Speaker 0
0:10 – 0:13
Welcome to Tech Talk. Bye. CT.
Speaker 1
0:13 – 0:14
Tea.
Speaker 2
0:15 – 1:51
Welcome to CDT's Tech Talk where we dish on tech and Internet policy while also explaining what these policies mean to our daily lives. I'm Brian Wasilowski, and it's time to talk tech. In this episode, we talk with a mixed media artist who is exploring curate your memorial service? We'll also be talking about the headline grabbing DDoS attack that took out big swaths of the Internet. The attackers leverage the Internet of Things to carry out the mega attack. What does this mean for companies developing Internet connected devices? And what does it mean for the everyday consumer who is connecting everything they own to the Internet? If you were to die today, what story would your social media tell about you as a person? Would your digital life paint a picture of the real or genuine you? In a recent exhibit at the LA County Museum of Art called the hair afterlife, you could go to get a personalized hair afterlife consultation that would walk you through a number of considerations and it culminate culminated in a mock memorial service. Gabriel Gabriel Garcia Colombo, the artist who created exhibit, and in fact, the founder of the HereafterLife Institute, joins us today. Welcome so much, Gabe. Hi. Thanks for having me. Our pleasure. So first, just so I'm clear and our listeners are clear, there is the hereafter Life Institute and then the exhibit that you had recently, in LA. How are they related? Are they the same thing or is there a difference?
Speaker 3
1:52 – 2:49
Yeah. So I I, you know, about a year ago, I applied for a grant from the Los Angeles County Museum of Art. They have an art and technology lab. Good. And it's a program that kind of combines artists with, you know, big companies that work with technology. And I applied, for with this concept about examining death and the digital age. And so I created sort of a fictional company called the Hereafter Institute, that helps you to look and plan your digital afterlife. And I was really inspired by all these kind of strange interactions I was having with people online who are starting to pass away. I've had friends that passed away, and, you know, on social media, there's this sort of outpouring of mourning that happens on sites like Facebook, or on Twitter. You know, I even had a friend that that passed away that would continue to tweet after he had died. Oh my goodness. Like, he had set up he had set up auto tweets, and that was really strange to me. And so I wanted to think about how technology is playing a role in our in our in our lives, but also how it's playing a role in creating sort of new rituals,
Speaker 2
2:50 – 3:25
surrounding death and mourning. Oh, that's great. And it sounds like a Yeah. Sounds like a great grant that they give out. More artists should look into that. So you touched a bit on why this fascinates you, and I think the experiences that you just described a bit, all of us have seen. You're having a friend pass and seen that that play out, on social media, whatever the the platform is. So why don't you take us a little bit through, I guess you would call it a consultation at the exhibit. You know, what were the types of questions that, you know, a visitor in this case, but, you know, in your your, performance art, a client would experience as they were going through the hereafter life consultation?
Speaker 3
3:26 – 4:13
Yeah. So you would arrive and you'd be greeted by a consultant that would take you sort of through these various art pieces that I created, that are part of the hereafter institute. But it was done very much like you're actually at this, you know, real institute. And, actually, all the artworks are are real. They're real things. So the first part you would encounter these necklaces, and the necklaces were based on sort of traditional morning Victorian era necklaces where people would wear, you know, the the hair of people who had passed away or photos of people with locket who have passed away. And so I created sort of a modern take on this that was a video necklace that you could encode VHS, old VHS tapes or old video into a necklace and wear a wearable video screen that you can, you know, have show sort of people that have passed away on video on this necklace as he walked around.
Speaker 2
4:14 – 4:18
I'm actually shocked that that doesn't exist already. Maybe it does. It sounds like a great idea.
Speaker 3
4:19 – 6:26
Yeah. I I found these, like, really amazing round screens. So it has, like it looks more like a necklace than it does, like, a video screen, you know? Very cool. And I and everybody that's featured in the project are actually people who have passed away. So, I put, you know, I I put out a call online and people said, oh, yeah. We I wanna be part of this memorial project you're doing. And so all it was very important to me that everything was done with real people participating in it. So from there, you go and you you're taken down into this sort of lab space and you see, you were told about this monument, sort of a new version of a gravestone. And what that is is it it's a it's a record player, like a vinyl record player on top of this black obelisk. And, what I did was I created sort of one of a kind records, vinyl records, that were data records. So there was there was sound, but it was the the data that was converted into the sound. And the data is people timeline from Facebook who have passed away. Oh, interesting. You could literally put one of these records on the monument and play it, and it would show every everything they'd ever written on their timeline on Facebook on the front of this monument. It would appear sort of like a video screen image. I'm guessing a lot of our listeners, just like me, are a little nervous thinking of that. But Well, it's interesting. And that's part of the question is how you're represented online. Is that a true representation of you? Right? Like, if you wanna be remembered by these things that we write online, you know, how does that play into our the future memories of people after they pass away? And so the third part, you got to experience the virtual reality simulation where we actually recreated or sort of reanimated people in in virtual reality but passed away, as in these sort of virtual spaces you could visit. And that's the hereafter life portion of the piece where you can you can actually put the VR helmet on and spend time with someone who's passed away and and hear about who they were and, you know, hear about their media. In terms of this is based on, you know, in in ancient Egypt when people were buried with all their belongings. Mhmm. And so I'm thinking about what's the media what media will you be buried with today? So, you know, if you're a writer or something, we could have you reading your your writing. Or if you're a musician, you could be you know, you could hear the person playing the guitar. And so they're very customized,
Speaker 2
6:26 – 7:03
virtual reality environments that you would visit these people in. That's very interesting. Yeah. When you think about, you know, what a lot of times people are buried with, it's more you think of it like necklaces and you think about important keepsakes. In a a more digital world, a lot of our stuff, you know, even physical photographs exist only in a digital way. So it seems like a very logical next extension as as we look into the future. So the people who went through the exhibit, I'm sure there were tons of different, reactions to it and responses. I mean, death obviously something that brings a lot of emotions. What were some of the the responses you got, to this exhibit
Speaker 3
7:03 – 8:03
and your work? Well, yeah, there was a ton of different responses. Everything from people that were crying at the end of it. Actually, in the end of this last scene, you actually end up sort of in a theater by yourself, and, you're given a eulogy based entirely on your social media. So we've we've sort of, appropriated your social media before you arrive and written a very customized script just for you based on who you who we were we were able to find about you information we were able to find about you on the Internet. And so that you know, people found that really interesting. Some people were shocked by the fact that this person existed. They felt, like, distant from the person they were digitally. And some people found it very moving, you know, the idea that you get to sort of attend your own funeral before you pass away and see how you're being represented by these these digital memories. Yeah. So we had really different, reactions. I, you know, so we have there was even a person who came to the the performance that runs a large funeral company, and he was very interested in talking to me about making these things a real, a real business sort of afterwards, which I thought was a really interesting reaction
Speaker 2
8:04 – 8:12
Yeah. That does sound interesting. So did you have your own, funeral or memorial service curated? What was that experience like for you?
Speaker 3
8:13 – 8:44
I did. I I I did have something right, you know, while writing up all these all these pieces. It's interesting. You know, it's interesting to think about what we what information we put out into the world. And, you know, as an artist, I'm kind of creating sort of a body of work that I hope to live on after me. And so I in a way, I'm kind of writing my my memorial every day when I make a new piece of work. And so, hopefully, the Hereafter Institute becomes part of that. That's a good way to look at it. And I know that a lot of your work is online. There's some great stuff. It's, your website's gabebc.com,
Speaker 2
8:44 – 9:01
so people should definitely check that out. Why don't you tell us a little bit about some of the other cool stuff you're working on? I saw even one where you have a vending machine, where you can buy human DNA. What are the other creative digital and non digital things you're working on? Yeah. So, I mean, most of my work revolves around this concept of memorial
Speaker 3
9:02 – 9:55
some way. And I think that that's because we've become so obsessed with chronicling our lives in the past ten years with social media and with sort of the collecting of images and collecting of media in general. And so, yeah, I made a project a couple years ago, that dealt with the idea of privacy and and also this idea of sort of collecting, sort of collecting, material from people where I I started collecting people's DNA. Wow. And I made a d a vending machine that sells human DNA, sort of like a collectible item, almost like an Apple product or something like that. So it was it of like a collectible item, almost like an Apple product or something like that. So it was inspired by a couple different things. But the idea was really, you know, when we live in this world, if we're looking ahead to, like, what's the future of all this technology in terms of how we depict ourselves, biotechnology, I think, will eventually play into that as well. And so I wanted to examine sort of the idea that what if what if we could, like, trade a small part of ourselves in that same way that we, you know, collect photos
Speaker 2
9:56 – 10:20
online in some way. Very cool. Very cool. Well, art definitely is so important in helping people understand society and and engage with it. And in the digital world, someone doing work like what you're doing, you know, you're putting out all these words that we work in here. So thank you for doing that. Thank you for being a guest on Tech Talk. And I just wanna tell everyone before I let you go to visit again your website, gabebc.com. Thanks so much, Gabe.
Speaker 3
10:20 – 10:21
Yeah. Thanks for having me.
Speaker 2
10:26 – 11:51
The Internet of Things is here, and we are connecting everything to the Internet. Our cars, baby monitors, thermostats, and oh, so much more. Well, this is awesome and innovative. Having everything around us connected to the Internet is also risky. Recently, a lot of us got a very, very big reminder of that when distributed when a distributed denial of service or DDoS attack overwhelmed the servers of a company that connects users to websites. Users of Twitter, Spotify, and the New York Times no longer could access the sites for extended periods of time. There are tons of aspects of this DDoS attack that make it interesting, from the target of the attack to the motives. But one of the most interesting aspects is the how. The attackers took advantage of vulnerabilities in Internet connected devices from a Chinese manufacturer that had stupidly, we might now say, published default usernames and passwords online. CDT's privacy guru, miss Michelle Des Moines, joins us today to talk about what this attack means for the Internet of Things and why this is something industry, government, and general Internet users need to be thinking about. Welcome, Michelle. Thank you, Brian. I'm I'm glad to be back here. Yes. You are my favorite guest. One of my favorite guests. I don't wanna slate my other guests here. Of course. Everybody knows. Everybody knows. Alright. So first, tell me a bit more about this DDoS attack and what made it, you know, really, for lack of better words, so impressive.
Speaker 0
11:51 – 13:53
Sure. The so as you mentioned, the denial of service distributed denial of service attack or DDoS attack swarms the servers of a company called Dyn. And this is a company that is a domain name registration and they have servers that, help us connect to websites. And the attack was conducted in part by harnessing Internet of Things devices, as you mentioned. They accessed about 10,000,000 devices. So just gathered this army of devices, and the way that they did this was, as you mentioned, using the default usernames and passwords that were published online previously, but the manufacturer had kept there. Stupid yes. Foreseeable problem. And a good reminder that everyone, if there's a, you know, default username and password, change it. Not to mention the fact that the Federal Trade Commission has warned manufacturers of IoT devices to not ship with default passwords. So, you know, that that's a separate part of this conversation, but it's still important. So they they changed the default passwords and updated the software on the devices with malware. It's called the Mirai, botnet. And and that's a whole other discussion that I won't get into because I'm not our technologist. But I will say that this army was responsive to the bot herders and, compromised just millions and millions of of IoT devices. And the come and the people who perpetrated this attack went after really the the dying people were the victims here because they are so difficult to attack. So overwhelming a system like theirs is not easy. And so part of we think the rationale for why this was done was to kind of flex some muscle and show that they that they could do this. And and what that really says is that this will not be the first, you know, of this kind of attack. It certainly has it's not the first DDoS type of attack, but it it is one that was, just incredibly large in its scope and complexity. And, even though really it was a straightforward DDoS attack, it it it showed that there there is a great capacity out there for this kind of attack. So it it's something that really makes us worried.
Speaker 2
13:53 – 14:09
So you wrote a blog post so everyone should go to our web site and check it out, and it had the headline, hashtag IoT fail. Right. Good headline. Do you think that this is a really serious blow to the Internet of Things, or is it more of a warning shot or just a blip?
Speaker 0
14:09 – 14:59
It's hard to say. I think this kind of attack makes people pay attention because websites went down. I mean, when Netflix goes down on a Friday night, people are gonna pay attention, if not start an outright war. I know Twitter going down. And what was it? This was Monday morning or something. Yes. Well, because actually there were series of attacks, that happened one after another. And so the company, Dyne, is actually, you know, actively participating in an investigation about this. So they can't talk about what really happened yet. They've they've put out some guidance. So we'll learn more. But I do think, you know, this is a blow. We at the same time, we've all gotten so used to these kinds of attacks or breaches that in some ways, I think we become immune to them. But I I think that industry is concerned, and maybe taking security threats a little more seriously. There's been sort of a a wave of IoT discussions
Speaker 2
14:59 – 15:32
in DC that I think are kind of pushing us towards hopefully some kind of solution that will include privacy and security standards. Cool. So as a general Internet user, you mentioned a lot of people felt this one. It was things that, you know, everyone uses from Netflix to Twitter. Mhmm. Who should you be outraged at? I mean, so often with attacks like this, you're like, you know, am I angry at Netflix? Well, I guess not. But who who is it? Well, as as an Internet user and a privacy advocate, I I enjoy outrage quite a bit. Yeah. And so I would encourage us all to be outraged. Rage. It's constant.
Speaker 0
15:32 – 16:12
It is fun. But, no, just seriously, I do think that people should be very pointed in their demand for more transparency by companies to let them know exactly what their security what the security for these devices is. It's not easy, and a lot of the the technical expertise that would have been required to stop something like this isn't something that most of us have. But I do think that holding companies accountable for telling us what it is and for giving us, you know, easy to use understandable tools for changing default passwords and things like that that we can control, I think that's an important, part of the public's responsibility here. Are there any other actions that companies should be taking? I mean, specifically companies that are producing devices Mhmm. That are
Speaker 2
16:16 – 16:29
going to be Internet connected or enabled, which I'm guessing is almost everyone now. I can't I can't think of too many products in my home that aren't in some ways connected. Absolutely. Absolutely. And then many companies have invested heavily, especially tech companies in the IoT.
Speaker 0
16:29 – 17:13
And I do think that they're they're considering what it means to be a part of the IoT and what it means to be sustainable. And so I do think company there are technical measures that companies can take starting with not being abjectly stupid with it's no offense, Chinese manufacturer, but that was, you know, really, a very basic, protection that could have been put in place. And then as I mentioned, the FTC is paying attention, and that means companies should be paying attention. And so it's not just about doing the basic level of protection. It's about things like making sure security patching is a part of every kind of protocol. Making sure that your your device is something that you monitor, that you provide some support for, and and not just giving, users instructions in Chinese, which is what happened
Speaker 2
17:13 – 17:27
here. Oh, interesting. Mhmm. So you mentioned the FTC. Mhmm. What about government response to this? I mean, certainly, the FTC plays a role. Is there are there broader things we should the government should be doing, both here and I guess abroad?
Speaker 0
17:27 – 18:13
Yes. I think, you know, abroad, they're certainly doing, quite a bit on IoT, and I think that's gonna ramp up even more. The there is a role for government here, and I actually have heard more of a consensus around this than I've heard about a lot of privacy and security issues. As I mentioned in my blog, I think it makes sense to enact baseline privacy and security rules, and the FCC's rule this morning on broadband privacy may come into play. I think we're gonna look at that a little more closely and and come up with some understanding of how this might come into play with IoT devices. I also think it makes sense for the FTC to be working with other agencies where this this is a part of what they do. For example, the Food and Drug Administration, the Consumer Product Safety Commission. You know, I think government agencies need to be just as innovative as the technology that they're regulating.
Speaker 2
18:14 – 18:21
Great. So let's go back to the general user because, you know, I I said this to you the first time I read your blog. I'm like, oh my gosh. I feel so helpless.
Speaker 0
18:21 – 19:49
Yeah. Is there anything that someone, you know, a user just who connects these devices can know so that they're not kind of that unknowing soldier or their devices are not that unknowing soldier in a botnet attack? Right. And I think that is one of the more interesting pieces of this in terms of advocacy is realizing that we're all a part of this digital ecosystem. And so we it's easy to point to industry and government and and sort of assign roles to them. But really the question that I think we're asking now is what is our role as consumers here? And can we just sort of dumbly go along with being vectors as part of an attack like this? Eventually, the attacks may become physical. Right? Right now, we're talking about websites being disrupted. In the future, when we talk about IoT, we can talk about actual physical harm to people. So what does that mean in terms of liability? But back to your point, what does it mean for consumers? And I think paying attention is a really big part of that. So looking at the devices that you buy, making sure that you understand if your device is connecting to the Internet. Maybe it doesn't need to. Right? If you have a webcam, maybe there's certain points when you want that to happen, but many, many times things are connected when they don't need to be. So checking those sorts of things, making sure you have updated software, and immediately patching any kind of problems that you are aware of or have access to. I also think it's important for people not to use default passwords. Again, just to not not to put too fine a point on it, but, you know, it's important to pay attention to the details like that. But like I said, a lot of the technical configurations that could have stalled an attack are just really sophisticated, and and so a lot of the responsibility goes on to companies.
Speaker 2
19:50 – 20:08
Well, there's a lot of great resources on cdt.org, in terms of if you want help thinking through what your password should be. Yes. The blog post not that old. So, worth checking out there. Any last takeaways from you on, this DDoS attack, what you'll be thinking about? I am very glad that HBO was not disrupted because I'm obsessed with Westworld.
Speaker 0
20:09 – 20:27
And other than that, I think, you know, CDT is really invested in IoT in terms of what is our advocacy, what are, you know, how are we going to go forward in understanding the new technology, the new role of government. And so we'll we'll be keeping a very close eye on all of this. Great. Well, thanks so much for coming on. Again, Michelle, see you soon. Thanks, Brian.
Speaker 2
20:33 – 20:55
That's it for this episode of Tech Talk. If you wanna know how you can take control of your digital life after death, check out the great CDT resource called Everybody Dies, how to preserve your digital legacy at www.cdt.org. Also, be sure to follow us on Twitter, like us on Facebook, connect with us on LinkedIn. I'm Brian Wasilowski. Thanks so much for listening.