221118-呼吁數(shù)字環(huán)境主義

C2E」occ92！ou9ll入b\o^！qe29：o\n山：o\?ne2本M\！本e\2本oo：：e\本pe！\exbe\本！2e9uqob！u！ou2oue山e\?！u?本ecpuolo?入本ob！c2.」pe入山9入qe2c\！pe9loo山！u?cp9lleu?eo\o：：e\ueM\eco山山euq9本！ou2\e?9\q！u?ex！2本！u?oue2.」pe?o9l！2本ob\e2eu本：\e2p！qe92,2b9\卜qep9本e,9uq2p9be：n本n\e\e2e9\cp.2p9\e入on\^！eM2ou本p！2b9be\M！本pn29本c2e本@?eo\?e本oMu.eqn.

CenterforSecurityandEmergingTechnology|1

ExecutiveSummary

Thedigitalworldisincreasinglydefinedbyunmitigablerisks.Ourdatacannotbeprotectedatscale.Systemsmakedecisionsthattheirprogrammerswillneverunderstand.Itisnolongerraretoencounterfailuresthatcannotbeaddressedevenaftertheyaredetected.Withthefabricofhumansocietysothoroughlydigital—drivingdecisionsinhealthcare,finance,nationalsecurity,transportation,andmore—nothinglessthanlong-termsocietalstabilityisatstake.

Inthispaper,wearguethatdigitalenvironmentalismistheonlyanswertothesewoes.By“digitalenvironmentalism,”wemeanplacingindividualdecisionswithinthebroadercontextoftheriskseachgeneratesandensuringthattheserisksaredistributedbyintentratherthanbyhappenstance.

Inparticular,wecontestthatthedigitalhazardswenowfacearearesultofcoreassumptionsaboutourworld—keyprinciplesthroughwhichweviewourbasicrelationshiptotechnology.Wecalltheseassumptionsgrand“articlesoffaith,”andprovideanoverviewofthreesuchassumptionsinSection1.

Thefirstarticleoffaithisthattherewas,andcontinuestobe,ameaningfuldistinctionbetweenthedigitalandthephysicalworlds.Putinsimplerterms,theideaisthatbecauseitoncemadesensetoseparatethedigitalfromthephysical,itmakessensetocontinuetodoso.

Secondistheassumptionthattechnologywillalwaysbeabletoameliorateourwoes—evenwhentechnologyitselfisthecauseofourproblems.Statedmorebroadly,thisassumptionhasledustoaworldinwhichtechnologysolvesoneproblem,onlytocreateanother,towhichweapplyanewtechnologicalfix,adinfinitum.

Lastistheassumptionthatlimitlessgrowthcanandshouldleadtolimitlessinnovation—thatis,innovationdrivingpositivefeedbackloopswithinitselfandwithoutend.

Eachofthesearticlesoffaithis,toputitsimply,mistaken.Eachindifferentways,andeachfordifferentreasons.Buteachiscontributingtoadigitalworldthatisfundamentallyunsafeforthosewhopopulateit.

Sowhatdowesuggest?How,giventhedepthofourproblems,arewetosecuretheworldthatwetechnologistsaresobusilycreating?

Weargueforthreecoresolutions,knowingfullwellthatmuchmoreactionisneeded.WedosoinSection2.

CenterforSecurityandEmergingTechnology|2

Thefirstliesinempoweringasingleregulatoryauthority—beittheFederalTradeCommissionoranewDigitalSafetyAdministration—withtheexpertiseandabilitytoenforcethelimitsincyberspacethatwebelievearenecessary.Suchlimitsinvolvethecreationandenforcementofstandardsforsoftwaredevelopment,andsomeformofmandatoryauditingforportionsofdeployedcode.

Secondisequippingsuchanagencywithtoolstoenforcecoreprinciplesofsustainability.Thismeansensuringthatnewcodeanddevicescreateameaningfulimprovementinutilitycomparedtoexistingalternatives,andarenotsimplydevelopedfornovelty’ssake.Italsomeansforciblyretiringunmaintainedcodewhenitisabandoned,aswellasmandatingaccountabilitythroughindependentassessments,or“redteams,”thatarefocusedontherisksofnewtechnologybeforethattechnologyisdeployed.

Lastistheremoval—byCongress,thecourts,regulatoryagencies,oracombination—ofsoftwarevendors’abilitytodisclaimliabilityinitsentiretyfromtheirproducts.Holdingsoftwarevendorstothesamestandardsaseveryotherindustrywill,overtime,reducetheabilityofflawedsoftwaretobeintroducedintothemarket.

Isittoolatetosecurethedigitalworld?Ischangingourcollectiveapproachtotechnologyevenfeasible?

Themomentumisagainstus;wereadilyadmitthatfact.Thearticlesoffaithwedescribeinthispaperaredeeplyheldandevenmoredeeplyingrained.Itwilltakesignificantcommitmentifwearetoreversethesetrendsandtocreateamoresustainabledigitalworld.Wedonotdoubtanyofthesefacts.

Andyetso,too,arethestakeshigh.Wenowdeploycodeforalmosteveryactivity,andwearefastapproachingaworldwheremajorportionsofthesoftwarewerelyonareincomprehensibleandbug-ridden.Alitanyoffailuresthereforeawaitsus.

Thetimetotakeaction,inotherwords,isnow—beforeitistoolate.

CenterforSecurityandEmergingTechnology|3

Introduction

Weare,allofus,swimminginaseaofsoftwareanddevicesbutwithnoperspectiveonwhereweareheadedorthebroaderdangersweface.1Itisneitherlatenoranexaggerationtosaythatthemoreweimmerseourselvesinthedigitalworld,themore

severetherisks.AsElroyDimsonputit,“riskisthatmorethingscanhappenthanwill.”2Andhereweare,madlyincreasingthenumberofthingsthatcanhappen.

Asaresult,wenowfaceaworldfullofunmitigablerisks.Ourdatacannotbeprotectedatscale.Systemsmakedecisionsthattheirprogrammerswillneverunderstand.Itisnolongerraretoencounterfailuresthatcannotbeaddressedevenoncetheyaredetected.3Withthefabricofhumansocietysothoroughlydigital—drivingdecisionsinhealthcare,finance,nationalsecurity,transportation,andmore—nothinglessthanlong-termsocietalstabilityisatstake.4

Digitalenvironmentalismis,wecontest,theanswer—theonlyanswer—tothesewoes.By“digitalenvironmentalism”wesimplymeanplacingindividualdecisionswithinthebroadercontextoftheriskseachgeneratesandensuringthattheserisksaredistributedbyintentratherthanbyhappenstance.

Everylineofcodethatisdeployed,everynewIPaddressthatisconnected,everymicrochipthatisprinted,everyself-modifyingdigitalartifactburiedinsidesomethingelse—eachcarrieswithitimplicationsforthedigitalenvironment.Evaluatingeachlineofcode,device,anddecisioninrelationtotheirimpact,andforcingtheirriskstobepurposefullydistributed,istheonlywaytopreventthefailuresweareotherwisesuretoconfront.Justasnoonesourceofatmosphericcarboncanchangetheclimate,onlythecalculusofmanycan.

CenterforSecurityandEmergingTechnology|4

WhatDigitalEnvironmentalismIs—AndWhatItIsNot

Whenweusetheterm“environmentalism,”wealsomeanconservation,inthesenseofprioritizingthepreservationoftheenvironment,aswellasconservatism,inthesenseofencouraginggradualimprovementsthatde-emphasizerapidchange.Digitalenvironmentalismistherefore,inourview,anapproachtotechnologicaladoptionthatfactorsinbothlong-term(e.g.,futureusers)andcollectiverisk(e.g.,societalimpact)intohownewtechnologiesaredevelopedanddeployed.Thequestionnewtechnologiesshouldelicitisthereforenotsimply“howusefulisit?”butalso“whommightitharmandwhen?”

Definingdigitalenvironmentalismbynegation,however,maybeamorepracticalwaytomakeourpoint.Inthatsense,hereiswhatdigitalenvironmentalismisnot:itisnotdevelopingnewtechnologiesandrushingthemtomarketbecausetheyarenovel;itisnotassessingtechnologyforriskafteritisdeployed,andonlythenapplyingpatchesorothermitigants;itisnotpraisinginnovationforinnovation’ssake.Digitalenvironmentalismisthereforeadmittedly(andfundamentally)atoddswithourcurrentapproachtotechnologicaladoption—anapproachthatplacesnewandfastoversustainable,jeopardizingourprivacy,security,andevenoursafetyintheprocess.

Formany,theterm“digitalenvironmentalism”mightsoundodd—acombinationoftwotermsthatarenottypicallyassociatedwitheachother.Butthesetermsshouldbe,andtheoddityoftheirassociationispreciselyourpoint,notleastbecausethedigitalworldimpactsourenvironmentinmanyways.Forstarters,theproblemwefaceisfarfromabstract.Carbonemissionsfrominternet-connectedentitiesaccountforroughly3percentofallglobalelectricityusageand2percentofgreenhouseemissions.5Thedigitalworlditselfisbuiltonsiliconandreliesonpreciousmetalsthathavelimitedsupply.AniPhonepurportedlycontains75elementsfromtheperiodictable,roughlytwothirdsofthe118elementsknowntoscience.6

Andthenthereiscyberspaceitself:acombinationofnetworks,applications,andsensorsthatdigitallycaptureevermoredataaboutevermoreactivities.7Thisenvironmentrequiresbothsafeguardingandprotectionandyetreceives,whenitcomesdowntoit,preciouslittleofeach—anassertionthatisbynowinarguable,basedsimplyontheprevalenceofsuccessfulcyberattacks.8Itisnostretchtosaythatdigitaltechnology,thedefininginnovationofthelasthalfcentury,hasdeepandunaddressedinsecuritiesatitscore.9

CenterforSecurityandEmergingTechnology|5

Thequestions,then,aretwofold:Howdidwecometoliveinanenvironmentsoplaguedbydownsides?And,moreimmediately,what,ifanything,shouldwedotoaddressthem?

WespendSection1diagnosingtheseproblems,andSection2describinghowandwhywebelievedigitalenvironmentalism,initsbroadestsense,istheironlycure.Forreaderswhoarelessinterestedinourdiagnosisthaninourproposedcure,youwillbeforgivenforskippingdirectlytoSection2.

1.HiddenAssumptions,HiddenRisks

Ifwefindourselveslivinginaworldwecannotprotect,itisnotbecausewe—anyofus—wantedtofindourselveshere.Environmentalhazardsare,bytheirnature,collectivethreats;theyposeprofounddangerstousall.Theyare,ineffect,integralcalculus—theinfinitesumofinfinitesimals.

Thesehazards,includingthoseinthedigitalsphere,arearesultofassumptionsaboutourworld—thatthisorthatindividualactionoreventistoosmalltomatter.Thoseassumptionshaveledustothepresentcircumstance.

Throughoutthisessaywecalltheseassumptionsgrand“articlesoffaith.”10Leftunexamined,thesearticlesoffaithareleadingustoaworldinwhichwefaceaninsurmountablenumberofunmitigablerisks.Therearemanysucharticlesoffaith;westartwiththree.

DigitalVersusPhysicalEnvironment

Thefirstarticleoffaithisthenotionthatthedistinctionbetweenthedigitalandphysicalenvironmentsisbothrealandmeaningful.Putinsimplerterms,theideaisthatbecauseitoncemadesensetoseparatethedigitalfromthephysical,itmakessensetocontinuetodoso.

Themoredigitaltechnologiesweadopt,themoreofouractionsaredigitallycapturedandtransmitted,meaningthat,atminimum,ithasbecomeinconceivableto“optout”ofthedigitalworld.Atmaximum,thismeansthatouractivitiesareasmuchdigitalastheyarephysical,ifnotmoreso.

CenterforSecurityandEmergingTechnology|6

Afewexamples:

Researchershavedemonstratedtheabilitytodetectheartandbreathingratesthroughwirelessinternetsignals,meaningthatanyonewithinrangeofawirelessrouteris,theoretically,exposingtheirvitalsignstosurveillance.11

Ortakesmartphones,whicharenowanecessarypartoflifeformanyofus.12Thesimpleactofkeepingacellphonepowered-onovertimecreatesareal-timemapoftheowner’sactivities,whichcanbetrackedbythirdpartiestodeterminewhotheyareandwhattheyaredoing(bothonlineandoff).13

Indeed,eventheactivitieswetakethatarenotdigitized—suchasrefusingtojoinaspecificsocialmedianetwork—canrevealunintended,personalinformationthatmostwouldnotintuitivelythinkofasdigital.Researchershaveproven,forexample,thattheycaninferwhoanindividuals’friends,family,andprofessionalcontactsarebasedonthe

socialmediaactivitiesofthosearoundthem—evenwhenanindividualexplicitlyrefrains

“Asdigitalactivitiesbecomemoreimportant,andasdatacollectionbecomesincreasinglypervasive,theonce-brightlinebetweendigitalandphysicalnolongerexists.”

fromtakingpartinanyonespecificplatform.14

Allofwhich,inturn,meansthatthereisnosuchthingasthepurely“digital”worldinpractice.Asdigitalactivitiesbecomemoreimportant,andasdatacollectionbecomesincreasinglypervasive,theonce-brightlinebetweendigitalandphysicalnolongerexists.15Itismoreandmorecommon,forexample,forcyberattacksthemselvesto

createdirectphysicalrepercussions,aswhenaransomwareattackonahospitalallegedlyledtoapatient’sdeath,16orwhentheNotPetyawipercollapsedglobalsupplychains17—thelistislongandgrowingfast.

Itnolongermakesanysense,inotherwords,tothinkthatsimplybecausethedangersofsoftwareareembeddedincode,thatsuchdangersaresomehowlessconsequential.Toimaginethatwecanstillseparatethedigitalfromthephysicalistoignorethemostinconvenienttruth.

Malthus’sGrandLesson

Overtwocenturiesago,aneconomistandclericnamedJohnMalthuspredictedthatthehumanracewouldsoongrowtoasizethatwasunsustainable—thatwehumanswouldceasetobeabletofeedourselvesgivenexistingenvironmentalconstraintsand

CenterforSecurityandEmergingTechnology|7

922oc!9本eqcLob入!elq2.n2!u?qeebl入cou^!uc!u?9L?n山eu本2,n9l本pn22poMeqpoM本pepn山9ubobnl9本!ou?LoM2exboueu本!9ll入o^eL本!山eMp!leeu^!Lou山eu本9lLe2onLce2?LoMl!ue9Ll入.luo本peLMoLq2,pn?eboL本!ou2o：pn山9u!本入MeLeqe2本!ueq：oL山9luonL!2p山eu本,

：9山!ue,9uqnl本!山9本eex本!uc本!ou.

Mp9本n9l本pn2q!quo本卜uoMM92本p9本本ecpuolo?入MonlqbLe^eu本p!29boc9l入b本!cbLeq!c本!ou2：Lo山co山!u?本Lne:本pe2本e9山eu?!ueMonlq山9卜e2nbbl入cp9!u2山oLee：：!c!eu本,eu9pl!u?：92本eL山o^e山eu本o：?ooq29cLo22M!qeL9Le92:qe^elob山eu本2!u9?L!cnl本nL9l本ecpu!dne2Monlq!ucLe92e：ooq入!elq2M!本pon本Ledn!L!u?山oLel9uq:

e^eu本n9ll入,：eL本!l!本入本ecpuolo?!e2本pe山2el^e2,2ncp92cou本L9ceb本!^e2,Monlqeu9ple山oLecou2c!eu本!on2：9山!l入bl9uu!u?：oL本po2eMpoconlq9cce22本pe山.

」pe：9c本本p9本n9l本pn2M92MLou?—!uqeeq,poLLeuqon2l入MLou?—M92l9L?el入qne本o本ecpuolo?!e2Mpo2eqe^elob山eu本peM92nu9M9Leo：9uqMpo2e2ncce22peconlquo本：oLe2ee.」p9本q入u9山!cp92?!^euL!2e本o本pe2ecouq,ceu本L9l9L本!cleo：：9!本p：oL山o2本!up9p!本9u本2o：本pe!uqn2本L!9l!之eqMoLlq:本p9本本peLe!2uobLople山本p9本本ecpuolo?入c9uuo本：!x./o山9本本eLpoMp!?本pebLople山,本peL!?p本本ecpuolo?入—pn山9u!本入，29p!l!本入本ocollec本!^el入：92p!ouop?ec本2!u本o本ool2—M!ll2ol^e!本,?!^eueuon?p本!山e9uq本pebLobeL

!uceu本!^e2.no本peL/ece22!本入M!llLel!9pl入p!L本p!u^eu本!ou292Ledn!Leq.OL2o2ncp本p!u卜!u??oe2.

」p!29bbLo9cp本o本ecpuolo?入!2ouq!2bl9入e^eL入MpeLe.B!llC9本e2,本pe：onuqeLo：n!cLo2o：本,p922本9本eq本p9本本peoul入M9入本oco山p9本cl!山9本ecp9u?el!e2!uqe^elob!u?

eu本!Lel入ueM“?Leeu”本ecpuolo?!e2.18l本nuqeLl!e2本peuoM-co山山oubl9cecl9!山2本p9本9L本!：!c!9l!u本ell!?euceM!ll2ol^epn山9u!本入，2p!??e2本bLople山2,：Lo山c入peL2ecnL!本入本oq!2e92e.luqeeq,!本：oL山2本pe：onuq9本!ou：oL山oqeLuecouo山!c本peoL入,Mp!cp922n山e2cou2本9u本?LoM本p本pLon?pl!山!本le22!uuo^9本!ou—oL,!uo本peLMoLq2,9u!u：!u!本e2edneuceo：ueM本ecpuolo?!e2pe!u?!u^eu本eq本o山ee本onLueeq2.19

V2匕ou9lq匕e9?9uouceexbLe22eq!本:“」peLe9Leuo?Le9本l!山!本2本o?LoM本ppec9n2e本peLe9Leuol!山!本2o：pn山9u!u本ell!?euce,!山9?!u9本!ou,9uqMouqeL.”

」oMp!cpMeL9!2e本peop^!on2dne2本!ou:Mp9本!：本pe2e922n山b本!ou29LeMLou?s

Mp9本!：本peLe!29bo!u本—9pLe9卜!u?bo!u本—MpeLe本pebLople山2Me：9cec9uuo本pe2ol^eqp入ueM本ecpuolo?!e2sVuq,：nL本peL山oLe,!：本p!2!29bo22!p!l!本入,poMMonlqMe卜uoMMpeuMeMeLeue9L!u?本p9本bo!u本o：!u：lec本!ous

2本9本eq山oLepLo9ql入,本p!2922n山b本!oup92leqn2本o9MoLlq!uMp!cp本ecpuolo?入2ol^e2ouebLople山,oul入本ocLe9本e9uo本peL,本oMp!cpMe9bbl入9ueM本ecpuolo?!c9l：!x,9q

Ceu本eL：oL2ecnL!本入9uqE山eL?!u?」ecpuolo?入l8

infinitum.Iftechnologybrokeit,inotherwords,thenmoretechnologymustbeabletofixit,whateveritwasthatwasbrokenandwhatevertheresourcesrequired.20

Thereare,however,someproblemsthatsimplycannotbesolvedbynewtoolsortechnologies.21Toreaderswhomightobjecttothistruth,wehaveonlyoneresponse:welcometoreality.Youmaynotlikeitslimitationsoritsdictates,butyourfeelingsarebesidethepoint.

LimitlessGrowth,LimitlessInnovation

Anexpectationoflimitlessgrowthassumeslimitlessinnovation—thatis,innovationdrivingpositivefeedbackloopswithinitself.Shouldyourdesirebelimitlessgrowththendebatinglimitstogrowthisfutile;limitswouldonlyharmtheoverallaimofgrowth.

Fromthisstandpoint,onemightsaythatwefaceabinarychoicebetweenfree-running,limitlessinnovationontheonehandandenforcedstasisontheother.22Anyconstraintplacedoninnovationwilltoywiththosepositivefeedbackloops.Wewillneverknowwhatmighthavebeenhadwenotheldback.

Let’sstartwithsomeexamplesofthisapproachtoillustrateourpoint.HereishowJeffBezos,amongthemostinfluentialvoicesinthetechnologyindustry,viewstheproblemoflimitlessinnovation:

Earthisfinite,andenergyusagehasgrownsomuchthatitwillsoon...straintheresourcesofoursmallplanet.Thatwillleaveuswithachoice:acceptstaticgrowthforhumanityorexploreandexpandtoplacesbeyondEarth.23

Bezos’argumentpositsabinarychoice:embracelimitlessgrowthand,therefore,theneedtoconquertheuniverse,orconstraingrowthandtherebyconserveourenvironment.(Iftheformersoundsliketheoutlookofanalienspeciesbentonconsumingtheuniverse’snaturalresourceswithoutend,everythinginlifeisamatterofperspective.24)

Itisworth,ofcourse,statingthatthisoutlookisaboutmuchmorethanspacetravel—yes,ittouchesontraditionalenvironmentalconcerns,butalsodeeplytechnologicalonesaswell.Theideaofa“carryingcapacity”isrelevantnotonlytohumankind’sextractiveinteractionwithafiniteplanet,butisalsoageneralinferenceabouthowmuchperturbationanecosystemcanendurewithoutanextinctionevent.

Indeed,thereisadirectlinkbetweentheeconomicassumptionsdemandingendlessgrowthandthespecifictechnologiesthatshapethedigitalworld.Oneofthemain

CenterforSecurityandEmergingTechnology|9

economicmodelsshapingventurecapitalists’approachtonewtechnologies,forexample,isexplicitlyfocusedontheabilityofnewinventionstobemonetizedandpumpedintoanever-expandingmarket.25Theveryideaofan“informationeconomy”wasinspiredbythisapproachtonewtechnologies.26

Thesameassumptionsfamouslyholdtrueforphysicalhardware,notjustsoftware.Moore’sLawlongdefinedthecomputingindustry’sexpectationsfortransistors,thatthedensityoftransistorsonamicrochipdoubleseverytwoyears.Thishas,moreorless,heldtrueforthelastfivedecades,andisbasedontheassumptionthatgrowth—andinthiscase,microchipinnovation—canandwillcontinue.27

Itmayseemobvious,buttheseassumptionsdriveeverythingfromthe$200billioninvestedinearly-stagestartupslastyear,tothe932billionmicrochipsmanufacturedin2020.28Withoutendlessgrowth,therewouldbealimit—atleastintheory—totheproductionofbothdigitalandphysicalgoods.

Indeed,changethroughinnovationhasbecomenotjustthemantraofthedissatisfied,butthecoresourceoftheadhesionbetweeninvestorsandtechnologists.Fastchangeiswhatbirthsfirstmoveradvantage.Fastchangepromisestoleveltheplayingfieldbetweenincumbentsandupstarts.29Fastchangeisparanoia-inducing.30Fastchangemakesshort-termthinkingtheonlywaytofly.31

Thetechnologytreadmillisperpetual,andwearetokeeprunningonit,allofus,lestwefallover.CuetheRedQueen.32

Andnowwefocusonrisk:attemptingtomakesafe,orevenunderstand,acodebase,asetofhardwarecomponents,oranyenvironmentismadedifficultinproportiontoitsrateofchange.33Ifthatenvironmentisconstantlyandrapidlyexpanding,itscomplexity

andinterdependencieseverincreasing,thenmanagingsuchrisksbecomesasymptotically

“Bynow,itshouldbeclearthattheproblemisenvironmentalinthatterm’sbroadestsense.”

impossible—rebuildingthelandinggearwhileinflight,sotospeak.34Sure,wecanmakeprogressaroundtheedges,butthegameofriskmanagementislostbydefinitionbeforeitevenbegins.

Bynow,itshouldbeclearthattheproblemisenvironmentalinthatterm’sbroadestsense:wecannotprotectasetofresourceswedonotunderstand,whosecomplexitysurpriseseventhemostwell-resourcedactors,whoseinterdependenciesarediscoveredonlywhendeployed,andwhoseindividualcriticalityisduenottodesignbutrathertothesimplecalculusofmassadoption.We

CenterforSecurityandEmergingTechnology|10

are,inaveryprofoundsense,unsafeforaslongasweliveinanenvironmentthatwecannotquantifiablysecure.Andifweareunsafenow,ourinsecurityisdestinedtogrowwitheachincrementofcomplexity.35

Weareaddicts,allofus,adoptingevermoretechnologiesthatcannotsaveusfromthedangerstheycreate.Itisourarticlesoffaith,eachoneofthem,thathaveleftusinanenvironmentwecannotcontrol,littlelesshopetosecure.

2.WhattoDo?

Aretherealternativestolimitlessgrowth?Doesthebinarychoicebetweenstasisandinnovationprecludeathirdway?

Wehavedeep,itseems,andseriousproblemsintheworldoftechnology.Forreaderswhohavemadeitthisfarinthisessay,thatmuchisclear.Thequestion,then,ishowtheassumptionswedescribeabovecombinetocreatetherisksthatarejeopardizingourenvironment.Moretothepoint,whatarewetodoaboutthemoncediscovered?

Butfirst,twodisclaimers:Tobeginwith,therecommendationswemakeinthissectionarenationalinflavor—whileallenvironmentalthreatsareglobal,allpoliticsare,astheysay,local,whichformsthereasoningbehindourfocusontheUnitedStates.Weareundernoillusion,however,aboutthescaleandscopeoftheproblemswedescribe.Forthatreason,itisworthemphasizingthatthesolutionstotheseissuesmustbeglobalinthefullestsense.

Justastheglobalenvironmentdoesnotdistinguishbetweenjurisdictionalboundaries,digitalthreatscutacross,andinmanywaystranscend,nationalboundariesaswell.

Second,theproblemswedescribe—ourassumptionsaboutlimitlessgrowth,ourincreasinglymistakendistinctionbetweenphysicalanddigital,ourunwaveringbeliefinthepowerofnewtechnologiestoameliorateourwoes—cannotbesolvedbyfocusingondigitalproblemsalone.Thesesameissuesarealsodeeplyintertwinedwithbroaderassumptionsabouteconomicgrowthandsocietaldevelopment.36Indeed,theideaoflimitlessinnovationfueledbylimitlessresourceextraction,leavinglong-termenvironmentalexternalitiesunaddressed,isoneoftheorganizingprinciplesofmodernsociety.Ifwearetotrulycoursecorrect,then,thesebroaderissuesmustalsobeconfronted.

Thatsaid,however,weleavethelargerworkofquestioningtheseculturalassumptionstoothers—andnotjustforconvenience’ssake.Wefocushereinthispaper,andintheremainingsections,onwhatweknowbest:digitaltechnologyanditsshortcomings.37

CenterforSecurityandEmergingTechnology|11

WhatReallyAilsUs?

Atthispoint,itisworthremindingreadersthatwearebothtechnologists.Technologycanbe,andveryoftenis,agoodthing—improvingthewaywecommunicate,accessandprocessinformationandthelike.Thereismuchtobeoptimisticabout;thisoptimismexplainswhythetwoofushavededicatedmuchofourlivestodigitaltechnologies.

Theproblemhaslesstodowithdigitaltechnologiesthemselvesthanitdoeswiththeirrelationtothebroaderenvironmentandthearticlesoffaith,outlinedabove,whichshapethatenvironment.Indeed,thefundamentalissueathandishowtheassumptionswedescribedinSection1distributerisksacrossactors,applications,anddevices.

Digitaltechnologyischeaptocreateandcostlytocleanup.Thisleadsustoaworldinwhichanewdeviceisalwaysworthmorethanarefurbishedone;wherenew,backwardincompatiblesoftwareisincentivizedoverimprovingexistingcode;whereAI,churningoutendlesspredictionsfromagrowingbodyofdata,isviewedasinherentlymorevaluablethanstaticlogicevenifappliedtothesameproblemsbecauseitisnewertech.Iftechnologyisgoodandlimitlessgrowthisthegoal,thenewwilltrumptheoldeverytime.38

Thelong-termimplicationstotheenvironmentdonotstandachanceagainsttheshort-termworshipofthenew.Engineershavelonghadthisdictum:“Fast,cheap,reliable—choosetwo.”

Arecastingofthisdictumseemsnowtobeinorder.

Indeed,therisksofevermoreandevernewerareall-too-frequentlydispersedtothoseoutsideofanyshort-termtransaction.Itisnotthesoftwaremakerorthesoftwarepurchaserwhoneedtoworryaboutend-of-lifeissuesformuchofthecodethatisused.Bythetimeaproblememerges,themakerandthebuyerwillhavemovedontonewerthings,selling,forexample,theirapplicationtoabiggercompany(inthecaseofthevendor)ordisposingoforgivingawaythedeviceitself(inthecaseoftheconsumer).

Instead,vulnerabilitiesinthecodeorartifactbecomeabsorbedbythebroaderdigitalecosystem,likemicroplasticswashingintotheocean.The“environment”isexpectedtodealwiththeexternalitiesofthetransactionatnocosttotheimmediateparties.Thisisthemoralhazardofthedigitalworld,explainingwhyahugepercentageofdatabreachesarecausedbythirdpartyvulnerabilities.39

CenterforSecurityandEmergingTechnology|12

Thistypeofinterdependenceformstherootofsystemicrisks.