“Things” are hotting up

The 14th May edition of New Scientist carried an interesting article called The internet of unprotected things. It’s an interview with John Matherly, the man who invented Shodan, a highly specialised search engine.

Shodan enables users to identify devices that are connected to the internet – printers, webcams, TV sets, mobile phones, even industrial control systems!  Yes. You read that right.  Matherly found turbines, car washes, crematoria,  even a nuclear power plant hooked up and also accessible via cyberspace. Moreover Matherly was able to determine whether or not the devices or systems were secure or could be hacked e.g. because the owners had not bothered to change default usernames and passwords or because  they lacked strong authentication capabilities.

Matherly attaches a chilling little table in which he provides

Conservative estimates of insecure industrial control systems

Here are the numbers:

USA: 54, 501

China: 17,648

Canada: 6,498

Italy: 4,574

France: 4, 408

UK: 4,222

Let’s hope not many of the above are nuclear power plants, national electricity grids, banking systems or major transportation networks.

I’m guessing that by now you have worked out where I am going with this.

Baby monitors have been hacked.  Smart TVs have been or will be. Ditto for connected Barbie dolls and motor cars. As the list of connected or connectable items grows the need for properly thought out security standards is becoming ever more obvious and urgent, particularly in respect of items that will be heavily used by or in close proximity to children. Here I am talking not just about basic or fundamental privacy considerations but also matters which may present much more immediate threats to a child’s physical safety and wider well-being.

Meet the  PETRAS Hub

Privacy, ethics, trust, reliability, acceptability and security, otherwise known as Petras, is a £23 million academic-led network with an impressive collection of industrial partners and an ambitious agenda.

Key to the Petras work programme is not only constructing real-life, experimental test beds to see how different arrays of connected objects perform functionally – do they or do they not deliver the benefits envisaged and if not how can we make sure they do? –  but also ensuring that the right security features are built-in before any resulting applications are brought to market or to a broader public arena.

Buccaneering start-ups, such as Facebook once was, may have boasted that their guiding principle was move fast and break things  sometimes expressed as get it out there and let’s see what happens or it’s easier to apologise than seek permission. However, you cannot  or should not adopt that approach if you’re messing with nuclear power plants, driverless vehicles and baby monitors. A major mishap by a single company or category of objects could destroy public confidence in the whole shooting match. The internet of things is going to test to the limit the idea of permissionless innovation, a notion that has been central to the evolution of the internet up until now.

Ethics as oil, not grit

Step forward Dr Mariarosario Taddeo  who gave a brilliant presentation at a Petras workshop held in London on 12th May at the Institute of Electrical Engineers. Taddeo emphasised the importance of ethics as an enabler of research and scientific and technological progress. It should not always, or ever, be viewed as an annoyance or an obstacle. Ethical errors might invite regulatory intervention which could strangle or divert, possibly even completely halt, different lines of enquiry. That’s the way the world is, and I for one am glad about it. It’s why ethicists should be part of any sizeable project that is sniffing around the edges of science and technology. They are guarantors of continued progress. They keep the men and women in white coats in touch with us mortals.

About John Carr

John Carr is a member of the Executive Board of the UK Council on Child Internet Safety, the British Government's principal advisory body for online safety and security for children and young people. In the summer of 2013 he was appointed as an adviser to Bangkok-based ECPAT International. Amongst other things John is or has been a Senior Expert Adviser to the United Nations, ITU, the European Union, a member of the Executive Board of the European NGO Alliance for Child Safety Online, Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised many of the world's largest internet companies on online child safety. In June, 2012, John was appointed a Visiting Senior Fellow at the London School of Economics and Political Science. More: http://johncarrcv.blogspot.com
This entry was posted in Default settings, E-commerce, Internet governance, Location, Privacy, Regulation, Self-regulation. Bookmark the permalink.