In-brief: In an essay for O’Reilly Radar, Cory Doctorow argues that remote management features that allow carriers to disable mobile phones are a mistake – taking technology owners’ autonomy and control over their data away in the name of preventing muggings and other crimes.
Cory Doctorow has a really interesting essay over at O’Reilly Radar on manageability, civil rights and the Internet of Things.
At issue is the growing tendency of IoT infrastructure providers like carriers to look for ways to exert authority and control over devices that connect to their network.
Doctorow, the founder and editor at Boing Boing and well-known advocate for “Creative Commons” and civil liberties writes about what he calls the spread of a “dangerous idea:” “that we can and should solve problems by preventing computer owners from deciding how their computers should behave.”
Invoking the image of the HAL 9000, the infamous computer from the Stanley Kubrick film 2001: a Space Odyssey, Doctorow warns that technology vendors are quietly introducing features that constrain the ability of individuals to use their own technology in the way they see fit.
“I’m not talking about a computer that’s designed to say, “Are you sure?” when you do something unexpected …I’m talking about a computer designed to say, “I CAN’T LET YOU DO THAT DAVE” when you tell it to give you root, to let you modify the OS or the filesystem.”
Case in point are cell phone “kill switch” laws such as those in California that gives manufacturers the ability to push an over-the-air update that can render a phone inoperable. Those were passed in the name of preventing cell phone theft, but Doctorow clearly feels like the medicine is worse than the disease.
Indeed, muggings linked to iPhones and other high-tech gear are no straw man. A bump in crime in New York City in 2012 was attributed almost solely to an increase in cell phone theft.
But Doctorow thinks the risk of physical harm needs to be balanced against civil liberties and the freedom of individuals to control their data.
“It’s true that the physical risks associated with phone theft are substantial, but if a catastrophic data compromise doesn’t strike terror into your heart, it’s probably because you haven’t thought hard enough about it,” Doctorow said.
Indeed, as our reliance on devices like smart phones as a common platform for managing our communications, commerce, banking, physical access to our homes and automobiles, a “remote wipe” could stop us dead in our tracks – literally.
Doctorow’s conclusion: back doors and remote wipe features that don’t put the owner of data in the loop are a big mistake. “When every phone has a back door and can be compromised by hacking, social-engineering, or legal-engineering by a manufacturer or carrier, then your phone’s security is only intact for so long as every customer service rep is bamboozle-proof, every cop is honest, and every carrier’s back end is well designed and fully patched.”