Code Exploits

When we talk about exploits in code we think of malware. The code exploits us as end-users, or rather our devices. But there's another more real and horrible interpretation. Just as the food we eat comes at a huge human cost, the digital services and devices we use every day also create human suffering. The cost of our "technological society" is exploitation around the world, as child labour, forced labour and lethal working conditions. As well as being morally awful this has implications for sustainability and security.

Six years ago the press lit up with stories about how smartphones are made. Like earlier revelations about Nike trainers and other apparel made in sweatshops it was an already too familiar story of brutalised, over-worked and under-paid child labour in factories around the world. In 2018 when the Guardian broke a story based on a book by Brian Merchant ¹ of suicidal young women throwing themselves from the roof of Chinese prison-factories, the response of the public was tepid.

People simply could not process the idea that their precious iPhones were not actually made by Apple, by well fed white Americans in the green campuses of Cupertino, but by thirteen year old's in dark, satanic Chinese factories. We simply went into denial. In response the abusers had anti-suicide nets installed around the factory to scoop-up falling bodies and recycle them efficiently back onto the production line.

The factory bosses had journalists beaten up and, with the help of BigTech and mainstream media played the Western press with apologetic, disinformation and fake stories of happy workers.

Regardless, poor working conditions in electronics manufacturing continues today in sites around the world that supply cheap labour in slack heath and safety regimes. Workers suffer extreme pressure, physical brutality like crippling working postures and no bathroom breaks, psychological abuse, humiliation and exposure to mutagenic chemicals and radiation.

As well as the workers, we exploit resources to get our gadgets. In terms of energy costs, by the time a tiny iPhone is created a quarter gigajoule of raw energy is consumed; in silicon wafer processing, aluminium smelting, circuit board manufacture and copper extraction. About 25kg of CO2 is produced and ten thousand litres of clean, filtered and processed cooling water is consumed - in a world where clean drinking water is in increasingly short supply.

It is not only in the creation of digital goods that people are awfully exploited. Waste Electrical and Electronic Equipment (WEEE) is a significant problem too. Again it's effects fall mainly on young people in poor and developing nations. A few years ago I talked with Gerry McGovern about world wide waste in an online interview. Millions are displaced or killed in the battles for conflict minerals needed to make our gadgets.

What I've gleaned from countless conversations with my father-in-law, a Nobel winning biochemist from the Kyoto team, is that we mostly do not handle WEEE in the West. It is illegal to just bury it in landfills, although that happens and it leaches PFAS into the water-table for generations to come until it is exhumed.

Instead, off it goes on the "recycling boat" to Africa, China or India. There, the same shipping containers that brought nicely packaged electronic goods to us only 18 months earlier are filled with millions of tons techno-trash, IoT devices, printers, smart-TVs, phones, tablets, cameras…

It's emptied into illegal open "recycling" sites, beside a river or lake, where child labourers smash it to pieces with hammers, Then they burn and wash the fragments with acid in open pyres. The slurry, when crystallised, reclaims a small percentage of valuable metals. But it also releases toxic heavy metals, lead, mercury, cadmium, and hexavalent chromium that wash into the water or leach from poor temporary storage.

Child workers inhale a lethal mixture of particulate carcinogens, from both the crushing and burning steps, while dioxins, phalates, and bromo-fluorocarbons belch into the atmosphere where, after falling as contaminated rain into the oceans, they will cause sterility, cancers and birth defects for potentially hundreds of years.

We all hate scammers right? When our phone rings from an unknown number to tell us we need to give our passwords for a bank transfer, or visit a site for a "Windows security update", we wish they would just die, right? Well maybe they will. What we rarely consider is that those people are also massively exploited. As Brian Krebs and Time have reported, human-trafficking-fuelled cyber fraud is a big thing. The scammers are themselves prisoners!

Imagine turning up to a tech interview for a dream job, only to find the door locked behind you and a gun pointed in your face. Victims are selected for having no immediate family or contacts, and baited by fake adverts for lucrative jobs. Then they are kidnapped and trafficked by syndicates running scam centres. They have to con 20 or 30 people in rich Western countries every day to get food. That's why some get so angry and desperate.

Similarly, there are the people viciously exploited so that we can enjoy services like Facebook. Moderators still view graphic content including gore, terrorism and child sexual abuse for eight to twelve hours a day. Some are driven to extreme drug abuse and even suicide. Reporters like those from BBC have to infiltrate the moderation centres or must talk to victims off-record as all are told they may not talk about their work and restrained by gagging orders and threats.

Despite record fines for mental illness suffered by workers, companies like Facebook continue to employ people for this. because the myth that "AI can solve it" is a load of rubbish. Content moderation is just another of the massive failures, tasks that AI it is supposed to solve but cannot.

Fake AI is the new scam. It turns out to be just a sweat-shop of underpaid, exploited humans. Amazon's "just walk out" grocery stores boasted AI monitoring of your purchases. That turned out to be just thousands of mostly underpaid women watching via remote cameras. The total number of people employed per store was hundreds of times more than if the shops had used staffed checkouts! And companies have been touting fake self-driving cars that are really just remote drivers in low wage "operator" jobs.

It turns out that the cost of "AI" is significantly higher than anticipated and the quality far, far lower than promised. Given the vast investment into it, there's enormous pressure to "make it work at all costs", which means it's become a driver for increased exploitation of low-wage humans. Humans are still cheaper than AI, but only if that's kept a secret.

In our last article we looked at the vulnerability of coders. Most free software authors may not be living on the breadline in developing nations, but some certainly are. As we saw in the xz backdoor incident one attack at the individual level can lead to a compromise of nearly every device on the planet. This time we got away with it, almost by pure luck.

Vulnerability of individuals means vulnerability of the whole system. Security is not only "everyone's problem" it's responsibility is distributed among all stakeholders of a technological society.

As I explored in living as a Digital Vegan we need to find a way towards Greener Gadgets, but also toward less exploitative technology. That is why the current hyper-capitalist model is a security threat. It threatens the sustainability of technology for everyone, regardless the efficiency with which it produces goods, innovation and wealth.

A single bug in a widely used IoT device could lead to the necessary forced disposal of billions of devices. The impact of that on our environment would be enormous. But our industry is already showing many signs of an addict, hiding things, lying to itself and living on borrowed time.

As with seafood production whose collapse Dana Meadows predicted in 1972, tech does not grow ex-nihilo from a magical Moore's Law, but must operate within a dynamic balance with resources, production, consumption, operation and disposal. If our tech industry - a stack from the physical to the applications layer which includes manufacture of chips, devices, software and services - cannot sustain itself without grotesque exploitation, then it is a tower of cards waiting to collapse.

Quality costs. Ethically sourced code and equipment might be very much more expensive than the mass-produced and mass-marketed products from BigTech. Silicon made in the UK or US costs more because wages and operating costs are higher. Code written by well fed and rested engineers in stable and secure employment, who work without anxiety, bullying and threats, and who feel good about what they make, is of a better quality. It's been checked. It's been tested. Its creators care about it. And so it's more secure, in so many ways. Security is about not allowing a race to the bottom of exploitation.