The connected world is a complex one but that does not mean our information rights have disappeared

This post summarizes some of the points made in a plenary talk at the Restart Project’s FixFest Repair Conference, held in London on Oct 6, with themes related to what we are working on in the Virt-EU project. Here’s the video.

The internet, so we are told, is now around us and potentially embedded everywhere. But this vision of the ‘internet of things’ masks a fractured landscape of devices that only work on certain systems, of black-boxes that mask the protocols and rules through which things like personal assistants, connected appliances or even autonomous cars collect and share data. This black-boxing of connected systems makes it difficult for the vision of a fully-connected ‘internet of things’ to come to pass: instead, rival companies compete to have their ecosystem be the one that links up your personal assistant, calendar, online shopping, connected appliance and transit app. The connected world therefore has ample opportunity for surveillance and for new forms of marketing.

It also has important implications for how we think about information politics. The right to know about what’s going on around us is often cited as a reason to support a diverse media, to oppose ‘fake news’ and to rally around facts. But a right to know can also extend into a right to repair – as I explored at the Restart Project’s FixFest conference. In discussion with repair advocate Kyle Wiens, I outlined how ‘rights to repair’ now depend on being able to gain access to information about how devices work. Kyle has been advocating for years that people should be able to get access to manuals describing how electronics are put together. But now, changes in technology and its intellectual property rights are confounding the right to repair.

Manuals can provide illustrations of how things work, but this doesn’t work as well when hardware collapses into software. Software firmware is notoriously difficult to completely understand – you can reverse engineer it to see how it works, but this takes a long time and if you only have the ‘compiled code’ – functional software – rather than the firmware itself, it could be difficult to figure out why a device is working the way that it is.

Ownership models are changing too: the ‘right to repair’ is threatened by the move from an ‘ownership’ to a ‘service’ paradigm. This might not seem a big deal, but as North American farmers with John Deere tractors discovered, moving from owning your tractor to paying a service contract on the software that runs it are very different. Kyle and other repair advocates have been working with farmers to push back against these service contracts and allow access by individual farmers.

Service contracts underpin many of the ‘connected objects’ we encounter, and in some cases we violate them as soon as we attempt to examine or repair the device. But some legislation is now coming forward that secures some rights to repair – for example, consumer rights to access manuals and spare parks through European legislation on longer product lifetimes.  Other connected systems demonstrate the complexities of expanding advocacy related to the right to repair.

For example, manufacturers of connected objects such as connected cars may have security concerns about opening up systems.This is partly due to some high profile hacks of connected car systems, for example. Networks of connected objects make other objects vulnerable. So if you leave some open (even to repair) you might have opened up vulnerabilities: hearing aids, pacemakers, etc. These are always cast as being exploitable, and the price for resisting exploitation is often the right to understand how something works.

The security monitoring company PenTest Partners write, “Autonomous vehicles require significant investment to develop, and the output is considered a trade secret. The real-time nature of self-driving vehicles means that this sensitive code must be inside the vehicle, potentially allowing an attacker to access it. How do you allow users to update the firmware without leaking all the details to competitors?”

Some features of Android phones, where individual phones can be modified, and updates made to the firmware held on a central server and then negotiated at the point of the software update, have been proposed as a solution. Again, the objections to this are related to the risks of having networks of connected systems – but also a lack of trust that people won’t use unlocked phones in ways that make them susceptible to malware. The deeper problem is of course that understanding these risks and whether the mitigation works requires the ability to look into and understand them.

That’s why I’m proposing that rights to repair might also now be accompanied by rights to scrutinize systems – the latter secures the access to knowledge and the former the ability to take action using that knowledge in a way that’s meaningful for the communication world we find ourselves in. These rights link with the necessity to be able to examine features of automated or otherwise opaque systems. Yes – the connected world is a complex one, but no, that does not mean our information rights have disappeared.