Thesis 30

Everyware is strongly implied by the ostensible need for security in the post-9/11 era.

We live, it is often said, in a surveillance society, a regime of observation and control with tendrils that run much deeper than the camera on the subway platform, or even the unique identifier that lets authorities trace the movements of each transit-pass user.

If some of the specific exercises of this watchfulness originated recentlyto speak with those who came to maturity anytime before the mid-1980s is to realize that people once showed up for flights with nothing more than cash in hand, opened savings accounts with a single check, or were hired without having to verify their citizenshipwe know that the urge to observe and to constrain has deep, deep roots. It waxes and wanes in human history, sometimes hemmed in by other influences, other times given relatively free rein.

We just happen to be living through one of the latter periods, in which the impulse for surveillance reaches its maximum expressionits sprawling ambit in this case accommodated by the same technologies of interconnection that do so much to smooth the other aspects of our lives. If there was any hope of this burden significantly lightening in our lifetimes, though, it almost certainly disappeared alongside so many others, on the morning of September 11, 2001.

The ostensible prerogatives of public safety in the postSeptember 11 era have been neatly summarized by curators Terence Riley and Guy Nordenson, in their notes to the 2004 Museum of Modern Art show "Tall Buildings," as "reduce the public sphere, restrict access, and limit unmonitored activity." In practice, this has meant that previous ways of doing things in the city and the world will no longer do; our fear of terror, reinscribed by the bombings in Bali, Madrid and London, has on some level forced us to reassess the commitment to mobility our open societies are based on.

This is where everyware enters the picture. At the most basic level, it would be difficult to imagine a technology more suited to monitoring a population than one sutured together from RFID, GPS, networked biometric and other sensors, and relational databases; I'd even argue that everyware redefines not merely computing but surveillance as well.^[*]

^[*] A recent Washington Post article described a current U.S. government information-gathering operation in which a citizen's "[a]ny link to the known terrorist universea shared address or utility account, a check deposited, [or even] a telephone call" could trigger their being investigated. The discovery of such tenuous connections is precisely what relational databases are good for, and it's why privacy experts have been sounding warnings about data mining for years. And this is before the melding of such databases with the blanket of ubiquitous awareness implied by everyware.

But beyond simple observation there is control, and here too the class of information-processing systems we're discussing has a role to play. At the heart of all ambitions aimed at the curtailment of mobility is the demand that people be identifiable at all timesall else follows from that. In an everyware world, this process of identification is a much subtler and more powerful thing than we often consider it to be; when the rhythm of your footsteps or the characteristic pattern of your transactions can give you away, it's clear that we're talking about something deeper than "your papers, please."

Once this piece of information is in hand, it's possible to ask questions like Who is allowed to be here? and What is he or she allowed to do here?, questions that enable just about any defensible space to enforce its own accesscontrol policynot just on the level of gross admission, either, but of finely grained differential permissioning. What is currently done with guards, signage, and physical barriers ranging from velvet rope to razor wire, can still more effectively be accomplished when those measures are supplemented by gradients of access and permissiona "defense in depth" that has the additional appeal of being more or less subtle.

If you're having trouble getting a grip on how this would work in practice, consider the ease with which an individual's networked currency cards, transit passes and keys can be traced or disabled, remotelyin fact, this already happens.^[*] But there's a panoply of ubiquitous security measures both actual and potential that are subtler still: navigation systems that omit all paths through an area where a National Special Security Event is transpiring, for example, or subways and buses that are automatically routed past. Elevators that won't accept requests for floors you're not accredited for; retail items, from liquor to ammunition to Sudafed, that won't let you purchase them, that simply cannot be rung up.

^[*] If you purchase a New York City MetroCard with a credit or debit card, your identity is associated with it, and it can be used to track your movements. The NYPD tracked alleged rapist Peter Braunstein this way.

Context-aware differential permissioning used as a security tool will mean that certain options simply do not appear as available to you, like grayedout items on a desktop menuin fact, you won't get even that backhanded notificationyou won't even know the options ever existed.

Such interventions are only a small sampling of the spectrum of control techniques that become available in a ubiquitously networked world. MIT sociologist Gary T. Marx sees the widest possible scope for security applications in an "engineered society" like ours, where "the goal is to eliminate or limit violations by control of the physical and social environment."

Marx identifies six broad social-engineering strategies as key to this control, and it should surprise no one that everyware facilitates them all.

• We all understand the strategy of target removal: "something that is not there cannot be taken," and so cash and even human-readable credit and debit cards are replaced with invisible, heavily encrypted services like PayPass.

• Target devaluation seeks to make vulnerable items less desirable to those who would steal them, and this is certainly the case where self-identifying, self-describing devices or vehicles can be tracked via their network connection.

• For that matter, why even try to steal something that becomes useless in the absence of a unique biometric identifier, key or access code? This is the goal of offender incapacitation, a strategy also involved in attempts to lock out the purchase of denied items.

• Target insulation and exclusion are addressed via the defense in depth we've already discussedthe gauntlet of networked sensors, alarms, and cameras around any target of interest, as well as all the subtler measures that make such places harder to get to.

• And finally there is the identification of offenders or potential offenders, achieved via remote iris scanning or facial recognition systems like the one currently deployed in the Newham borough of London.

Who's driving the demand for ubiquitous technologies of surveillance and control? Obviously, the law-enforcement and other agencies charged with maintaining the peace, as well as various more shadowy sorts of government security apparatus. But also politicians eager to seem tough on terror, ever aware that being seen to vote in favor of enhanced security will be remembered at election time. Private security firms and renta-cops of all sorts. Building and facility managers with a healthy line item in their budget to provide for the acquisition of gear but neither the ongoing funds nor the authority to hire security staff. Again, the manufacturers and vendors of that gear, scenting another yawning opportunity. And never least, us, you and I, unable to forget the rubble at Ground Zero, spun senseless by routine Amber Alerts and rumors of Superdome riots, and happy for some reassurance of safety no matter how illusory.

These are obviously thorny, multisided issues, in which the legitimate prerogatives of public safety get tangled up with the sort of measures we rightfully associate with tyranny. There should be no doubt, though, that everyware's ability to facilitate the collection and leveraging of large bodies of data about a population in the context of security will be a major factor driving its appearance.