Speaking to the world, I care about how good the security of your machines are. Are they easily hacked? Not just your computer, but any device. If your webcam, or toaster, or light bulb is online, connected to the grid, I care if it is secure.

Why? Because the security of a network is only as good as its weakest link, and we are now running a global machine. That global machine, made up of your devices and yours and yours, is the machine I use. Everything connected to this global machine is on MY machine. Every device connected is linked to all the other devices. Therefore the security of everyone is hinged to the weakest security on the lowliest thing. That might be a connected pencil that could be hacked. If someone can hack a pencil they can use that exploit to hack into a drawing tablet and from there extend into an OS, and from there into the network. The weakness of one small point can ripple across the globe and affect me directly.

In that way security on a network is equivalent to pollution coming from a small source. If you pollute the river, you affect everyone’s drinking water. If your small device is hackable, everyone’s network is hackable. And what is hackable? Anything “smart” is hackable. A smart phone, smart car, smart home, smart city, are basically a hackable phone, hackable car, hackable home and hackable city. If we have a smart world, we have a hackable world.

When the network is a big as the world, then my security depends on your security, and thus your security affects everyone’s security. Just as we collectively police the river for pollution so we, the commons, have a duty to regulate your security. Your security is all of our business.

No one is a fan of over regulation, but regulating the commons is a prime case where regulation works. The regulation of the global network might take the form of some minimum standards required to connect. If you can’t prove your device is up to minimum standards you can’t connect it.  If you are the device maker, you can’t sell it. If you have not implemented the basic security protocols (two factor or whatever), you are booted off, or fined, etc. In effect we would treat a security break like a public health breach. Until you can upgrade your devices to meet the minimum required standard of security, you are quarantined.

This fundamental requirement of shared network security will go double for AI agents. To be allowed to roam the network, your smart agent must be shown to be trustworthy. Your robot has to be certified that it can be trusted before it gets access to everyone else’s devices. It is too easy to imagine a hacker spoofing an AI into letting a them enter into the control room. One dumb AI agent in a system can become the weakest security link for the whole system. Your dumb AI can get me hacked. So far, it is very easy to hack AI agents into misbehaving because their behavior is often emergent. If we add the lax security of their human owners, we each are in charge of a very vulnerable system. I should be able to demand you upgrade your agent to some agreed-upon level of security, in order to safeguard my own system’s security.

These kind of global, technical, and legal regulations, or even mindset, do not exist yet. We are in the wild west days when anyone could pollute the commons without consequence. But in the long run we’ll realize that security is not an individual option; it is a duty for all society, and will be treated in a more social and networked manner. Your security is my security.