I refreshed my lifecasting piece if anyone’s interested in checking it out. I’m considering trying to get it published with a major magazine (Wired maybe?) and am looking for input in how I should edit it down.

[ Lifecasting: What It Is and How It Will Change Society ]

I love my 335i, and this kind of thing makes me love it even more.

Now I’m just waiting for them to make some serious advances in fuel efficiency — ideally through an alternative to standard gasoline. Swift fuel perhaps?

I’ve just posted a piece on subnetting over on my study page. As with all my study pieces it’s first and foremost a reference for myself when I drop packets and can’t remember how to do something (in this case subnetting), but I also try and make the write-ups useful to others.

Let me know what you guys think.

[ Understanding Subnetting | dmiessler.com/study ]

If you have not yet heard Obama’s views on the openness and auditability of the government, the neutrality of the Internet, and other key issues, you really need to check out this talk he gave at Google recently.

Obama has many negatives in my mind, but his stances on transparent government and open Internet are some of his overwhelming positives. Check it out even if you’re a McCain or Paul supporter.

Start watching at 5:00.

In the future, after we’ve started integrating computers into our brains to enhance them, we’ll develop a concept of aug and naug (augmented, non-augmented), pronounced and likely spelled: og and nog.

The terms will apply to the measure of human mental achievement, specifically to specify whether a particular mental feat or accomplishment was attained with or without the help of computers.

Jason: Hey, I scored a 2043 on my MART exam today…
Daniel: Nice, but that was aug, right?
Jason: Yeah, no shit. If I did over a 2000 naug I’d be a God.

These terms are likely to be adopted for a few reasons:

1. They clearly describe the concepts of natural vs. supplemental
2. They’re both only one syllable
3. The “n” sound in front of “naug” or “nog” is fairly easy to differentiate from “aug/og” when spoken

Our society is about to change drastically, and not in 20 or 50 years, and not because of cybernetics or nanotechnology. It’s about to change due to lifecasting.

Lifecasting in its current form is where people broadcast, usually via a mounted camera at home, a significant portion of their lives. Justin.tv is one of the most successful examples of this form of expression. But this is just the first stage of lifecasting; the real impact to society, which is about to come, requires a particular condition to exist.

That tipping point will come when a significant percentage of society is broadcasting their lives, nearly continuously, from mobile devices.

You might be thinking, “Ah, that’s just another “social media” trend, i.e. “something those crazy Internet kids are doing”. This is true of lifecasting in its current, infantile stage, but not in the stage it’s about to reach. Within the next 5-10 years lifecasting will change the way people interact with each other in nearly all settings. Lifecasing will redefine how the rules by which we expose ourselves to the world.

More Than the Sum of the Parts

The reason lifecasting is currently being overlooked is because the technologies that will power it are rather unremarkable by themselves. It’s basically composed of three pieces: 1) mobile video via mobile phone or some other highly portable camera, and 2) the ability to send that video out in real time to the Internet, and 3) the ability to quickly parse the incoming content into usable chunks. Nothing major, really. In fact, two of the three are already being done.

The issue is scale, and that’s the part that’s about to change. How many devices can stream live video? How many mobile phone carriers support the constant upload of a video stream from their entire user-base? And finally, how many services are out there that take in these videos and tag them, make them searchable, integrate them with social networks, etc? Very few.

A Visible New World

Once these elements change (see iPhone/3G/4G LTE) our world will change with it. Here’s how it’s going to play out:

1. All phone carriers will start supporting all-you-can-eat data plans, and they’ll get much cheaper.
2. The bandwidth (both download and upload) on said services will increase very rapidly, e.g. the next network upgrade after 3G is going to be scary fast (try between 100-300Mb).
3. All mobile phones are going to do video, and they will all ride these newer, faster networks.
4. Within the next ten years a significant percentage of people in first-world countries are going to be broadcasting every moment of their waking lives (and in many cases their sleeping lives as well).

This is a friction point for some. Why would people want to broadcast their lives? Won’t it only be a few fringe people and not a “significant percentage”? No. It’ll be a massive number. Many forces will influence the adoption of “casting” by the masses. Here are a few:

1. Youth. The world is getting younger, and young people will naturally be drawn to the idea of sharing everything about their lives. It appeals to the sense of self-importance present in most young people.
2. It makes sharing your life with loved ones infinitely more easy. In order to see what you’re doing, they don’t have to contact you for an account of what happened, or even what is happening. They just tune into your view of the world. They see what you see. They hear what you hear. There will be pressure from loved ones to continue casting in order to allow others to feel close to them.
3. Financial incentives. There will be an explosion of services focused solely on harvesting interesting events from everyday lives. I’ll go into these services in detail later, but the point is simply that there will be financial benefits to participating.
4. Civic reasons. The government will offer incentives to “casters” because your set of eyes will help find and apprehend criminals. More on this later.

Impact

Now we get to the core of it. So what, right? Why should we care?

Ok, so let’s assume you’ve accepted that the numbers will be there. Let’s consider the implications. Millions of people uploading their actual life perspective with sound and video, and all of this content will be stored, tagged and made searchable by Google, Microsoft, etc. — instantly — as it’s coming in. Oh, and add to it the fact that most of it will be geotagged as well. It’s staggering to even think about.

Consider the sheer number of things that take place during everyone’s daily lives that are lost forever. Well, no longer. As lifecasting becomes mainstream, public places will become 24/7 broadcast zones. If anything at all happens worth noting it will be discussed, propagated across the Internet and the people involved will be unable to the ramifications of the events they were a part of.

The Camera is Everywhere

He notion of being unable to show any sort of negativity without it being shown to the world (with your name, address, and place of business) will have a staggering effect on society. Here are a few scenarios to think about.

One improper comment out of your mouth can now get you fired, or even aired on CNN. A single off-color joke about wanting to “do” some woman at work, or maybe you made fun of a handicapped person as they walked by. A simple funny face would be enough. Or maybe you’re a racist who makes some mouthbreathing comment about black people while eating in a restaurant with a friend.

The person didn’t hear it, and nobody was offended (then), but unfortunately for you it was captured by four different people who were lifecasting near you at the time. Oh, and the guy at work that hates you caught it on the Internet and just sent the link to your VP, who is black.

Fail.

In short, everything you do will be subject to scrutiny by the entire Internet. And any undesirable behavior that is captured will be easily distributed for ill-effect. You will be able to quite literally cuss someone out while driving to dinner and have someone send you the video of you doing it (titled “This guy’s an asshole”) as you’re being seated. Who else is getting a copy of that video showing you inventing new ways to be vulgar?

The list of bad behavior that we all do constantly is nearly endless, but now it’ll be visible:

• Rudeness
• Dirty looks
• Bad Jokes
• Foul language
• Cruelty
• Maliciousness
• Snobbery
• Condescension
• Enjoying the Misfortune of Others

Everyone is a Reality Show Star About to Have a Big Break

But it won’t be only bad things that are captured; the ever-present cameras will also catch the positive things:

• Random acts of kindness
• Heroism (did they know they were being casted?)
• Rescues
• Extremely strange, unlikely events, i.e. freak occurrences
• Humorous scenarios
• Baby and child cuteness that would have otherwise been lost

The Concepts of Time and Location

A particularly scary thing about this is the fact that any place with lots of people will be under what equates to constant surveillance. And virtually all video will include highly precise time and location metadata. Hanging out with that other guy or other girl in public will get a lot more difficult. “What the hell! Someone just sent me a cast of you at the mall with Cindy!”

It’ll be possible to simply type in a location and watch as various views of that place stream in and out. So the screen is black for a little bit because nobody is around, then all of a sudden you see the place from the north, and it passes quickly (someone in a car). Then you see it from the right, and it’s bobbing up and down (someone walking), plus you hear a conversation. Then the screen splits because you’re now seeing two different views of the same place. And you can even see the two people casing now, because their cameras are catching each other.

Customer Service Feedback?

One of the things that got me thinking about this was being the recipient of abominable customer service. I’ve seen people absolutely ignore me while shouting and playing with friends in the back — while I was clearly visible, only to come to the register, not look at me, and mumble, “Watchu wuh”

Imagine these types of events being captured constantly, with the option to instantly upload them to a given drop-off point to be reviewed by staff for that given company. So you clip your cast and send it to the URL for McDonald’s review service. It goes into a queue and gets acted upon immediately depending on severity.

Or even better, how about McDonald’s having staff that simply scan lifecasts that are coming from their stores’ locations. So while it’d be kind of weird to put up full-time video cameras in their stores to track employee behavior they’d be able to simply query Google for all video coming from their stores’ locations. They could get paid to just sit there and watch those feeds and look for corporate policy infractions.

So a customer gets a dirty look, or the lines are WAY too long at a particular location. A form isn’t filled out and mailed in by some customer a week later. No. It’s seen in real-time, escalated, and two minutes later a corporate manager is calling that store manager saying, “WTF?” Instead of saying, “some customer said one of your employees was rude.”, the manager will say, “I’m looking at a video of one of your employees being rude to customers. Take them off the line and fire them immediately.”

As with the other types of behavior, poor customer service in this new environment will have instant ramifications.

Crime Fighting / Government Surveillance

This is a big one, and it’s scary too. Ok, so we already see here what all is going to be captured. Now imagine law enforcement tapping into it. So many crimes that would have gone unsolved will now be trivial to take care of. Suspect grabbed a purse at location x then ran off to the north. Ok, show me all Google lifecast video for the area he just ran to (remember, most all video will have location metadata in it).

Parsing lifecasts will become a regular part of crime fighting.

Now add the government to it. Think of the NSA walking in to Google and demanding a full feed of their data. Now imagine their face, voice and other types of recognition software being trained on the full feed of incoming casting data. It’ll be like tapping into millions of sets of eyes to look for and track somebody.

The order to the computer will be: “Find Daniel Miessler.” At that point the interface will be irrelevant. Whether it’s phone, a static video camera or a lifecaster — it’ll all be the same — all being fed into the same search/analysis algorithm that can find my identifier tokens, e.g. credit card numbers, phone numbers, my voice, my facial characteristics, my license plate, or even someone browsing the web the way I tend to.

Castwatching as a Service

An entire new profession will arise from this. Castwatchers. People watching lifecasts for various reasons. You’ll have people watching lifecasts looking for celebrities so they can report on current locations. Imagine a Google Maps mashup called Oceans 17 — it tracks all celebrities that were in the movie, i.e. Brad Pitt, George Clooney, etc. and displays constantly updated markers on a Google map.

Of course, you roll over the icon and get their current activity. Like, drinking coffee — and the text is a link to buy the coffee they’re drinking. Oh, and on the side you can click to view the casts that are updating the location. In other words, here’s Brad Pitt from two tables over. Here’s Brad Pitt from the perspective of the waiter.

Then you’ll have reporters watching for new stories they can pounce on. In fact, there will be pools of trained analysts who can spot interesting behavior. And that can be sold as a service. So people will subscribe in order to look for blackmail-able offenses. So if you see someone that looks rich acting guilty while interacting with drugs or sex, research who the person is and give me their location.

Think of what the tabloids will do. Find me racism. Find me suffering. Find me sex. They’ll be paying these kind of services to dig up garbage that will sell.

Security and Privacy

Being in information security one of the things that freaks me out is that many people, if not most, are going to keep location-tracking / metadata enabled for at least their friends and family. And many are going to keep it enabled for everyone. People who get no attention can scarcely believe the “too much attention” problem even exists, so they’ll lifecast continuously and allow anyone and everyone to know exactly where they are. What could go wrong, right?

Facial Recognition

This one’s a bit farther in the future, but not too far. One of the most significant applications of lifecasting will be widespread use of facial recognition technology. This point is best made with an example. Let’s say you’re sitting in a restaurant near the door, and your casting camera has a view of people as they come in. Well, your device (your personal computer), which is currently called your phone — will take a picture of the person as they come in, try and get any other angles of the person if they were just uploaded by people in the same restaurant with another angle, and then it will use both/all of those images to perform a search on Google for that person.

Think about this. Every person you see, and hence your device sees, will get queried against Google for a match. If it finds the person, their identity information (whatever’s available) gets sent to your device. Your device will then perform its matchup algorithm on the data pulled down vs. your data that it already has. Where are they from? What do they like to do? Etc.

The next and most interesting extension of this functionality will be an addition to the crime fighting piece. It’s also the most scary. Carriers will offer subsidies for your service fees if you volunteer to use facial recognition at all times and allow law enforcement access to your uploads. So in other words, everyone casting with this service turned on will be helping the police, FBI, DHS, etc. catch the people they’re looking for.

They’ll be able to send profiles to your device and use your device (passively) to scan for those profiles. This will either be mandatory (depending on where our society is when this happens) or it may be a service that you choose to take part in as a “good citizen”, with a reward of reduced cost for your other addons.

Accidents

Imagine the video that will be available of car (and other vehicle) accidents. If you thought the video on “Crazy Car Crashes” was extreme, wait till you have visibility to 100,000% more crashes.

Drama

We’ll start being exposed to some of the most touching and heartwrenching scenes ever witnessed. Real stuff. Imagine the scenarios that happen in the movies and on the TV shows, only real. All that stuff really happens; it happens every day, but it’s never captured. But now it will be, and many of the subjects of the “best” drama will become instantly famous.

“She was the one in “the breakup”. Imagine the whole Internet watching a breakup between a couple that they didn’t know was being recorded. Millions will want to know about their lives. What are they doing now? Are they dating again? Who will pay to watch the “casts” of their first dates with their new boyfriends and girlfriends?

Also, aside from breakups, imagine the lovers in Paris. The handholding. The sweet words. The smiles. The laughs. These precious moments that have hardly ever been captured other than in Hollywood will now be regularly brought to billions. And once again, the participants will have the option to become famous, even if only for a moment.

Fights

Simple. Let’s say we’re currently only capturing a millionth of a percent of all fights. Now let’s bump that up to 3%. Now add knife fights. Attempted muggings. Shootouts. One defender, multiple assailants. All this stuff that there’s very little video on will now be captured on a regular basis.

Instant Celebrity

People who used to be unknown will quickly be discovered. That super fat guy at Arby’s? He’s online now. 140,000 views in 5 minutes. Someone just submitted his name. Here’s where he lives. Here’s his username on eBay. Oh, another caster is walking up to him now and asking him if he knows he’s famous. That’s being casted as well. Etc.

Perspecive Sharing

One of the coolest consumer benefits of this kind of thing is going to be the social-networking aspect. Right now we can call our friends, text them, send them email, and that’s about it. In Japan and Europe you can do a bit of video on a mobile phone, but it’s not all that ubiquitous yet.

Well once this is commonplace you’ll have another option for staying close to friends and family — changing to their perspective. Basically, they share out their camera to a group of people (I’m looking at you, identity services) and if you are in the group then when you click on their contact in your mobile device you’ll have multiple options:

1. Voice call
2. Video call
3. Text
4. Email (will merge into others soon)
5. PerView (perspective view)

This gives a whole new meaning to, “Dude, check this out.” When you send that to a friend now, via voice or text, it will be a prompt to change to your perspective. And it won’t matter if you’re on the other side of the country, or the world. You’re sitting in a restaraunt and a gorgeous woman is at the next table over. You are just eating your burger but you want your buddy to see how fine she is.

“PerView Ping Brian”, you say to your device. Brian is sitting at work and vocally accepts the incoming PerView ping (which he has setup to automatically begin a voice call as well) and he immediately sees the woman that you’re looking at. “Damn, dude…go ask her out. I’ll watch.”

Countermeasures

There’s no doubt that there’ll be a total backlash against casting (lifecasting). Many places will have signs displayed: “No lifecasting allowed.” Why? Because it’ll scare away customers. People will demand establishments to become safe from the eyes of the Internet. People will get wanded for cameras (which mobile phones will have anyway) when entering certain areas. Plus, who’s going to consent to having their mobile devices taken from them at the door? People will constantly be looking for who’s watching them. For who’s recording them.

In fact, many organizations will not only search people (that’ll be largely ineffective) but will actively jam the frequencies of the mobile devices to keep them from lifecasting from their environments.

The game will become figuring out how to cast from places that don’t want you casting from them. Remember, people will be going to these places to do the things that they don’t want anyone seeing. Now factor in the people who are paid to catch those same people doing those things. And a new arms race will begin.

Language

So what’s the lingo that will surround this new phenomenon? Here are a few obvious/unimaginative options. I’ll rely on readers to come up with better ones. First, for lifecasting itself:

1. Lifecasting
2. Casting
3. Shooting
4. Being “live”
5. Streaming

Then for going offline, i.e. NOT lifecasting.

1. Going Dark
2. Unplugging
3. Dropping Off
4. Deadening
5. Hibernating

Conclusion

I’m only barely touching the first few layers of this thing. It’s just massive. I’m kind of overwhelmed right now and just need to post this as-is despite it being a jumbled mess of word things. I’ll continue to work on the organization of the idea and add examples as I remember/think of them. I’ll also update it with ideas from the comments.

I’d love to hear your thoughts on the idea, i.e. do you think it will be as big as I think it will? If not, why not? What specifically will stop this from becoming reality?

My answer? Nothing.

Notes

• Thanks to Zed for helping me think through the concept over some chicken wings.

Paul Graham just put out another excellent piece. This one is on how creativity is effected by various work environments — especially startups vs. corporations and small vs. large companies. I particularly like this bit:

An obstacle downstream propagates upstream. If you’re not allowed to implement new ideas, you stop having them. And vice versa: when you can do whatever you want, you have more ideas about what to do. So working for yourself makes your brain more powerful in the same way a low-restriction exhaust system makes an engine more powerful.

Definitely check out the whole thing.

You Weren’t Meant to Have a Boss | paulgraham.com

Many years ago I read somewhere about the concept of information security as a function of insurance companies. The idea is that information security insurance would be prolific, and most companies would have an Information Assurance Policy that would absorb some of the financial risk of security-related incidents.

[Edit: So I shared this link with Bruce Schneier and he responded by pointing me to a similar piece he did -- in 2001. So, yeah, for my next vision I'm thinking about a control device for blocking network traffic based on "rules". I'm going to call it a Flamebarrier. More to follow.]

So in the event of a breach or a leak, x amount of money would be paid out by the insurance company based on how severe the incident was, etc. So FooInc lost 200,000 social security numbers and were assessed to have lost y amount of customer confidence (based on the number of cancellations) — so the payout is z. It sounds a bit squirrely I’m sure, but that’s because so many of these variables are squirrely. When the industry matures a bit it’ll be easy to base real numbers on these things.

Anyway, the idea is that we in infosec will all be either working for big IT companies such as IBM and Microsoft (see Schneier’s latest bit on this), or we’ll be working for the insurance companies themselves. If we’re working for the big IT giants we’ll be providing security to companies as a function of providing IT services, and if we’re working for the insurance companies we’ll be doing the audits.

How it Might Work

ACME company’s IT/IS provider is Microsoft, and they have an Information Assurance Policy (IAP) through FeelSafe insurance company. Their premium is based, as you might guess, on how “secure” they are. That equates to their premium being based on how secure an audit says they are — which is where the insurance company comes in.

The insurance company might do their own testing or they might hire someone like KPMG or PWC to do it. Either way the game is the same: perform a very well-defined list of tests against a given environment to determine how much risk they have of having an incident. So maybe they’ll do the following kinds of tests:

1. World-class Attack and Pen
2. General vulnerability scans
3. Checklists for common controls, e.g. NIPS, HIPS, Anti-Malware, etc., and how they’re deployed
4. Checking for the maturity level of their policies and procedures
5. Rating how well the company’s IT/IS provider handled the incident caused when the testing was done. Did they report it? Did they stop it?
6. How advanced is security awareness?
7. etc.

…and all that gets rated and scored.

1. What’s their COBIT maturity level in the following 10 areas? –> SCORE
2. Do they have NIPS, HIPS, FW, AV to the following standards? –> SCORE
3. Did they respond appropriately when attacked? –> SCORE
4. Did control w reach standard x, y or z? –> SCORE
5. etc.

At the end they tally up the scores and based on your company’s size and type of business they tell you how much your premium is going to be for a given amount of IA coverage. And of course there will be different flavors of coverage, like general policies, identity theft, or policies for loss of availability due to a server loss or failed backup, etc.

Interesting Outcomes

A couple of interesting things will potentially come from this:

• Insurance companies will have a very strong interest in performing some SERIOUS testing of the companies they’re insuring. The Attack/Pen/VA/Auditing world will suddenly get real serious when insurance companies are standing behind their policies with millions of dollars. The results of those tests will determine premiums, and therefore financial risk, to the insurance companies.

• Security vendors will have a whole new game to play. The game will be, “Our product implemented at level 7 will get you a 287 point drop in your IAP rating!” All the different IT companies will be fighting to get their products rated better, and will be advertising them based on what they’ll do for your IAP risk score.

• Companies will have two things to consider: the amount of money they spend on their outsourced (and internal) security programs, vs. the amount they pay for their Information Assurance Insurance. Will they elect to just go with less of a program because it’s cheaper to insure against certain types of issues (like failing SOX audits, maybe). Or will they always side with the better security program because certain types of incidents (e.g. public embarrassment, loss of reputation) are difficult to assign a dollar amount to?

Perhaps the most interesting thing about this is that the insurance companies will become the best judges of what products truly are secure, and which are crap. They’ll know this because they’ll have hard metrics to base their opinions on. And it’ll be in their best interest to have those metrics because they are what determine the financial risk — just as in the insurance industry we know today. The result will be ratings of products that actually matter.

Anyway, some cool ideas, but I’m not convinced the IT world is going to stabilize to any degree that would make this possible any time soon. To me the variables that effect IT risk are still fluctuating in such a violent and unpredictable manner that it would be almost impossible to base a business model on such metrics.

But I think the time will come, and perhaps it’ll happen quicker than we think.:

Admittedly I don’t know much about Hulu, other than the fact that it allows you to view tons of content, from tons of different sources, free of charge.

But that’s all I need to know. I expect to see it severely hobbled by court orders in less than two months. I hope I’m wrong.

[Edit - 23:45:09: So it appears I'm wrong. Evidently Hulu is owned by NBC and some other major companies. Somehow I'm still skeptical. It just sounds too good.]

I feel somewhat dirty making this declaration, but I’m entirely enthused about the fact that we’re getting a new Starbucks right by our house. Adding to my enthusiasm is the fact that Starbucks is dumping T-Mobile and going with AT&T for their wireless service.

That not only gives us a more natural matchup for the whole Starbucks iTunes collaboration but they are also starting a new policy of allowing two hours of free Internet per visit.

Maybe it’s sad…maybe it’s corporate, but I like Starbucks. Drinking coffee and reading and writing cool stuff on the Internet — especially in that environment — is just enjoyable to me.