they want in those terms.

In Dave’s techno utopia, people would use all kinds of software: open, proprietary, big and small, that does clever and exotic things that they might never understand. But they would also know that, under the hood, that software slurps, transforms, and splats, just like every other piece of software. Moreover, they would know how to splat and slurp from it themselves, putting together “flows” that serve their purposes.

 

Worst environmental disaster in history?

In keeping with Betteridge’s Law: no.

My news feed is full of headlines like:

These are not from top-tier news sources, but they’re getting attention all the same. Which is too bad, because they’re all false by any reasonable SoCal gas leakmeasure. Worse, all of the above seem to deliberately misquote from a new paper published in Science. The paper does say, however:

This CH4 release is the second-largest of its kind recorded in the U.S., exceeded only by the 6 billion SCF of natural gas released in the collapse of an underground storage facility in Moss Bluff, TX in 2004, and greatly surpassing the 0.1 billion SCF of natural gas leaked from an underground storage facility near Hutchinson, KS in 2001 (25). Aliso Canyon will have by far the largest climate impact, however, as an explosion and subsequent fire during the Moss Bluff release combusted most of the leaked CH4, immediately forming CO2.

Make no doubt about it, it is a big release of methane. Equal, to the annual GHG output of 500,000 automobiles for a year.

But does that make is one of the largest environmental disasters in US history? I argue no, for a couple of reasons.

Zeroth: because of real, actual environmental disasters, some of which I’ll list below.

First: without the context of the global, continuous release of CO2, this would not affect the climate measurably. That is, by itself, it’s not a big deal.

Second: and related, there are more than 250 million cars in the US, so this is 0.2% of the GHG released by automobiles in the US annually. Maybe the automobile is the ongoing environmental disaster? (Here’s some context: The US is 15.6% of global GHG emissions, transport is 27% of that, and 35% of that is from passenger cars. By my calculations, that makes this incident about 0.0003% of global GHG emissions.)

Lets get back to some real environmental disasters? You know, like the kind that kill people, animals, and lay waste to the land and sea? Here are a list of just some pretty big man-made environmental disasters in the US:

Of course, opening up the competition to international disasters, including US-created ones, really expands the list, but you get the picture.

All this said, it’s really too bad this happened, and it will set California back on its climate goals. I was saddened to see that SoCal Gas could not cap this well quickly, or at least figure out a way to safely flare the leaking gas.

But it’s not the greatest US environmental disaster of all time. Not close.