Date

Continued from Part 1 - A Computer With Borders

I've introduced the idea that a computer incapable of connecting to the Internet could be vastly more valuable than computers as we know them now.

On one hand, the Internet represents such a high degree of obscured risk that it completely distorts the value equation, leading us to unsustainable behaviour patterns. On the other hand, a computer that is focused on providing meaningful reward can do much better than a computer with no such focus. Value is multiplied when reward is amplified and risk is exposed and reduced.

I'm going to begin laying out arguments on both sides of that equation - why Internet connectivity is so risky and how to amplify reward.

Remote Attacks

As a person who is experienced with modern technology, the risks of Internet connectivity have been real to me for quite a long time. The obvious risks are the ones that have already reached popular awareness - viruses, rootkits, key-loggers, password cracking, vulnerability exploits, botnets, surreptitious video and audio recording, online activity tracking, and whatnot. Any computer on the Internet is vulnerable to all of those threats, the risks of which include complete data loss when a nasty piece of software erases or encrypts your hard-drive, identity theft or fraud when your documents are copied and sifted through, and financial loss when your online banking login is lifted and your account details exposed. The problem is compounded because each of these attacks - and others - can be carried out against every business or organization you interact with, knowingly or not.

These are fairly concrete attacks that, quite frankly, will always have the advantage against defenses like software patches, anti-virus software, rootkit scanners, firewalls, intrusion detection systems, and the like. Aggressors are several steps ahead of the defense and always will be because even our personal computer systems are too complex to fully secure while remaining usable. What value we gain from our computers is highly dependent on Internet connectivity. With no superior alternative, we are forced to tolerate these kind of risks. Ignorance and denial also play their part.

Air-Gaps

A disconnected (and better yet, unconnectable) computer is not vulnerable to these typical remote attacks. The tremendous ongoing effort required to actually secure connected computers becomes unnecessary. This is a huge win if, like me, you're proposing an alternative. Powerful (or aspirational) organizations and individuals understand this principle quite well, either employing what's called air-gapped computers or avoiding computers entirely. An air-gap is when a computer is not physically connected to the Internet (sometimes no network at all). The gap between these secure computers and others is often more than air - there are also physical barriers with strictly limited and monitored access. These organizations are not willing to risk their accumulated information being exposed and thus creating threats against their power or even their existence. Sustainable behaviour, I'd say.

Recently there's been a few examples of this kind of thinking that have generated commentary. George R. R. Martin (author of the Game of Thrones series) writes on a computer from the 80's. WordStar 4.0 on DOS if that means anything to you. His computer has never been connected to the Internet, it never will be, and it is also not the least bit mobile. The only thing he uses it for is writing. It's a real-world example of a highly secure, single-purpose computer being used as a tool and offering considerable value to its individual user. Someone made a comment that if Quentin Tarantino had such a secure writing environment, his Hateful Eight screenplay would not have been leaked (barring a home invasion) and thus nearly scrapped. Now, we're not all writers, and none are Mr. Martin, so his 80's setup isn't going to be appealing to any but the most hip of us. But the principles are sound.

Another recent example is the US Navy's new NeRD e-book reader. It looks like a Kindle, has no camera and no Internet connectivity, comes with 300 titles with no way to add or remove, and costs $3,000 a pop. Overall it's actually quite sensible, considering it is being distributed to the nuclear submarine fleet. The designers were quite aware that the risks of Internet connectivity (or even private WiFi) are not the risks you want to take on when you're your nation's first line of deterrence and defense. The device isn't simply "not connected", but rather there is no wireless chip. The camera is not disabled, but also physically not present. And there is no way to modify the storage. The US military understands the value equation of reward and risk - a device like this would never be approved without fully mitigating all known risks. Several commenters pointed out that the US Navy could have saved a lot of money by distributing off-the-shelf Kindles instead which, while true on the surface, is ignorant of the risks and thus ridiculous. Considering that the US Navy requires that their information and environment is secure, even the price tag is reasonable. They know more than anyone about the threats involved.

And finally, apparently it's common for Russian intelligence services to use typewriters or even write sensitive reports by hand. That may sound a bit extreme, but it's nonetheless quite sensible in that context. If anyone understands information security, it's an intelligence agency. And if anyone's going to be ruthlessly pragmatic, it's the Russians. The relationship between information and power is quite well known but the relationship between the security of information (airtight control of access and distribution), the quality of information (its content is timely, accurate, and complete), and the value of information is not greatly appreciated outside of power centers. Perhaps it should be.

Single-Purpose Computers

An important commonality between the Martin, NeRD, and typewriter examples is the single or special purpose of the technology involved: writing in two cases and reading in the other. Anything you can do on a special purpose computer you can do on a general purpose one. That's a given. Martin could write in a cafe on his laptop, sailors could use iPads, and Russian spies could write their reports on Dells connected to Cisco routers.

Aside from security concerns, a big problem with the general purpose computer is its poor signal to noise ratio. There's too much noise hiding the comparatively weak signal of a single specific purpose. Because our computers can do so much, and most of anything is crap, there's a strong pull toward increasingly attractive yet low-value options like gaming, watching silly videos, browsing trite websites, obsessing over celebrities, social network stalking, and excessive pointless chitchat. I think you know exactly what I'm talking about. It's not that these things are necessarily bad, or weren't around before computers, but they quickly obscure whatever high-value purposes we could apply to both ourselves and our computers.

Focus On Personal Value

I'd like to introduce the idea that the single, focused purpose of our personal computers should be to provide personal value. That is, your personal computer should be capable of doing only one thing - empowering you - and do that in the most effective way.

You're probably drawing a blank on just how this computer works. I'd be quite impressed and buy you a beer if you were able to come up with anything on the spot. Hopefully I've been able to show why this value-focused computer simply cannot be Internet-capable; the inherent risk negates any reward.

The effect of our personal computers is to obscure and distract us from high-value pursuits, providing value to unkown others rather than to ourselves. An inversion is in order - personal computers should provide value only to ourselves rather than to unknown others.

Continued in Part 3 - Risking It All