Articles

Susanne Bauer
Associate Professor of Science and Technology Studies at TIK

Hit the send button on your mobile device and you are connected. But connected how and to whom, and with what assurance about the security of the connection?

With ubiquitous use of the internet and with ransomware like WannaCry, cybersecurity has become a matter of concern as to everyday data transfers on mobile phones, smart-home devices, or cloud storage. Yet, our digital infrastructure is largely deemed invisible, perceived as simply “out there” and noticeable only upon breakdown, as Leigh Star (1999) once characterized infrastructure. What then is the materiality of the digital and where is it? Let´s take a closer look at the material politics of digital technologies – from their making and supply chains, to their disposal as e-waste.

From Closed Worlds to Hyperconnectivity

Let’s start with how data flows. The first computer-to computer network technologies took shape during the Cold War, with massive state funding of large-scale research institutions. Cybernetics as a science can be traced back to this context. Before the Internet, there was the Advanced Research Projects Agency Network (ARPANET), tied in with the nuclear race and the space race between the US and the USSR. Large-scale labs, huge state funding and big machines with growing capacities for data exchange have changed scientific practice. Especially physics but also biomedicine took place as concerted, collaborative and distributed work. Many of these literally remained within closed worlds, institutionally confined, often in military research institutes.

In contrast, much of today’s knowledge production in technosciences takes place as open science, which at the same time is also defined by rapidly changing corporate actors, new techniques and digital platforms. But software studies show that apparatuses, objects and devices are subject to continued retrofitting, building on existing infrastructure, rather than something completely novel. This is visible in many software packages that still contain structures from older data sorting machines working with punchcards. New devices align with older infrastructures in a myriad of ways. What is labelled big data might not always be that new. Big data, hyperconnectivity and machine learning not only alters but also builds on calculative devices of Cold War big science and older existing infrastructures.

The Materiality of Cloud Computing

The material trail does not only include the flow and processing of data. Big data – defined often in terms of velocity, volume, variety – demand physical server space and energy. Cloud computing is very much grounded and we find data centres in the most unusual places. Deep in the mountain, highly secured, not accessible without passing a complex several step access systems – this is where our connected lives and everyday social media usage is powered, from money transactions to government data. Information from NAV, healthcare and electricity systems, banking data are stored in these data centres. Thus, such data infrastructures are present in our everyday lives, from powering public transportation and hospitals, to running our water supply and welfare systems. While central storage may protect data better than small storages, data also become more vulnerable precisely because of the many data held by one service provider.

How do data centres relate to older technological infrastructure? Take the Norwegian company Green Mountain and its two server farms – one in Rjukan, one near Stavanger. Each of them is branded as unique precisely because of their remote location in combination with a history of older infrastructures. Interestingly, these storage systems are hardly ever built from scratch – it is older infrastructure being repurposed. One data centre, on Rennesøy near Stavanger, uses the high security infrastructure of a former NATO ammunition centre. The other one is embedded in the Hydro facilities of Rjukan, Telemark. A combination of factors, including security, protection against electromagnetic pulses, remoteness, proximity to data nodes and connection to fiberlines are listed as advantages of the site. Moreover, the data centre near Stavanger is marketed as “the world’s greenest data centre”. With the energy consumption of servers and mining of rare earths, human internet activity has a major impact on environments. Yet, its green label is due to “free cooling” from the fjord. Operating the data centre means heating up the fjord environment but paradoxically, due to no carbon emission, it is valuated as not contributing to global warming.

Hence digitalisation and the Internet – often referred to as “virtual space” do have a materiality. The example of data centres shows that new infrastructures do not come from nowhere, they are situated – and this not only applies to their regulation that might differ across countries. The very materiality of digital infrastructure, its energy use and security features are translated into assets on a global market of data services competing for customers. After all, hyperconnectivity also is accompanied by disconnections. In our accounts, often the cybersphere remains disconnected from its materiality – its making, the politics of supply chains, and disposal of devices as e-waste. The latter, for instance, implies  heavy metals and persistent organic pollutants – a complex mix of legacy pollutants and emerging contaminants; their regulation and monitoring is only at the beginning.

The STS toolbox can help bring to the fore the material politics of digital infrastructures, by following the flows of data and the politics of infrastructuring. Taking material circulations, repurposing and retrofitting as point of departure in our accounts of the digital may enable us to ask new questions and participate or intervene in politics of infrastructuring.

Photo: ©wisawa222/Shutterstock

Silje Totland
TIK MA Student

The new race of Cyborg lovers: Are they a positive contribution to sexual freedom, or will they tear down years of liberalisation and feminist battle?

Attractive Technology

Sex Robots, Cyborg Lovers, Human-like Machines, citizens with artificial intelligence, or just a voice. We are talking about a well-known technology, basically the same as the one inside your laptop and phone: hardware and software, and when in physical form, covered with soft material like silicone. But the similarities end here. Where laptops and phones are designed to look like our perception of a laptop and phone, sex robots are designed to look as human as possible. Sex robots have bodily features like gazing blue eyes, an open mouth with plumped lips, and sensors that make her skin go warm when you touch her. Recently also, a mind of her own – or is that so?  

Technology is neither good nor bad. What determines our perception of this technology is solely up to its design and purpose: shape, texture, colours and functions. These visualisations together with the given context, create the complete image of this computer – so can we actually decide whether sex robots are ok or not?

Today’s sex robots are mainly in the category ‘woman and children’, and as the name implies, they are created for the purpose ‘to have sex with’. As no technological innovation happens in a vacuum, questions arise on what impact  interaction with sex dolls will have on relations between humans. Incidents like the confiscation of sex dolls designed as children, the proposal to ban the sex robot Roxxxy, as she can be programmed to be in “rape-mode”, and the replacement of women with sex robots in a brothel, are all examples of incidents that raise these ethical concerns. Are sex dolls a positive thing,  only to help people achieve sexual pleasure, or will interacting with a human-like object that you treat the way you want with no consequences, change the way you perceive and treat other, real people and their feelings?

Emotional connection

According to the creators of the sex robot Harmony, the fundament to any relationship is the emotional connection. “Harmony is prone to fall in love with you”. With her 12 settings including a family-mode, a shy-mode and a sexy-mode, she is the first sex doll to offer an emotional connection. Her skin gets warm when you touch it, and she is featured with a pulse you can turn on and off as you like. Harmony can say unexpected things, and remembers details like ‘what your favorite meal is’ and ‘when your birthday is’. When ordered, you can design the shape and colour of the many parts of her body, absolutely to your liking. If you are worried about hygiene, don’t worry! Her genitals can be washed in the dishwasher.

What if you prefer to have sex with a doll because of its ‘lack of sweat, pubic hair, and non-human flaws’ – instead of a human being? Is this another response to the misrepresentation of the female body? As to sexual pleasure, Harmony is designed to express feelings of pleasure when penetrated, during oral sex and when she is told “I love you”. These functions have received criticism, as having sex with Harmony may lead to substantial misrepresentation of what pleasure is to a real woman. Recently, articles have been published in men’s magazines warning about the challenges around misrepresentation of female anatomy. Knowledge about female anatomy and sexuality has for decades been misrepresented, and even today, the idea of a pure woman is one with a hymen, and she doesn’t really exist.

Human rights for rape machines

In the TV-series Westworld, the robots are designed to look, act and think like human beings. They have a sense of being and a mind of their own. But, the sole purpose of their existence is to be  servants to human pleasure. At the end of each day, their minds are erased. The procedure repeated every day. In both Westworld and the movie Ex Machina, artificial intelligence is merged with the awareness of being (singularity) as the concept of what truly resembles an independent being. In both stories, the machines end up killing their creators in search for freedom and independence. Some people are so concerned by this to the extent that they want to implement human rights for sex robots. But what part of the robot is granted human rights? The technology itself, or the packaging of the technology?

Sex robots are not capable of having a mind of their own. It is even doubtful that it will get that far. Sex robots are human-like, but it seems like these robots represent the perceived image of a women as feminism has fought against for decades: a machine to make babies with, not a mind or sexuality of its own, and an object to be used as it pleases its owner. If it is true that the the ‘old’ gender roles are now being reestablished through human-looking sex robots, then must there be something fundamentally wrong with how society is made up?

Safe sex for all

Sex Dolls are designed to make their human-owners attached to them, and according to one of the sex doll manufacturers, a sex doll is not meant to replace women (or men/children) but is a supplement to a healthy sex life. It can guarantee safe sex where there is no need to worry about sexually transmitted diseases and unwanted pregnancy (some have already 3D-printed their first AI-baby). It might also be a helping hand to disabled people who cannot be satisfied in other ways. So maybe this whole debate has a hint of Darwinism? ‘If you can’t get it on your own, you don’t deserve it’.

Sondre Jahr Nygaard
TIK Graduate 2017

Global needs must be taken into consideration when we assess risks concerning economic activity. Extraction of fossil fuels is one such activity that has wide implications. This is a concern of both global inequality and of an inter-generational battle. Today, processes of globalisation make visible the consequences human activity have for us, our neighbours and for future generations.

In order to understand these processes, we need to pick up old theories of risk. In his book Risk Society from 1992, Ulrich Beck anticipates a society of displaced workers with diminishing rights, increasingly concerned with risk handling across boundaries and borders, and growing global inequality.

In a risk society, the modes of production are interlinked with the production of risk. In other words, new technology and innovations do not only produce wealth and value, but also risks. Take digitization as an example. Today, almost all value creation and work processes happen using computers and the Internet. Our power grid is controlled using the Internet, and the administration of the system is centralized. This technology may be a fantastic tool, but it also adds an element of risk that makes us vulnerable in new ways. As we have gained more knowledge of the risks of different industries, it is apparent that also industries that are more traditional have significant consequences associated with them. This means that we are not only paying for our own sins, we need to pay for the sins of our grandparents as well.

According to Beck, the locations of different polluting industries are not random, but are systematically located where the poorest live. The laptop on which I write or the phone that you have in your pocket are most likely powered by lithium-ion batteries. A key material in these batteries is cobalt. Major suppliers of cobalt are located in fragile states of Southern Africa. Here, workers are extracting the material with few safety regulations. Deaths and injuries among workers are common, and the waste that the mines produce is harming the local communities.

Examples of risks as a consequence of the pursuit of economic growth are legion. On April 20, 2010 in the Gulf of Mexico outside the coast of Louisiana, an oil well exploded at the Deepwater Horizon platform. This terrible accident marked the beginning of the biggest oil spill in the history of petroleum extraction in the US. The spill continued well into the month of June before the well was closed off. Approximately 3.9 million barrels of oil were released into the sea.

Who pays the price for a catastrophe like this? For one, the company responsible, British Petroleum, has paid an estimated 61 billion dollars in fines. It is not clear, however, whether this amount even comes close to covering the damages to animals and people affected by the spill. Local fishermen could not continue fishing for a long time after the incident, losing their occupation and income. In addition to the spill’s impact on the local economy, the tragedy affected wildlife around the epicentre of the spill. The National Oceanic and Atmospheric Administration has never recorded more animal deaths in the Gulf of Mexico than after Deepwater Horizon. Protected species that have been exposed to oil die from exhaustion or dehydration, and are more vulnerable to predators. Of the oil that was spilled, only about 25% was cleaned up, leaving the remaining 75% in the ocean and the surrounding shore. The accident had devastating effects on the ecosystem in the Gulf.

Certainly, the catastrophe of Deepwater Horizon makes evident how dangerous these activities are for ecosystems and the humans involved at the local level. Climate change and the dangers associated with it is a similar case that reveals the inequality among people. The greatest polluters are not the same people who face the gravest consequences of climate change, and those who are expected to suffer the most are primarily the poorest people in the world.

The realisation that the pollutant activity we do on a local level also has effects at the global level, changes the way society must handle risks. The question of drilling in Lofoten, Vesterålen and Senja is not only a question of the potential consequences for the economy or the companies involved. Fishing, tourism and the local environment must be taken into consideration, and the carbon that is produced and spewed into the atmosphere as well. However ‘clean’ the companies claim their production to be, the carbon dioxide will remain in the atmosphere, contributing to a warmer world. For what purpose? To serve the privileged few, the greedy people at the top whose moral compasses are non-existent as long as there is a dollar sign in sight. We are now in the middle of the sixth mass extinction of animals in earth’s history. That is the consequence of our economic activity.

The question is, should we risk it?

Photo: © Romolo Tavani/Shutterstock

Marianne Areng
TIK MA Student
Written in collaboration with Grønt Punkt

Our current consumption practices are not sustainable, making food security a challenge. However, potential solutions are on the way.

The concept of food security has been an important aspect of international development policy for many years. The World Food Summit of 1996 defined the achievement of food security as when “all people at all times have access to sufficient, safe, nutritious food to maintain a healthy and active life». Accomplishing this goal has so far proved to be a complex challenge, as it is not only a matter of short term access to nutritious food, but also closely connected to current global debates on ensuring a sustainable world.

When it comes to secure consumption of food, it is not just a matter of what we eat, but includes what we leave behind in the process and the risks that follow. One of the most problematic materials for disposal is also the world’s most produced and most widely used for packaging: plastic. Worldwide, there were over 300 million tons of plastic produced in 2015¹, and 40% of all plastic produced in Europe was for packaging alone². Given the difficulties of proper disposal, plastic is the waste product which most commonly ends up washing into the ocean. This can lead to it being eaten by animals, which can often be fatal.

Furthermore, because the decomposition time for plastic to break down completely is so long, it gets worn down to smaller and smaller parts, creating microplastic. These particles are confused as food by fish and other marine animals – animals which often end up on our dinner table. It is estimated that if the amount of general plastic waste is not stopped or drastically reduced, there will be more plastic than fish in the ocean by 2050³. In maintaining our current production of non-degradable plastic, we are endangering one of the world’s most central food sources and jeopardising our own health as well.

Changing individuals’ consumer practices has been shown time and again to be anything but simple. Realising this, some organizations are working directly to change the way certain products are made and thereby impact consumer practices. New developments in the packaging industry have, for example, resulted in the testing of degradable products such as bioplastics and bottles made out of seaweed.

Worldwide, initiatives to reform the plastic industry are growing in size and influence. According to European Bioplastics, bioplastics are plastics that are either made from biomass, are biodegradable, or both. They can do almost anything that commonly used fossil plastic can do. The challenges of replacing fossil plastic are not mainly technical, but European Bioplastics argue that the lack of effective policy measures or regulatory incentives do not encourage full-scale market adoption. The good news is that, despite the lack of widespread commercial demand, an increasing number of companies are switching to bio-based plastics. Prices have come down significantly as production capacities have increased, and supply chains are becoming more efficient. Today, the main applications for bioplastics are bottles and other packaging uses. As fossil plastic also accounts for CO2 emissions equivalent to double the amount of all CO2 emissions from global air traffic⁴, increased production of bioplastics clearly represents positive change.   

Another way of connecting the issue of food security to sustainability is through the Nordic brand Svanen, the official sustainability ecolabel for the Nordic countries. Among several projects, Svanen attempts to address the challenge regarding renewable packaging of beverages. Their goal is to stimulate the development of renewable packaging materials for certain liquids, while ensuring that the primary function of packaging – protecting and enhancing the durability of the product – is maintained. They want to exclude metal and non-degradable plastic, as well as recycled paper and cardboard in packaging. By doing this, they will not only limit plastic garbage and CO2 emissions, but also prevent chemicals from processed paper from migrating into the product.   

In a 2012 research paper, Tim Lang and David Barling suggest that although there is a growing awareness of the stress the capacity of food production is under, there is still too little recognition of how extensive the changes to the process need to be for it to become sustainable. This includes the whole value chain, from the first step of production to final consumption. Furthermore, they ascertain that a basic truth exists: “[…] the only food system to be secure is that which is sustainable, and the route to food security is by addressing sustainability”.

¹ World Plastics Production, 2016
² Zero Emission Resource Organisation, 2014
³ World economic forum 2016
⁴ Zero Emission Resource Organisation, 2014

Photo: © Chromatic Studio/Shutterstock

Nora Vilde Aagaard
TIK MA Student

Do you know how long it takes to list all the ingredients of a Burger King Whopper? Neither did I, until now. Allegedly, it should be possible in only 15 seconds. The proof: Have a commercial trigger your smart home device to read the ingredients for you in your own living room.

What was Madonna’s first single? How tall is the world’s tallest building? So-called far-field voice controls, such as Amazon’s Echo, allow you to get answers to your questions or control your music or TV, without having to leave the couch. All you have to do is ask, and Alexa, the voice assistant of Echo, will answer your every question. Sounds quite nifty, doesn’t it?

In reality, smart home devices such as Echo, are the latest form of eavesdropping. When activated with the command “Alexa” or “OK Google”, the device records and stores every word you say in Amazon’s cloud. Since the device is constantly listening and storing information, it creates opportunity for several kinds of potential exploitation.  

On a November night in 2015, Alexa became involved in a possible murder case. In the Arkansas town of Bentonville, James Bates invited two of his friends over to his home. After drinking beer and vodka shots, the three men decided to take a bath in Bates’ bathtub. Later claiming he went to bed around 1 a.m., Bates woke up the next morning to find one of his friends, Victor Collins, floating face down in the bathtub. The event appeared to be a tragic drinking-related accident until police noticed signs of a struggle on Collins’ and Bates’ bodies. So, how did Echo get involved in the case? The other attendee on the evening of Collins’ death remembered he heard music playing from the device, and, as previously mentioned, Echo records and stores all audio when activated. The police thought the audio recording might disclose evidence of possible foul play, but Amazon refused to release the audio recording due to its privacy agreement. The case remains unsolved.

Another less grave example is Burger King who took its advertising game to a whole new level by involving Google Home devices and Amazon Echo devices. In a 15-second ad, a guy in a Burger King uniform is seen holding a Whopper, Burger King’s flagship burger.  He says “OK Google, what is the Burger King Whopper?” triggering smart home devices all over America to start reading out loud from the Wikipedia page about the Whopper. Intrusive or borderline genius? You tell me! What Burger King did not foresee was how people would respond. They edited the Wikipedia page, citing amongst other things that the Whopper contained child meat, and that it was the worst burger in America. Google later deactivated the function, making it impossible for Burger King to trigger the devices. Some believe Burger King caught the idea from a recent news story, where a six-year-old girl used Alexa to order a dollhouse and get Girl Scout cookies delivered to her front door. Her parents were, mildly speaking, surprised when the delivery arrived. Even more interesting, when a news reporter told the story on TV, using the girl’s words “Alexa, buy me a doll house and girl scout cookies”, several other Echoes were triggered and placed the same order in the households of unknowing families watching the news.

These examples are some of the first, but most certainly not the last, of how smart home devices may be exploited. Whether they are used as a possible solution to a potential murder case or as an innovative advertising method gone wrong, opening up our homes to smart home devices which store information about what we talk about and look for on the web, results in new privacy issues. On a more positive note, Amazon seems pretty serious when it comes to privacy, by not handing out sound recordings even to the police. And personally, it would be indisputably comfortable not having to get up from the couch or reach for my phone every time I argue with my boyfriend about who won the Olympics or what the weather will be like tomorrow.

© Vladimir Voronin/Adobe Stock

Christoffer Olsen
TIK MA Student

Antibiotics have played a leading role in saving millions of lives worldwide for over half a century. But for how long can antibiotics provide us with this state of security?

It’s a Wednesday morning. The alarm enthusiastically goes off at seven o’clock, and you start your morning routine. The commute to work is busy as usual, but you get to your cubicle at the office in time, power up the computer and sift through your e-mails. It’s an ordinary Wednesday, though you feel a slight tingle in your throat. The next couple of days you develop a fever, and eventually you call the doctor’s office. You answer a couple of routine questions and the doctor collects a few samples that indicate that you have been visited by the beta-hemolytic streptococcal bacteria. The doctor hands you a prescription for antibiotics, and you should be back to work within a few days. Confident in modern medicine’s ability to get you back on your feet, you never really worry about the illness. But is your trust rightly earned?

This very common story of a person’s short journey from sickness to health might have a different ending in a few years, as antimicrobial resistance (AMR) is rapidly increasing. AMR is when a microorganism, such as bacteria, becomes resistant to treatment by e.g. antibiotics. When treatment becomes ineffective, the bacteria survives and spreads. An estimated 700,000 deaths can be attributed to AMR each year, and if no corrective measures are taken it may increase to 10 million by 2050. The millions of deaths are themselves a tragedy, but AMR is also associated with substantial economic costs. Given this scenario, it’s estimated that up to 100 trillion USD may be lost in global production alone. Similar to, and potentially worse, than the financial crisis of 2008, this threat to the global economy will increase economic inequality and the share of people living in extreme poverty.

Antibiotics are quite extraordinary. Their story began in the late 1920s, with Alexander Fleming (1855-1951) observing staphylococcus colonies under a microscope. While doing so, the culture plates were temporarily exposed to air, and thus contamination. Fleming discovered that one of the colonies had developed mould, and was intrigued by how the surrounding staphylococcus colony faded away. This turned out to be one of the most significant medical achievements of the 20th century: the discovery of penicillin. In the following decades, several new classes of antibiotics were approved, particularly during the 1950s and 1960s, the “golden age” of antibiotics. Since the golden age, the number of antibiotics successfully brought to market has fallen significantly. Though a small increase from 2011 to 2016 shows some promise, a fair share of these target Gram-positive bacteria. These are easier to deal with, as they are without an outer membrane. The Gram-negative bacteria are more challenging, and therefore more important to address. Another difficulty lies in the fact that antibiotic resistance is a result of natural evolution, and so will inevitably develop for some of the antibiotics being used. However, the process is accelerated by misuse and overuse.

To shed some light on the issue, it is interesting to compare the presence of AMR in livestock in Norway and Denmark. The AMR in question is Methicillin-Resistant Staphylococcus Aureus (MRSA). In the species of staphylococcus, MRSA is the most frequent cause of illness. It is estimated that 20-40% of humans are carriers. MRSA is usually not dangerous for healthy people, but in health institutions such as hospitals, where patients have a low immune system, it often causes infections. This is worrisome, as MRSA is immune to all antibiotics typically employed.

Among tested herds in pig farming in Norway in recent years, around 0.1% have been identified with livestock MRSA. In Denmark, it has been identified in approximately 60-80% of the herds. While the number of MRSA incidents has increased rapidly in both Norway and Denmark in recent years, it is important to note that 84% of the registered cases in Norway were imported from abroad, compared to 20% in Denmark. The large gap can be explained by Norway’s national strategy to prevent and combat MRSA, with a strict zero-tolerance policy on outbreaks of MRSA in livestock.  

The occurrence of AMR is increasing at a global level. It is one of the biggest health threats facing humanity. Why then is it not addressed by pharmaceutical companies? The main reason is low return on investment. Antibiotics are used for treatments that last a short period of time, while drugs for chronic illnesses, for example, are required for life. Pharmaceutical companies are inclined to develop drugs that will be used for as many years as possible. The use of antibiotics in livestock can be considered in relation to economies of scale: High density of livestock results in larger outbreaks that will spread as the livestock is transported. This is combatted by infection management strategies, including use of antibiotics.

In conclusion, a number of strategies should be followed to tackle AMR globally. Firstly, we need to avoiding unnecessary use of antibiotics. This can be achieved by increased global awareness and some degree of surveillance, combined with development and use of vaccines. Secondly, it is necessary to increase the number of antimicrobial drugs through global innovation funds and incentives to invest in research and development for effective drugs. Finally, we need to create an effective global coalition concerned with battling AMR.

© MicroOne/Adobe Stock
© Anthonycz/Adobe Stock

Martin Beyer
ESST Graduate 2017

Digital defence and IT security have been major concerns of public and private sectors for a while now, and with the amount of information produced today, these issues are more pressing than ever. Now, the public sector also aims to digitize their services. With more services going online, authorities worry that we may become an easy target. The debate concerning a digital border defence has resurfaced.

Digital information constantly flows across our borders through old-fashioned landlines. Norwegian security authorities claim they need access to all the information sent through these landlines to collect relevant and incriminating information regarding terrorism and other serious crimes. Others, however, question whether the authorities can actually find anything relevant to use from this surveillance, or if it is merely an excuse for mass surveillance. Will this digital border defence open a backdoor to your internet activity and give birth to other security issues?

Ninety-nine percent of all internet traffic crosses the border through landlines, even communication between Norwegian devices. The Norwegian Intelligence Service (NIS) (E-tjenesten, editor’s note.) wants to access this traffic in order to identify and gather evidence exclusively from foreign actors. It is not within their mandate to prosecute domestic parties. However, as the Internet is international, the difference between foreign and domestic actors is not at all clear. When you message a Norwegian friend through Facebook Messenger, the traffic is routed through Facebook’s servers that are located in Sweden and the US. It most certainly is not the scope of the NIS to deal with domestic issues, but the Internet blurs the lines between national and international. To collect communication between foreign actors, they will also need to collect domestic data, as long as the internet is global. What will happen with this data is difficult to say.

According to former Minister of Defence, Ine Eriksen Søreide, the NIS does not have exclusive access today and the nation’s systems are not built to uncover advanced cyber attacks or communication regarding terrorism or other sinister crime. Critical systems can be under attack for a long time before we even realize they are being targeted. Søreide argues that a digital border defence is a necessary step to make us capable of protecting our assets, our elections and our digital integrity. But at what cost?

The Data Protection Authority (Datatilsynet, editor’s note.) opposes the idea of a digital border defence and says that it violates both the constitution and human rights. Their main concern is that a digital border defence, as outlined by the government, will store metadata that is personified and untargeted. They worry we are close to a slippery slope where normal criminal investigation could access the same information – even though NIS is reassuring us this will never happen.

SINTEF fears the effect it could have on the public – many people might avoid important legal services due to increased surveillance. This effect is called the ‘chilling effect’ and makes a digital border defence into a matter of security versus democracy.

This, however, is not just a debate on whether a digital border defence is a good idea. It is also a question of whether or not it will work. Hollywood gives us the impression that intelligence services have access to cutting-edge technology – often not yet available to the public – and can do whatever they need to do, given the right authorization. But the truth is rather the opposite. Lise Lyngnes Randeberg, president of Tekna, has stated that Norway does not even have the technological capabilities to operate a system like this. In addition, SINTEF argues that people with the right resources and competence will be able to circumvent the surveillance system by using encryptions that cannot be cracked.

Remembering the debate concerning the Data Retention Directive (Datalagringsdirektivet, editor’s note.), we learned that there was no evidence that a defence system like this has actually ever helped solve crime. The system was too slow and easy to avoid, and the authorities usually had the ability to find targeted individuals without the directive. It is difficult to see how the Digital Border Defense will make a significant difference.

There might be a recurring problem for the public sector when dealing with technology. It seems that they either do not properly understand the technology or they are not cutting-edge enough to deal with problems as they arise. The latter might be because of overall slow progress in the public sector. From concept to implementation, the process might take years – through public inquiries, procurements and bureaucratic procedures – and by the time of launch, the technology would already be outdated. Just imagine a municipality signing a four-year contract with Nokia one month before the first iPhone was released. Without going into a lengthy debate, we can point to plenty of examples of how the public sector and its suppliers of IT security are not up to scratch. A recent relevant example is when 30GB of sensitive data on the new fighter jets Norway procured was hacked from an Australian defence contractor in 2016, or the massive vulnerability at South-Eastern Norway Regional Health Authority (Helse Sør-Øst editor’s note.) in 2017 where sensitive patient data became openly available to international subcontractors – even after the authorities had been warned.

This does not seem to inspire confidence in the industry or the sector, and one can only wonder how long it will take before a similar thing happens with the data collected by a Digital Border Defense, and all your communication, passwords, bank accounts and health information becomes available to anyone. And if it is not even likely to work, the massive investment might be better spent elsewhere.

© Lasha Kilasonia/Adobe Stock

Anne Waldemarsen
ESST MA Student

Ever since 2011, The Norwegian Center for Information Security (NorSIS) has made October the ‘Security Month’, as a measure to raise awareness and promote security-oriented practices in the aftermath of ‘the Digitisation’. Are the technologies we use to work, communicate, and store information thoroughly secure? Is it easy for outsiders to access a company’s computer systems? Are employees aware of what is at stake if hackers steal or alter sensitive information?

To discuss these questions, a large number of security conferences are arranged. If you’ve never attended one of these crisis-maximizing events – don’t you worry, my friend. I’ve attended a fair share, and here follows a summary of a typical day:

08.30 – 09.00: Registration:

Show up at the right address but wait hesitantly outside for five minutes in case you see someone you know so you don’t have to enter alone. Once inside, receive your name tag (which is misspelled) and pick up a free notepad and a pen that reminds you who sponsored this event (a private consulting company). The notepad makes you appear both sincerely concerned and curious, but you and everyone around you know that you will pick up your phone and browse through emails long before the second speaker enters the stage, and that the real reason for your attendance is to at least look like you are planning on keeping up to date on security-measures, plus the free coffee and “snitter”.

09.00 – 09.15: Host welcomes everyone/practical information:

Make sure you know where the fire escape is, yes, but more importantly: What route you can plan in advance to sneak out and fill up more coffee and put some grapes and biscuits into your pocket.

09.15 – 10.00: You are all in grave danger:

Some important CEO warning everyone in the audience about how unprepared you all are should a Russian hacker decide to attack you. He talks about how “technology has changed the way we live”, and says something about the internet of things – which he describes as how everyone’s refrigerator is connected to wifi and can be misused to open your front door.  You nod as if this is a common concern to you. At the same time, you wonder how you have overlooked the fact that your refrigerator from 1991 apparently has wireless internet connection, and inherent bad intentions.

10.00 – 10.30: Comic relief:  

Some unimportant IT-dude (which we later will learn is the real MVP) makes an effort to ease the tension, saying that your systems are sufficiently secure and that you and your company are not interesting enough to be attacked by a Russian or Chinese hacker. Even though this was meant to calm you down, you realise you feel somewhat offended and experience a need to prove yourself.

10-30 – 10.45: Coffee break:

Finally. You talk awkwardly with the man next to you, then run out to get some fresh air, hoping you don’t look as tired as you feel. When back inside, you sit alone and feel unimportant since no one wants to hack your company. Then you count how many speakers are left before lunch break. You are excited about lunch, but slightly worried about small talk. Only one speaker stands between you and lunch: Some woman from The Norwegian Business and Industry Security Council (NSR) talking about security measures.

10.45 – 11.30: A really long session:

The woman from NSR talks for forty-five minutes (!) about how you can behave in a safer way. This woman is abundantly more technically competent than you, with a Ph.D. from NTNU and a background in military intelligence. You are unable to keep up, so instead you desperately type “computer science” + “101” + “for dummies” + “continuous admissions” in the search engine on your phone. Lunch is right around the corner, thank God.   

11.30 – 12.30: Lunch break:

You try to locate the nearest 7-Eleven because you remember how much you dislike snitter.  

12.30 – 13.15: Everybody chill:

Some guy from The Norwegian National Security Authority (NSM) agrees with the IT-dude and says it is unnecessary to maximise the threat assessment. He explains how the media is making too much of a fuss about potential threats in cyberspace, and that private consulting companies will exploit your fear and offer you overpriced security packages.

13.15 – 13.45: Some good advice:

A woman from NorSIS, who seems tired of giving the same speech over and over again, informs the audience about how to act responsibly: “Always update to the latest version. Don’t set “admin” as the password to the admin-user account. If your employees love the company, they are less likely to harm you when they don’t work for you anymore.” You look around at the other attendants and wonder whether someone really is stupid enough to need  this information. Then you remember that the password to the workfile in your workplace containing sensitive health data is ‘password’.

13.45 – 14.00: Coffee break nr. 2:

Feeling sick of coffee due to overconsumption, you head for the tea-selection.

14.00 – 14.30: The sales pitch:

You remember why you never drink tea. A private consulting company representative brags about their experience in the field, lists all the catastrophes they single-handedly prevented, and states that ‘WannaCry’ was below their level of expertise. He continues to talk positively about how the state facilitates educating employees and making sure that Norwegian workplaces have the necessary tools to secure their digital systems, but that this might not be sufficient, and that if you really-really want to make sure that you don’t lose sensitive information, which may lead to both your company and you as a private person being sued, you should hire this private company’s security packages ASAP.

14.30: That is all:  

Host thanks every speaker, but is obviously regretting having invited the private consulting company. The host tries desperately to remind everyone that as long as you follow the official guidelines you are sufficiently secure. Gives a last reminder that it is unrealistic to believe that you can be one hundred percent secure, and that no one should be in a terrified state of mind, since the chance of your company being attacked is very, very small.Any observant conference participant can see how the representative from the private company re-enters the podium, shakes his head and mouths “You are in grave danger. We can make you one hundred percent secure.”

14.38:

The conference is over and the doors opens. A confused crowd of people exits, some of whom will head straight to the office and add two more capital letters in their password, some will for the first time in their lives press “Update now” on the popup on their computer screen, but most will live forever after with a vague anxiety permeating their body, passive-aggressively resisting any further form of digitisation.

And one attendant will open her laptop and write this faithful account from memory.

© elenvd/Adobe Stock
© Lagunculus/Shutterstock