Data, behaviour and misbehaviour

this is a world where massive amounts of data and applied mathematics replace every other tool that might be brought to bear. Out with every theory of human behaviour, from linguistics to sociology. Forget taxonomy, ontology, and psychology. Who knows why people do what they do? The point is they do it, and we can track and measure it with unprecedented fidelity. With enough data, the numbers speak for themselves.

Chris Anderson, editor of Wired, 2008, quoted by boyd and Crawford (2012).

Because of the constant circulation of data, data flow and management is at the centre of IoT discussions. As Halpern (2014) notes, this technological approach results in the ‘dataization’ of lives – our homes, cities, cars, environment and selves. When domestic objects are data-driven, it becomes important to ask: Who receives the data (and who else has access to it)? How is it combined with other people’s data? How is it analysed? Who develops the algorithms that govern the collection and treatment of the data? How does the above relate to the

manufacturers’ incentives? These are all, perhaps, important questions to consider when assessing any new IoT device or initiative, and although these are not directly my research questions, some aspects are addressed within a number of my projects.

In the context of networked devices in our domestic space, the way we behave in our homes is subject to increased monitoring and analysis by various companies. One issue arising from this is that this data can be resold to insurance companies, advertisers, ‘data brokers’ and governments, providing an unprecedented view of our daily lives (Goodman, 2015). One consequence of this was highlighted in late 2013 when Google sent a letter to the US Securities and Exchange Commission noting, “we and other companies could soon be serving ads and other content on refrigerators, car dashboards, thermostats, glasses and watches, to name just a few possibilities” (Ibid.).

Here is important to note that selling and re-selling of personal data is increasingly familiar from online profiling and social media, primarily sold to advertisers. But as Speed & Barker (2014, p.6) note, "If domestic appliances follow the same model of trading our data through the availability of free apps and undecipherable terms and conditions then we can expect that much more of our lives will become available as a database for enquiry." For Speed & Barker, the question then becomes "how to design systems that offer [users] value for [providing their] data." In addition, I would like to question whether enabling users to

construct meaning (see section 3.4.3) is a better way of approaching data in the IoT, than the transactional implications of "value" in this context.

Misbehaviour or malfunction of IoT technology is another potential issue, as networked objects can now act without human intervention. This resonates with one of the early concerns raised by Bruce Sterling’s concept of ‘Spimes’ (a

contraction of ‘space’ and ‘time’). Spimes are defined by Sterling (2005) as objects which, through their connections, can be recorded, tracked and inventoried through space and time, having an online life which may transcend transient physical states. According to Sterling, “eminently data-mineable Spimes are the protagonist of an historical process— in a Spime technosociety almost everything has

metrics”. Sterling (2004) suggests that we should get ready for: “- spime spam (vacuum cleaners that bellow ads for dust bags); - spime-owner identity theft, fraud, malware, vandalism, and pranks; software faults that make even a mop unusable;

- spime hazards (kitchens that fry the unwary, cars that drive off bridges);

- unpredictable emergent forms of networked spime behavior; objects that once were inert and are now expensive, fussy, fragile, hopelessly

Connecting an object to the Internet thus generates a shift in its behaviour and therefore our relations toward it. This raises the question: How should the law deal with ‘smart’ IoT objects in cases of inappropriate decisions, and who (or what) is responsible for such decisions? Such questions about ‘disruptive technologies’ effects on the law are already very real matters of debate among legal scholars (for example Katyal, 2014), and while outside the scope of this thesis, are worth keeping in mind as we consider the implications of algorithmic decisions.

One example of a misbehaving object was the case of an IoT ‘smart’ fridge which was hacked and began spamming its user with junk mail. Due to the integration of the user's Google Calendar with the ‘smart’ fridge, hackers accessed the network and monitored activity for the username and password linked to Gmail, due to Samsung’s failure to secure the fridge software (McOwan, 2014). Cases like this show that such misbehaviour might have nothing to do with the refrigerator’s main function, but is solely related to its connectivity to the Internet.

This highlights the importance of security and trust in relation to IoT technology. As some of my projects’ participants’ comments in section 5.1 will show, these issues are very much on people’s minds as they consider living with the IoT. Another issue is around software ‘bugs’, which have the potential to cause considerable problems.2 An example concerns the Nest thermostat: in January 2016 a user reported that several such ‘smart’ thermostats “suffered from a mysterious software bug that drained its battery and sent our home into a chill in the middle of the night” (Bilton, 2016). In response,Nest’s co-founder and vice president for engineering blamed a software update, saying: “We had a bug that was introduced in the software update that didn’t show up for about two

weeks”(Ibid.).

2 _{A software bug can be defined as “ a problem causing a program to crash or produce invalid output. The}

problem is caused by insufficient or erroneous logic. A bug can be an error, mistake, defect or fault, which may cause failure or deviation from expected results.”

Software bug definition. Technopedia.

According to Bilton (2016), “buried deep in Nest’s 8,000-word service agreement is a section called ‘Disputes and Arbitration’, which prohibits customers from suing the company or joining a class-action suit. Instead, disputes are settled through arbitration.” In essence, the company is eschewing legal responsibility even for its own misbehaviour.

We have seen how our data, specifically in and from our intimate spaces, under the umbrella of the ‘smart’ home, is being stored and analysed, and this suggests the need to critically investigate the issues involved. One question arising concerns the epistemology of data analysis and the mentality embedded in the algorithmic processes: how do devices and systems ‘know’ what they (are claimed to) know? In the following section I explore this epistemology further, characterising the algorithmic logic that governs IoT devices as the Algorithmic Paradigm.