Op-Ed by Professor of Law, Washington and Lee University
Internet-enabled devices are so common, and so vulnerable, that hackers recently broke into a casino through its fish tank. The tank had internet-connected sensors measuring its temperature and cleanliness. The hackers got into the fish tank’s sensors and then to the computer used to control them, and from there to other parts of the casino’s network. The intruders were able to copy 10 gigabytes of data to somewhere in Finland.
By gazing into this fish tank, we can see the problem with “internet of things” devices: We don’t really control them. And it’s not always clear who does – though often software designers and advertisers are involved.
In my recent book, Owned: Property, Privacy and the New Digital Serfdom, I discuss what it means that our environment is seeded with more sensors than ever before. Our fish tanks, smart televisions, internet-enabled home thermostats, Fitbits and smartphones constantly gather information about us and our environment. That information is valuable not just for us but for people who want to sell us things. They ensure that internet-enabled devices are programmed to be quite eager to share information.
Take, for example, Roomba, the adorable robotic vacuum cleaner. Since 2015, the high-end models have created maps of its users’ homes, to more efficiently navigate through them while cleaning. But as Reuters and Gizmodo reported recently, Roomba’s manufacturer, iRobot, may plan to share those maps of the layouts of people’s private homes with its commercial partners.
Security and privacy breaches are built in
Like the Roomba, other smart devices can be programmed to share our private information with advertisers over back-channels of which we are not aware. In a case even more intimate than the Roomba business plan, a smartphone-controllable erotic massage device, called WeVibe, gathered information about how often, with what settings and at what times of day it was used. The WeVibe app sent that data back to its manufacturer – which agreed to pay a multi-million-dollar legal settlement when customers found out and objected to the invasion of privacy.
Those back-channels are also a serious security weakness. The computer manufacturer Lenovo, for instance, used to sell its computers with a program called “Superfish” preinstalled. The program was intended to allow Lenovo – or companies that paid it – to secretly insert targeted advertisements into the results of users’ web searches. The way it did so was downright dangerous: It hijacked web browsers’ traffic without the user’s knowledge – including web communications users thought were securely encrypted, like connections to banks and online stores for financial transactions.
The underlying problem is ownership
One key reason we don’t control our devices is that the companies that make them seem to think – and definitely act like – they still own them, even after we’ve bought them. A person may purchase a nice-looking box full of electronics that can function as a smartphone, the corporate argument goes, but they buy a license only to use the software inside. The companies say they still own the software, and because they own it, they can control it. It’s as if a car dealer sold a car, but claimed ownership of the motor.
This sort of arrangement is destroying the concept of basic property ownership. John Deere has already told farmers that they don’t really own their tractors but just license the software – so they can’t fix their own farm equipment or even take it to an independent repair shop. The farmers are objecting, but maybe some people are willing to let things slide when it comes to smartphones, which are often bought on a payment installment plan and traded in as soon as possible.
How long will it be before we realize they’re trying to apply the same rules to our smart homes, smart televisions in our living rooms and bedrooms, smart toilets and internet-enabled cars?
A return to feudalism?
The issue of who gets to control property has a long history. In the feudal system of medieval Europe, the king owned almost everything, and everyone else’s property rights depended on their relationship with the king. Peasants lived on land granted by the king to a local lord, and workers didn’t always even own the tools they used for farming or other trades like carpentry and blacksmithing.
Over the centuries, Western economies and legal systems evolved into our modern commercial arrangement: People and private companies often buy and sell items themselves and own land, tools and other objects outright. Apart from a few basic government rules like environmental protection and public health, ownership comes with no trailing strings attached.
This system means that a car company can’t stop me from painting my car a shocking shade of pink or from getting the oil changed at whatever repair shop I choose. I can even try to modify or fix my car myself. The same is true for my television, my farm equipment and my refrigerator.
Yet the expansion of the internet of things seems to be bringing us back to something like that old feudal model, where people didn’t own the items they used every day. In this 21st-century version, companies are using intellectual property law – intended to protect ideas – to control physical objects consumers think they own.
Intellectual property control
My phone is a Samsung Galaxy. Google controls the operating system and the Google Apps that make an Android smartphone work well. Google licenses them to Samsung, which makes its own modification to the Android interface, and sublicenses the right to use my own phone to me – or at least that is the argument that Google and Samsung make. Samsung cuts deals with lots of software providers which want to take my data for their own use.
But this model is flawed, in my view. We need the right to fix our own property. We need the right to kick invasive advertisers out of our devices. We need the ability to shut down the information back-channels to advertisers, not merely because we don’t love being spied on, but because those back doors are security risks, as the stories of Superfish and the hacked fish tank show. If we don’t have the right to control our own property, we don’t really own it. We are just digital peasants, using the things that we have bought and paid for at the whim of our digital lord.
Even though things look grim right now, there is hope. These problems quickly become public relations nightmares for the companies involved. And there is serious bipartisan support for right-to-repair bills that restore some powers of ownership to consumers.
Recent years have seen progress in reclaiming ownership from would-be digital barons. What is important is that we recognize and reject what these companies are trying to do, buy accordingly, vigorously exercise our rights to use, repair and modify our smart property, and support efforts to strengthen those rights. The idea of property is still powerful in our cultural imagination, and it won’t die easily. That gives us a window of opportunity. I hope we will take it.
Joshua A.T. Fairfield, Professor of Law, Washington and Lee University
This article was originally published on The Conversation. Read the original article.
The millenials are so compliant and willing to trade security and privacy for convenience, privacy will be a thing of the past within the next 15 years. Gen Z seems to be much sharper, but it might be too late before they come into their own and start affecting things.
Congratulations, you just described the current world
“Peasants lived on land granted by the king to a local lord, and workers didn’t always even own the tools they used for farming or other trades like carpentry and blacksmithing.”
It is called Capitalism.
Only the very rich “own” the tools and the “government” owns all land.
The people of ancient times paid a “Tythe” or 10% to the lords or Gods.
The peasants of the middle ages owed 20% of their production to their “Lords”
You are paying some 50% to 70% to your overlords.
Are you having fun?
The stupid will get hacked. Irradiating the casino guests with WIFI may be a good gambit to slow them down and increase house take but it is not good for security.
Secondly, this author appears to not know of the existence of Open Source hardware and software – owned by the users
The Author is not alone. Most people have no idea Open Source software exists. As far as Smart (dumb ass) phones go Open Source is not really an option yet. The Ubuntu phone was a failure. The IoT does use a lot of Open Source software, but it is so un-secure only an idiot would hook up there TV, thermostat or fridge to the Internet.
Today’s U.S. economy is a PICKPOCKET economy. The real, physical economy went down the tubes decades ago, following the murder of U.S. President John F. Kennedy. Today’s second great depression is totally unnecessary. This is no mere recession or depression, however. It is a hyperinflationary, systemic, physical economic breakdown and blowout. We need a real plan of action to get the economy back on track and moving. Pass Glass-Steagall NOW! No ifs, ands or buts about it.
I concur with the tech giants. They DO own the software. We purchase a license to use it. Just as when you bought a record or an eight track tape years ago, you owned the physical object, but you were purchasing a limited license to the music (data) on it.
However, the various companies who are collecting all this data from us do not own it. We do. My likeness, my biometric data, my interests, shopping habits, etc. are MINE. Google, Amazon, Facebook, et al are stealing, especially from all of us who do not use their ‘free’ services, but from whom they are still collecting data. At the very least, they should be required to obtain our permission (to which they pay lip service) and share with us the profits they make (which they do not) from prying into our lives.
This, I believe, is the legal and legislative target (establishing that WE own our data) that will restore our privacy and property rights. Are there any attorneys out there who see a class action suit in this? It could be the case of the century.