In his 1962 book Profiles of the Future: An Inquiry into the Limits of the Possible, science fiction writer Arthur C. Clarke proposed his third and final “law” of prediction — he felt he had to propose no more laws because “as three laws were good enough for Newton, I have modestly decided to stop there.” The three laws are:
- When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is very probably wrong.
- The only way of discovering the limits of the possible is to venture a little way past them into the impossible.
- Any sufficiently advanced technology is indistinguishable from magic.
I’ve always loved Clarke’s work in general, and this last law in particular, but hadn’t really thought about it much for a while. In the past few weeks a couple of news stories and a TV magician have made me wonder about the validity of Clarke’s third law and some of the hidden dangers that lurk when we start to think of technology as magic.
Technology as Magic … or Magic as Technology
The first thing that got me started thinking about these issue, in a very round about way, was seeing some of short video clips of the “Carbonaro Effect.” A large part of this magician’s schtick seems to be to play off people’s belief that technology can do what otherwise would clearly be impossible — pretty much the inverse of Clarke’s third law. I’ve included a few of my favorites below (they play in sequence) — I particularly love the Bluetooth label on the self-tying shoe laces…
The tricks are funny, and he seems to be pretty good at his craft, but what really got me was his technique of weaving “techno-speak” into his setup, as well as the reaction of people trying to justify what they saw with technology. I would love to know the ratio of people that were taken in by these tricks, to the ones that rejected the whole set-up, especially the technology aspect. Anecdotally however, I suspect that technology really has reached a point that for many of us as to become indistinguishable from magic — maybe in ways not as far-fetched was as Carbonaro uses, but magic nonetheless. I suppose that if you could travel back only a few years in time with an iPhone, you could buy yourself a crystal ball, and use Siri to make a LOT of money.
The first news story that made me continue to chew on the tech-magic relationship was one detailing a serious potential security exploit involving USB device that is being called BadUSB. The story detailed the very scary possibly that, for instance, “friendly” USB thumb drives could be modified to do evil things to your computer, and in such a way that current computer security systems can neither stop nor even detect the attack. To me this is not just a scary story, there’s “magic” in there as well because the exploit works at such a deep, deep level (hence its current undetectability), that to almost everyone it’s incomprehensible, so instead it becomes easier to just think of it as an evil spell being cast on your USB device — evil computer magic.
Given the complexity of today’s technology it is no wonder that much of it is, for most of us, beyond even broad conceptual understanding. I fancy myself as a fairly technology-savvy person, having built many computers which have run multiple operating systems, and for uses ranging from thin clients to servers. To some degree my understanding of computers is much like the understanding that I had as teenager when I took apart and rebuilt my first car’s engine — by no means could I design or build an engine from scratch, but my knowledge of the components and how they worked together allowed me to troubleshoot the engine and figure out what needed to be done, and in almost all cases, fix it. For most of us the USB exploit above cannot be understood, troubleshot, or fixed, and to use the car analogy, our thumb drives starts to look a lot like Stephen King’s evil car Christine.
The Tale of the Stolen Photos
The second story that got my attention was the scandalous theft/hack and release of photos from celebrities’ Apple iCloud accounts. These stolen media files of famous to semi-famous personalities were released on the Web around September 1 this year. All of the images and video clips seem to have been “shot” on iPhones and stored on Apple’s iCloud. The details of how this theft took place is still evolving, but the consensus seems to be that it is a combination of very weak passwords (or poor password management) on the users’ ends, as well as security flaws on Apple’s part (since corrected) which allowed for brute-force password attacks.
I think Mark Rogowsky is mostly right in his Forbes article where he does not blame iCloud users for this breech by saying that:
What’s wrong is that security is too damn hard and the way all of this works is beyond incomprehensible. I defy anyone to accurately explain how iCloud photo backup currently works.
The issues that he’s bringing up at the end of that quote is that software developers, Apple included, in part are now building software that should resemble magic — you take an action … [magic happens] … wonderful results. So you take a photo on your phone … [magic happens] … and that photo is now also on your computer, your tablet, etc. In many cases it seems like developers have decided that explaining the details of the [magic happens] is not needed and to some degree ruins the “magic effect.” So we’ve ended up with systems with no manuals, “how to” or even tutorials explaining best practices or possible security issues. We have systems whose workings are incomprehensible.
In the specific case of iPhones and iCloud, users’ photos were set to automatically upload to iCloud so as to perform the magic outlined above, but in the meantime I strongly suspect that very few users were aware that all of the photos they’ve taken with their phone are online as well, sometimes even after they delete it from their local device. Add a weak password to this mix … [evil magic happens] … and presto, you have a scandal.
Some questions that come to mind for me, that perhaps we should all be thinking about in this world of technological magic.
- What, if any, responsibility do software and hardware developers have to help end users understand their products and how they function, at least at a very conceptual level, so they don’t get themselves in trouble?
- What, if any, responsibility do consumers have to educate themselves about the technology they are using, at least to a degree where some of the potential pitfalls and dangers become visible?
- What, if any, responsibility do we in the “consulting” world have to educate end users and to demand better information from developers, when we see largely undocumented products being used in potentially risky ways?
- If none of the above happens, or actually unless it all happens, how long will it be until we end up buying Bluetooth shoe laces and take a big fall?