This is a story about technologist training and responsibility, but it starts with an interview with a potential tech developer, which included this exchange:
Me: “I’ve been thinking of some practical tests I can give you for skills assessment, and –”
Developer: “If you want, I can hack your Tesla. It only takes about 5 minutes.”
Me: “Umm, OK?”
And sure enough, 5 minutes later, after getting me to download an “SSL certificate” to my phone (the sort of stuff that could be buried in an app download), my car was unlocked and the windows were down. When he started trying to use the “Summon” function to pull the car out the parking space, I’d had enough.
Now, about my “training and responsibility” opening line. The developers at Tesla, when coding the API between their phone app and their cloud connection to the car, send completely unencrypted messages. My developer interviewee was able to see signals exchanged like “door_unlock”. Hmm, I wonder what that does….
Developers are trained, and companies are built, around fast development cycles. Consumers want the latest features. Facebook advertisers want a way to target and place advertising. Drivers don’t want to think about their self-driving cars deciding between a killing 5 children in a crosswalk or the old dude behind the useless steering wheel.
But in the rush to get new tech out the door, human fallibility along with systems geared toward fast features with limited bugs, means we’re shortcutting security (my Tesla today), legality (Russians placing campaign ads on Facebook), and morality (self-driving car accident avoidance algorithms).
We don’t teach development organizations these things. We don’t reward them for their sophistication in these areas. And we really, really need to start that dialogue, and that education. I’m a tech investor, a trained techie, and I love tech. But we need to build these new perspectives and systems right now. Because humans are fallible, and the failure modes around increasingly sophisticated technology are increasingly impactful and dangerous.
PS. We hired the dev. In fact, we’re acquiring his company.
Sean Foote's Blog 