IoT's Threat to Free Speech
Mike McTaggart
Christian, Husband, Father, Digital Transformation Leader - in that order.
There's a lot of buzz surrounding the Internet of Things (IoT). It's been heralded as a new Industrial Revolution (that would be #4, if you're counting). It's also been labeled a possible threat to national security. While I actually believe both of these to be topics of merit and worth much additional discussion, I'm actually most concerned at this point in our history of the IoT posing the first legitimate threat to free speech we've seen in the Internet Era.
The Internet is an Equalizing Force
If you consider the raw power of the Internet as an equalizing force, much of its impact is derived from way it has fundamentally transformed the way we communicate. The ability to suppress dissonant opinions has, for most of the world, been eliminated. Information in the form of text and even video can be instantly distributed to an audience of millions. That has not only empowered the individual, it has greatly expanded the reach of existing broadcasters and news outlets - a local community's newspaper can now theoretically reach the same audience that was previously untouchable by all but the likes of CNN, Reuters, etc.
Unfortunately, there is a fundamental flaw in the system that can, for the first time in history, be exploited with remarkably little expense or effort. Every publisher of information, while exponentially more powerful than before, is still completely dependent on the fact that their publication "lives" at a domain name (such as cnn.com) and an associated network of servers (from a single server to a robust content delivery network). And while these networks are often taken for granted, they are universally vulnerable to a type of attack called a Distributed Denial of Service (or DDoS).
What is DDoS?
A DDoS attack can be characterized as such:
- An attacker uses their own network of compromised devices (infected with malware) to simultaneously request information from your website or webserver.
- Your webserver attempts to respond to every request - but in the process, it or another component in the network is simply overwhelmed. Imagine you (the webserver) are standing behind a podium in front of an enormous audience and thousands are shouting bogus questions at you, each expecting a response (and if you don't respond, they simply shout again).
- In being overwhelmed by the massive number of bogus requests, legitimate requests go unanswered. Effectively, your server has been rendered mute - you're offline.
There are plenty of variations of the above, including the ability to greatly amplify the attack volume by essentially making a lopsided request - think of a short question that requires a long answer before you can move on to the next question.
How does it affect a website?
Recently, a security researcher and investigative journalist wrote a story about a couple of "entrepreneurs" running a network of compromised machines (a botnet) and offering a "DDoS-as-a-Service" business, if you will. The story resulted in their arrests, and as retaliation, the first of this new trend in massive IoT-fueled DDoS attacks was launched. It measured a whopping 620Gb/s - to put that in perspective, imagine we printed the requests on paper. That would require 4,000 trees per second, or around 80 trucks per second.
Since then, the 1Tb/s threshold has been crossed multiple times - and attributed to a botnet of roughly 150,000 compromised IoT devices. Multiple European media outlets have been targeted, and most recently, the Dyn DNS service was hit - which impacted even the likes of Facebook and Twitter.
Gartner projected 6.4 billion devices connected to the Internet in 2016;
HP says 70 percent of "things" are vulnerable to hacking.
The Tip of the Iceberg
If Facebook and Twitter are unavailable to large parts of the world when under attack by a small fraction (0.002%) of IoT devices in the wild, what does the rapid adoption of these devices mean? I've seen estimates from 30 billion Internet-connected "things" by 2020, up to 75 billion - and each year, the projections seem to get higher.
If only 10% of 5 billion devices are amassed into a single botnet, they could launch an attack (without amplification) 3,000 times larger than the attacks we've seen this week.
Imagine a DDoS attack of 3 petabits per second.
No content delivery network - no network, period - could sustain that sort of focused traffic and stay online. The impact wouldn't be limited to fewer social media posts - it would effectively cut off the channels of communication and free speech that we've grown accustomed to.
Whoever controls such a botnet would wield the power to silence any publication, news outlet, or dissonant at any time - with no technical solution or remedy.
I admit that I don't have a solution. This post is the equivalent of waving a flag or firing a flare. I know the eventual solution will be a combination of securing the IoT and also implementing policy and technology safeguards. I also know we must do all we can to preserve the world's most accessible forum for free expression: the Internet.
About the Author:
Mike McTaggart is a Digital Transformation Leader with an engineering mind, a passion for technology, and a commitment to integrity. He has led software, sales, marketing, and content generation teams from 5 to 50+, and has helped dozens of organizations - large and small - realize the potential that technology brings to business. He has a reputation for thoughtful, measurable, and strategic leadership through change and uncertainty. In an age of digital transformation, Mike can help you craft the strategy, build consensus, and produce actionable data-driven plans to cut through all the noise.
Senior Policy and Communication Expert at Martel Innovate
8 年I agree fundamentally. Want to make one more step back. Yes the internet is an equalizing force, or it has that potential, but the very simplicity of the protocol Vint Cerf build (and for which he should take full responsibility as the ‘Father of the Internet’) and the audacity of Tim Berners Lee to put HTML on top, so we have ‘pass on the packet’ (do not look back or ahead) and ‘pass on the link’, not caring if there is a recipient, has led to a situation where for 90% of use the internet has become the web. And the web is dominated by just a few players owning huge ecosystems. How free are you in Facebook? How free, how equal, are you if you have to be in the top 10 of Google to be found anyway? Remember Google looks cool but it is just an ad company. Nothing wrong with that. But also not something to get philosophical about, just making money. So now for IoT. It is clear that it can to run on a protocol that has no security build it. Tcp/IP was meant to be a virus and bring in massive amounts of data to Silicon Valley. It has succeeded in doing that. Now it must go. It was never meant to stay forever anyway. So IoT as a radical transparency, removing overhead, ‘brands’, scripted inefficiency and plain corruption is not dead, but very much alive. It is being build on block chain and on large intranets. It is our job to make sure that individuals, SME and lone coders get to say evenly as gov and big industry how it should look like. If we give up on the idea of full connectivity for all of us, it will be build only for small gated communities for the 1%. Fully serviced, fully guarded and inaccessible to 99% of the population. We must not be sidetracked, but stand firm in demanding and building generic infrastructures and gateways in new public networked hands. All the data should flow free, stay with the people who entitle service providers to enrich them into everyday scenarios. 50% of food is wasted. We need full monitoring of energy to minimize climate change. Let’s not throw away the kid with the bathwater. Let’s educate it.
Wealth Adviser & Managing Partner
8 年Ok. I'm officially alarmed. Guess I need to chuck that Nest and the Amazon talking thingy into the trash bin.
.
8 年It'd be interesting to know your opinion, Rob van Kranenburg