The Internet Of No Things

In Michael Mann’s excellent caper movie Heat (Pacino, De Niro), there’s a scene in which mastermind criminal Nate (Jon Voight) is talking to De Niro’s character McCauley, and shows him architect’s blueprints of a bank’s electrical system which McCauley will need to rob it. McCauley asks (and I’m paraphrasing this exchange from memory), “Where do you get all this stuff?” and Nate answers vaguely, waving his hand, “It’s all out there, in the air… you just have to reach out and take it.”

Note that Heat was released in 1995, when the Internet was still in its relative infancy.

Now we have this so-called “Internet of Things” whereby (heretofore stand-alone) technology can be controlled remotely via the Internet — and it’s not just “autonomous” cars (about which I have ranted before), but the most mundane stuff like stoves, refrigerators and similar kitchen appliances. Insty has been on a tear about this phenomenon recently, linking to articles about smart TVs being compromised, wi-fi in refrigerators and expectations of privacy in cars’ black box data-collection devices, to name just those in recent memory.

I hate all this shit. I understand that there are going to be times when controlling your oven from outside the home (like, when you forgot to turn it off) can be helpful, even life-saving. I understand why your home security system should be remotely deactivated when the maid service comes to clean your house — and no, I’m not going to deride these situations as “First World Problems” either. I don’t even like that annoying little beep that “reminds” you that you haven’t put your seatbelt on — and just try to disable the little bastard: you void you car’s warranty. (See how this works?)

What I’m really concerned about is that your remote control of things is, in Nate’s words, “in the air” — and if you can turn off your gas oven from your hotel room in Bali, who’s to say that some asshole can’t turn it on from his mom’s basement in Poughkeepsie? Having this ability to control your stuff remotely is fine, provided that you are absolutely, 100%  certain that you, and only you, can do the controlling. Me, I don’t believe that, and I do not trust this situation because for fuck’s sake, every single system in the known world, from Target’s customer file to the IRS taxpayer database to Iran’s nuclear development program has been hacked. I don’t care who did the hacking (Mossad, NSA, Russia’s FSB, or Gregory The Geek), the fact that these systems can be hacked at all makes me leery of ever adopting them and the appliances they control.

I know, these systems make your life easier. “Convenience” has sold a ton of ideas and stuff, just not always with benevolent consequences. Remote garage door openers, for example, have been a blessing to lazy drivers, and also to burglars, who now use handheld decoders which can open any garage door inside fifteen seconds — and these decoders are sold quite legally at any serious electronics store. I bet everyone here can think of others — I can’t be bothered — which only makes this a much bigger deal than we think.

And no, I’m not one of these conspiracy loons who think that all this is an international conspiracy of Bilderburgers, Battenburgers, Double-Cheese Hamburgers or the perennial favorite, the Jooooz. (I’m going to say it now: conspiracy nuts are paranoid fucking morons.)

But I am intensely suspicious of any system which takes away my control of my own life, and of the things in my life, simply by telling me that it makes it all more convenient for me.

Here’s a simple question: if the Internet of Things allowed for the remote control of, say, handguns, how would you feel about it then? Why are you against it? Don’t you want to render your gun completely safe and inert so that your child can’t hurt himself if he plays with it? Or wouldn’t you like the police to have the ability to disable guns in the hands of criminals? Or wouldn’t you like the government to be able to render all guns inert in the case of a national emergency, so people couldn’t be robbed or killed?

Do you see how reasonable and how convenient all the above questions sound? [And let us pause here while Chuck Schumer shares a post-orgasmic cigarette with Dianne Feinstein.]

Oh, and please don’t tell me that guns are different because they aren’t the same as microwave ovens or refrigerators. It’s the Internet of Things, not the Internet of Some Things. What is added to one can be added to others; as we all know, airliners have long had “black boxes” to record their movements and data — now try to buy a car which isn’t fitted with an EDR (and rulings like this are rearguard actions, which will eventually fail).

And as the title of this post suggests, I’m supporting the Internet of No Things. A pox on all of it, and on the people who are trying to foist this shit on us, even though their reasons are oh-so reasonable and altruistic. Never mind, as Megan McArdle points out in her article above, that this added technology adds considerable cost to products, to the manufacturers’ benefit. (It’s the same with cars: you could lose 50% of all the new technology from cars, and while things might be a little “inconvenient” for the driver, the car could still perform its most elemental function without skipping a beat. Just for thousands of dollars per car less.)

People who are opposed to technology are generally called Luddites (after their apocryphal English founder Ned Lud) or saboteurs (after the French textile workers who threw their wooden clogs — sabots — into mechanical looms). I am neither of the above, nor do I fear technology. What I fear is that one day soon we’re going to find out that while all this technology has freed us (from what?), we’ll be shackled into immobility like Gulliver by the Lilliputians — not by just one device, of course, but by all our possessions which are no longer under our control.

Cue George Orwell: “Freedom Is Slavery” — only in our case, it will be “Convenience Is Slavery.”

Go ahead and laugh, call me crazy or sneer at my apparent Luddism. We’ll see how all this shakes out; but I’m not wrong, and it will give me no pleasure at all to say “I told you so” (while I’m firing up a home-made flamethrower to use on my microwave, which won’t let me nuke a pork sausage because I’ve exceeded my government-mandated weekly hot dog allowance).

If this is to be the future, I want no part of it, and I will actively resist it. I won’t be standing athwart the tide of Convenience shouting “Enough!”; I’ll be behind a barricade with a loaded AK-47 which, I need hardly tell you, will not be remotely-controlled.

20 comments

  1. (slow clap)

    Just to establish my credentials, I’ve been in the tech field (professionally) for over 30 years, and before that I was a tech geek way back to High School. I’ve seen a lot of tech, used a lot of it, and never shied away from tech that actually did something BETTER. I have an MP3 player because it’s smaller and more convenient than a portable CD player and stack of disks.

    But I admit to being scared of the way things are going.

    My former doctor (former for this very reason) informed all of his patients that he’d be using service to store our medical data, whereby we could access our information, or allow another doctor to access it, or thru which we could contact him with questions (and his answer was ALWAYS “You need to come in for an office visit.”) Oh, and the cost to patients was modest, less than 50 cents a day (actually it was $14.95 per month IIRC). When I expressed concerns about the security he assured me that “It’s TOTALLY secure”. Horse shit. This was shortly after rNas got hacked, and if a company that SELLS data security devices can be hacked, some server in a bathroom (see what I did there?) storing my medical information can certainly be hacked. And I get that my information is on a server somewhere,but I see no reason to PAY a monthly fee to have it out there. I told him I’ve been doing this for a LONG time, and just like there ain’t a horse that can’t be rode or a man that can’t be throwed, there ain’t a computer system that can’t be hacked.

    I think the one that scares me most is that your car can come under attack. Not only can they shut off the engine or limit the speed (which I can sort-of understand, if I report my car stolen I’d like it to stop where it is), they can disable your BRAKES. Imagine the problems you could cause if you disabled the brakes on a few dozen strategically placed cars on highways around a major city during rush hour, then disabled the engines of a few more? Especially if this coincided with a chemical or biological attack in that city?

    But I’m a Luddite.

  2. The gun analogy is a good one, but for me, in a different direction– to wit, if you know nothing about firearms, buy one, and shoot yourself in the foot, whose fault is it? Most rational people would say the idiot pressing the bang switch.

    IoT stuff is no different than a car, or a gun, or a safe, or a credit card. If you intend to use it, learn how to do so competently, responsibly, and safely. The kind of person who goes to best buy, buys a random wireless router, sets ‘doggy’ as the password, and plugs in their whole life is about as smart as one who leaves their toddler in a running car or a condition 0 1911 with a 2lb trigger on the nightstand.

    If you’re worried about your car getting ‘hacked’, learn a little about its systems. You’ll note that for 99% of cars, at the very least, direct physical access to the thing is necessary to do anything of note. If you’re worried about your fridge telling uncle sam what you had for dinner, unplug it, or VPN and encrypt it.

    I’m fairly middle of the road on IoT stuff– and for the record, I build some of the crap. I like being able to save a buck (actually many hundreds) by using ‘smart’ thermometers I can control from anywhere, to use one example. However, I secure them (and the network they’re on), set up their access accounts in a largely anonymous way, and don’t use any of the geolocation crap they are featured with. As such, I get 90% of the convenience with perhaps 10% of the risk– a happy balance in my world.

    In short, there’s a middle way. Yes, you can plug everything in your life into a network with a crap password and your home address plastered all over the ether. Likewise you can turn your home into a faraday cage and drive a carbureted el Camino to work. Or, like any tool, you can learn how it works and be relatively happy in the knowledge that you know what it’s going to do and how it’s going to do it.

    1. O Leonine One,
      That’s the whole point of the thing: I shouldn’t HAVE to learn how the shit works and how to relax and enjoy my new robotic overlords.
      What’s the price of a cherry El Camino these days?

      1. Different strokes, I suppose, but it’s not like picking up the basics of info and network security is tantamount to rocket surgery. It’s really simple, common sense stuff that everyone already knows– the trick is just applying it to things that like to talk to networks.

        Elcos are cheap (relative to other muscle), always have been. Just don’t hit anything. In fact I recommend indirect fire on any SUVs within a mile radius, just to be safe.

        1. Mr Lion, have you dealt with most people? You’re right, it’s not like rocket science to most people. It’s more like brain surgery while juggling 9 balls and doing a stand up routine in front of a live audience all at the same time.

    2. ” If you intend to use it, learn how to do so competently, responsibly, and safely”

      You are laboring under the misapprehension that you will be given a CHOICE.

      I’m also a 30-year plus IT vet; currently, I’m working at one of the top 5 worldwide integrated system providers as a consultant. Kim knows exactly who I work for, and for how long.

      Recently, we were briefed on a lovely setup we did for a Dallas Texas auto dealer holding company: 80+ dealerships, all major car brands, new and used. They just went live with a neat little system that plugs a dongle into your Engine Diagnostic Port. Said dongle looks just like the port it is now the front end of; you would have to disassemble it with a knowledge of auto electronics to find it. It phones home every hour or so with a dump of your vehicle’s black box. Note the “phones”: it’s equipped with its’ own cellular modem whose charges are paid for by the dealership / holding company; they are INVISIBLE to you.

      The “official” use of this is for maintenance reminders, maintenance data like what oil matches your driving; surely nothing you could object to, right? Until they use that knowledge to void your warranty because you “abused” the vehicle, or answer a subpoena from law enforcement, or a discovery request from your wife’s divorce lawyer, or…..

      The IOT has dozens of devices, and 90% plus of them you can’t change passwords, secure with a VPN, or anything else, because if you do those things, the device won’t work. Maybe not at all, maybe not at 100%, there’s a range. But it will be abused.

  3. Demonstration a couple of years ago on a new Toyota, guy sitting in the back seat with a laptop was able to hack into the controls and take over the accelerator and brakes. No, thank you.

    1. The part you didn’t see: The wireless OBD2 interface plugged in under the dash, and the very specific diagnostic software he was using to affect those systems. It’s quite easy to do that sort of thing with said software– dealers need it, for example, to bleed your brakes properly during a service. However, it requires direct, physical access to the vehicle CAN bus, either via the OBD port or some other means. Doing so wirelessly without that physical access is impossible– by design. Engineers (usually) aren’t stupid.

  4. If you got the time, read up on Mikko Hypponen, the CRO of F-Secure, a long-time critic of IoT. He’s famous (to me, at least) for saying “The S in IoT stands for Security”. Making the issue about convenience is only half-right. About the same importance is asking “convenient for whom?”: Stuff that is convenient for companies is not necessarily convenient for the user.

    On the other hand: I personally know a medical doctor who taught himself programming and invented an encrypted mailing system because it seemed prudent not to trust mail providers with such data. And he wasn’t crazy, a huge company actually bought his system.

  5. I’m right there with you, Kim – extremely leery of this so-called convenience and the vulnerability it brings. Not exactly a Luddite – yet. I have a flip phone because I don’t want a smart phone, and will resist one as long as I can. I drive a 2005 Mustang because I love it and I don’t want a modern car that’s tricked out with GPS. My apartment was recently fitted with a Nest thermometer and it’s not connected to the internet, nor will it ever be.

    Oh, and if peering below the surface of the airy wave of “nothing to see here, folks” makes me a paranoid fucking moron, you may gladly add me to said file. The only question is which ones have a ribbon of truth.

  6. The Internet of Things falls into a few categories:
    1) Devices that are to be used against you.
    Example: The “Smart Meters”, which form a ‘mesh’ network, and can be turned off remotely to ‘save power’ (already happened in CA), etc. Water meters have been made doing the same thing, “to save water”. Expect them to first be ‘voluntary’ with a penalty for not using them, and then ‘mandatory’. Usage patterns will then be flagged, for ‘suspicious’ behavior. Another example that has been periodically proposed is the GPS enabled car tracking device, to “only see how much you drive”, and then tax you for road usage (trial-ballooned in Colorado & CA, a number of times).

    2) Devices that function like the extension of the supermarket loyalty card.
    Example: The “Smart refrigerator” which keeps track of your diet, what’s inside, and what you’re ordering from the supermarket. All helpfully passed onto 3rd party marketeers. You are the product being sold. Secondary effects could include health insurance companies, and then the Gov’t, “all for your benefit”.

    3) Devices that monitor you for 3rd parties.
    Examples: Smart TVs & Consoles. The smart device watches you, while you watch it. I’ve read that some refuse to work if they are unplugged from the internet (one example was LG TV). I’ve also read that the manufacturers have worked on image recognition, so they can keep track of who comes & goes during which program segments, to help the advertisers “appropriately tailor their ads”.
    To be more “helpful”, modern electronics will attempt to connect via WiFi or Bluetooth to the mothership, even if you specifically don’t want them to be connected. In some cases, you can only prevent the connection by putting your own firewall on the inbound/outbound connection & filtering the packets (Example: Microsoft console & Win 10).

    4) Devices that provide a “service” while monitoring you & reporting on your life to a 3rd party.
    Examples: Echo and On-star & its’ progeny. For them to ‘work’, they have to be ‘always on’ and listening for your activation call. The FBI has already used “overheard data” in its’ investigations, which is then sanitized via ‘parallel construction’. Similarly, Ford Motor company’s president was quoted saying, “we can track you anywhere” and the next day, tried to back away from the statement with a “but we don’t do that”. Riiiight, I believe you.
    In a less big-brother sense, Amazon or others could use your background sounds to match up and then market to you, “things you might be interested in”.

    NOTE: the point I’m making above, is not “this might be possible” tin-foil hat conspiracy theories but instead, things that have already happened, created by companies “with the best of intentions”. [I’m giving them the benefit of a doubt]. However, the road to hell is paved with good intentions, and the only way to win is not to play the game. Therefore, I’m considered a Luddite by these companies, and have none of these devices. But I also don’t believe that my personal life is any business of an uninvited 3rd party, nor do I believe that when I purchase an appliance, it’s the right of the manufacturer to maintain control of it & use it to spy on me.

  7. Kim, in one regard you are underestimating the potential problem.

    With the advent of big data, and the ability of outside organizations to collect and collate this data, these organizations can generate a very accurate picture of you and your life. It’s not big brother, but a gang of little brothers working together.

    So not only will all these devices spy on you, there is no possible way that these devices will be secure for any length of time.

    Even among technical specialists, there are very few people who have the knowledge and time to spend locking everything down, and even then they will often miss things.

    No, the only real security is to go completely retro as the more complex the device, the harder it is to secure.

    On the other hand, i did hear a story about a computer that was completely secure. It was encased in concrete and dropped into the Mariana Trench. It ended up being a bit awkward to work with though.

  8. This isn’t Luddism. It’s common sense.

    Mr. Lion tries to put a brave face on it, but not everyone has the time or the technical savvy to clamp down on data being passed along. And the proliferation of it makes me wonder if anyone in these fields has ever been the target of a hack, or for that matter, ever read a cyberpunk novel.

    Back in 1992, there was a supplement for the roleplaying game Shadowrun (a mashup of cyberpunk and fantasy). wherein the fictional characters discussed using smart devices as viable cameras and entry points into a home network. In 1992.

    I think people get all wound up about how ‘this is AMAZING!’ and they don’t stop to think ‘how could it be misused?’. Until the first time they get hacked, that is.

  9. I’m torn on it, because I’m a techie, and I think like a hacker. I made educated decisions that I don’t expect other people to be able to make. Even worse, Dunning-Kruger taught us that the dumbest people will be the MOST sure of their ability to tell the difference.

    I have an IoT thermostat. Why? Because I know what it does. It turns my AC and heater on and off. I know what the six wires do and don’t do. You can’t use it to turn the gas on without turning on the pilot. The worst someone could do with those six wires is make me uncomfortable or break my AC. I’ll take that risk. (Also, I have a relatively dumb one that just lets me change the schedule and turn it on and off from the internet. I don’t have a “learning” one like a Nest.)

    Garage door opener? Same thing. I do what I can to practice good IoT hygiene. I keep my IoT presence and my Online Asshole presence separate. Even then, I know that I need to lock the door between the garage and the house, to make it take longer for someone to get into the house and encourage them to steal from my garage freezer and my lawn tools instead. (Because all security is about discouraging, not preventing. Given enough motivation and time, anyplace can be broken into.)

    Fridge? Meh. I don’t get anything significant from it, but spoiling my milk is unlikely to kill me. My oven? I don’t know how those controls work. I don’t intend to let someone burn my house down or turn the gas on from outside. IoT car? Hell no. That thing’s a 2000 lbs missile. I don’t give control of weapons to internet assholes. My house doors? No.

    If there is a really good reason for me to want to get to it from some other place, and the downsides to losing control are minimal, I’ll put it on the IoT. (Some of my house lighting will probably go on — as long as I also have local switches that fail to manual control.) Minimal reasons to put something on the internet will NEVER outweigh even minimal risks.

  10. Well, you know, I could see some possible uses for remote-operated AK-47s. Especially if they were mobile. I wonder if you could breed one with a drone…

  11. “I’m going to say it now: conspiracy nuts are paranoid fucking morons.”

    Yeah, well, we *knew* you were gonna say that.

Comments are closed.