Today I was catching up on aging Facebook postings and happen to read this one from an old colleague:
Just saw the message in Chrome saying that in V70 some certificates will be distrusted and not load. I understand the security concerns.
But how am I supposed to build long lasting infrastructure when things can simply break because of events outside my control. My light switch (AKA the app on my wall devices) is supposed to work for a decade unattended. Is IoT just a joke?
Fortunately I don’t think I depend on those certificates but I am on notice that I better not build any persistent technology using the Internet.
Imagine building a bridge and discovering one day that you particular brand of steel bar has been recalled and suddenly all your bridges have been disabled.
(Woz and 13 others liked this.)
Now I know just a little about computer security but much more about the use of highly technical knowledge in social contexts. I’ve been interested in the public (as portrayed on radio news) is responding to reports of personal profile data being harvested from Facebook and other online sources such as you “smart refrigerator”. Such privacy questions have been relevant to me since my phone was tapped during the Vietnam War and Capt’n Crunch was whistling into long distance phone lines. So I made the following reply to Bob which started a little dialog with another poster, Karl:
Liza Loop We humans have created a new information environment that we haven’t figured out how to survive in yet. All our instincts about privacy are now inadequate. So you’re right, certificates and IOT security cannot be trusted at the moment. For me it has been a 50-year moment. My solution is, if you don’t want the world to know about it, don’t put it on a device that connects to anything else. This is analogous to keeping your mouth shut. Most of the time I just don’t care who knows what about me. When I do care, even paper isn’t secure enough. Don’t write it, don’t tell a “friend”, and most of all, don’t store it on a computer even the itty-bitty one in your doorbell. Maybe we’ll have a better solution in another 50 years.
Karl Schulmeisters actually Liza its worse than that. As Dwork shows with her differential privacy work, if there is a statistical database about human beings that is correlatable to external information – you or your device need not even be in the database to have data exfiltrated about you
Liza Loop Ya, I know. Someone is always watching and we have almost no control over that. But those who are currently making a lot of noise about privacy violations might do well to attend to the information they set loose with their own actions. When I post here on Facebook I don’t blame Zuckerberg for the outcomes, intended or unintended, his or mine. My point is that this is a broad human culture issue unleashed by technical change, not something we can fix with a few government regulations.
Karl Schulmeisters healthy way to look at it
Liza Loop Healthy is ok but we still need to figure out what to teach our children about privacy. Any suggestions? Of course they will only adopt part of what we try to tell them but I’m always surprised at how much my attitudes influence those of my children and grandchildren. When humans live in periods of radical environmental change, parenting, schooling and other forms of cultural transmission can impact which genetic lines survive and which die out. I think we happen to be living in such a critical period that it’s worth asking questions about topics like privacy and doing our best to think systematically about the possible future consequences of our current decisions. Blaming others isn’t very effective. As Pogo said, “We have met the enemy and he is us”.
Another person, someone with a background in security and cryptography popped into the conversation and tried to help me out by suggesting that I
Either tell them you don’t use surveillance apps from companies owned by greedy sociopaths, or that you do.
Your choice.
Then Bob, the person who started this conversation, added:
Bob Frankston This whole FB as your credential is an issue in itself. I try to avoid using FB as my credential. But this is another deep topic.
This discussion illustrates the problem I’d like to address. The lay public, large numbers of people who don’t understand what the phrase “FB as your credential” means, are the carriers of culture, the people who get interviewed and express opinions to the broadcast media and who vote for or against the legislators who enact our laws. I did find a 2015 CBS News article that explains the process but how many people actually question what’s going on when they see this 
on their screen? And whose responsibility is it to understand what you are doing when you follow a suggestion on your screen?
In my opinion the online world, cyberspace if you will, is a whole new ecological niche, one in which we don’t have any multigenerational experience. We don’t know what rules and customs will protect us and which will lead to extinction. Trying to hold businesses like Facebook or national governments responsible is kind of like blaming the shore for having a rip tide that sweeps us out to sea and drowns us. Sure, the local government can put up a few signs to warn us of the danger. Eventually our tribe will learn where it’s safe to swim and where to stay out of the water on this island. But a lot of lives will be lost in the process. Or, in the information case, a lot of privacy will be violated. In the meantime, I take the stand I posted to Bob: if you want to keep it private, don’t put it on a computer that is EVER, IN ANY WAY, connected to the internet.