The future of technology requires a dramatic shift from the present to place ownership and control back in the hands of consumers.
We engage with technology in incredibly and increasingly intimate ways, both intentionally and not. Our actions online are scrutinized, our conversations listened in on, our behaviors predicted, and all of this is done cavalierly to market products towards us, with no safeguards or thought given to not only the risks and impact of having this data available about us.
The trend is for these devices to only become more and more integrated with our most personal lives, but no less cavalier about data collection. We have already seen eyeglasses that mediate our experience with the world. While those did not have success in their original incarnation, "smart" watches that are linked to our identities and track our blood pressure and other vital signs, tied to our location, have become a normal part of life. We intentionally set up devices to constantly listen to us and work with tools which also are trying to market to us and have us buy and use their services (hello, Amazon Echo, plus Amazon's new purchase history based ad network. We are addicted to social media sites which thrive on us fighting rather than sharing and cooperating. Facebook continues acting like a junkie seeking ever bigger hits of access to our personal data. We carry cell phones with us everywhere while they track our locations and sell them to the lowest bidder.
If huge, centralized, monopolistic, and hyper-profitable platforms are this irresponsible with our data, new entrants to the data-mining space are even scarier. The "surveillance capitalism" business model has escaped from the purely online realm into the "Internet of Things" and is embedding data gathering and monetization in some incredibly ... weird locations.
Sleep Number beds, for example, are bringing new meaning to the idea of "sleeping on a cloud," when that cloud is actually "The Cloud" and is recording how you move around your own bed. "Smart" sex toys are "a long way behind general IoT product security," which is one of the more scarier things one could write about product security. TV manufacturer Vizio has had to admit in court that their Smart TVs being sold at a discount to sell your usage data, and a gazillion of other poorly-thought-through, unmaintained, internet-connected devices which will all end up hacked and screaming at us about an imminent nuclear attack (or, if we're lucky and get a Canadian hacker, a kind person trying to tell us to update our passwords).
More seriously, it's deeply important to also note that this problem is still here in the world of medical implants, and the only reason you don't hear more about the risks is that good-intentioned researchers are legally barred from testing the devices ... by copyright laws.
Even our laptops, that last bastion of general-purpose computing and simple devices which you pay money for and then theoretically actually, really, "own", are increasingly full of software-as-a-service and content-as-a-service, with Microsoft moving even the operating system to a data-gathering service model.
Towards a Cyberpunk Future
So, things are... not great. We as consumers are losing our ability to have any sense of ownership over what we buy. This is slowly infecting other business models as well, to the extent that you can expect cars to be sold in the near future which can only be serviced by their own manufacturer, following John Deere's tractors-as-a-service model.
In most cyberpunk genre sci-fi, you get some form of direct brain-to-computer interface. Elon Musk has already come out stating that he wants to create a direct link between your brain and technology in the next decade, and concepts like Google Glass are clearly along the same trajectory.
Let's play back some of these problems with now having a device that requires deeply invasive and risky surgery to change (with a hat tip to the 465,000 people who needed to get their pacemaker software updated to prevent getting their hearts hacked).
- Apple's version: Oh, I'm sorry, we don't use that connector any more - you'll have to upgrade.
- Every single Internet of Things company: The company behind this implant has gone out of business/been acquired/pivoted to a new business model, so it's no longer being supported.
- Microsoft: The software you're running is now obsolete and isn't getting security updates any more. You'll have to completely uninstall it and buy a new tool (which probably will have the same problem in a year or two) -- or risk your brain getting hacked.
- Facebook: We apologize for the data breach/being caught selling all your data (again); all of your thoughts and a video of everything you saw for the 6 month period of the attack (and/or possibly your entire time using this platform) have now been released publicly on the internet with your name associated. We'll provide a year of free credit monitoring though!
- Google: We have decided to end this much-loved product. All your memories will be deleted in 6 months.
This is an unacceptable future (not to mention the present) we are building. We need to start unraveling this now if we want to enjoy the actual and real potential benefits of this level of personal and assistive technology, of which there are many.
Clear Skies - towards a future with fewer clouds.
We need civil society, hackers, regulators - and most importantly, leading technology companies themselves to step forward. If you want there to be a market to tap into human conscienceness, you have to start now at re-building trust with consumers -- and bind yourself through transparent processes, legally, and technically -- to be responsible with what data is gathered, how it is gathered and used, and an aggressive embrace and support of open technologies to ensure long-term functionality, support, and unfettered access, ownership, and a real ability to transition to alternate, competitive platforms.
If this sounds scary, just reflect on the exact excitement which drove so many rounds of innovation and growth - embracing open standards, from email to the web to cross-platform chat enabled competing platforms to not be walled gardens, but compete on the strength of their communities and additional offerings.
There are bright lights. Mozilla is pushing for Minimum Security Guidelines for smart products. Open Privacy has launched an initial demo UI for a decentralized, tor-backed messaging and application platform.
Below are some rough-hewn requirements to reset technology onto a path that can create an actually pretty amazing future - instead of a hellscape of insecure software tracking your life and advertising at you installed in your head while also requiring a bag of adapters and dongles to keep up with new "standards". Mozilla's Minimum Security Guidelines is a critical step that should be taken immediately.
- Restore and guarantee full ownership of purchased products to their purchasers - separate products from services, support and build open standards with limited licensing fees (only to ensure quality), and for hardware, enable 3rd party repairs and user-replaceable components
- Support rollback of DMCA-like laws and aggressively support tinkering and reversing of owned products, leverage these as part of market research and ideation (e.g. iPhone rooting innovations brought app folders, new swipe-to-access control panels, and night-time modes)
SUSTAINABILITY AND TRANSPARENCY
- Aim for long-term implementations and require backwards compatibility (e.g. don't be Apple)
- Open APIs and Standards: Embrace and support independent developers and open source tools by adopting and sticking with standards, providing extensive documentation, and directly supporting adaptations and independent projects instead of exporting the labor cost to volunteer developers.
- Open Source, code audits, and reproducible builds to prove the code audited is the code used, and improving the transparency and usability of this process all the way down -- including funding usability work to make this process clear and understandable.
PRIVACY AND SECURITY
- Push data processing back to the edge - offline voice/image recognition and actions, focus on local-network applications which users can opt to bridge onto the Internet if they choose to
- Guarantee data portability, remove walled gardens, support open and stable APIs for personal use
- Minimization of data gathering; for debugging rely on user-initiated push and provide an understandable summary of what data is being submitted
- de-personalization of tracking, with audited and provable processes
- Evolving business models to support privacy and doubling down on the transparency aspects
- Use true end-to-end encryption wherever possible, and build a user experience around supporting that.
Certainly there are more, and these could use edits. I've posted the above list as a small github repository at https://github.com/joncamfield/cyberpunkstandards/ and welcome issues and pull requests.
Photo by Alexander London