The massive tech failure that caused chaos around the world raises important questions about the ownership and control of our digital world. The relatively unknown, cyber-security firm CrowdStrike admitted that the problem was caused by an update to its antivirus software, which was designed to protect Microsoft Windows devices from malicious attacks.
The outage was caused by just a tiny software update from CrowdStrike put into Microsoft programs bringing them down globally My ‘techie’ programmer friends tell me that it looks like two very basic coding errors that should have been spotted and tested before being ‘forced’ onto Microsoft operating systems.
CrowdStrike is a US firm based in Austin, Texas, listed on the US stock exchange and employs 8500 people with 24,000 clients. As a provider of cyber-security services, it tends to get called in to deal with the aftermath of hack attacks. But it also provides protection from viruses and cyber attacks – but not apparently from its own programs.
The failure hit banking and healthcare services badly with over 8.5 million machines using Microsoft. Airlines and airport systems failed, leading to 3300 cancelled flights. Many companies’ payroll systems have been affected, meaning that thousands of employees will not get their monthly wages on time. The outage could cost billions of dollars worldwide and take weeks to resolve because computers will require a manual reboot in ‘safe mode’, causing a massive headache for IT departments everywhere
What this outage reveals is the massive dominance of both Microsoft and CrowdStrike in computer software and cyber security. Microsoft Windows has about 72% of the global market share of operating systems, while CrowdStrike’s market share in the ‘endpoint protection’ security category is 24%. So the world’s information, payments, transport and communications are dependent on the decisions and operations of just a few privately-owned ‘for (massive) profit’ companies. As one campaigner put it: “Today’s massive global Microsoft outage is the result of a software monopoly that has become a single point of failure for too much of the global economy”.
One problem arising from this is that there is no diversification of operating systems. Again, my techie friends reckon that Microsoft Windows is a very poor operating system vulnerable to bugs and other coding errors, unlike other systems, including free ‘open source’ ones. “For decades, Microsoft’s pursuit of a vendor lock-in strategy has prevented the public and private sectors from diversifying their IT capabilities. From airports to hospitals to 911 call centers to financial systems, millions today are feeling the consequences of the greed and ego of one of the most egregious offenders in Big Tech. When just three companies—Microsoft, Amazon, and Google—dominate the market for cloud computing, one minor incident can have global ramifications.”
What is the answer to this? The techies say we need more back-up systems, say at least two independent providers for their core operations, or at least ensure that no single provider accounts for more than about two-thirds of their critical IT infrastructure. Then if one provider has a catastrophic failure, the other can keep things running. But it is one thing to have back-up systems, it is another to diversify into different operating systems that risk being not compatible with each other. Again, my techie friends reckon that many bugs and outages are due to different systems operating in one company. That means there is no one ‘beginning to end’ view. As a result, if things go wrong in one part of the business tech-wise, the tech teams cannot see why from the other end of the business process. Too many cooks have spoilt the broth.
Is more regulation of the big tech companies the answer? I think not. Regulation of capitalist ‘for profit’ companies by government regulatory agencies has been a proven failure in just about every sector: finance, utilities, transport, communications etc. These companies just ride roughshod through regulations, pay their fines if found out,but then carry on ‘business as usual’.
What about breaking up the big tech monopolies? This is a common cry from some: “it is long overdue that Microsoft and other Big Tech monopolies are broken up—for good. Not only are these monopolies too big to care, they’re too big to manage. And despite being too big to fail, they have failed us. Time and time again. Now, it’s time for a reckoning. We can’t continue to let Microsoft’s executives downplay their role in making all of us more vulnerable.”
But anti-trust measures that break up large companies have done little in the past. The major economies are even more dominated by large companies than they were one hundred years ago. Take the US government break-up of Standard Oil in 1911, when it controlled over 90% of the oil sector in the US. Did that break-up lead to the creation of lots of small ‘manageable’ oil companies globally that worked in the interests of society? No, because in many industries economies of scale must operate to raise productivity and for capitalist firms to maximise profitability. Now one hundred years after the Standard Oil break-up, we have even larger multi-national energy companies controlling fossil fuel investment and energy prices.
It’s the same debate with digital banking. Just the day before the CrowdStrike global outage, the Bank of England reported that its banking transactions service CHAPS had broken down, delaying many time-sensitive payments. It seems that the international SWIFT cross-border payments system had an outage for several hours. And indeed, there has been a litany of banking system failures at ATMs and in digital transactions over the last 20 years.
The major banks worldwide spend huge amounts of money on speculating in the stock and bond markets, but do not spend nearly enough to ensure that basic banking services for the public (both households and small companies) work seamlessly. This is sometimes called ‘tech debt’. It has led some to argue that we need to stop full digitilisation of money transactions.
Cash remains a safe fallback when digital payments break down. The UK’s GMB Union said “cash is a vital part of how our communities operate”. When you take cash out of the system, people have nothing to fall back on, impacting on how they do the everyday basics.” Cash, it is argued, also provides more control over people’s money. Martin Quinn, campaign director for the PCA, said using cash allowed for anonymity. “I don’t want my data sold on, and I don’t want banks, credit card companies and even online retailers to know every facet of my life,” he said. Budgeting by using cash is also easier for some”.
And the example of what the Indian government did in 2016 is a lesson on this. The Indian government abruptly wiped out most of the nation’s paper currency in hopes of ending ‘black money’ and curbing corruption. But a November 2017 study of 3,000 regulated agricultural markets for 35 major agricultural commodities, conducted during the three months immediately following demonetization, concluded that eliminating the high-currency notes had reduced the value of domestic agricultural trade by more than 15 percent in the short run, settling at 7 percent reduction three months late. In a largely ‘informal economy’, where the most vulnerable people still have no access to digital payments, this demonetization was a draconian measure that did a lot of damage to the poorest people in India.
But again, it would be wrong to conclude that we must go back to cash. Cash under the mattress may protect against the prying eyes of the authorities, but it would remain an inefficient method of money transactions and, as we know, an attraction to criminality. Of course, violent robbery of personal and corporate cash (as we see in action films) has now been replaced by the silent extraction of people’s savings and company accounts by cyber scams. But that does not mean digitalization of money should be reversed.
The question really centres on who owns and controls our digital world. The high concentration of that digital power is yet another reason for the replacement of capitalist corporations by public companies democratically controlled by popular bodies and the tech workers in them. We need to bring into public ownership the Magnificent Seven of social media and tech companies currently led and controlled by multi-billionaires who decide what to spend and where. Then the huge waste of resources on tech projects designed just to make money and not to deliver useful and safe systems beneficial to people’s lives could be reduced dramatically. Human error would not disappear, but the organisation and control of our increasingly digital world could be directed towards social needs not private profit.