A year ago, I wrote a piece about cloud computing’s dark secret: that using it in Europe was probably equivalent to making all your files readily available to the US government. And that was before the Snowden revelations confirmed that this was no mere theoretical possibility. I’m not claiming any amazing prescience here: I certainly had no idea of the scale of what was going on, as I’ve explained in a series of posts on the NSA spying programme. But I can claim a deep and abiding unease about cloud computing, which is why I never jumped on that particular bandwagon, and have written relatively little about it on this blog.
I must now declare a similar concern about the Internet of things. Last week, I discussed the Linux Foundation’s latest mega-project, the AllSeen Alliance, that aims to put open source at the heart of the increasingly fashionable Internet of things idea. There I wanted to emphasise the good fit between free software and networking billions of devices. I think this will become a vast, new sector, with potentially huge ramifications for modern life. But here, by contrast, I want to sound a note of caution.
In the last six months or so, we have discovered that practically everything we do online is monitored in some way – not necessarily by humans, it is true, but that does not diminish its corrosive effect on our privacy and freedom. Imagine having government CCTVs in every room of our homes, recording everything that happens there, all the time, with the claim that there’s nothing to worry about since the images are analysed by computers only, not people. I doubt whether many of us would accept that argument, so I am constantly surprised at the lack of outrage about the fact that precisely the equivalent is happening in the digital realm online.
Now consider the Internet of things. The idea is to create a network of commonplace devices that surround us – not just larger items like fridges and ovens, but perhaps even down to light bulbs. One of the benefits of such a system is that it will allow users to monitor and control their homes from a distance – using their smartphones, say.
Recently, we have learned that the NSA has turned our mobile phones into a tracking device, and that it gathers around 5 billion records each day; smartphones can be subverted in many other ways too, and so it will be relatively simple to access data about your networked home and office, and maybe even to control it.
For example, information from the lights would give clues about which rooms are likely to be occupied, how people move around, and when you go to bed; your fridge and oven would give important clues about when you eat; if cars are added to the Internet of things, as is almost inevitable, then your movements can be tracked even more precisely than by spying on your phone, as at present. If “quantified self” devices – things that monitor aspects of your health – were also plugged in to this new super-Internet, the level of detail about your life would be even greater.
The most extraordinary thing about this disturbing possibility is that no one is talking about it. Or, rather, nobody was: by an interesting coincidence, while I was preparing this column two other very recent posts making pretty much the same point popped up in my feeds. Maybe we have reached one of those tipping points, where things flip from one state – that of regarding the Internet of things as neutral or even benign – to one where we realise it could potentially be the most complete and thus most intrusive surveillance system ever invented.
Against that background, I do have to wonder why the Linux Foundation and its partners chose to call their new project the AllSeen Alliance. Did they really not worry about the fact that the Internet of things will be all-seeing and all-knowing, and that people might come to associate its new endeavour with the worst of NSA excesses?
Luckily, it’s not too late to change a name that seems certain to become a liability as people begin to wake up to the privacy-destroying potential of the Internet of things. Indeed, if the Linux Foundation is wise, as well as changing its name to avoid the all-seeing connotation, it will also announce a major, high-profile initiative to place security and privacy at the heart of the Internet of things.
Again, free software is well-placed to do that: its open nature means that its code can be trusted in a way that closed source cannot. The credentials of the open source community as defenders of freedom and privacy mean that people will be more willing to allow into their homes and families devices based on their ideas and ethos.
In other words, what could be a huge liability for corporate initiatives to wire up our lives could be a big selling-point for an open and transparent approach from the Linux Foundation. But first it needs to change the name to acknowledge and address what I predict will soon become a justified concern about the whole idea of the Internet of things.