CrowdStrike and the justification of Saint Shoshana?

Does the CrowdStrike incident provide yet another example of the sense in giving individuals primary control over their own data?

Image: Shutterstock

You probably never even thought about the fact that your ability to board an aeroplane, buy some goods at the supermarket, or get a doctor’s appointment, might one day be contingent upon a global cybersecurity provider not having a bit of a hiccup.

But, if you think about it, it was always an inevitability. If all eggs are in one basket, then one little stumble may well cause the bottom to drop out of the world. That is a metaphor salad but I hope it communicates the point.

None of which is a criticism of CrowdStrike, the cybersecurity provider at the centre of the disruption of 19 July 2024. CrowdStrike’s Falcon platform is a leader in MDR (Managed Detection and Response) and the company responded with transparency, honesty and speed to the issue which they reported as follows:

On July 19, 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems. Sensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform. This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems.

The sensor configuration update that caused the system crash was remediated on Friday, July 19, 2024 05:27 UTC.

This issue is not the result of or related to a cyberattack.

So, no, this is not a criticism of CrowdStrike or any other cybersecurity provider: we absolutely need these guys. However, it has raised in my mind the question of where our primary personal data is held - globally or individually?

Have you noticed, the Big Questions of our age seem to keep coming back to a contest between Local and Global approaches to, well, pretty much everything?

Indeed, as it happens, I wrote on this very topic just one day prior to the CrowdStrike cock up.

Are you buying or are you being bought?

I’m at the end of my working life. Beyond it, in fact. I reached the official UK retirement age of 65 back in 2010, by which time I had enjoyed decades in numerous sales and marketing roles with large and small enterprises.

In that same year, I recall being hugely impressed and cheered by an article in McKinsey Quarterly. The article was by Shoshana Zuboff, Charles Edward Wilson Professor Emerita at Harvard Business School and Faculty Associate at the Berkman Center for Internet and Society at Harvard Law School. It included this:

The old logic of wealth creation worked from the perspective of the organization and its requirements – for efficiency, cost reductions, revenues, growth, earnings per share (EPS), and returns on investment (ROI) – and pointed inward. The new logic starts with the individual end user. Instead of ‘What do we have and how can we sell it to you?’ good business practices start by asking ‘Who are you?’ ‘What do you need?’ and ‘How can we help?’ This inverted thinking makes it possible to identify the assets that represent real value for each individual. Cash flow and profitability are derived from those assets.¹

“Who are you?” “What do you need?” “How can we help?” This open, optimistic view seemed to me to be a marketing dream come true – the ability to respond more precisely to customer wants.

All was going to be well! Coming from a Harvard professor this surely carried great authority?

However, Professor Zuboff’s mood was to change dramatically. In 2019, in The Age of Surveillance Capitalism², she delivered a closely argued, angry report of a dream gone sour.

The original thinking, she said, had centred around an understanding that personal data would remain the property of those to whom it related. But that promise had been tossed aside.

She used as an example a 2000 Smart Home project at Georgia Tech, titled Aware Home:

It was meant to be a ‘living laboratory’ for the study of ‘ubiquitous computing’. They imagined a ‘human-home symbiosis’ in which many animate and inanimate processes would be captured by an elaborate network of ‘context aware sensors’ embedded in the house and by wearable computers worn by the home’s occupants.³

Importantly …

it was assumed that the rights to that new knowledge and the power to use it to improve one’s life would belong exclusively to the people who live in the house.⁴

But this was not to be …

By 2018, the assumptions of the Aware Home were gone with the wind.⁵

By 2024, we surely all now realize that our personal data has been commandeered by global tech companies. In order to be able to participate in the digital world, we have to accept that we ourselves are part of the product.

The imperative to understand the tech

Now, okay, I acknowledge that I’m mixing two issues here. If each and every one of us carried a chip with our own data it still would not necessarily prevent the kind of goof that CrowdStrike made. But it might provide greater personal security and make the recovery phase easier. And it would formally recognize that each of us owns our own data.

This seems to me to be part and parcel of the problem of giving greater understanding about the burgeoning digital technology to more people. Tech experts ‘get it’ - the rest of us, by and large, don’t.

Indeed, I think it’s fair to say that, for a very long time, those of us who are not digital tech experts were lured into thinking that the tech could do no wrong - that it was a pure form of rationalism in action.

In the UK, this misconception received a very public airing: the UK Post Office Horizon scandal, which relates to technology originally developed by the UK software company ICL, subsequently acquired in 1998 by Fujitsu.

The Horizon scandal occurred because an initial belief in the infallibility of digital technology led to appallingly unfair treatment of more than 700 sub-postmasters.

An excellent essay on the ‘Who Understands the Tech?’ issue is here:

The Divergence of Leaders from Understanding the Technology on Which We Rely

Saint Shoshana

For the last word in this post, here is a fragment of the wisdom of Shoshana Zuboff, specifically, here, about the smart home concept:

Today our homes are in surveillance capitalism’s crosshairs, as competitors chase a $14.7 billion market for smart-home devices in 2017, up from $6.8 billion just a year earlier and expected to reach more than $101 billion by 2021. [NOTE: revenue in the smart-home market is expected to reach $154.4 billion in 2024.] You may have already encountered some of the early absurdities: smart toothbrushes, smart lightbulbs, smart coffee mugs, smart ovens, smart juicers, and smart utensils said to improve your digestion. …

An appreciation of the surveillance logic of accumulation that drives this action suggests that this network of things is already evolving into a network of coercion, in which mundane functions are ransomed for behavioral surplus.⁶

That was written five years ago. Already, we have moved further along the network-of-coercion pathway (for example, the car that sounds an alarm when the speed limit is reached), a course of action that not only robs us of our flexibility but also, as or more important, further isolates and infantilizes individuals in our societies.

Thanks for reading.

1

Zuboff, Shoshana. Creating value in the age of distributed capitalism (McKinsey Quarterly, 2010 Number 4)

2

Zuboff, Shoshana. The Age of Surveillance: the Fight for a Human Future at the New Frontier of Power (2019)

3

Zuboff, Shoshana. (2019) Ibid.

4

Zuboff, Shoshana. (2019) Ibid.

5

Zuboff, Shoshana. (2019) Ibid.

6

Zuboff, Shoshana. (2019) Ibid.