Tuesday, 5 August 2014

USB dead-drops, physicality and secretly-sharing

When I saw Breaking Bad a while back, one of my favourite things about it was the physical details of how illicit activities can happen in plain sight without anyone noticing. One of those details was the dead-drop sequence where they moved small amounts of meth and money by having different people dropping and picking them up at obscure locations around Albuquerque, places where no one would ever check. 

Beyond the TV screen, dead-dropping is a technique that can be (and is) used in real life. Criminals, spies, ninjas and any other personnel of covert operations may be expected to make use of this practice every once in a while to transfer letters and packages. How many of these folks are active in this city?

Dead-drops are one example of the many alternative communication possibilities our urban spaces can offer. It signifies a hidden layer of communicative functions only available to those who know about it. There may possibly be infinite numbers of these layers that you don't know about. Given the way perception works, you can never know how much you don't know. Take the case of language. I don't know Morse code. How do I know if everyone around me are not discussing their murder schemes every time they blink their eyes? You never know with these ninjas. They can be anywhere, anyone, at any time.

Here is something I do know about. Aram Bartholl, a media artist, had taken up the dead-drop name for a project in which he installed USB flash drives in random locations in NYC in 2010. He literally sticked USB drives into brick walls and patched some cement around them to keep them intact. He called them USB dead-drops. These dead-drops are like the traditional ones described above except that they are digital. It is a digital communication network that is anonymous, locally-based and offline. If you know where one of them is, you can go there and upload data onto the drive and also download whatever data that's on it.

I think it's a pretty cool idea, many others thought so too, and since 2010 people around the globe had taken up the initiative to install USB dead-drops in their own cities. It's pretty easy to install one, and if you wish to you can submit its coordinates onto the map on deadrops.com. I have checked out some of these coordinates in Rotterdam, here are pictures of their current conditions.

On the Erasmusbrug

At Westplein

Witte de Withstraat

A part of the excitement in this initiative, for me, is its emphasis on physicality. It is intuitive for me to physically go somewhere and drop off or pick up a message. The travelling to that specific spot is a part of the communication, as is the location itself. While modern communication technologies had significantly cut down the time for messages to travel, it had also completely cut down actual physical travelling OF or FOR these messages, both of which could have carried a lot of extra meanings. By (re)-placing data in the real physical context, we re-include the spatial-locational element into communication. This is not unrelated to the oft foretold Internet of Things, but in the case of dead-drops, things are not connected via the Internet. Actually a dead-drop and your personal devices can only be connected by your movement between/to them. They are connected via you. It's the Internet that is You! (I'm sorry I'm pretty bad at coming up with theoretical catch-phrases)

You may have noticed from the pictures that some of these drops are broken. When you place anything in public you risk vandalism and natural wear. The other thing you risk is security. It's quite possible for an open USB drive to be infected with malware, which can then infect every device that comes into contact with it. This is a pretty serious problem and it is what stops many from connecting their devices to a dead-drop. There is a political discussion in this: can you trust an anonymous people to use a shared tool/property and not ruin it for each other? Instead of approaching it as a ethical-philosophical debate regarding Hobbesian social-contracts etc, a relatively easier way out is to solve these problems through design.

First off, to a limited extent, the problems cancel each other out. As per its current standing, I think USB dead-drops are more of an experiment/artistic-statement rather than an attempt to create a functional information infrastructure, and these guerilla data storage devices are not designed to last. They break pretty easily, and the short life-span of a drop may be a protection mechanism in itself. If a drop is new and fresh, it might not have caught any malware yet. If a drop is old, it's probably already broken anyways and will not be able to infect anything. This system doesn't guarantee security, it guarantees nothing but the fact that an infected drop will not serve to infect many more devices. This limits the scope of damage.

A security measure users could take is to actually keep the discreet location of a dead-drop a secret between a small group (i.e. not publish its coordinates on a website). If only trusted people will have access to a drop, you can then trust in these people's judgement and assume that only trusted devices will be connected to it, thus keeping it clean. This is a form of social security.

If we are to solve these problems through improving/changing the hardware, maybe wireless alternatives can also be a more costly option. Small servers can be placed in a secluded and protected environments, not (easily) physically reachable but can be connected to via wi-fi when you're in its proximity. You go to that pavilion in the park where you always meet up with your friend. You take out your phone, connect to this local network that only you know about, and download a new mini-video that he left for you there. By the time you are watching this video I would already be in Ireland, he said so in his webcam recording, I suppose this was an Irish goodbye. You delete that video from the local server and cry. Your friend was also your boyfriend but now it's complicated. The problem with this scenario is I can't really figure out a way to constantly supply power to that server. Only bring portable power supply to the server when someone wants to access it, maybe? In any case this server-approach loses some of the guerilla charm of USB dead-drops.

Since we're talking about charm, let's get back to dead-drops' social security tactic for a sec. I want to end this on a note about trust. Maybe one of the few people who use your drop will judge wrong one time and infect the drop. Maybe some of these people are malintentioned from the very start and planned to compromise your device. All of these are possible, but consider it is known that the NSA can alter hardwares for surveillance purposes as they leave the factory, consider that personnels like Edward Snowden were trusted with access to your emails, consider that just visiting FBI targeted websites puts the security of your machine at risk. I think it's reasonable to trust local people you know in your personal network, at least as much as you trust someone you've never met on the other side of the Internet, thus trusting a secret small-user-group dead-drop as much as you trust the Internet (if not more). And if a small group of intelligent people trust each other, they should be able to share a secret dead-drop for all kinds of purposes pretty successfully. Based on trust, it'll be a very communal kind of sharing, possibly ritualistic, possibly tribal.

No comments:

Post a Comment