In something of a flashback to 2001, Microsoft is once again the target of an antitrust lawsuit. Google and other tech companies are facing similar challenges as governments have found the political will to go up against big tech, at least for now. While there are various legal arguments as to why tech companies should be split up, there are also good policy reasons for this. For this essay, I will focus on the sensible warning to not put all your eggs in one basket and argue that this is also rational for digital “eggs.” As might be expected, the 2024 CrowdStrike disaster will serve as the main example of why the one basket approach is a bad idea.

On July 19, 2024, CrowdStrike released a flawed update to its Falcon Sensor software causing about 8.5 million Windows systems to crash and become unable to properly restart. As of this writing, this was the largest outage in history. As businesses ranging from airlines to gas stations rely on these Windows systems, the impact was devastating, and it is estimated the financial damage was at least $10 billion done over the course of only a few hours. In addition to becoming a textbook case about how not to test and rollout security software, it also provides a lesson in the danger of putting some many digital eggs in one basket, especially given the inclination companies often have to cut corners and operate badly. The repeated, self-inflicted failures at the once respected Boeing provides another excellent example of how this sort of easily avoidable failures occur.

While the poor handling of the update is the main cause of the disaster, the fact that CrowdStrike was the security software on so many Windows systems enabled it to be a worldwide disaster. While Microsoft was not to blame, the market dominance of Windows was also a factor since Macs and Linux systems were not impacted by the failure of CrowdStrike. The case of CrowdStrike was, of course, unintentional but there are also intentional efforts to cause harm.

Like many people, I recently received a letter from Change Health Care informing me of a data breach that occurred back in February. While they did offer me free monitoring, my data (and probably yours) is now out in the wild, presumably being sold and used by criminals. Such data breaches are common for a variety of reasons. In terms of why health care data is targeted, the short version is that such data is very valuable and stealing it is relatively easy. The larger a company gets, the more desirable it is as a target. This is because breaching a large company is often not much more challenging than breaching a small company, but the potential payoff is greater. Unfortunately, these companies are not like monsters in video games in that the challenge of getting the treasure is not proportionate to the value of the loot.

This points to the obvious danger presented by data and software companies gaining dominance in markets: when they drop the basket, the eggs break. To be fair to these companies, they are playing the game of capitalism and trying to win it by maximizing their profits by grabbing as much of the market as they can. As noted above, some governments are pushing back but there is the question of whether this will continue in the United States with the change of administration. While the devil is in the details, this danger does provide an excellent justification for keeping market dominance in check, since this dominance entails that the eggs will be stuffed into one basket and companies have shown they are constantly poor stewards. Thus, good policy should be aimed at restricting the size of companies, not to “punish their success” but to mitigate the damage done to other companies and the public caused by their inevitable failures.

 

Students and employers often complain that college does not prepare them for the real world of filling jobs and this complaint has some merit. But what is the real world of jobs like for most workers? Professor David Graeber got considerable media attention when he published his book Bullshit Jobs: A Theory. He claims that millions of people are working jobs they know are meaningless and unnecessary. Researcher Simon Walo decided to test Graeber’s theory and found that his investigation supported Graeber’s view. While Graeber’s view can be debated, it is reasonable to believe that some jobs are BS all the time and all jobs are BS some of the time. Thus, if educators are to prepare students for working in the real world, they must prepare them for the BS of the workplace. AI can prove useful here.

In an optimistic sci-fi view of the future, AI exists to relieve humans of the dreadful four Ds of bad jobs: the Dangerous, the Degrading, the Dirty, and the Dull. In a bright future, general AI would assist, but not replace, humans in creative and scientific endeavors. In dystopian sci-fi views of the AI future, AI enslaves or exterminates humanity. In dystopia lite, a few humans use AI to make life worse for many humans, such as by replacing humans with AI in good and rewarding jobs.  Much of the effort in AI development seems aimed at making this a reality.

As an example, it is feared that AI will put writers and artists out of work, so when the Hollywood writers went on strike, they wanted protection from being replaced by AI. They succeeded in this goal, but there remains a reasonable question about how great the threat of AI is in terms of its being able to replace humans in jobs humans want to do. Fortunately for humans doing creative and meaningful work, AI is not very good at these tasks. As Arvind Narayanan and Sayash Kapoor have argued, AI of this sort seems to be most useful at doing useless things. But this can be useful for workers and educators should train students to use AI to do these useless things. This might seem a bit crazy but makes perfect sense in our economic reality.

Some jobs are useless, and all jobs have useless tasks. Although his view can be challenged, Graeber came up with three categories of useless jobs. His “flunkies” category consists of people paid to make the rich and important look more rich and more important.  This can be expanded to include all decorative minions. “Goons” are people filling positions existing only because a competitor company created similar jobs. Finally, there are the  “box tickers”, which can be refined to cover jobs workers see as useless but also produce work whose absence would have no meaningful effect on the world.

It must be noted that what is perceived as useless is a matter of values and will vary between persons and in different contexts. To use a silly example, imagine the Florida state legislature mandated that all state universities send in a monthly report in the form of a haiku. Each month, someone will need to create and email the haiku. This task seems useless. But imagine that if a school fails to comply, they lose $1 million in funding. This makes the task useful for the school as a means of protecting their funding. Fortunately, AI can easily complete this useless useful task.

As a serious example, suppose a worker must write reports for management based on bullet points given in presentations. Management, of course, never reads the reports and they are thus useless but required by company policy. While a seemingly rational solution is to eliminate the reports, that is not how bureaucracies usually operate in the “real world.” Fortunately, AI can make the worker’s task easier: they can use AI to transform the bullet points into a report and use the saved time for more meaningful tasks (or viewing social media). Management can also use AI to summarize the report into bullet points. While it would seem more rational to eliminate the reports, this is not how the real world usually works. But what should educators do with AI in their classrooms in the context of useless tasks and jobs?

While this will need to vary from class to class, relevant educators should consider a general overview of jobs and task categories in terms of usefulness and the ability of AI to do these jobs and tasks.  Faculty could then identify the likely useless jobs and useless tasks their students will probably do in the real world. They can then consider how these tasks can be done using AI. This will allow them to create lessons and assignments to give students the skills to use AI to complete useless tasks quickly and with minimal effort. This can allow workers to spend more time on useful work, assuming their jobs have any such tasks.

In closing, my focus has been on using AI for useless tasks. Teaching students to use AI for useful tasks is another subject entirely and while not covered here is certainly worthy of consideration. And here is an AI generated haiku:

 

Eighty percent rise

FAMU students excel

In their learning’s ligh

 

The pager attack attributed to Israel served to spotlight vulnerabilities in the supply chain. While such an attack was always possible, until it occurred most security concerns about communication devices was to protect them from being compromised or “hacked.”

While the story of three million “hacked” toothbrushes turned out to be a cyber myth, the vulnerability of connected devices remains  real and presents an increasing threat as more connected devices are put into use. As most people are not security savvy, these devices can be easy to compromise either through their own vulnerabilities or user vulnerabilities.

There has also been longstanding concern about security vulnerabilities and dangers being built right into technology. For example, there are grounds to worry that backdoors could be built into products, allowing easy access to these devices. For the most part, the focus of concern has been on governments directing the inclusion of such backdoors. But the Sony BMG copy protection rootkit scandal shows that corporations can and have introduced vulnerabilities on their own.

While a comprised connected or communication devices can cause significant harm, until recently there has been little threat of physical damage or death. One exception was, of course, the famous case of Stuxnet in which a virus developed by the United States and Israel destroyed 1,000 centrifuges critical to Iran’s nuclear program. There was also a foreshadowing incident in which Israel (allegedly) killed the bombmaker Yahya Ayyash with an exploding phone. But the pager (and walkie-talkie) attack resulted in injuries and death on a large scale. This proved the viability of the strategy, thus providing an example and inspiration to others. While conducting a similar attack would require extensive resources, the system is optimized for vulnerabilities that would allow it. Addressing these vulnerabilities will prove difficult if not impossible because of the influence of those who have a vested interest in preserving them. But policy could be implemented that would increase security and safety in the supply chain. But what are these vulnerabilities?

One vulnerability is that a shell corporation can be quickly and easily created. Multiple shell corporations can also be created in different locations and interlocked, creating a very effective way of hiding the identity of the owner. Shell companies are often used by the very rich to hide their money, usually to avoid paying taxes as made famous by the Panama Papers. Shell companies can also be used for other criminal enterprises, such as money laundering. Those who use such shell corporations are often wealthy and influential, thus they have the resources to resist or prevent efforts to address this vulnerability.

The ease with which such shell companies can be created is a serious vulnerability, since they can be used to conceal who really owns a corporation. A customer dealing with a shell company is likely to have no idea who they are really doing business with. They might, for example, think they are doing business with a corporation in their own country, but it might turn out that it is controlled by another country’s intelligence service or a terrorist organization.

While a customer might decide to business with a credible and known corporation to avoid the danger of shell corporations, they can face the vulnerabilities created by the nature of the supply chain. Companies often have contracts with other businesses to manufacture parts of their products and the contractors might subcontract in turn. It is also common for companies to license production of their products, so while a customer might assume they are buying a product made by a company, they might be buying one manufactured under license by a different company. Which might be owned by a shell company. In the case of the pagers, the company who owns the brand of the devices denied that they manufactured them. While this is (fortunately) but one example, it does provide an illustration of how these vulnerabilities can be exploited. Addressing them would require that corporations have robust oversight and control of their supply chain. This would include parts of the supply chain that involve software and services as well. After all, if another company is supplying code or connectivity for a product, those are vulnerabilities. Unfortunately, corporations often have incentives to avoid such robust oversight and control.

One obvious incentive is financial. Corporations can save money by contracting out work to places with lower wages, that have less concern about human rights, and fewer regulations. And robust oversight and control would come with a cost of its own, not even considering what it would cost a company if such robust oversight and control prevented it from engaging in cheaper contracts.

Another incentive is that contracting out work without robust oversight can provide plausible deniability. For example, Nike has faced issues with using sweatshops to manufacture its products, but this sort of thing can be blamed on the contractors  and ignorance can be claimed. As another example, Apple has been accused of having a contractor who used forced labor and has lobbied against a bill aimed at stopping such forced labor. While these are examples of companies using foreign contractors, problems also arise within the United States.

One domestic example is a contractor who employed children as young as 13 to clean meat packing plants. As another example, subcontractors were accused of hiring undocumented migrants in Miami Dade school construction project. As children and undocumented migrants can be paid much less than adult American workers, there is a strong financial incentive to hire contractors that will employ them while also providing the extra service of plausible deniability. When some illegality or public relations nightmare arises, the company can rightly say that it was not them, it was a contractor. They can then claim they have learned and will do better in the future. But they have little incentive to do better.

But a failure to exercise robust oversight and control entails that there will be serious vulnerabilities open to exploitation. The blind eye that willingly misses human rights violations and the illegal employment of children will also miss a contractor who is a front for a government or terrorist organization and is putting explosives or worse in their products.

While these vulnerabilities are easy to identify, there are powerful incentives to preserve and protect them. This is not primarily because they can be exploited in such attacks, but for financial reasons and for plausible deniability. While it will be up to governments to mandate better security, this will face significant and powerful opposition. But this could be overcome if the political will exists.

 

For more on cyber policy issues: Hewlett Foundation Cyber Policy Institute (famu.edu)

 

Some will remember that driverless cars were going to be the next big thing. Tech companies rushed to flush cash into this technology and media covered the stories. Including the injuries and deaths involving the technology. But, for a while, we were promised a future in which our cars would whisk us around, then drive away to await the next trip. Fully autonomous vehicles, it seemed, were always just a few years away. But it did seem like a good idea at the time and proponents of the tech also claimed to be motivated by a desire to save lives. From 2000 to 2015, motor vehicle deaths per year ranged from a high of 43,005 in 2005 to a low of 32,675 in 2014. In 2015 there were 35,092 motor vehicle deaths and recently the number went back up to around 40,000. Given the high death toll, there is clearly a problem that needs to be solved.

While predictions of the imminent arrival of autonomous vehicles proved overly optimistic, the claim that they would reduce motor vehicle deaths had some plausibility. Autonomous will do not suffer from road rage, exhaustion, intoxication, poor judgment, distraction and other conditions that contribute to the death tolls. Motor vehicle deaths would not be eliminated even if all vehicles were autonomous, but the promised reduction in deaths presented a moral and practical reason to deploy such vehicles. In the face of various challenges and a lack of success, the tech companies seem to have largely moved on from the old toy to the new toy, which is AI. But this might not be a bad thing if driverless cars were aimed at solving the wrong problems and we instead solve the right problems. Discussing this requires going back to a bit of automotive history.

As the number of cars increased in the United States, so did the number of deaths, which was hardly surprising. A contributing factor was the abysmal safety of American cars.  This problem led Ralph Nader to write his classic work, Unsafe at Any Speed. Thanks to Nader and others, the American automobile became much safer and vehicle fatalities decreased. While making cars safer was a good thing, this approach was fundamentally flawed.

Imagine a strange world in which people insist on constantly swinging hammers as they go about their day.  As would be suspected, the hammer swinging would often result in injuries and property damage. Confronted by these harms, solutions are proposed and implemented. People wear ever better helmets and body armor to protect them from wild swings and hammers that slip from peoples’ grasp. Hammers are also regularly redesigned so that they inflict less damage when hitting people and objects.  The Google of that world and other companies start working on autonomous swinging hammers that will be much better than humans at avoiding hitting other people and things. While all these safety improvements would be better than the original situation of unprotected people swinging dangerous hammers around, this approach is fundamentally flawed. After all, if people stopped swinging hammers around, then the problem would be solved.

An easy and obvious reply to my analogy is that using motor vehicles, unlike random hammer swinging, is important. A large part of the American economy is built around the motor vehicle. This includes obvious things like vehicle sales, vehicle maintenance, gasoline sales, road maintenance and so on. It also includes less obvious aspects of the economy that involve the motor vehicle, such as how they contribute to the success of stores like Wal Mart. The economic value of the motor vehicle, it can be argued, provides a justification for accepting the thousands of deaths per year. While it is certainly desirable to reduce these deaths, getting rid of motor vehicles is not a viable economic option. Thus, autonomous vehicles would be a good partial solution to the death problem. Or are they?

One problem is that driverless vehicles are trying to solve the death problem within a system created around human drivers and their wants. This system of lights, signs, turn lanes, crosswalks and such is extremely complicated and presents difficult engineering and programing problems. It would seem to have made more sense to use the resources that were poured into autonomous vehicles to develop a better and safer transportation system that does not center around a bad idea: the individual motor vehicle operating within a complicated system. On this view, autonomous vehicles are solving an unnecessary problem: they are merely better hammers.

My reasoning can be countered in a couple ways. One is to repeat the economic argumen: autonomous vehicles preserve the individual motor vehicle that is economically critical while being likely to reduce the death tax vehicles impose. A second approach is to argue the cost of creating a new transportation system would be far more than the cost of developing autonomous vehicles that can operate within the existing system. This assumes, of course, that the cash dumped on this technology will eventually pay off.

A third approach is to argue that autonomous vehicles could be a step towards a new transportation system. People often need a gradual adjustment to major changes and autonomous vehicles would allow a gradual transition from distracted human drivers to autonomous vehicles operating with the distracted humans to a transportation infrastructure rebuilt entirely around autonomous vehicles (perhaps with a completely distinct system for walkers, bikers and runners). Going back to the hammer analogy, the self-swinging hammer would reduce hammer injuries and could allow a transition to be made away from hammer swinging altogether.

While this has some appeal, it still makes more sense to stop swinging hammers. If the goal is to reduce traffic deaths and injuries, then investing in better public transportation, safer streets, and a move away from car-centric cities would have been the rational choice. For the most part it seems that tech companies and investors have moved away from solving the transportation problem and are now focused on AI. While the driverless car was a very narrow type of AI focused on driving vehicles and supposedly aimed at increasing safety and convenience, the new AI is broader (they are trying to jam it into almost everything that has a chip) and is supposed to be aimed at solving a vast range of problems. Given the apparent failure of driverless cars, we should consider there will be a similar outcome with this broader AI. It is also reasonable to expect that once the current AI bubble bursts, the next bubble will float over the horizon. This is not to deny that some of what people call AI is useful, but that we need to keep in mind that the tech companies seem to often focus on solving unnecessary problems rather than removing these problems.