This is Naked Capitalism fundraising week. 146 donors have already invested in our efforts to combat corruption and predatory conduct, particularly in the financial realm. Please join us and participate via our donation page, which shows how to give via check, credit card, debit card, PayPal. Clover, or Wise. Read about why we’re doing this fundraiser, what we’ve accomplished in the last year, and our current goal, supporting the comments section.
Yves here. From time to time, in discussing collapse scenarios, we’ve pointed out that dependence on chips as well as ever-more-fragile grids (due if nothing else to rapidly-rising AI-data center demand pushing limits) are set to trigger failure cascades that will intensify bad outcomes. This post describes more imminent vulnerabilities due to complexity and interdependence.
By Dean Curran, Associate Professor, Sociology, University of Calgary. Originally published at The Conversation
People’s lives are more enmeshed with digital systems than ever before, increasing users’ vulnerability and insecurity. From data leaks like the 2017 Equifax data breach to the more recent cyberattack on British retailer Marks & Spencer, business operations and data on the internet continue to be vulnerable.
There are good reasons to believe that little will be done about these risks until a massive society-wide crisis emerges.
My research suggests that there are significant failures in our current approaches to risk and innovation. Digital technologies remake social life through new technologies, communication platforms and forms of artificial intelligence. All of which, while very powerful, are also highly risky in terms of malfunctioning and vulnerability to being manipulated.
Yet, governments are generally unable to distinguish between what are actually valuable contributions to society and what are intensely socially damaging
The digital economy includes “those businesses that increasingly rely upon information technology, data and the internet for their business models.” The companies dominating the digital economy continue to undertake a massive social experiment where they keep the lion’s share of the benefits while shunting the risks onto society as a whole.
This could lead to a systemic digital crisis, ranging from a widespread breakdown of basic infrastructure, such as electricity or telecommunications due to a cyberattack, to an attack that modifies existing infrastructure to make it dangerous.
There are significant similarities between the current trajectory of the digital economy and the 2008 financial crisis. In particular, what we are increasingly seeing in the digital world, which we saw in the pre-crisis financial world, is what American sociologist Charles Perrow called “tight coupling.”
Perrow argues that when systems exhibit high levels of interconnection without sufficient redundancy to compensate for failures, it can lead to catastrophic consequences.
Likewise, high levels of complexity are generally considered to make highly interconnected systems riskier. Unanticipated risks and connections can lead to failures cascading across the system.
Increasing Interdependence
Our existing digital economy shares many of these characteristics. The digital economy is characterized by a business model that focuses on businesses getting as large as possible as quickly as possible.
The lead-up to the 2008 financial crisis and the current digital economy share both the amplification of interdependency alongside the reduction of redundancy. In the case of finance, this proceeded through massive borrowing to leverage earnings, leaving a smaller ratio of money left to cover any possible losses.
In the digital economy, this need to continually collect data increases interdependencies among datasets, platforms, corporations and networks. This increased interdependency is fundamental to the core business model of the digital economy.
The undermining of redundancy in the digital sphere is manifested in the “move-fast-and-break-things” ethos in which digital companies eliminate or acquire competitors as quickly as possible while eliminating analog alternatives to their own digital networks.
Last, these digital behemoths and their rapid growth increase the complexity of the digital economy and the monopolistic networks that dominate it.
There is a key difference between the 2008 financial crisis and the contemporary digital economy. Unlike in the lead-up to the crisis, where a partially finance-driven prosperity quieted any obvious warning signs, the warning signs in the digital economy are front and centre for everyone to see.
The 2017 WannaCry and NotPetya malware attacks each caused billions of dollars in damages. More recently, the CrowdStrike failure in 2024 cancelled thousands of flights, and even took television stations off the air. Constant hacks, ransomware attacks and data leakages are warning signs that this is a deeply fragile system.
AI has taken many of these vulnerabilities into overdrive, while adding new risks, such as AI hallucinations and the exponential growth in misinformation. The speed and scale of AI are expected to intensify existing risks to confidentiality, system integrity and availability.
This is potentially the most significant, though unfortunate element in this story. There is massive system risk, yet they are not addressed directly, and the processes heightening these risks continue to accelerate.
This suggests a deeper problem in our politics. While we do have some ability to regulate after the damage is done, we struggle to prevent the next crisis.
Having experienced a total power blackout at national level recently, i have a taste on the vulnerability and insecurity mentioned here. It didn’t last for long so it was not that bad but you could imagine how many things would go wrong with a longer duration. Not IT, a power blackout affects the most basic things. I have not idea on how easy or difficult would be to resort to redundant telecommunication systems, if there are, analog systems, or to isolate parts of it in ways that allow partial functioning. I cannot really grasp if such complexities mentioned here and interconnectivity would result in general IT “blackouts” like in a power electricity grid. So, I cannot say if these warnings are really signs of something like a total IT failure. IT mavens are invited to chime in.
Here in the North American Deep South we have experienced the total abandonment of the previous copper wire telephone land lines system. The telecom companies switched fully to wi-fi based systems. No redundancy was built into the new system. The wi-fi repeater stations, and do notice that the more data intense a system becomes, the higher the electricity need of the system is, for the new system cannot function independently of the general electric system. At least the old ‘analog’ system used dedicated backup electric generators in emergency cases. I remember seeing pretty big diesel powered emergency electricity generators sited at major telephone regional hubs. This no longer applies.
The analog to an electricity blackout that we can point to is the aftereffects of a natural disaster. In our case that is Hurricane Katrina. That experience was one of near complete chaos for weeks. I personally observed scenes of looting of retail establishments and violence between panicked members of the crowds doing the looting. Given that I do not see the provision for public police force communications independent of the general telecoms grids, maintaining public order will become a matter for local cooperative movements. Curiously enough, here in the NADS, the closest things to such independent cooperative organizations would be the churches and street gangs. Both have developed independent hierarchies of control and methods of enforcement of that control.
I comfort myself by remembering that as systems become more and more complex, the chances of complete collapse of functionality approaches one. Let it all fall down soon so that we will be forced to establish a more balanced system for the future.
Stay safe, whatever happens.
One of my clients is a county Emergency Management department. The county had a self-imposed mandate for a 100% electric vehicle fleet by some specific year and the emergency manager has fought this tooth and nail. Why? The single least useful piece equipment in a lengthy power outage is an electric emergency response vehicle- fire engine, ambulance, etc.
The US public is blissfully unaware how vulnerable the 3 major power grids in the lower 48 are to widespread failure, and that critical spare parts are not in stock (some having build times over a year).
Rhetorical question: Why is it that the actually competent workers and managers are usually shunted aside in favour of ideologically “orthodox” ones? I have seen this on numerous occasions. This is a world wide phenomenon; think Mao, Stalin, der Fuhrer, Ronald Reagan, etc. etc.
As the upcoming collapse will teach yet again; when magical thinking meets cold hard reality, guess who wins.
Stay safe.
Heh, I never worked through the lack of electrified transit scenario, I’ve kept my ICE car. But I’ve worked through the lack of gasoline scenario, particularly after the shortages here in western NC when the regional pipeline went down back in 2022 or 2021. Fun times.
One thing – every fire department building in this city where I live (Toronto) has a hydrogen generator as backup which can not only provide the department with one week of electrical needs, but can also power an entire city block (although it doesn’t, but it can).
It seems to me your county urgently needs to consider this – although, I think it’s pretty standard in North America. Perhaps your Emergency Manager doesn’t know the stations have these generators?
The single least useful piece equipment in a lengthy power outage is an electric emergency response vehicle- fire engine, ambulance, etc.
Why? There are things like generators. IF your gasoline/diesel supply is hit itn a flood, etc., a diesel fire engine is just as useless.
Historical precedent: Sicily under Spanish/Bourbon rule.
Ironically, the stated justification for non-cooperation with ICE by local law enforcement is to discourage immigrant communities from forming mafias. When the law only protects elites but does not bind them, but binds ordinary people without protecting them, they must form alternative processes outside of the rule of law for the settlement of disputes.
Germany not so long ago exchanged it’s independent landline telephone system for a VoIP system which operates on internet connectivity. While the old system would still work in an electrical grid blackout the new one does not.
Unhappily, I’m on that VoIP (AT&T Uverse) system and experienced multiple failures of the phone when the power goes down. Cell phone reception is not exactly great at the best of times. I know a few people who are still on or just left the traditional landline system who tell me that to stay on it is very expensive. In Kentucky where I live, AT&T has tried to completely abandon traditional landlines in spite of the fact that cell phone signal coverage in eastern Kentucky still has big gaps. So far, the Kentucky legislature has prevented that from happening but I don’t expect that to continue.
Friday, a back-up power system battery exploded within the server farm that the government Korea government uses for its cloud, lots of chaos re. government services right now—looks like things won’t be fixed by monday
complexity isn’t necessarily good or bad—-it’s the redundancies that matter more.
https://en.yna.co.kr/view/AEN20250927001553315?
Plus the failure modes. I work on high-power electrical equipment, and we spend a lot of time thinking about potential failure modes: How likely are they? What might cause them? How much damage could they cause? How much safety risk is associated with them? And so forth…
Large backup power systems, whether battery-based or diesel-based, should be located outdoors, where if they explode or catch fire they won’t hurt anyone or anything else. Not on the fifth floor in the server room, where there are all sorts of ways to cause extensive collateral damage and injuries.
I wonder if we will have to consider planning for worse case scenarios. So consider this – the banks go down hard as do their backups. How do you prove that you have money in that bank then? In the old days you would have a physical pass book but now? So I wonder if eventually we will have to do printouts of bank statements on a monthly basis “just in case.” And you could extend those printouts with mortgages, superannuation, credit card statements, car and house ownership, house and car insurance, etc. The point being that you will have some sort of analog proof of your finances so that you can have a valid claim of getting what you own back or dispute dodgy charges. But they would have to be physical printouts as having copies on them on your computer will not help you f you have no power for awhile.
Not many great things to be said about hyperinflation, but it was a slow financial death, most instances take a few years to play out, or if you’re really good at it-40 years, such as Argentina & Venezuela.
The way we digitally flame out financially is more akin to flash paper, whoosh! its gone.
One of the weaknesses we’d see in the aftermath of everything being priced for us, is the only 2 items we are supposed to dicker on, happen to be the most expensive items most of us will ever purchase, in vehicles and houses. Nobody ever tries to beat the checker down on broccoli or a can of beans, ain’t in our DNA.
I do make a point of having paper for all medical bills and statement and insurance claims.
They never, ever foot. But the billables to me can be shown as covered, or successfully argued.
But they would have to be physical printouts as having copies on them on your computer will not help you f you have no power for awhile.
======
What’s to stop people preparing fraudulent copies in advance?
Maybe having those papers signed by a JP for example or by the bank staff when you have them printed out.
Or go back to hard-copy statements, and require banks to store their digital account records off-site, as often as daily. What are they currently required to do along those lines, anyway?
An administration that wants to spend money on enhancing reliance on crypto currency is IMO dangerous right now. That’s extreme zealotry. Washington IMO needs to talk about an overhaul. Stopping Palantir’s creep into everything. There needs to be an international cyber treaty, and turning off all the dominionist neocon mythology is of course a prerequisite for that thing. The need for the level of surveillance these lobbyists love so much is non existent. I do not know how stand alone our ICBMs are, but, if a determined disturbed hacker shuts down everything, wouldn’t our subs realize it and subsequently launch? Would be good for somebody to get Ted Postol to go over this for us.
Robin McAlpine had a good piece illustrating how a minor f up cascaded in his small, but far from remote town.
One irony is that the government mobile alert system which they showed off so proudly about that time(and their proposed shitcard) would have been useless.
Would one be wrong in suggesting that all or most of these malware attacks were against businesses or government services running Microsoft software? Perhaps the problem is less “digital” than our intellectual property regime which rewards secrecy and obscurity in things like infrastructure software that should be open and transparent. The tyranny of IP was always a theme of Dean Baker who suggested that the useful concepts of patent and copyright–unknown until modern era–have been distorted into little more than “rents.” Of course the Open Source movement is very socialistic–anathema to the masters of the USA universe and the rest of the world follows much of our lead.
Just asking.
FWIW, the 2017 Equifax data breach was a result of an unpatched open source Apache Struts web framework vulnerability.
From https://en.wikipedia.org/wiki/2017_Equifax_data_breach:
Note that the audit was done in 2015.
Microsoft,
That’s what I was thinking too. Why write attack software for an obscure GNU/Linux distro if 99 per cent of computers run on Microsoft….. I feel sorry for many small businesses who had to pay ransom here in Switzerland and even some governement services. Like I feel sorry for those who still run on Windows.
Also,yes, backups are important. My first websites were hosted by a Swiss company, Oxito. They had fire once in their serveur room and second time the security system against fire was turned on by accident resulting in destruction of everything with water…. No need for piracy. They lost all the data twice, including everyone’s e-mails… I lost clients….They were a joke, expensive too. Now I am with a Canadian firm for years… Never had any problems. They back up everything on a virtual linux server… (Even if I have no idea how that works)
Then Apache is a Linux ? server too if I understand it right. I even run it on my computer…to have a database of my clients… Which I also printed out to have a hard copy. Or dead tree copy. Today, GNU/Linux is normal people friendly. No need to be a developper to install it and to run it.
Be careful, Open Source does not necessarily mean they are the good guys. It means only what it says : that they disclose the Source code. No ethical chart attached.
Free software, on the other hand, has an ethical chart. It is the most important feature of the mouvement. See Free Software Foundation website and speeches of Richard Stallman for difference between the two. Open Source is being increasingly co-opted by Big corporations. They have poached so many personalities including the author if Python language and bought the Git Hub…
Free software folks have less money leverage. That’s why for exemple the entirely Free software / free hardware mobile phone took years to develop and is very expensive today… Shame…
Also, to get in the “free software” mood of Bad guys versus Good guys, I recommend the webcomic “User Friendly”.
I agree with your take on copyright as rent. Also, as a political or power tool.
I will never forget how many people died because poor countries demands to abandon intellectual property rights on COVID vaccines were rejected. So they could not make the vaccines themselves cheaply but had to buy. Never forget that Bill Gates Foundation was involved in the refusal. Why?
While it is true that the “mission critical” online services used by many businesses can be rather fragile at a granular level, I would submit that this article overstates the case of a broad, catastrophic failure.
At present, these services are delivered by highly redundant, distributed systems that operate across multiple servers and often multiple data centers. If a single server goes down there are others to replace it. This happens dynamically at runtime, such that no human intervention is required. Dead servers get repaired and restored to service, without interrupting the cloud as a whole. Likewise, if an entire data center goes up in flames, there are others to replace it.
Servers and even data centers have become a commodity. Behind the “business logic” running on a distributed network of servers, a typical system will today have multiple, distributed databases that are synchronized through replication, such that if one fails there will be others that contain the same data.
Consider Bitcoin, for example. As of this year, there are something like 23,000 to 24,000 nodes running at all times, and each one contains a complete copy of the blockchain. There is very high redundancy. You might ask: isn’t this incredibly wasteful? Yes, absolutely. But it means that even if 10,000 of these nodes were attacked and physically destroyed, the blockchain would continue to process transactions.
Or consider Google. Nobody is sure how many servers Google operates, but estimates vary from 900,000 to 2.5 million. The firm operates around three dozen data centers across the world. Again, this is a very high level of redundancy, primarily to give rapid service to a variable load.
Most corporate services don’t have this level of extreme redundancy, but as a rule they have some. It is really the only way, as servers can and do fail.
As Ignacio mentions, above, the massive power blackout that recently hit Spain is probably not a one-off and as climate change places stress on electricity grids we should expect more such events. Of course, you can’t reach the Internet if the local infrastructure has no power, but the distributed nature of the server side will ensure some resilience for many systems, whenever the power is restored, even if the outage lasts weeks.
In the near term, I would expect more “incidents” such as security breaches, malware attacks, short-term outages, f*ck-ups that cause systems to go down, or system failures that persist under inadequate manpower due to management-level greed — in short, we should expect a general and progressive crapification of services, which will be increasingly annoying but this is not the same as the apocalyptic “machine stops” scenario being suggested by the article.
Idk about you, but I find my online experience to be more annoying that even three years ago. The constant demands to prove “are you a human”, the MFA, etc. are all very annoying.
in short, we should expect a general and progressive crapification of services, which will be increasingly annoying but this is not the same as the apocalyptic “machine stops” scenario being suggested by the article
Agreed. I think we’re going to see more and greater splintering, both at the nation and national bloc level (we already see this with China’s great firewall, Russia’s blocking of western software services at will, and EU’s GDPR requirements related to data handling requiring EU-specific deployments) but also at the personal/community level (“slow internet”, fediverse, meshnets/meshtastic/loraWAN, I’m even seeing a delightful revival of IRC). Funny to imagine my tech future might be very similar to my teenage years except with a mature Linux with infinite customization and better security (the first implementation of SSH didn’t arrive until 1995).
LoraWAN and meshnets + sturdy little SoCs running on low power are my vote for the personal and community-level communication fallbacks. I haven’t done research on the best current option for low power/low voltage SoCs in a minute but LoraWAN meshnets can run fully off solar. I think if you have a generator that can recharge with solar you would be good to go for several days even if there are big system/service outages. It wouldn’t keep your local bank running, of course, but you could stay in touch with the outside world and anyone on your net.
LoRaWAN is pretty cool and seems intended especially for “off-grid” applications. I haven’t looked at SoCs but I wrote a custom controller app for an Arduino Duo that only requires around 26 mA of power. Raspberry Pi is very popular because it runs Linux, but power consumption is something like 5x an Arduino. Either one could be run from a battery that is charged by solar.
Indeed, at the very low end the technology picture is rather better than it was even in the 90s. At some point, though there may also be supply chain issues, which would disrupt things from a different angle.
The internet was never designed with security as a fundamental requirement. So now we have a bunch of bolted on additions that require their own infrastructure to try to correct for this. Then they let everybody on the internet that could plug a personal computer in, so sure, click on this link in your email to see cute pictures everyone! As if we had built the interstate highway system but not required anyone to have a driver’s license. Systems on premises often had shoddy software that didn’t do what was advertised, but now let’s move that to the cloud because some magic will make it work better there. And programmers will whine about “technical debt” (having to support old software that they didn’t write), but projects for moving to cloud-based enterprise level solutions always end up having massive cost overruns and being years late to implement. Everyone is (was, now) encouraged to go out and get a credential or two as an IT professional, but it actually takes a certain type of talent to be a software developer, and no silver bullet development methodology (like Agile) will make the need for that talent go away. But HR and upper management don’t want to admit the human element involved, they want interchangeable “headcount” units on a spreadsheet. And when it comes to the privacy and confidentiality of your personal information in these wonderful cloud systems, is there any serious financial consequence to any large company or government bureau that lets your information get stolen? Does any law even talk about that? And even when information is (temporarily) secure and private, does anyone care that some of it is out of date or just plain wrong? There’s no penalty for bad data when you can just blame “the system” for whatever downstream badness results. Then you have the massive energy needs for expanding this Rube Goldberg contraption of an interconnected IT environment and how interruptions there can wreak havoc the more you try to make everything live in a digital world. Not to mention how putting all information in cyberspace means the economies of scale for bad actors have become irresistible. And not to mention that one Echo Mike Papa could ruin your whole day. And everyone else’s.
Our rush to AI and its attendant data centers has been a wonder to behold. Living in the data center capital of the world, Ashburn, VA, I get to witness this on a daily basis. Two excellent recent pieces in the WSJ have detailed the risky financing that is behind most of this build out, and the possibility that there will simply not be enough demand for these AI services to justify the costs. One fact stated in one of the articles that jumped out at me was, and I quote: “Analysts believe that most AI processors have a useful life of between three and five years.” In other words, these massive data centers with their banks of thousands of computer servers will all need to be replaced in short order. How can this be profitable? The analogy was also drawn to the fiber optic cable build out and bust during the Dot-com era (WorldCom, Global Crossing, etc) with the difference noted that although the fiber optic cables were not initially justified they have since become fully utilized thanks to video streaming. I don’t see that happening with a three to five year shelf life of the processors.
So if it’s not about profit, what might be behind all these billionaire tech bros: Altman, Zuckerberg, Ellison, et al, and their enthusiasm over AI? Here is creepy Larry Ellison giving us a clue: https://www.youtube.com/shorts/K92qCYgXsdY
There’s more than one way to deprecate technology. I’ve held on to my landline until now, but the line quality has deteriorated to the point communication is impossible. I’ve complained and they put in a new line to the house, but that hasn’t stemmed the decline in quality. (I’ve checked at the outside interface box so I know it’s not something inside the house.) Oh, and another thing – the rate for basic service is regulated so the cost is less than the least expensive cell service in my area.
The great irony of the digitization of global society is that the collective behavioral factors retarding rationalization of infrastructure are an unintended safeguard against cascading collapse of tightly integrated systems. This is the reason the dreaded Y2K was not a global calamity. Consider the U.S. power grid or our hospitals. These systems are fragmented and balkanized to a ridiculous extent by incompatibilities resulting from change aversion, turf battles, and general human cussedness. As long as these factors dominate, a global digital collapse will remain a low probability.