Kin Lane

The Sentinelization of APIs

I had a vision of APIs while laying in a hotel room in Paris with the flu this last December. It was a vision that has been building the whole time I’ve been doing API Evangelist, but it is something that become extremely clear to me while locked up in a hotel room with a high fever. It is a vision of what I can only call API sentinelization. I’m writing this here on my personal blog, because I know it is not a concept that the API community will come to terms with anytime soon, so I’ll keep these thoughts in my personal space, for those few souls who stumble through here from time to time. API sentinelization is the process everyday APIs will encounter at some point when the right conditions are met within their platform operations.

We are in the early stages of API sentinelization, with many more consequences to reveal themselves down the road. To help articulate what I mean, let me share a bit of fandom history from the Matrix movie about sentinels:

Sentinels were originally built as construction unit and given military tasks much later. Since they lack dedicated offensive weaponry, their fangs and wielding laser beam give away that they are much more fit for construction tasks, which was their primary goal - maintenance and repair of the physical Matrix structures. When the Machine War broke out, the sentinels were deployed as a search-and-destroy unit.

APIs are early sentinels. They are originally built as application development unit, but are quickly being given (cyber)military tasks. They lack dedicated offensive weaponry, but like a Sentinel, or maybe a Bobcat backhoe, they possess a number of potential attachments that can be weaponized pretty effectively:

  • Application - Embedding applications on your mobile, laptop, automobile, television, appliances, and public spaces is a great way for sentinels to burrow into your reality.
  • Email - Emails always provide a slow drip way of infiltrating your reality, leveraging a low level SMTP assault on all of your inboxes.
  • Notifications - Browser, desktop, and mobile notifications are a proven way to assault any target, breaking into their personal space through a constant barrage of eye catching hooks.
  • SMS - Short messages that trigger notifications, requiring users to validate, respond, and react to a whole host of different signals.
  • Payments - If you get access to a credit card, you can maintain a stranglehold on any user, draining their bank account, as well as their time and energy.
  • Storage - The more a user has stored, the less likely they will be going anywhere, allowing you to keep your hooks in them, draining their bank account, sending them emails, notifying them, while also maintaining access to their stores.
  • Audio - Alex, Siri, and other voice enablement solutions have opened up new channels for surveilling and understanding users, providing rich information that can be used to coordinate other attacks.
  • Video - Facebook, Youtube, and other video channels are excellent radicalization tools, providing excellent data mining opportunities, as well as surveillance and behavioral guidance channels.
  • Images - Instagram provides a rich command and control structure, which can be used to mine data from end users, but also guide and nudge them behaviorally in the direction desired.
  • Location - Having access a users location via their automobile and mobile device makes it easy to find anyone, as well as provides a rich environment for mining of data, and guiding actions.

APIs have much more than little claws and a laser. Only about 25% are APIs directed to physically engage with a subject. The rest of the time is it about cognitive penetration and sustainment. It isn’t the heart racing scenes from the Matrix movie. Think of it more as a cognitive tic or parasite that finds its way into your existence, allowing it to mine your experiences, and even direct them when they want to. Sure, most of these APIs are being used to construct specific application-based experiences today, but as we ratchet up cyberwarfare around elections, and other real world events, the weaponization of these units are inevitable. We are just in the early stages of the sentinelization of APIs. All the pieces are there, you just need the right environment to exist to put the evolution into high gear.

I don’t think we quite know exactly what all the ingredients for API sentinelization will be. We can probably make a pretty healthy guess by studying what has happened with Facebook, Twitter, YouTube, Instagram, and Google over the last 2-3 years. When the switch is flicked and APIs go bad, it won’t be the APIs the directly cause the damage–they don’t have the tooling for that. However, with the cognitive control they will have over your daily life, it will enable a whole host of other assaults to occur. I’m guessing it won’t look like all out war, like in the Hollywood version. It will be more sustained, ongoing, and crippling, going after our finances, energy, healthcare, news and information, and other critical aspects of our society. Cyberwarfare will have many real world consequences, and of course there will be many lives lost, but it won’t be as visible as past wars. However, this won’t stop you from being torn into little virtual shreds by the API sentinels we are putting into service today.

As stated, this isn’t on API Evangelist for a reason–that audience won’t care. You might also know that it isn’t on my alternate.kinlane.com blog, where I put all my fiction. I’m purposefully being over the top with the phrase I’m using to describe this reality, however I’m deadly honest about the role APIs will play in the future. The groundwork is being laid. The API sentinels know where we live, and already have their hooks in us in many ways. All that needs to happen is seismic shift in how tech companies operate to allow APIs to go from good to bad. It is something that can be driven by the desire of venture capitalists, a response to regulatory oversight, or maybe a new deal between the government and tech companies. I’m guessing it won’t be something that happens overnight. It will be a series of events that play out over decades, making it much harder to see the sentinilization of the APIs in service around us.