11th June 2014
Watchdogs: The future of cities
Warning: This article may contain Watchdogs storyline spoilers
There are many contentious debates at the moment regarding the amount of personal data that companies collect, who owns the data and who is in charge of keeping it secure. In this blog post I want to highlight how some of the big companies are (or potentially could be) collecting personal information through a variety of means and how this could translate into a world similar to that portrayed in a recent multi-platform game release, Watchdogs.
Watchdogs is an open world game based on Chicago, where Blume (a company with some striking comparisons to Google) have installed the highly connected CTOS operating system across the whole city, allowing the player to hack in to control cameras, traffic lights, doors and other city infrastructure. The player uses his hacking abilities and CTOS to slowly unravel the cities secrets and ultimately who is responsible for the death of his niece, who died in a attempted assassination. Over the course of the game the player slowly discovers that Blume, CTOS and Chicago aren’t as rosy as they first appear. The interesting thing about the game is that it’s not entirely inconceivable.
Game developers chose Chicago as it is one of the most surveilled cities in the United States. Its has a history of crime and gang violence but also a history of technology uptake, apparently reversing the flow of the river so as not to drink their sewage(Ubisoft). But also it has a diverse range of urban landscapes and infrastructure, reflecting most american cities and also makes it engaging to play in though the game.
In reality, a company like Google could potentially create an operating system that could run a city. Or at least develop architecture to mine every aspect of city life without the bureaucratic tape that is normally involved. Some believed this might happen if they brought the bankrupted Detroit.
Google already has many of the pieces of the puzzle to implement a Watchdogs style reality. It already has the hardware in servers within data centres, as well as phones like the Nexus lines, emails and hangouts for communications. It has acquired various robotic companies (which lead a few to panic over the possibility of them building robotic cyborgs), it brought the Nest startup which allows consumers to control the temperature of their homes remotely, and has the capacity to develop software to control city infrastructure.
CTOS: The pieces to the puzzle
One of the critical parts of the puzzle is system security. Its the ability of Aiden Pearce to navigate around CTOS security that makes the whole game possible. But system security isn’t just an issue in fictional worlds. I shouldn’t have to remind you of the Heartbleed bug (an open SSL bug that could be exploited in order to gain access to secure transactions) and it’s massive ramifications for the whole of the web. When it went public both small and large companies (including Amazon) scrambled to patch the bug before they lost consumer trust. Even as I write this post, there are still many thousands of websites hosted on servers with the Heartbleed bug still unfixed.
Crypolocker is yet another computer virus that has made news recently, as the National Crime Agency(NCA) are trying to crack down on the threat. Cryptolocker is a type of ransomware that is usually encountered by opening what seem like legitimate email attachments from large organisations like Facebook. Once on the system, the virus encrypts user files before showing a popup and completely locking the user out. Usually the virus includes some kind of ransom that must be paid in order to regain access to the files. A timer is also attached to the ransom, when the timer reaches 0 you’re completely locked out. Even if you pay the ransom, theres no guarantee you’ll get the unlock code. The NCA have managed to take down one of the control servers behind the virus so infected computers can’t be locked, but this is not a long term solution.
A few weeks ago Ebay announced that their databases of up to 230million user records had been hacked. They urged all users to change their passwords and beware of phishing emails alleging to be from Ebay.
Its bugs like these that allow uninvited visitors access to our personal data, whether that be via a virus on our computers, an exploit on a server or a database intrusion.
Last week, Apple unveiled Homekit, allowing developers, and soon iOS8 users, to control home appliances via the Apple mobile operating system. Apple hopes to cash in on the rise of home automation, allowing users to control various aspects of their home (from doors to thermostats to lightbulbs) from their phones and tablets. Apple its trying to bridge the gap between users and manufacturers offering a ‘Standardised protocol for devices’ (WWDC Keynote 2014) so that iOS can interact with a variety of home appliances without requiring custom code. The problem with this is that standardising protocols can make the system more vulnerable, as instead of a hackers requiring several hacks to access various items within your home, they only need to circumvent one system. Apple say that security is their number one priority but its only a matter of time before someone finds an exploit.
Apple also unveiled Healthkit (and the Health application), a competitor for applications like Fitbit or Wahoo, offering a ‘single place where applications can contribute to a composite profile of your activity and health’(WWDC Keynote 2014) allowing ‘you to monitor all of your metrics that your most interested in and your activity’(WWDC Keynote 2014). Its gathers data from a variety of sources (including medical establishments!) to create a detailed heath profile of you. Sounds great right? But what would happen if this data were passed to third parties, like your employers, retailers or even Facebook. They could add this data to their pre-existing personal data to create a profile. A consumer profile is a powerful tool to have in your arsenal, with it you can target specific groups of people with products or information with a better return on your investment. Watchdogs begins to touch on this issue, voicing the idea that the vast amount of data collected by CTOS could be used to predict citizen activity and allow for subliminal advertising. Now I’m not saying that Apple are going to start sending you subliminal adverts via your iPhone, but you have to wonder where all the data goes. Who owns your health data? Where is it stored? Is it private?
One of my favourite parts of the Watchdogs game, aside from the hacking puzzles, are the intrusion videos. In these you hack into a building router and can watch the inhabitants via exploited technology like a webcam. Many of the mini storylines are made to be entertaining, Like the video of the guy on his console playing a war game, getting very frustrated and eventually throwing his controller across the room. This secnario, although fictional, is totally possible in the modern day home. Take for example Xbox One Kinect. It allows speech recognition, biometric login, head & limb tracking and video chat with the Xbox console. This inturn allows for a dynamic gaming experience. But what if instead, it was recording everything you do and say with (and infront of) your Xbox and sending that back to Microsoft HQ and/or game developers? Its this scenario that Watchdogs shines a light on.
Microsoft states that it will not use Kinect to spy on its user base, nor will it cooperate with the government by giving out access to the technology and “any recorded images do not leave your console unless you specifically choose to allow it to do so. Your privacy and your ability to control what you and your family share with others when using the Xbox Live service are of paramount importance to us”(Polygon 2013). That said Skype, another one of Microsofts services, was linked to the Edward Snowden scandal and it is reported that it is possible for government agencies to listen in to Skype calls. You can read more about Xbox Kinect Privacy issues here.
But this kind of corporate surveillance isn’t limited to the home. The Google Glass program is part of a new Wearable tech paradigm, allowing users to access and record data during their normal daily lives. Through an Optically Mounted Heads Up display (OMHUD) users (or explorers) can use both Google and third party applications to get directions, read social media posts and search Google, which are amongst a whole host of things planned for the device. But some argue that having a camera mounted to a pair of glasses is invasive. In San Francisco, where Glass is being trailed, there are a growing number of public places that are banning the use of glass, putting privacy above technological advances.
So I wanted to highlight how some of the big companies are (or potentially could be) collecting personal information through a variety of means and how this could translate into Watchdogs style world. I covered a few of the issues relating security that allow hackers access to personal data using computer virus’ and server/database intrusion, highlighting the need to tight security that must surround personal data. This is especially relevant as more personal data is being recorded than ever before, with technology like Fitbit and Apples new Healthkit framework collecting health and fitness data about users. But with this data collection, it is sometimes unclear who owns the data and how it can be used. I discussed the implications of if this health data were distributed and combined with other data. Companies like Facebook, that already have a plethora of data about users including date of birth, relationship status, likes and interests could now combine it with health data to create a full user profile. This allows them to sell it onto advertisers (or whoever wants to buy it) for their own financial gain.
I also covered new technology like Homekit that makes controlling remote assets like those seen within the Watchdogs game, more feasible and the possibility that hackers could bypass the security features they could gain access to your home. This kind of remote technology for city assets is also distinctly possible, especially as big companies like Google begin to enter into city politics.
And lastly I covered Surveillance, something that is prevalent in Watchdogs. Using common hardware technologies, like Xbox Kinect, it is potentially possible to watch people in their own homes. The Edward Snowdon leak highlighted how much surveillance on individuals is going on at a government level, but there is a rising level of corporate surveillance by companies like Google using a multitude of products from phone software to internet searches, social media to wearables to gather personal data.
With all this data being collected about people, key issues must be resolved including that of privacy and security. These must be developed over time, with the input of users to make sure that personal data is exactly that. Personal.