Is the Internet Emulsifying Society?

 

About a year ago I had cataract surgery, which these days means replacing the natural lens in the eye with an artificial one.  Curious about what happens to the old lens, I looked up the details of the process.  It turns out that one of the most common procedures uses an ultrasonic probe to emulsify the old lens, turning a highly structured and durable object that served me well for 70 years into a liquefied mess that was easily removed. 

 

If you're wondering what this has to do with the internet and society, be patient.

 

A recent report in The Dispatch by Yascha Mounk describes the results of an analysis by Financial Times journalist John Burn-Murdoch of data from a large Understanding America survey of more than 14,000 respondents.  Psychologists have standardized certain personality traits as being fairly easy to assess in surveys and also predictive of how well people do in society.  Among these traits are conscientiousness, extraversion, and neuroticism.  People who are conscientious make good citizens and employees:  they are "organized, responsible, and hardworking."  Extraversion makes for better social skills and community involvement, while neuroticism indicates a trend toward anxiety and depression.

 

Burn-Murdoch divided up the results by age categories, with the youngest being 16 to 39, and compared the rates of these traits to what prevailed in the full population in 2014, less than ten years ago.  The results are shocking.

 

Everybody (16-39, 40-59, and 60+) has declined in extraversion from the 50th to the 40th percentile, although by only ten percentile points out of 100.  (If a number is unchanged from 2014, the results would be 50th percentile today).  But in neuroticism, those under 40, who were already in the 60th percentile in 2014, have now zoomed up to the 70th.  Lots of young neurotics out there.  And they have distinguished themselves even more in the categories of agreeableness (declining from 45 to 35) and most of all, in conscientiousness.  From a relatively good 47th percentile or so in 2014, the younger set have plummeted to an abysmal 28th percentile of conscientiousness in less than a decade.

 

When the results of conscientiousness are broken down into their constituent parts, it gets even worse.  Starting about 2016, the 16-39 group shows jumps in positive responses to "is easily distracted" and "can be careless." 

 

If the survey was restricted to teenagers, you would expect such results, although not necessarily this big.  But we're talking about people in their prime earning years too, twenty- to forty-year-olds. 

 

Mounk ascribes most of these disastrous changes to influences traceable to the Internet, and specifically, social media.  He contrasts the ballyhoo and wild optimism that greeted various Internet-based developments such as online dating and worldwide free phone and Zoom calls with the reality of cyberbullying, trolling, cancel culture, and the mob psychology on steroids that the Internet provides fertile soil for. 

 

Now for the emulsion part.  An emulsion takes something that tends to keep its integrity—such as a blob of oil in water or the natural lens of an eye—and breaks it up into individual pieces that are surrounded by a foreign agent.  In the case of mayonnaise, the oil used is separated into tiny drops surrounded by water.  Oil doesn't naturally mix with water, but when an emulsifier is used (the lecithin in egg yolk, in this case), it reduces surface tension and breaks up the oil into tiny droplets.

 

That's fine in the case of mayonnaise.  But in the case of a society, surrounding each individual with a foreign film of Internet-mediated software that passes through firms interested not primarily in the good of society, but in making a profit, all kinds of pernicious effects can happen.

 

There is nothing intrinsically wrong with making money, so this is not a diatribe against big tech as such.  But in the case of cigarettes, when a popular habit that made the tobacco companies rich was shown to have hidden dangers, it took a lot of political will and persistence to change things so that at least the dangers were known to anyone who picks up a pack of cigarettes.

 

Mounk thinks it may be too late to do much about the social and psychological harms caused by the Internet, but we are still at the early stage of adoption when it comes to generative artificial intelligence (AI).  I tend not to make such a sharp distinction between the way the Internet is currently used and what difference the widespread deployment of free software such as chatGPT will make.  For decades, the tech companies have been using what amounts to AI systems to addict people to their social media services and to profit from political polarization.  So as AI becomes more commonplace it will be a change only in degree, not necessarily in kind.

 

AI or no, we have had plenty of time already to see the pernicious results among young people of interacting with other humans mainly through the mediation of mobile phones.  It's not good.  Just as man does not live by bread alone, people aren't intended to interact by smartphone alone.  If they do, they get less conscientious, more neurotic, more isolated and lonely, and more easily distracted and error-prone.  They also find it increasingly difficult to follow any line of reasoning of more than one step.

 

Several states have recently passed laws restricting the use of smartphones in K-12 education.  This is a controversial but ultimately beneficial step in the right direction, although it will take a while to see how seriously individual school districts take it and whether it makes much of a difference in how young people think and act.  For those of you who believe in the devil, I'm pretty sure he is delighted to see that society is breaking up into isolated individuals who can communicate only through the foreign agent of the Internet, rather than being fully present—physically, emotionally, and spiritually—to the Other. 

 

Perhaps warnings like these will help us realize how bad things have become, and what we need to do to stop them from getting any worse.  In the meantime, enjoy your mayonnaise.

 

Sources:  John Burn-Murdoch's article "How We Got the Internet All Wrong" appeared in The Dispatch on Aug. 12, 2025 at https://thedispatch.com/article/social-media-children-dating-neurotic/.  I also referred to the survey on which it was based at https://uasdata.usc.edu/index.php. 

Supreme Court Validates Texas Anti-Porn Law

 

On Friday, June 27, the U. S. Supreme Court issued its decision in the case of Free Speech Coalition, Inc. v. Paxton.  The Free Speech Coalition is an organization representing the interests of the online pornography industry, and Kenneth Paxton is the controversial attorney general of Texas,whose duty it is to enforce a 2023 law which "requires pornography websites to verify the age of users before they can access explicit material," according to a report by National Review.  The Court upheld the Texas law, finding that the law was a constitutional exercise of a state's responsibility to prevent children from "accessing sexually explicit content." 

 

This ruling has implications beyond Texas, as 22 other states have adopted similar laws, and the decision of the court means that those states are probably safe from federal lawsuits as well.

 

This is a matter of interest to engineering ethicists because, whether we like it or not, pornography has played a large role in electronic media at least since the development of consumer video-cassette recorders in the 1970s.  As each new medium has appeared, the pornographers have been among its earliest adopters.  Around 1980, as I was considering a career change in the electronic communications industry, one of the jobs I was offered was as engineer for a satellite cable-TV company.  One of the factors that made me turn it down was that a good bit of their programming back then was of the Playboy Channel ilk.  I ended up working for a supplier of cable TV equipment, which wasn't much better, perhaps, but that job lasted only a couple of years before I went back to school and remained in academia thereafter.

 

The idea behind the Texas law is that children exposed to pornography suffer objective harm.  The American College of Pediatricians has a statement on their website attesting to the problems caused by pornography to children:  depression, anxiety, violent behavior, and "a distorted view of relationships between men and women."  And it's not a rare problem.  The ubiquity of mobile phones means that even children who do not have their own phone are exposed to porn by their peers, and so even parents who do not allow their children to have a mobile phone are currently pretty defenseless against the onslaught of online pornography. 

 

Requiring porn websites to verify a user's age is a small but necessary step in reducing the exposure of young people to the social pathology of pornography.  In an article in the online journal The Dispatch, Charles Fain Lehman proposes that we dust off obscenity laws to prosecute pornographers regardless of the age of their clientele.  The prevalence of porn in the emotional lives of young people has ironically led to a dearth of sexual activity in Gen Z, who have lived with its presence all their lives.  In a review of several books that ask why people in their late teens and 20s today are having less sex than previous generations, New Yorker writer Jia Tolentino cites the statistic that nearly half of adults in this age category regard porn as harmful, but only 37% of older millennials do.  And fifteen percent of young Americans have encountered porn by the age of 10.

 

There are plenty of science-based reasons to keep children and young teenagers from viewing pornography.  For those who believe in God, I would like to add a few more.  In the gospel of Matthew, Jesus tells his disciples that they must "become like children" to enter the kingdom of Heaven.  Then he warns that "whoever causes one of these little ones who believe in me to sin [the Greek word means "to stumble"], it would be better for him to have a great millstone fastened round his neck and to be drowned in the depths of the sea."  (Matt. 18:6).  People who propagate pornography that ten-year-olds can watch on their phones seem to fill the bill for those who cause children to stumble. 

 

The innocence of children can be overrated, as anyone who has dealt with a furious two-year-old can attest.  But it is really a kind of mental virginity that children have:  the absence of cruel and exploitative sexual images in their minds helps keep them away from certain kinds of sin, even before they could understand what was involved.  Until a few decades ago, most well-regulated societies protected children from the viewing, reading, or hearing of pornography, and those who wished to access it had to go to considerable efforts to seek out a bookstore or porn theater.

 

But that is no longer the case, and as Carter Sherman, the author of a book quoted in the New Yorker says, the internet is a "mass social experiment with no antecedent and whose results we are just now beginning to see."  Among those results are a debauching of the ways men and women interact sexually, to the extent that one recent college-campus survey showed that nearly two-thirds of women said they'd been choked during sex. 

 

This is not the appropriate location to explore the ideals of how human sexuality should be expressed.  But suffice it to say that the competitive and addictive nature of online pornography invariably degrades its users toward a model of sexual attitudes that are selfish, exploitative, and unlikely to lead to positive outcomes. 

 

The victory of Texas's age-verification law at the Supreme Court is a step in the right direction toward the regulation of the porn industry, and gives hope to those who would like to see further legal challenges to its very existence.  Perhaps we are at the early stages of a trend comparable to what happened with the tobacco industry, which denied the objective health hazards of smoking until the evidence became overwhelming.  It's not too early for pornographers to start looking for millstones as a better alternative to their current occupation. 

 

Sources:  The article "Supreme Court Upholds Texas Age-Verification Law" appeared at https://www.nationalreview.com/news/supreme-court-upholds-texas-age-verification-porn-law/, and the article "It's Time to Prosecute Pornhub" appeared at https://thedispatch.com/article/pornhub-supreme-court-violence-obscenity-rape/.  I also referred to the Wikipedia article "Free Speech Coalition, Inc. v. Paxton" and the New Yorker article "Sex Bomb" by Jia Tolentino on pp. 58-61 of the June 30, 2025 issue. 

Is the Internet Making Us Too Literate?

 

Writing in the Spring 2022 issue of The New Atlantis, British author Kit Wilson wonders if the Internet is endangering our mental health by metaphorically burying us in words. 

 

In support of this conclusion, he cites some statistics.  For example, a report that the prestigious management-consulting firm McKinsey & Co. published in 2012 stated that the average time Americans spent reading or writing each day was between one and two hours from 1900 all the way up to 1990.  But when the Internet came along and was joined by text messaging, that number rose to around four to five hours a day—almost a third of a person's disposable free time (that is, when you're not doing something like eating or going to the bathroom—and I'm sure some people read while doing those things too). 

 

He also found a journalist who claims that your average person browsing the Internet as part of their daily routine may expose themselves to as many as 490,000 words a day, which approaches the length of Tolstoy's War and Peace (600,000 words, according to Wikipedia's "List of Longest Novels.") 

 

But nobody reads the Internet like you would read War and Peace, and therein lies the problem.

 

Have we exploited digital technology's amazing ability to multiply words practically without end to flood cyberspace with an ocean of words that threaten to drown us? 

 

My title is something of a conundrum.  Being unable to read is what illiteracy means, but what is the measure of reading too much?  We have all known the so-called bookworm type who seems to prefer the library to the clubroom or the bar.  That isn't the problem here, because there were bookworms before the Internet. 

 

For his part, Wilson seems to be concerned that as we deal with the world more and more as it is mediated to us in the form of words, we will lose track of what reality is really like and begin to treat it as an abstraction that words adequately describe.  The overarching theme of this issue of The New Atlantis is expressed by the somewhat grim cover title "Reality:  A Post-Mortem." 

 

I think it's a little premature to write reality's obituary just yet, but I have to admit a general sense of creepiness remains with me after reading it. 

 

The problem we face was captured neatly by C. S. Lewis in his 1946 sci-fi novel That Hideous Strength, which involves a young sociologist named Mark Studdock who gradually becomes embroiled in some sinister doings as a part of his new job with the National Institute for Coordinated Experiments (N. I. C. E.).  Mark was already in a bad way with regard to reality even before he took on his new job.  As Lewis points out:  " . . . his education had had the curious effect of making things that he read and wrote more real to him than things he saw.  Statistics about agricultural laborers were the substance; any real ditcher, ploughman, or farmer's boy, was the shadow."

 

So the tendency has been with us longer than the Internet to take the written word more seriously than the reality that it attempts (always incompletely) to describe.  As Lewis shows later in the novel, this habit allows wicked people to do heinous things with the stroke of a pen—after all, the only direct contact a manager might have with the consequences of his order to liquidate thousands of people will be the alteration in some columns of population figures. 

 

Having access to more words than ever isn't all bad.  When evil is exposed to the light, it can lead to good people fighting it more effectively.  The Internet makes keeping secrets much harder, especially if they are secrets about evil things done in public. 

 

I may not be the best person to write about this problem, because whether out of old habits or laziness or something else, I think I am on the low end of Wilson's estimates of how much time people spend reading stuff on the Internet.  While I will admit to the occasional lapse of falling down a rabbit hole out of random curiosity, I try to be in charge whenever I'm browsing and attempt to keep my destination in mind.  If you know what you want before you go into the store, you'll probably spend less time (and money) there, and the same thing is true of the Internet.

 

If there's a specific problem caused by the superabundance of words on the Internet, it consists in what it's done to our reading habits.  Back when it took a person half a bottle of ink and an hour to write a three-page letter, the recipient felt obliged at least to read every word, and maybe some parts over more than once.

 

But now that words are so cheap and easily multiplied, we just zip through paragraphs like kids hunting for Easter eggs on the lawn—who needs all this grass?  Get to the good part.  But what if the good part won't emerge unless you read the whole thing?

 

If you've done me the good turn to read every word I've written down to this point, you have my thanks and appreciation.  But you are probably the exception.  Nobody can pay that kind of close attention to 490,000 words a day, nor should they.  The best we can do is to be a lot more selective about the stuff we look for, and favor sites that are well-curated (the term used to be "edited") which allow in only material that is truly worth our attention.  Because attention is what we bring to the table, or the screen, and because it's so limited, we should treat it as the valuable commodity that it is, for our own good and for the good of society as well.

 

Sources:  Kit Wilson's article "Reading Ourselves to Death" appears on pp. 73-79 of the Spring 2022 issue of The New Atlantis.

 

How Secure are Decommissioned Communications Satellites?

 

These days, the vast majority of communications signals are carried over fiber-optic cables that gird the globe and form the backbone of the Internet.  But for certain purposes such as broadcasting, geostationary satellites are still important simply because they can access huge geographic areas much more cheaply than wired or fiber networks, and are sometimes the only way to access rural and remote areas. 

 

Like any other hardware, communications satellites have a limited lifetime, and after they are replaced by newer ones, the old satellites are eventually moved into "graveyard" orbits and later burn up in the atmosphere.  But in their retirement-home phase while they are still in place but not being actively used, they are vulnerable to being hacked, as a security researcher named Karl Koscher recently showed and Wired reported.  In contrast to ground-based digital networks, communications satellites are largely analog and can be hacked with relative ease.

 

The first communications satellite, Telstar 1, was launched in 1962, long before the Internet was even a gleam in Vinton Cerf's eye.  But it embodied the essential features of today's comm satellites:  a microwave receiver, some sort of signal processing that changes the frequency band to a different transmitting frequency, and an amplifier that sends out a boosted version of the weak signal received from a ground station.  Depending on the application, the transmitted signal can cover thousands of square miles where anyone with, for example, a DirecTV dish can get them.

 

While Koscher worked with the owners of a decommissioned satellite to perform his hacking, that wasn't strictly necessary.  He borrowed the transmitter and dish of an earth station set up for this sort of thing and aimed the appropriate signals at the dormant satellite, which was a Canadian unit launched in 2005 and at the end of its fifteen-year design life.  In doing so, he successfully demonstrated that he could broadcast to a good part of the North American continent using facilities that are within reach of a determined amateur hacker.

 

Someone with less benign intentions than Koscher could simply overpower a legitimate signal from a satellite's owner and essentially take over the satellite's receiver.  Whether the transmitted signal could be received by the customers would depend on how the signal is digitally encoded, but such encoding can also be hacked as well. 

 

On your list of things to worry about, this issue probably doesn't deserve a very high ranking.  Back when satellites were the only means of broadband connections between continents, they were a much more critical part of our communications infrastructure.  Now that most people, at least in North America, get their data from the Internet without need of a satellite link, because most Internet traffic is carred via undersea fiber-optic cables, the fact that old satellites can be hacked is not that threatening.  Still, the possibility exists that newer satellites could also be taken over with sufficiently powerful earth-station signals, and this would cause problems beyond simple bemusement. 

 

Unlike Internet hackers, who can hide in obscure basements in inaccessible countries and evade detection for months or years, a satellite ground station is not an easy thing to hide.  There is one such installation a few miles south of where I live in San Marcos, Texas, and although I've never driven by it to see how close I can get, the large (10-meter or so) dishes are easily visible from I-35 between here and San Antonio.  So if a satellite hacker began making a habit of pirating, it would not be that difficult to figure out where he was transmitting from, depending on the satellite's own characteristics and the amount of power needed.

 

But we are far from being done with our dependence on communications satellites.  Elon Musk is launching Starlink, a planned array of over 4,000 low-orbit satellites designed to provide Internet service for underserved nations, and eventually the entire world.  Such satellites are much harder to hack in a meaningful way, because they move fast and the loss of one or two out of several thousand is probably only a minor inconvenience to the network.  Any hacking to be done with Starlink will probably be at a higher level, resembling Internet hacking on the fiber network, which is basically independent of the hardware used for conveying the information.

 

Perhaps there is a lesson here about the nature of ethical lapses with regard to communications technologies.  Any technology that conveys meaningful information from one human to another human, regardless of what time or space intervenes, is a communications technology.  Other things being equal, enabling human-to-human communications (which is the only kind we use technology for so far) is better than not enabling it.  Of course, any communications medium can be used for evil purposes, but generally speaking, communications systems can make one of the best claims at being ethically neutral of any technology you can name. 

 

But those systems which by their nature enable one person simultaneously to communicate one way with thousands or millions of others are in a special ethical category.  This was implicitly recognized in the pre-Internet days by the extensive regulatory regimes that broadcasters worked under in many countries.  But with the advent of the Internet, the broadcaster-versus-private-communicator distinction broke down, and outfits such as Facebook found there was money to be made in intentionally blurring that distinction. 

 

Broadcast satellites are one of the few remaining technologies in which that distinction is still distinct.  But the fiber-optic Internet has made them somewhat of a niche issue in the wider scope of communications-technology ethics, and I don't worry much about facing a rash of takeovers of old comm satellites in the future, simply because there are lots easier ways to do nefarious things using communications systems that aren't tied to satellites at all. 

 

Nevertheless,Koscher's feat is a warning for future satellite operators to take extra precautions so that a hacker can't even take over the satellite except to block it from operating, which will always be possible.  But there isn't much illegitimate money to be made from that, and so Koscher's demonstration may be the last of its kind.

 

Sources:   Wired carried Lily Hay Newman's article "Researchers Used a Decommissioned Satellite to Broadcast Hacker TV" on Mar. 30, 2022 at https://www.wired.com/story/satellite-hacking-anit-f1r-shadytel. 

Driving While Online: Does the NHTSA Know Best?

Many generations of technology ago—that is to say, in the 1950s—there was a popular TV show called "Father Knows Best," starring Robert Young as the father of four children whose escapades and misfortunes always wound up with the kids having a talk with Daddy.  When this happened, you knew the final commercial break was coming up and everything would be tied up neatly in a few more minutes. 

Real family life in the 1950s wasn't as easy to fix as "Father Knows Best" portrayed, and neither is the problem of drivers getting distracted by portable devices such as mobile phones, tablets, and so on.  Some observers are attributing the recent rise in per-mile auto fatalities in the U. S. mainly to electronic distractions, and the U. S. National Highway Transportation Safety Administration (NHTSA) has a Department of Transportation (DOT) that has recently issued a draft set of "guidelines" for makers of electronic devices and automotive manufacturers to follow in order to address this problem.

Everybody admits there's a real problem.  If you've driven more than a few hours in rush-hour traffic in any major city, you've probably seen people doing things at the wheel that you can't believe they're doing, like texting or studying something on the car seat, even watching videos.  The question is what to do about it.

Lots of municipalities have tried to attack the problem by passing a no-hand-held-device-use ordinance for drivers, but enforcing such a thing is not something that highway patrol officers get real excited about, and the consensus is that these ordinances have not made a big dent in the problem.

So on Nov. 23, the NHTSA announced a draft of guidelines for makers of portable devices:  mobile phones, tablets, GPS display systems, you name it.  Two of the new concepts that these guidelines, if followed, would introduce to the driving public are "pairing" and "Driver Mode."

Pairing refers to an electronic connection between the portable device and the vehicle's built-in displays and controls.  Historically, the automakers have taken the NHTSA's word seriously regarding its recommendations for how to incorporate safety features in cars.  Although guidelines do not have the force of law, they can become law if Congress so chooses, and so many safety features such as seat belts and air bags showed up in cars as options before they were made mandatory.  In an earlier set of guidelines, the NHTSA set up rules for built-in instrumentation that would meet the agency's non-distraction requirements.  This involves things like not requiring the driver to glance away from the road for more than two seconds at a time and so on.  Their reference maximum distraction is tuning a radio manually.  Anything that distracts you more than that is basically regarded as too much.

Assuming the car's built-in controls and displays meet that criterion, pairing basically ports the portable device's controls to the car's built-in controls, which automatically meet the distraction guidelines already.  Maybe this sounds easy to a regulatory agency, but to this engineer, it sounds like a compatibility nightmare.  For pairing to work most of the time, every portable device that anyone is likely to use in a car will have to be able to communicate seamlessly with the wide variety of in-car systems, and be able to use those systems as a remote command and control point instead of the device's own controls and displays.  Maybe it can be made to work, but at this time it looks like a long shot.  And even if it does, you have the problem of those die-hards (such as yours truly) who cling to cars that are ten or fifteen years old and will never catch up to the latest technology.  (Those folks tend not to buy the latest portable devices either, but there are exceptions.)

Recognizing that pairing won't solve all the problems, the next step is Driver Mode.  This is an operational mode that goes into effect when the device figures out it's in a moving car.  Most new portable gizmos these days have built-in GPS systems, and so they can detect vehicle motion without much of a problem, although there might be issues with things like rides on a ferry boat and so on.  But those situations are rare enough to be negligible.  Once in Driver Mode, the device will refuse to let the user do things like texting, watching videos, and other activities that distract more than the reference tuning-the-radio operation would. 

One can foresee problems with Driver Mode as well.  The NHTSA says the user should be able to switch it off, and if this option is available, my guess is a lot of people will choose to disable Driver Mode altogether.  A determined distracted driver is going to find a way to text while driving no matter what, but the hope is that with these new measures in place—pairing and Driver Mode, mainly—the number of incidents of distracted driving will decrease, and we will resume our march to fewer traffic accidents that has been going on historically for the last several decades.

While the NHTSA deserves credit for encouraging device makers and car manufacturers to consider these ideas, it is not clear that there is a lot of enthusiasm for them, especially on the part of the mobile phone makers.  Automakers selling big-ticket cars can more easily adapt their products to the different requirements of different legal regimes in the U. S. and, say, France.  But piling a bunch of complicated pairing features onto phones sold only in the U. S. may not be an easy thing to convince phone makers to do.  Unless the U. S. initiative proves so popular that it becomes a global phenomenon, my guess is that mobile phone makers will resist building in the pairing function, especially because they would have to deal with a bewildering variety of host controls and displays in cars that would be hard to keep up with.

This issue is just one aspect of the huge upheaval in the auto industry that IT is causing right now.  Integrating cars with the Internet and portable devices, and making sure in-car displays work without causing wrecks, are only two of the many challenges that car makers face in this area.  Ironically, the move toward driverless cars, if successful, would render all the driver-distraction precautions pointless anyway.  If the driver's not doing anything, it's fine to let him or her be distracted.  That's Google's hope, anyway, in developing driverless cars:  less time paying attention to driving means more time on the Internet. 

The hope is that all the confusion will eventually settle down, or at least we will make the transitions to highly IT-intensive cars that are still at least as safe to drive as the older ones, if not safer—until we don't have to drive them at all.  But it looks like right now, at least, car makers will have to aim simultaneously at two targets that are moving in opposite directions. 

Sources:  An article summarizing the NHTSA proposed guidelines appeared in the San Jose Mercury-News on Nov. 23, 2016 at http://www.mercurynews.com/2016/11/23/biz-break-feds-nudge-phone-makers-to-block-drivers-from-using-apps-behind-the-wheel/.  The NHTSA press release about the guidelines can be found at https://www.nhtsa.gov/About-NHTSA/Press-Releases/nhtsa_distraction_guidelines_phase2_11232016, and the press release has a link to a .pdf file of the draft guidelines.

The Day The Internet Goes Down

This hasn't happened—yet.  But Bruce Schneier, an experienced Internet security expert with a track record of calling attention to little problems before they become big ones, is saying he's seeing signs that somebody may be considering an all-out attack on the Internet.  In an essay he posted last month called "Someone Is Learning How to Take Down the Internet," he tells us that several Internet-related companies which perform essential functions such as running domain-name servers (DNS) have come to him recently to report a peculiar kind of distributed denial-of-service (DDOS) attack.

For those who may not have read last week's blog about ICANN, let's back up and do a little Internet 101.  The URLs you use to find various websites end in domain names—for example, .com or .org.  One company that has gone public on its own with some limited information about the attacks is Verisign, a Virginia-based firm whose involvement with the Internet goes back to the 1990s, when they served as the kind of Internet telephone book for every domain ending in .com for a while, before the ICANN, now an internationally-governed nonprofit organization, took over that job.  Without domain-name servers, networked computers can't figure out how to find websites, and the whole Internet communication process pretty much grinds to a halt.  So the DNS function is pretty important.

As Schneier explains in his essay, companies such as Verisign have been experiencing DDOS attacks that start small and ramp up over a period of time.  He likens them to the way the old Soviet Union used to play tag with American air defenses and radar sites in order to see how good they were, in case they ever had to mount an all-out attack.  From the victim's point of view, a DDOS attack would be like if you were an old-fashioned telephone switchboard operator, and all your incoming-call lights lit up at once—for hours, or however long the attack lasts.  It's a battle of bandwidths, and if the attacker generates enough dummy requests over a wide enough bandwidth (meaning more servers and more high-speed Internet connections), the attack overwhelms the victim's ability to keep answering the phone, so to speak.  Legitimate users of the attacked site are blocked out and simply can't connect as long as the attack is effective.  If a critical DNS is attacked, it's a good chance that most of the domain names served will also disappear for the duration.  That hasn't happened yet on a large scale, but some small incidents have occurred along these lines recently, and Schneier thinks that somebody is rehearsing for a large-scale attack.

The Internet was designed from the start to be robust against attack, but back in the 1970s and 1980s, the primary fear was an attack on the physical network, not one using the Internet itself.  Nobody goes around chopping up fiber cables in hopes of bringing down the Internet, because it's simply not that vulnerable physically.  But it's likely that few if any of the originators thought of the possibility that the Internet's strengths—universal access, global reach—would be turned against it by malevolent actors.  It's also likely that few of them may have believed in original sin, but that's another matter.

Who would want to take down the Internet?  For the rest of the space here I'm going to engage in a little dismal speculation, starting with e-commerce.  Whatever else happens if the Internet goes down, you're not going to be able to buy stuff that way.  Schneier isn't sure, but he thinks these suspicious probing attacks may be the work of a "state actor," namely Russia or China.  Independent hackers, or even criminal rings, seldom have access to entire city blocks of server farms, and high-bandwidth attacks like these generally require such resources.

If one asks the simple question, "What percent of retail sales are transacted over the Internet for these three countries:  China, the U. S., and Russia?" one gets an interesting answer.  It turns out that as of 2015, China transacted about 12.9% of all retail sales online.  The U. S. was next, at about 8.1%.  Bringing up the rear is Russia, at around 2%, which is where the U. S. was in 2004.  Depending on how it's done, a massive attack on DNS sites could be designed to damage some geographic areas more than others, and without knowing more details about China's Internet setup I can't say whether China could manage to cripple the Internet in the U. S. without messing up its own part.  But there is so much U. S.-China trade that Chinese exports would start to suffer pretty fast anyway.  So there are a couple of reasons that if China did anything along these lines, they would be shooting themselves in the foot, so to speak.

Russia, on the other hand, has much less in the way of direct U. S. trade, and while it would be inconvenient for them to lose the use of the Internet for a while, their economy, such as it is, would suffer a much smaller hit.  So based purely on economic considerations, my guess is that Russia would have more to gain and less to lose in an all-out Internet war than China would.

A total shutdown of the Internet is unlikely, but even a partial shutdown could have dire consequences.  Banks use the Internet.  Lots of essential utility services, ranging from electric power to water and natural gas, use the Internet for what's called SCADA (supervisory control and data acquisition) functions.  The Internet has gradually become critical piece of infrastructure whose vulnerabilities have never been fully tested in an all-out attack.  It's not a comfortable place for a country to be in, and in these days of political uncertainty and the waning of dull, expert competence in the upper reaches of government, you hope that someone, somewhere has both considered these possibilities in detail, and figured out some kind of contingency plan to act on in case it happens. 

If there is such a plan, I don't know about it.  Maybe it's secret and we shouldn't know.  But if it's there, I'd at least like to know that we have it.  And if we don't, maybe we should make plans on our own for the Day The Internet Goes Down.

Sources:  Bruce Schneier's essay "Someone Is Learning How to Take Down the Internet" can be found at https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html.  I obtained statistics on the percent of U. S. retail e-commerce sales from the website https://ycharts.com/indicators/ecommerce_sales_as_percent_retail_sales, the China data from https://www.internetretailer.com/2016/01/27/chinas-online-retail-sales-grow-third-589-billion-2015, and the Russia data from https://www.internetretailer.com/commentary/2016/02/08/russian-e-commerce-domestic-sales-slump-chinese-imports-soar.  I also referred to the Wikipedia article on Verisign.

The Wireless-Car-Hack Recall: A Real-Life Drama in Three Acts

Act One—2010-2011

As automakers begin to build in more wireless technology to enable not only hands-free mobile phone use from their cars but streaming audio services and navigational and safety aids as well, some researchers at UC San Diego and the University of Washington look into the possibility that these new two-way communication paths can be used to hack into a car's computer for nefarious purposes.  After months of work, they manage to use a wireless connection to disable the brakes on a particular car, which to this day remains anonymous.  Rather than releasing the maker's name in their research publication in 2011, the researchers suppress it, and instead go privately to the car's manufacturers and warn them of the vulnerability.  Also in 2010, more than 100 car owners in the Austin, Texas area whose vehicles were linked into a system that can disable a car if the owner gets behind in his payments, found that their cars wouldn't start.  Only, they weren't deadbeats—one of the enforcement company's employees got mad at his boss and intentionally disabled the cars. 

Act Two—2012-2013

Two freelance computer security specialists, Charlie Miller and Chris Valasek, read about the UCSD/University of Washington wireless-car-hack study and decide to investigate the issue further.  They apply for and receive an $80,000 grant from the U. S. Defense Advanced Research Projects Agency (DARPA), with which they buy a Ford Escape and a Toyota Prius.  With this hardware, they teach themselves the intricacies of the automakers' internal software and as a first step, develop a wired approach to hacking into a vehicle's control systems.  This allows them to plug a connector into the car's diagnostic port and operate virtually any system they wish.  However, when they show this ability at Defcon 2013, a hacker's convention, representatives of automakers are not impressed, pointing out that they needed a physical connection to do the hacking.  That inspires Miller and Valasek to go for the ultimate hack:  wireless Internet control of a car, and demonstration of same to a journalist.

Act Three—2014-2015

After reading dozens of mechanics' manuals and evaluating over twenty different models, the pair decide that the model most vulnerable to an online hack is the Jeep Cherokee. Miller buys one in St. Louis and the pair begin searching for bugs and vulnerabilities in software.  Finally, in June of 2015, Valasek issues a command from his home in Pittsburg and Miller watches the Cherokee respond in his driveway in St. Louis.  They have succeeded in hacking remotely into the car's CAN bus, which controls virtually all essential functions such as brakes, throttle, transmission, wipers, and so on. 

After the lukewarm reception they received from automakers a couple of years earlier, they have decided a stronger stimulus is needed to get prompt action.  When they informed Fiat Chrysler Autos of their hacking work into the firm's Cherokee back in October of 2014, the response was minimal.  Accordingly, they invite Wired journalist Andy Greenberg to drive the Cherokee on an interstate highway, telling him only in general terms that they will do the hack while he's driving, and surprise him with particular demonstrations of what they can do. 

Greenberg must have felt like he was in a bad sci-fi flick about aliens taking over.  As he recalled the ride, "Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass."  During the finale, the hackers disabled the transmission, throwing it into neutral and causing a minor backup on the interstate.

Greenberg's article appears on Wired's website on July 21.  On July 24, Fiat Chrysler Autos announces a recall of 1.4 million vehicles to fix software flaws that allow their cars to be hacked remotely via the UConnect Internet connection that Miller and Vasalek used.  It is the first recall ever due to a demonstrated flaw that lets hackers access a car through its Internet connection.

. . . Back in December of 2014, I blogged on the possibility that someone would figure out how to use the Internet to hack into a car's controls.  At the time, I reported that several automakers had formed an Information Sharing Advisory Center to pool knowledge of problems along these lines.  And I hoped that nobody would use a remote hack for unethical reasons.  What Miller and Vasalek have done has ruffled some feathers, but falls short of truly illegal activity. 

Instead, it's in the tradition of what might be called "white-hat" hacking, in which security experts pretend to be bad guys and do their darndest to hack into a system, and then let the system designers know what they've done so they can fix the bug.  According to press reports, pressure from the National Highway Traffic Safety Administration prompted Fiat Chrysler Autos to issue the hacking recall as promptly as they did, only three days after the Wired article appeared.  The annals of engineering ethics show that a little adverse publicity can go a long way in stimulating action by a large organization such as a car company. 

You might ask why Fiat Chrysler's own software engineers couldn't have done what Miller and Vasalek did, sooner and more effectively.  That is a complex question that involves the psychology of automotive engineers and what motivates them.  Budgeting for someone to come along and thwart the best efforts of your software engineers to protect a system is not a high priority in many firms.  And even if an engineer with Fiat Chrysler had concerns, chances are that his superiors would have belittled them, as they did Miller and Vasalek's demo of the wired hack in 2013.  To do anything more would have required a whistleblower to go outside the company to the media, which would have probably cost him his job. 

But this way, Miller and Vasalek get what they wanted:  real action on the part of automakers to do something about the problem.  They also become known as the two Davids who showed up the Goliath of Fiat Chrysler, and this can't do their consulting business any harm.  Best of all, millions of owners of Cherokees and other vehicles can scratch one small worry off their list:  the fear that some geek somewhere will pick their car out of a swarm on a GPS display somewhere and start messing with the radio—or worse.

Sources:  The Associated Press article on the Fiat Chrysler Auto recall appeared in many news outlets, including ABC News on July 24 at http://abcnews.go.com/Technology/wireStory/fiat-chrysler-recalls-14m-vehicles-prevent-hacking-32665419.  The Wired article by Andy Greenberg describing the Cherokee hack is at http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/.  My latest previous blog on this subject appeared on Dec. 1, 2014 at engineeringethicsblog.blogspot.com/2014/12/will-remote-car-hacking-stop-before-it.html.

Will Remote Car Hacking Stop Before It Starts?

The bomb exploded as the car reached the intersection of Park Place and Forest Park Boulevard in Fort Worth, Texas.  The explosion was loud enough to be heard at an elementary school a couple of blocks away, and I was one of several students who got to the scene before emergency crews had cleaned it up.  From the front doors rearward the car looked nearly normal, but there was just a blackened pile of junk where the front end used to be.  The driver was killed instantly.  From what I recall, later investigation of this mid-1960s incident turned up ties to organized crime, and I'm not sure but what the criminals put the bomb in the wrong car.  Even the Mafia makes mistakes.

To commit that crime, someone had to make a powerful time bomb and gain physical access to the car in order to plant it.  In the near future, it will be logically possible to wreck a car and kill the driver without ever laying a finger on either one.  Once wireless networking and Bluetooth communications are integrated in new models of automobiles, a sufficiently dedicated hacker might be able to wrest control of the car from the driver and do anything he likes, including driving the car off a cliff or into a gravel truck.

So far as anyone knows, no one has committed a successful crime by hacking into a car's software.  On the other hand, automotive software hacking for benign purposes has been around for a decade or more.  While teens of an earlier generation would get greasy in a garage staying up till midnight to hop up a '57 Chevy for drag racing, today's hot-rodders hack into the valve-control software and tune up the timing to suit their purposes.  The keyhole for this activity is the OBD-II port—the place an auto tech plugs a computer into your car to diagnose why your check-engine light is on. 

In a demonstration for the U. S. military, cyberhackers showed how they could use the port to exert virtually total control over a current-model car, locking the brakes or even killing the engine.  This kind of hacking requires extensive knowledge of the car's software and a good deal of reverse engineering, so it is currently not cost-effective for the bad guys to do it.  And with non-networked cars, it still requires physical access to the car.  But automotive-industry leaders are trying to anticipate the day when new cars are totally networked and become part of the Internet, which will open them up to attacks from anywhere in the world.

According to recent press reports, automakers are organizing an automotive version of an Information Sharing Advisory Center (ISAC), similar to the ones that the banking and other information-critical industries have formed to promote the sharing of news about cyber-threats among competing firms and to develop countermeasures fast.  Just as significant as their actions is the fact that they are publicizing their actions.  One could speculate that the car companies are trying to send a signal to potential automotive cyber-attackers that the industry is not sitting idly by, waiting for the first fatality before something is done to prevent such attacks.  Instead, they are putting defenses in place well before any attack occurs—a sound military tactic.

There may be a lesson here about the tendency of organizations to lose effectiveness with time.  Computers have been used in cars for less than a generation.  But cars have had ignition keys for close to three generations.  The GM ignition-switch failures, with their resulting fatalities and massive recalls, stem from the negligence of engineers who have been doing basically the same thing since the 1930s, although the details have certainly changed over the years.  But the engineers in charge of computer security have grown up in an environment where hacking and cyberattacks are an ordinary part of life, and to pretend otherwise would be a mark of incompetence.  So it is no great surprise to hear that car companies are trying to get ahead of computer criminals by forming an ISAC.

Even so, you can imagine situations in which the mere threat of such an attack would be profitable for criminals.  Say you're the CEO of UPS, and one day near the peak Christmas-shipping season you get an email instructing you to deposit two million dollars in a certain Swiss bank account by a certain time.  If you don't, the sender promises to throw a digital monkey wrench into your entire fleet of trucks, all at once.  The CEO would at least have to take such a threat seriously. 

I feel like taking a mental bath after putting myself into the mindset of a cybercriminal that way, but unfortunately, that is what competent computer-security people have to do in order to come up with ways to thwart such attacks.  The only sure defense against such blackmail is to have enough encryption and other measures in place so that no conceivable attack will stand a good chance of working.  There is always a chance that some evil super-genius will figure out a way to hack the best defenses, but statistically, such people are rare and most cyber-threats involve only the average amount of cleverness. 

The organizers of the first automotive ISAC are to be congratulated for their foresight in anticipating what could be a really messy and dangerous problem, and I hope that automotive cyberattacks are prevented before they can even get off the ground.  But no one knows exactly how cars will interact with the Internet in the future, and depending on how the systems develop, the best efforts of the good guys may be foiled sooner or later by a bad guy.  Let's hope that day is a long way off.

Sources:  Justin Pritchard's report on the organization of an automotive ISAC and successful test attempts at automotive cyberattacks was distributed by the Associated Press and carried by numerous news outlets such as ABC News on Nov. 25, 2014 at http://abcnews.go.com/Technology/wireStory/computer-hackers-dissect-cars-automakers-react-27132494.  The online edition of Auto News carried another report from a Society of Automotive Engineers conference announcing the formation of the industry's first ISAC, at http://www.autonews.com/article/20141021/OEM11/141029957/auto-industry-forming-consortium-to-fight-hackers.  My blog on the GM ignition switch recall appeared on June 9, 2014 at http://engineeringethicsblog.blogspot.com/2014/06/the-switch-from-hell-gms-barra-and.html.

How Neutral Is the Net?

Earlier this month, President Obama asked the U. S. Federal Communications Commission (FCC) to classify the Internet as a public utility in order to preserve net neutrality.  While in principle the FCC is an independent regulatory authority, it usually takes the President seriously, and this proposed action led to both cheers and boos. 

The cheering came from mostly liberal observers who see threats to the Internet coming from internet service providers (ISPs), who have expressed a desire to discriminate (either favorably or unfavorably) among their customers.  One form of discrimination that has come up for discussion is that a big outfit such as Google or Facebook would pay ISPs for preferential treatment—a "fast lane" on the Internet so their websites would work faster compared to everyone else's.  Another idea, one that Comcast actually tried to implement a few years ago, is that certain types of Internet services that hog bandwidth (such as file sharing of music and videos) could be artificially slowed or discriminated against.  In that case, the FCC told Comcast to quit discriminating, and it did.  But more recently, similar attempts on the part of the FCC to enforce net neutrality have been struck down by federal courts, which said that the FCC doesn't have the legal authority to regulate the Internet in that way.  Hence the President's call to reclassify the Internet as a Title II public utility, which refers to a section in the FCC's enabling legislation that was originally intended to cover things like the telephone network.

And that leads to the boos, coming mainly from conservatives who see danger in letting the FCC treat the Internet basically the same way it treats the phone network.  Hidden on your phone bill is a little item called the Universal Service Fee.  On my cellphone bill it's $2.22 a month.  It was originally intended to provide subsidies for rural telephone service, but like most government fees and taxes, once it was planted as a tiny seed it put down roots and is now a mighty oak of revenue for the FCC, which supports itself entirely on fees.  If the phone network was not classified under Title II, the FCC could not assess this fee.  But such fees can be charged to a Title II service, which the Internet would become if the FCC does what the President asked it to.  That doesn't mean we would instantly start paying fees as soon as the FCC reclassified the Internet, but it does mean that they would have the legal right to.

From the viewpoint of consumers, it's hard to make an argument that a non-neutral net would be anything but bad.  The net (so to speak) effect of a non-neutral net would be to restrict access to something or other—either the firms that couldn't afford the extra fees that the ISPs want to charge the Googles for fast-lane services, or the types of services that cause ISPs headaches such as certain file-sharing activities.  But how neutral is the net today?

The picture is sometimes painted of a happy, absolutely free Internet world where equality reigns, versus a dismal, corporate-dominated few-rich among many-poor non-neutral Internet that the liberals warn us may happen if we don't guard net neutrality.  The facts are otherwise.  Right now the Internet is a great deal less neutral than it used to be.  If you don't belong to Facebook, for instance (as I don't), access to that world within a world of social media is highly restricted from you.  This has come about not because of anything an ISP has done, but because Facebook, in order to operate, requires certain information from you before you join, and hopes your signing up and consequent Facebook profile will attract other viewers.  Many of the various Google accounts and services work the same way.  My point is that there are huge regions on the Internet that are closed to you unless you pony up something to get into them (not necessarily cash), which is basically what the net-neutral advocates say will happen unless we preserve net neutrality.  But it already happens.

And what about people who live in areas that have slow or no access to the Internet?  It's not neutral to them.  Nobody has gone so far as to say every citizen of the U. S. has a right to X megabits per second access to the Internet.  But there was a time when the idea that everyone should have access to a telephone was a radical notion that telephone companies fought against, until the Bell System decided to join instead of fight and willingly put itself under the supervision of government authorities in exchange for promoting universal access. 

As I blogged in this space a few years ago, when you have a large network that thrives on maximizing the number of people connected to it, any artificial attempt to limit that access damages the system.  And over time, most such systems have ways of figuring this out, and tend to rid themselves of such restrictions.  But government fees and regulations are another matter.  It took years of court battles to free up the phone system from the old-style regulated monopoly pattern that was appropriate to the technology of 1945, but by 1980 was outmoded and needed to change. 

By and large, the Internet has stayed fairly neutral, not so much because the players all have a principled commitment to net neutrality, but because restrictions that move it in the non-neutral direction tend to harm the system as a whole.  My own inclination is to let things more or less alone, rather than reclassifying the Internet into a category that would make it vulnerable to a whole array of regulations that might be well-intended at the time, but could become albatrosses around the neck of a technology that has so far proved to be quite agile and dynamic.  But whatever happens, we should all realize that net neutrality is an ideal that has never been completely realized in practice.

Sources:  President Obama's statement on favoring FCC action to preserve net neutrality was announced on Nov. 10, 2014, and is available at http://www.whitehouse.gov/net-neutrality.  I referred to the conservative National Journal's piece on his move at http://www.nationaljournal.com/tech/obama-s-net-neutrality-plan-could-mean-new-internet-fees-20141120.  I also referred to the Wikipedia articles on network neutrality and the Federal Communications Commission.  My blog "Will the Net Stay Neutral if Google Doesn't Want It To?" appeared on Aug. 9, 2010.