A 5by5 conversation with Sean Murray, Director of software engineering at Advanse about what we can learn from the recent breaches in tech to design a more ethical tomorrow.
Interview by Twisha Shah-Brandenburg and Thomas Brandenburg
“There is only once place a I know where everyone should look to for vision and advice. Science fiction… no, I’m not kidding. It’s the only place where future tech driven utopias and dystopias have been extensively explored. Where the effects of AI (Neuromancer) or Robots (Asimov) have been allowed to wander freely to multiple conclusions.” —Sean Murray
What needs to change in how tech companies scale / grow to have the time think about future implications?
Tech is currently the new wild west… the norms and rules are still being developed. Most people even in tech don’t know what questions to ask about the current impacts of tech, let alone future impacts. Stories about bullying induced suicide via social media, state sponsored electoral sabotage, stealing data from a casino via an IoT thermometer in a lobby aquarium or hacking thousands of machines not to steal data but to steal CPU cycles to mine a cryptocurrency would have been unimaginable 20 years ago and yet all of these stories are incidents that have happened in real life.
Tech currently doesn’t have any incentives to slow down and consider the negative immediate and long term impacts, it’s still a teanager. The rewards for the few unicorn endeavours that do make it to the top are so massive as to dwarf nation states. The revenues and audiences are massive and and trans-national. It is a problem that is expanding beyond the scope of most individual governments.
There is only once place I know where everyone should look to for vision and advice. Science fiction… no, I’m not kidding. It’s the only place where future tech driven utopias and dystopias have been extensively explored. Where the effects of AI (Neuromancer) or Robots (Asimov) have been allowed to wander freely to multiple conclusions.
In short read more Sci-fi, it will help us ask the questions we don’t even know we need to ask!
How do digital interfaces need to change in order to help consumers with different levels of comfort / technology literacy understand what they are participating in?
Every tech device requires some learning… reading/writing is a technology, we don’t think of it as one but it is and it has a very steep learning curve. However the return is well worth the effort. The new tech interfaces are getting better and in particular are getting better for those with various disabilities (i.e. blindness) we can now talk to our devices via Alexa, or google home or via Dragon NaturallySpeaking.
That is just the I/O.. how we input output information… that will get better with time and effort from both producers and consumers. I’m not so comfortable with how oblivious most people seem to be with 2nd part of this question, “understand(ing) what they are participating in”. “If you are not the customer, you are the product” (unknown)… The advertising sponsored content model is not nothing new but I have had countless interactions with people who didn’t understand how Google, Facebook or Twitter make money. Many don’t even know that those companies are advertising platforms wrapped in the content their users create. The really don’t know that they themselve are the product.
The recent Facebook/Cambridge Analytica scandal I hope will help some people understand how they are profiled and how those profile categories are used. The cynic in me does not believe this scandal or will change the advertising model or peoples understanding of it!
How do you think tech based companies should be regulated? What is the level of control that still helps innovation thrive but allows for external oversight that looks out for the safety of citizens?
I don’t think tech should be regulated because I don’t believe it’s possible. What Europe is doing with regard to privacy (General Data Protection Regulation) is what that others countries (USA) should also consider doing. Good regulation is written with regard to the fundamentals of citizen privacy and safety and not with specific tech in mind. Such regulation would protect citizens and even help guide and encourage tech to grow in a positive ways regardless of the actual tech involved.
What are the principles of data security that companies should have top of mind?
Security should always be a high priority. For companies and for individuals. Both are now exposed in ways not before possible. States, companies and individuals, both local and worldwide can steal information, money, intellectual property from almost anywhere. The incentive is high and risks are low. Almost any IT security person will tell you that much of that is caused not by fancy Hollywood like “hacking” but by one of a few primary means…
Known security exploits: That is to say, an operating system, a server program or some other item has a security flaw. Most often there is a fix available but companies/individuals have not upgraded or patched the software because the penalties are low and resources are expensive.
Social engineering: That comes in many forms, as simple as calling up customer support and posing as the customer or employee who say, lost a password. Or, email phishing with bogus links or requests for information.
The costs to individuals are that…individual but the cost to companies are not prohibitive enough because often it’s not even their customers who bear the brunt of the data leaks. The Equifax data breach was of a such a scale, it affected such a large number of people (approx. half the US adult population), most of whom had no direct relationship with the company, that this level of incompetence, with very private financial data should have ensured the company was fined and/or litigated into oblivion. Yet I don’t think it got nearly the coverage it deserved in the press or by lawmakers.
As an individual you must… use a VPN service. Use a password manager. Use a credit monitoring service. Never ever use a debit card… EVER!! Companies need to prioritize patching and upgrading their system in a timely manner and need to audit their IT processes on a regular basis. Government bodies need to severely penalize companies for such data breaches.
What are things that keep you up at night?
I’m amazed that any of this tech works. That it doesn’t all come crashing down. It’s not that it would just affect your ability to play candy crush or get on Facebook. A flaw or security breach could cause water systems to stop flowing, electric systems, banking systems to crash. Our everyday lives now depend very heavily on this software. I have seen how the sausage is made and it is not always pretty and not always stable.
Interested in this topic? Register to be part of a larger community at the Design Intersections conference in Chicago May 24-25, 2018.