Culture / IoT Edge Computing / Security / Technology

Roasting the Consumer Electronics Show’s ‘Worst’ Products

16 Jan 2022 6:00am, by
John Deere autonomous tractor

Just as last week’s Consumer Electronics Show (CES) was wrapping up, some technology advocates released a video highlighting not the best-in-show exhibits, but “The Worst in Show.”

But rather than the usual internet snark, their video was an attempt to thoughtfully explore some of the biggest technology issues of our time, from security and the need for government oversight to decentralization and energy consumption.

The event’s host was activist/blogger/science fiction author Cory Doctorow, who promised the presentation would highlight “the hidden or maybe not-so-hidden and completely foreseeable failure modes of these gadgets — and what they say about the state of the industry today.”

Streamed live on January 7, the video was the work of the Repair Association, a trade association representing over 400 companies in the repair industry as well as consumer advocacy groups like Consumers Union, digital rights groups like the Electronic Frontier Foundation (EFF), and environmental groups like Silicon Valley Toxics Coalition. This is the second year that the group has released a post-CES video.

But after decades of attending CES shows, Doctorow noted in the video that while a new product may get its glitzy demonstration, “what none of the people will ever do is tell you how it will fail.”

Negative on NFTs

The “worst in show for the environment” award was announced by Nathan Proctor, head of U.S. PIRG: Samsung’s new NFT Platform. It allows Samsung’s massive OLED TV screens to display NFT artworks (and also sell and buy them).

Proctor began by criticizing the whole concept of NFTs, later describing it as using digital identifiers to allow people to “fake own things” — foisting a kind of simulated scarcity onto digital images that are otherwise endlessly reproducible.

Highlighting the greenhouse gas emissions ultimately created in the lifecycle of an NFT artwork (as well as from the Ethereum used to purchase it), Proctor described NFTs as a kind of Beanie Baby craze for crypto-tech bros, “if Beanie Babies required massive, continual energy consumption on a warming planet to remain corporeal.”

But Proctor expanded on the topic later in the video. When it comes to energy consumption, he said, “if we think that blockchain technologies and these other things should be here to stay, we need to set up some guidelines… There are ways to get blockchains that don’t use so much energy, and we should limit their expansion until they can hit those goals.”

One improvement could be as simple as using the more energy-efficient proof-of-stake technology for validation rather than the current proof-of-work setup, which requires a continual solving of arbitrary math calculations. But another approach might be simply disclosing energy consumption more prominently to potential consumers of blockchain-based products like NFTs.

“Maybe you wouldn’t buy that $63,000 lazy lion sketch, or whatever people are doing, if you knew that it was also the same thing as burning 65 acres of forest in the Amazon,” Proctor said.

Cindy Cohn, executive director of the EFF, pointed out that there’s always a possibility that the free market will quash Samsung’s NFT-enabled television screen — that “there aren’t enough people who want to buy this kind of thing.”

However, even Cohn acknowledged later that she was excited about the decentralization promise of Web3. “I didn’t get into the internet so that there were five big companies that controlled everything,” she said. “Decentralization and smart uses of things like blockchain technology have a lot of promise.

“And I think it’s incredibly distressing that the things that are showing up as some of the first uses of things are so problematic environmentally, they’re so problematic — kind of just like common-sensically. ”

The Trouble With Tractors

The award recognizing the “Worst in Show” for security was presented by Paul Roberts, founder of the group SecuRepairs (a coalition of IT and security professionals advocating for the right to repair consumer technologies). Roberts selected John Deere’s fully autonomous 8R tractor, pointing out that a remote software breach here could ultimately affect major real-world infrastructure.

“From a critical infrastructure/national security perspective, a fully autonomous, software-controlled,  remotely controllable tractor could be simply bricked — rendered useless,” Roberts said, extrapolating to the possibility of actual food shortages.

When it comes to Deere, Roberts wrote in a blog post, consumers are left with “a lot of red flags in the software and services the company has deployed, while the security of its hardware remains a black box: hidden from researchers and the larger information security community.”

To be fair, Roberts acknowledged in the CES video that “any company that makes any software, let alone multi-ton robotic equipment that constitutes millions of lines of code, is going to encounter security problems.”

But this underscores the importance of a company’s security culture — where Roberts says Deere comes up short. He noted a 2021 compromise of not only myJohnDeere.com but also the Deere operations center site controlling actual Deere equipment deployed in fields.

Roberts accused Deere of “security washing” — sending their chief security officer on a press tour while launching a bug-bounty program with HackerOne (which in reality exempted hardware from scrutiny).

So where could that lead us? Later in the video presentation, Roberts even painted the dire scenario of “robotic arms swinging in the field and killing people” because of “somebody in Ukraine.” Doctorow said the technology reminded him of Theodore Sturgeon’s 1944 horror novella “Killdozer” (adapted into a 1974 made-for-TV horror movie).

But a questioner from the audience asked how you can ever reconcile our hopes for autonomous vehicles — or even any internet-connected devices — with the ongoing fear of their being remotely breached … or remotely bricked.

“How you have those is to reward transparency on the part of device makers,” Roberts responded. “And the problem with companies like Deere and others is they want to practice something called Security Through Obscurity. Which is, ‘If we just don’t talk about security, if we just don’t let any of the details of the vulnerabilities in our products slip out there, then we’re secure.’ And, of course, that’s not true, because cyber-criminals and hackers are always very motivated.”

The makers of autonomous vehicles should always be held to the highest security standards, Roberts argued. “Let’s mandate by law that they open their platforms to security researchers to independently verify the security of those products.”

Research Hurdles ‘Aren’t Serving Us’

Later in the video, Cohn cited the more general legal hurdles to research into security/privacy/environmental issues — hurdles that “don’t have to be there and aren’t serving us.”

Cohn cited a variety of legal barriers, from the Computer Fraud and Abuse Act and Digital Millenium Copyright Act to contracts with restrictive non-disclosure agreements. She also mentioned “other kinds of limits on what the people who want to know how things work and fix them … now face if they come and try to figure out what’s going on with the security or the other privacy issues of these devices.”

Last year, over 25 states introduced right-to-repair bills, according to another of the CES video presenters, Kyle Wiens, CEO of the repair site iFixit. Proctor urged people to express their support for right-to-repair legislation to their state legislators (pointing them to Repair.org for more information.)

“When I look at technology, I see the potential to solve basically every problem that humanity has, but instead of solving those problems, they’re dreaming up ways to spy on us while we’re sleeping, or in our cars,” Proctor said. “I think the public needs to invest in our public governance. We need to get serious about taking our opportunity as citizens to make the world a better place.”

But when it comes to John Deere’s tractor, the Repair Association’s Executive Director Gay Gordon Byrne added that “There are so many things wrong with this product, and it’s not the autonomy — it’s how it’s executed.”

For starters, she said, the massive tractor requires constant internet connectivity just to function. And  there are  also the issues of repairability —how, if you can’t replace a digital part, “you don’t have a functional machine.”

Byrne points out that Deere’s tractor was also the winner of an online poll for “worst in show.” And then Doctorow quipped dryly that “Last year John Deere took top honors in our Worst in Show. It’s good to see them back again with another strong showing in the Dystopia-Watch category here.”

But he added on a more hopeful note, “It’s nice to see that the broad public is getting the message, that allowing one giant, union-busting profit-taking, rapacious, ag-tech company to corner the market on how we get our food — and then just turning them loose to do whatever they want with the machines that are necessary — is probably not the path we need to a better future.”

Deere’s tractor led Doctorow to reiterate what he sees as another important principle for autonomous technology: that the person using a device should always be able to override a machine’s pre-programmed instructions. “There’s so much paternalism that says, ‘Well, what if you make a foolish decision with your autonomous car?'”

Doctorow’s response underscores how technological design decisions can have very real-world consequences. “People do sometimes make foolish decisions, but the reality is that the person who is in the driver’s seat as their autonomous car hurtles 80 miles an hour towards the median is better suited to decide how the software should operate than the design committee that met a thousand miles away five years ago to craft the software’s response to it.”


WebReduce