Dear Commons Community,
Zeynep Tufekci, an assistant professor at the School of Information and Library Science at the University of North Carolina, has an op-ed piece in today’s New York Times entitled: “Why ‘Smart’ Objects May Be a Dumb Idea?” Her main thesis is that the Internet lacks security safeguards and therefore jeopardizes the benefits and conveniences of many smart objects. Here is an excerpt:
“A FRIDGE that puts milk on your shopping list when you run low. A safe that tallies the cash that is placed in it. A sniper rifle equipped with advanced computer technology for improved accuracy. A car that lets you stream music from the Internet.
All of these innovations sound great, until you learn the risks that this type of connectivity carries. Recently, two security researchers, sitting on a couch and armed only with laptops, remotely took over a Chrysler Jeep Cherokee speeding along the highway, shutting down its engine as an 18-wheeler truck rushed toward it. They did this all while a Wired reporter was driving the car. Their expertise would allow them to hack any Jeep as long as they knew the car’s I.P. address, its network address on the Internet. They turned the Jeep’s entertainment dashboard into a gateway to the car’s steering, brakes and transmission.
A hacked car is a high-profile example of what can go wrong with the coming Internet of Things — objects equipped with software and connected to digital networks. The selling point for these well-connected objects is added convenience and better safety. In reality, it is a fast-motion train wreck in privacy and security.
The early Internet was intended to connect people who already trusted one another, like academic researchers or military networks. It never had the robust security that today’s global network needs. As the Internet went from a few thousand users to more than three billion, attempts to strengthen security were stymied because of cost, shortsightedness and competing interests. Connecting everyday objects to this shaky, insecure base will create the Internet of Hacked Things. This is irresponsible and potentially catastrophic.
Home builders and car manufacturers have shifted to a new business: the risky world of information technology. Most seem utterly out of their depth.
Although Chrysler quickly recalled 1.4 million Jeeps to patch this particular vulnerability, it took the company more than a year after the issue was first noted, and the recall occurred only after that spectacular publicity stunt on the highway and after it was requested by the National Highway Traffic Safety Administration. In announcing the software fix, the company said that no defect had been found. If two guys sitting on their couch turning off a speeding car’s engine from miles away doesn’t qualify, I’m not sure what counts as a defect in Chrysler’s world. And Chrysler is far from the only company compromised: from BMW to Tesla to General Motors, many automotive brands have been hacked, with surely more to come.”
Tufekci makes a good point in that the Internet was designed for information sharing. It is vulnerable to hacking and lacks the security necessary for the Internet of Things.