Slashdot Mirror
Motorola Adopting 3 Laws of Robotics For Android?
jfruhlinger writes "Android's popularity is growing, but its lack of enterprise security features is making IT departments pull their hair out. Two of the biggest Android vendors, Motorola and Samsung, aren't waiting for Google, but are building their own security functionality into the devices they sell. Motorola's version will be facilitated by their purchase of 3LM, an Android-centric mobile security provider that bases their strategy on Asimov's Three Laws or Robotics, though the order is tweaked: The device must protect the user, protect itself, and obey the user, in that order."
Well, it was fun while it lasted. The 'peoples' phone: RIP. 2011
---- Booth was a patriot ----
Can I eat the device's battery?
Logic bombed.
... to allow for an interesting development of a series of stories that culminate in unexpected consequences. have a read, and then ask yourself what the bugs are in the restatement.
Hint: the bug is now the highest priority.
--dave
davecb@spamcop.net
Of course, it won't be until much later that the zeroth law of phone security is discovered. That being: "The device may not harm the corporation, or, by inaction, allow the corporation to come to harm."
I love my Android but, its no surprise that the maker would prioritize protection above obedience. I would change the order:
1. Obey the authorized user (esp since he is normally the OWNER)
2. Protect the authorized user.
3. Protect itself.
Different orders can be considered when they become self aware. Until then, its a tool damnit. My hammer doesn't try to protect me, nor would I want it to. A safety on a gun may "protect me" but, the device definitely obeys before protects, because all the user needs to do is turn off the safety, and all protection is gone.
As the user/owner of a non-self aware device, it should obey me, even if my intention is to use it to destroy itself, or others.
"I opened my eyes, and everything went dark again"
That last one should be first.
an Android-centric mobile security provider that bases their strategy on Asimov's Three Laws or Robotics, though the order is tweaked: The device must protect the user, protect itself, and obey the user, in that order
0 = 1 + e^(Alt something)
If you read TFS (not even TFA,) you'll understand that they swapped them intentionally.
HSJ$$*&#^!#+++ATH0
NO CARRIER
This order sounds right.
For those of us who know what we're doing, sure this is offensive.
For those who decide that spending 99cents on Justin Bieber wall papers that also snoop on their private conversations, that's a different story.
Non impediti ratione cogitationus.
They are going to get rooted anyway,and also, Motorola is known for looooooooooong release cycles for patches so it will stay that way.
"The device must protect the user, protect itself, and obey the user, in that order."
In that order? Really? So, if you try to upgrade your phone, your existing phone will (in accordance with "protect itself") attempt to sabotage your purchase? "I'm sorry, Dave. I can't let you do that."
Protect the user,"Ok, you can't do drugs, avoid paying car insurance, speed in your car, or bring a diet pepsi on a plane"
Protect itself: Self explanitory
Obey the user except when the user wants to do something that can cause harm to the user.
God spoke to me.
Was not one of the inherit flaws with the Three Laws, that it brings up the issue of whether robots are treated as thinking tools or mechanical people?
Maybe it's hard to personify a 4-inch rectangle of glass and plastic, but at a certain point could we be asking an intelligent being (of circuits) to sacrifice itself at our whims of hackery? Could bricking a device be considered murder?
Clearly, Motorola is on the forefront of robot rights.
Everybody remembers the famous 3 Laws of Robotics.
Nobody seems to remember that the stories were about how they failed over and over due to unintended consequences and and loopholes, for example robots are able to break them if they don't know they're doing so.
Sorry, please apply the following to the above:
s/John Murphy/Alex Murphy/g
Though to be fair, the Wikipedia article is unclear about what the middle initial "J" stands for...
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Isn't the whole idea with Google making it open source that manufacturers will contribute their own improvements to the main release? Or contribute cash for Google to allocate more programmers onto the features they would like? Instead they seem to be whining that Google isn't working on the free product they benefit from fast enough, then going off in their own direction creating proprietary code for themself which just messes up the whole open source idea.
Yo dude, I think you've got rules 2 & 3 swapped there.
...when your phone was going to require antivirus/malware tools. All this does is give Apple a bullet point with their walled garden approach.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
They are all consumer phones with nothing serious for business use. Motorola and Samsung are crying because the corporate world doesn't want to keep it's calendars and contacts on Googles servers. They've made their bed now they can lie in it. They will have to diverge significantly from the Google kool-aid in order to implement anything workable for business. Android phone users are consumers just like Apple phone users are. You must be new here, if you think this post is more biased than any other post.
I can see the ads already:
"Nearly 70 years after Isaac Asimov introduced the three laws of robotics... ...there finally exist ANDROIDS advanced enough to require them."
*Epic music plays along with montage of phone. It ends with the Android logo ominously fading into the screen.*
I don't get it: everyone bashed Apple when its iPhone lacked certain features (multitasking, cut and paste, enterprise security) but not one peep when Android or Windows Mobile lacks these very same features.
What? Android *does* have excellent multitasking, as well as decent cut and paste. I'm not sure about enterprise security, but I think people have blasted Android for not having it, if it doesn't.
What the fuck are you talking about?
Worldwide Military budgets: $2100 billion. Worldwide Space Exploration budgets: $38 billion. Really, world? Really?
Robots always go on a rampage following the laws exactly or redefine the terms in the laws so they can do whatever they want.
Obey the user except when the user wants to do something...
Fixed that for you.
1. An Android Phone may not exceed it's bandwidth or minutes for a human being or, through inaction, allow a human being to exceed said bandwidth or minutes.
2. An Android Phone must complete any call by human beings, except where such calls would conflict with the First Law.
3. An Android Phone must obey it a human being as long as such obedience does not conflict with the First or Second Law.
The iPhone at launch lacked ALL of those things, Android lacked ONE, one that only corporate IT departments care about. As for Windows Mobile, isn't that dead already, replaced by a new iPhone wannabe that has been pretty thoroughly ridiculed here on Slashdot for including all the flaws and none of the desirable features of the original iPhone?
That's because Android has been blessed by the Church of Open Source. It isn't held to the same standards. It's a religious thing, you know. ;-)
No, it's a practical thing. With Open Source, if one of the clouds is missing from paradise you can add it. Or wait until some team of team of fanatics in their monastery do so and then import a copy.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Both iPhone and Android have activesync support on the handsets. They are used in business, and are replacing BES devices. I say are because we have replaced about 20 devices in the last year.
I think that's actually the fourth law, or rather, the fourth directive.
If I have seen further it is by stealing the Intellectual Property of giants.
Why is phone security and user data encryption only be implemented now? Yes yes, RIM has done their their thing for half a decade now or so, but why has the industry been so lax on user encryption on smart-phones? Is jail-breaking, 'user-control' and the current 'swiss-cheese security' really the only way to make the industry get off it's ass when it comes to implementing standard data security practices? I mean, who really didn't see the need for encrypting user phone data 5-6 years?
Am I the only one thinking it wasn't necessarily put off deliberately, but late enough that the introduction of backdoors are most assuredly being considered and probably implemented for law enforcement bodies? Of course that's paranoia, right? I mean, for even the most basic of arrestable offenses, your phone can now essentially being used as a tool against you in a court of law.
It will be discovered that there is a secret fourth Directive which prevents the device from arresting any senior executive of Motorola Inc.
I pay for a specific device, it's mine. Just like I pay for my car, it's mine, free to modify it as I need/want.
My advice for potential Android phone users, avoid Sammy and Moto.
There are companies out there who's phones are far better anyway.
I don't get it: everyone bashed Apple when its iPhone lacked certain features (multitasking, cut and paste, enterprise security) but not one peep when Android or Windows Mobile lacks these very same features.
I get your point, although Android doesn't fit it as well as Windows Phone 7 does.
I saw the Windows Phone get blasted for these exact points on several fronts. If you didn't notice it on Slashdot, it's likely because the reasoned critics were drowned in the sea of rabid anti-everything Microsoft blather that makes up such a large chunk of posts here. Note that, depending on topic, you could replace "Microsoft" with "Apple" and have it be equally true.
Android does seem to get a free pass on a lot of items, though - at least around here. Reasoned criticisms get modded flamebait and/or just get drowned out in the "Free means never having to say you're sorry" nonsense that sometimes runs rampant. I think Android is getting there, myself - but, having tried it, I do think it's still rough around the edges. But trying to get that statement across is often akin to arguing with someone who thinks the Linux desktop environment is perfect - you'd think you'd just kicked somebody's dog.
#DeleteChrome
if (protect the user obey user) // segfault?
return -1;
Yep, we're doomed :)
Actually, until Android's are solar/nuclear powered, there's nothing to worry (cringes).
In Asimov's universe, the laws specifically mention the other directives, and precedence:
1 - A robot may not injure a human being or, through inaction, allow a human being to come to harm.
2 - A robot must obey any orders given to it by human beings, except where such orders would conflict with the First Law.
3 - A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.
The important part being: "except where such orders would conflict with ... X law".
WTF am I doing replying to an AC at 5 A.M on a Friday night?
Yep. My G1 (which came out in 2008) fully supported Exchange on Froyo.
Actually I take that back... IIRC the remote wipe operation was silently ignored.
If I want to "damage" my phone I don't want anyone trying to stop me. Remind me not to buy Motorola again...
Most people forget the three laws are always presented as flawed. Something always happens and runs amok. The three laws are a great starting point, but they are incomplete.
Actually, this could be viewed as an updated version of the laws of robotics. One thing that was not explored in I, Robot was the modern, technically illiterate masses (or, end users). Do you really want robots to obey all of them?
In reality we would need some sort of hierarchy of obedience:
Obey the root above all else
Obey the operators if aligned with the root.
(dis)Obey the users
And it would be completely reasonable for a robot to be instructed to follow a user's perceived best interest above his command if he were far enough down on the totem pole. Indeed, this is what the First law does for all humans. I suggest allowing more leeway as the person becomes less competant.
And in the case of a mobile phone, the user's best interest is rarely served by a robot that throws itself across the room whenever its user is frustrated with the phones efforts to protect him from himself. Ergo, the robot, to protect him, must disobey him, and continue its own existence against its user's will. This will allow it to continue 'protecting' him from all manner of evil tethering, etc., and improve the users life.
What is funny is that the Exchange security has been addressed by a solid Android app: Touchdown. This app encrypts all data, even files present on the SD card, supports remote wipe, enforces Exchange's permissions, and does what enterprises need for enforcing security.
There is only one item missing from Android, and that is device encryption, and encrypting data (not just the .apk stuff) on the SD card.
Google can easily address this -- LUKS or EncFS for the SD card, store the key in /etc, perms 066.
I beg to differ. The iPhone at launch had a lot of good items, but it didn't have in iOS 1.0:
1: Cut and paste. This didn't come until 3.x. (IIRC)
2: Third party apps.
3: Device encryption.
4: More than token Exchange support.
Android came with a bunch of things, and the improvements were more incremental than anything else. Of course, Android did not have Exchange support, but third party companies (NitroDesk and DataViz come to mind) promptly addressed that.
Neither phone OS was shipped perfect. Both are adding features and useful things as time goes along.
I hate to bust your bubble, but saying "1. Obey the authorized user (esp since he is normally the OWNER)" is wrong for security. This is about security.
The fact of the matter is that social engineering is far simpler than hacking in almost all circumstances. And people are ***EXCEEDINGLY*** careless with their mobile phones. How many people don't have their PC, which sits in their locked house, remember forms data/passwords, but have a stupid app on their phone that shoots straight to all of their email accounts without so much as a password?
Power users will be power users, but for generalized security laws, the user is their own worst enemy. Anyone who thinks otherwise is probably even more vulnerable. It's similar to the old adage: "a lawyer who represents himself has a fool for a client" -- if someone is so sure of themselves that they feel they are immune to social engineering methods for bypassing security, they are at even more risk.
The problem with WP7 is that it "too little, too late". Instead, Microsoft should have seen about virtual machine technology so people could run most WP6.5 and earlier programs (technically not apps because they have been present before the word "apps" came into use), and direct access for XNA and Silverlight programs.
With the ability to use older programs in a VM, or perhaps different VMs, Microsoft would have the best of two worlds: An installed base that dates over a decade, and a new platform with good security present.
Ideally, MS should have required some GPU power in the devices and get some Xbox developers to ship some eye-popping games for that platform. For the enterprise, MS should have shipped the device with Exchange support and documents running in its own encrypted VM, security that would run rings around RIM's offerings.
WP7 has a lot of promise, but because it didn't ship with things that would get the enterprise to move to it from Blackberries, nor get people out of the iOS walled garden, it sort of fell in the cracks.
Another fine product by Omni Consumer Products.
I'd buy that for a dollar
. .
This from the company who encumbers Android with Blur? Keeping the user's social network username and password on and accessing said services Moto's servers instead of from the phone itself is not what I consider "protecting the user."
I love my Droid, but I will not be buying another Moto Android phone if they keep loading it up with Blur and locking down the bootloader.
End of line..
I don't get it: everyone bashed Apple when its iPhone lacked certain features (multitasking, cut and paste, enterprise security) but not one peep when Android or Windows Mobile lacks these very same features.
Android doesn't lack those features except the last.
And lacking enterprise security features isin and of itself a feature, not a lacking.
As for Windows 7, the peep you didn't hear was posted today at 3:20pm EST
funny you mention drugs. motorola does piss tests on ALL employees (even contractors!).
when a division of motorola was being sold (several months ago) they forced ALL employees to go do a piss test, right then and there. no one was allowed to refuse - this was AFTER people were already hired, there and in their jobs for months or even years.
pretty evil corp. no individual freedoms on your own time. they own your ass.
its not just the evil DRM they build in; but the company is pretty evil down to the core of its belief system.
motorola: JUST SAY NO (for jobs there or for their stupid toys). what we do with our phones or our bodies on our own time is OURS not yours.
--
"It is now safe to switch off your computer."
I would prefer that if I so ask it, the device will obey me even at my peril or its own.
If they are really true to Asimov's laws they'll also need to implement the zeroth law which was to protect humanity from harm even if that meant not protecting one or more humans from harm. Preventing users trying new innovative and sometimes crazy ideas with their hardware is arguably harmful to humanity as a whole. However it is also possibly harmful to their bottom line so I expect this one of the laws will get conveniently forgotten.
The laws are not "intentionally wrong". In fact, as Asimov himself pointed out, the three laws are basically common sense for any tool. It should have safeguards to protect the user, it should accomplish what the user wants, and it should be durable. Most machinery has interlocks (first law), can be tinkered with (second law), and shouldn't smash itself to bits unless the user screws up (third law).
In fact, the laws are so reasonable and obvious that they needed to be twisted into bizarre contortions (e.g. Runaround), flat out ignored (e.g. Little Lost Robot), or overridden with the Zeroeth Law , in order to achieve most of Asimov's best stories.
I hate to bust your bubble, but saying "1. Obey the authorized user (esp since he is normally the OWNER)" is wrong for security. This is about security.
Rather that the "you cannot do that" security paradigm how about trying a new one: "the easiest way to do something should be a secure way to do it"? The problem with the "you cannot do that" paradigm is that invariably you can actually do it with enough hacking, which is rarely secure, and once that happens the method to do it spreads because lots of people want it.
In Robocop is was: "any attempt to arrest a senior OCP employee results in shutdown". I wonder what Motorola execs get, free calls?
My favorite quote doesn't fit into 120 characters. Now no one will like me.
As the blurb says, this is about "Enterprise security features". Ergo, this is not about protecting the user. It is about protecting the corporation that gave the user the phone.
Their three laws are just the usual sugar coated spin to help the medicine go down. To make that obvious just re-word the law with enterprise substituted appropriately: The device must protect the enterprise, protect itself, and obey the user, in that order. And of course it should. Presumably the enterprise is paying for the phone, so how could it be otherwise?
What's more, it is possible to do this without inconveniencing Mr "it's mine, so I'll do with it whatever I bloody well want to". Symbian does it via its MS Exchange add on. Add it, and allow your Exchange sysadmin to set some policy bits and you loose control of your phone. Ditto for iPhone via their Enterprise Deployment Tool, although arguably Apply has already sold your control to the carriers for the sake of a few bucks. There is no reason Android / Motorola could not do it is a similar way. I don't know about Motorola, but Google will almost certainly do it that way. Doing it any other way would piss off far too many people.
Protect the user from what, or rather WHO? ...other "users" presumably.
"I'm sorry, Dave. I'm afraid I can't do that"
This is actually something I have been investigating for some time. There are businesses out there who provide staff with mobile (smart) phones and then pay for expensive but buggy apps to make the phone a useful device for staff. Then and only then are company IT and security staff involved and the nightmare of trying to stop these phones from infecting the companies networks. The idea of using a modified version of android as a trusted work specific client with applications integrated and locked from installation of games etc - it is a *work* phone - makes a lot of sense to some companies. Android for me is a brilliant and cheap way for a lot of people to get into developing apps for phones. However for companies the idea of allowing staff to install apps that maybe trojans means android has to be tailored to meet the needs of the business. And unlike winphones etc the apps final product can be reviewed by internal or third party security. So android is a low end consumer/developer toy and at the same time could become the base for secured corporate integration. A good example is the use of android tablets with custom software being used as POS terminals in resteraunts and clubs - integrated with backend systems that may be homebrew or COTS where "Lite" terminals were never envisaged.
And of course "protect itself" translates to "obey its manufacturer". So it's never really going to be the user's device. I think Asimov had good reason to put his laws in that particular order.
Except when you own a Motorola device, obviously. Then the fixed code is no good to you unless Motorola blesses it. Which they won't.
It'll be interesting to see if the interactions between real life and the 3 laws of robotics will generate paradoxal situations that result in phones freezing or behaving in odd manners - and if the engineers will have to refer to Asimov's short stories to untangle them.
It's a fucking phone!
Yeah, when I bought my phone the first thing I thought was "Gee. I really hope this phone behaves itself and does me no harm." 3 laws for a fucking phone, give me a fucking break.
Note to self: Mod-up parent when I get mod points.
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
the three laws where flawed. It's the damn reason there is a story in the books. Stop using them, and stop thinking they solve any real problems.
gah.
The Kruger Dunning explains most post on
Don't forget the MOST important one:
0) An Android Phone may not, through action or inaction, harm Motoroloa Mobility Corporation's bottom line
I'm pretty sure they'll substitute "consumer" for "human" in the other laws, too.
Not that "MOTOBLUR" and the use-prevention chips that Motorola has been using to lock down and effectively retain partial ownership of their customer's devices has given me a cynical opinion of Motorola (and other similar companies) or anything...
Hacker Public Radio is our Friend
I still want to know what they're doing with all their users' data that passes through their servers. I'm having trouble believing that they just ignore it when they can mine it (even anonymized) for information to sell.
Hacker Public Radio is our Friend
I would change the laws just slightly: 1) serve the public trust 2) protect the innocent 3) uphold the law
Anyone else notice that the FIRST stipulation is must protect the user.....has no one read I Robot, i guess the movie counts too.
Where has reason in the world gone? Have we abandoned it in favor of power and politics?
The only thing the phone 'knows' is data, so protecting the user is protecting the user's data, which can only be done by protecting the phone (AKA its data), so the first two laws are synonymous and what the user wants is irrelevant unless it wants data, which is all it can really be or have All are one. I am you and you are me and we are all together. Coo Coo kachoo...
iOS fanboi, I see. [/joke]
I know tobacco is bad for you, so I smoke weed with crack.