We Need More Science

Cape Watch: Is There Some Sort of Avengers Film Next Month?

In a week when we can only hope Ryan Reynolds doesn’t pull another Deadpool-related hoax between the completion of this column and its publication—seriously, we’re really hoping that doesn’t happen again—it’s time to focus on the important things in life. Like, for example, the fact that we’re less than a month away from the release of Avengers: Age of Ultron (squee!). If you thought that meant a potential winding down of the movie’s heavy promotion, think again, true believers! And for the rest of us, here are the highlights of the last week’s superhero movie news.

SUPER IDEA: ABC Stands for Avengers Broadcasting Company, It Seems

If you can’t wait until May 1 to see the Avengers again, ABC is flexing its corporate sibling muscles (the network, like Marvel, is owned by Disney) to bring the actors together twice before the release of the movie, once on Jimmy Kimmel Live! on April 13 and again on Good Morning America on April 24. Robert Downey Jr., Chris Hemsworth, Mark Ruffalo, Chris Evans, Scarlett Johansson, and Jeremy Renner will be meeting and greeting the television masses to promote the new team-up movie out next month, because the alternative is watching this final trailer over and over again until May 1.

Why this is super: It’s always been clear the cast of the Avengers movies really get on, and they’re all almost offensively charming. Having them all show up on TV to be charming together? That might even be more fun than the movie itself.

SUPER IDEA: Meet the Fantastic Four

While we wait for a new trailer for Josh Trank’s take on Marvel’s First Family, the director and Fantastic Four screenwriter Simon Kinberg have made four videos talking about each member of the super team, as well as the actors playing them, ahead of their big screen debut. Well, re-debut:

Why this is super: OK, so we didn’t really get to learn a lot more about the characters as much as Trank’s love for the actors, but there remains something unexpectedly thrilling about some of the casting choices being made in this movie. (The less said about Doctor Doom being hacker, mind you, the better.)

MEH IDEA: Guillermo del Toro’s DC Movie Might Be Made Without Guillermo del Toro

Dark Universe, a movie featuring some of DC Entertainment’s supernatural and horror heroes—including John Constantine, Swamp Thing, Deadman, and Zatanna—is a project that’s been in development for years, with director Guillermo del Toro having come up with the concept before Man of Steel was even released. Now, it seems, he might not get to bring the project to completion because of scheduling. “It all depends on the calendar, you know?” he told IGN last week. “You cannot say, ‘Yeah, I’ll do it after I do this’ or ‘I have the first season of The Strain‘ … [the movie] needs to fall into the plan of the DC Universe.”

Why this is villainy: Del Toro isn’t entirely removing himself from contention for the movie (he said, “If I can do it, I would love to do it,” adding that he thinks that “the screenplay and the characters are very solid”), but the idea of any other director taking on the project at this point feels almost as disappointing as Edgar Wright leaving Ant-Man just before shooting. Isn’t there one superhero movie that can keep its auteur director all the way through its creation?

SUPER IDEA: Captain America Will Be Taking It From All Sides in 2016

Quick: who’s Captain America fighting in next year’s Captain America: Civil War? Tony Stark? Well, sure, that’s the entire point of the movie. What about Daniel Brühl’s mystery character, expected by most to be Baron Zemo, neo-Nazi and all-round bad egg? Probably. But, it turns out, he’ll have even more trouble on his plate, with Frank Grillo—who appeared as HYDRA agent Brock Rumlow in the last Cap movie—tweeting a suggestion that he’ll be showing up in the movie as well:

Cap, you better hope you have some super team or another backing you up in the next movie, otherwise you’re going to end up very busy (and probably very sore).

Why this is super: Sure, adding a third source of trouble might seem like overkill, but bringing Rumlow back not only works on a narrative level (he’s normally a flunky, so he could be working for Zemo, making him less an additional threat than emphasizing an existing one) but keeps some feel of continuity between Civil War and 2014’s The Winter Soldier. Now all we need is for Chris Evans’ star-spangled hero to go out in a blaze of glory and get replaced by Sebastian Stan’s Bucky. That’s not impossible, right…?

SUPER IDEA: Deadpool Gets Some Ajax

Yup, spoke too soon. Turns out there is a Deadpool bombshell this week—but it didn’t come from Ryan Reynolds. Ed Skrein, who you might remember from such roles as Guy Who Originally Played Daario Naharis on Game of Thrones, confirmed via Twitter that he will be playing Ajax in the upcoming, definitely-R-rated Deadpool movie.

Why this is super: Ajax is pretty much the reason for Deadpool being Deadpool. (He like invented Deadpool, you know what I mean?) They both came out of the Weapon X facility and spend their time antagonizing and/or trying to kill each other, and Ajax is a huge part of the Deadpool story. Knowing Skrein is already hard at work playing him is good news indeed.

SUPER IDEA: Space Moves to Atlanta, GA

James Gunn has been talking about the progress of the follow-up to last summer’s Guardians of the Galaxy, telling fans via Periscope that he’s turned in the treatment and is 70 pages into the screenplay and saying that his experience so far was “the best experience [I] ever had with a pitch.” Not only will the main heroes be back for the sequel, but Karen Gillan will be back as Nebula as well, with Gunn having apparently figured out a way for her to show up without having to shave her head again. In a second Periscope session, he revealed production will begin in February 2016, at Pinewood Atlanta Studios, a shift from the London location of the original.

Why this is super: Really, despite its flaws, who didn’t like the first Guardians movie? While we can be cynical about other comic book sequels (there are so many, after all), feeling churlish about another chance to spend time with Groot just seems petty. Roll on, May 2017.

Social Media Needs More Limitations, Not Choices

A billboard displays the Snapchat logo in New York, March 12, 2015. Lucas Jackson/Reuters/Corbis

Social media is always updating to give people more. More features like video and picture sharing. More freedom to use third-party apps. More capacity to store more data and make more connections. More platforms so we can use one service while loading another.

Paradoxically, the future of social media is also about providing less. Sometimes the best social media design will constrain invasive and harmful practices. If we want online social interaction to be safe and sustainable, we should embrace the limitations.

Woodrow Hartzog

About

Woodrow Hartzog is an Associate Professor at Samford University’s Cumberland School of Law. His research focuses on privacy and technology. He is also an Affiliate Scholar at the Center for Internet and Society at Stanford Law School.

Last week, the ephemeral media service Snapchat announced that it would render its API inaccessible to third-party applications. This is an important step for the company that promises images that will disappear within seconds. After all, it was third-party Snapchat apps that allowed people to save the hundreds of thousands of snaps that got posted online last year in an event known as “The Snappening.” I previously criticized Snapchat in WIRED for blaming users for the Snappening when it knew that it was vulnerable to third-party apps and failed to ensure that only approved software could access the company’s API.

Now, Snapchat’s is working toward gaining back our trust. We should encourage all social media companies to be similarly vigilant and responsive.

Designing for a Purpose

Will Snapchat’s moves constrain users? Of course. Snapchat has essentially disabled whole categories of popular software. The app stores are already riddled with complaints. Third-party apps can be a great way to use a social media—think of all the poplar third-party clients for Twitter. But Snapchat set itself apart with the promise of ephemerality. It could not pretend it was just another service. And that’s a good thing.

Exceptionalism among apps should be welcomed. People are diverse. Social media should be, too. Different relationships require different tools. Friends, intimate partners, journalists, professionals, political dissidents, and others all use social media in different ways. Given the different needs within these communities, one size will not fit all.

While design is no cure-all, it can be more effective than laws, terms of service, or organizational policies because design affects every user.

This leads us to the issue of design. Software design forces choices that will ultimately shape the tone of the community and users’ actions. Those design choices reflect a company’s values and a software’s purpose. Want to lower penalties for speech? Facilitate anonymity. Want to cut down on online harassment? Simplify abuse reporting. Want to make your users more visible? Set notoriously sticky default privacy settings to “public.”

Each of these design choices leverages transaction costs to influence behavior. Design makes certain behaviors easier or more difficult and as a result, more or less likely to occur. Technological constraints thus help shape our reality, for good or ill.

Design is often overlooked by users and regulators because it is not a panacea. Structural constraints often only mitigate harmful behavior without preventing it. For example, the Snapchat ban on third-party apps will not completely prevent people from saving snaps. People can still capture images through their phone’s screen-shot function or by using another camera. But without third-party apps, saving snaps becomes harder to scale because it is dispersed and, in the aggregate, labor intensive.

While design is no cure-all, it can be more effective than laws, terms of service, or organizational policies because design affects every user. People don’t read the terms of use and they may not be aware of privacy laws, but every single person that uses an app must reckon with the constraints of technology.

We Should Encourage Protective Design

As social media mature, we must realize that constrains can be as useful as options.

We should pay attention when companies provide innovative design solutions to privacy problems and we should balk at designs that reflect carelessness with our personal information, reputation, and relationships.

For example, users of the social app Yik Yak are largely anonymous. Anonymity can facilitate harassment and lead to a toxic online community, but it can also foster honest discussion free from reprisal. As WIRED has noted, Yik Yak has tried to mitigate the dangers of anonymity with a number of innovative, protective design features that constrain users. Yik Yak facilitates geolocation “dead zones” for schools, features a voting function that removes posts receiving five “downvotes,” and prevents full names from being posted by employing filters. When people attempt to post certain threatening language, they receive a “pump the breaks” warning that encourages user caution, reflection, and sensitivity.

While abuse may still occur on Yik Yak, the app’s protective features should be lauded. it proves that there is still plenty of opportunity for Silicon Valley’s trademark innovation in privacy-protective design. Yik Yak is currently testing a photo feature. The app has preemptively banned photos that contain faces, nudity, or or illegal behavior. Yik Yak might consider using facial and object recognition technology to automatically filter some of these prohibited images.

People should also keep a look out for privacy-protective features that let users help themselves and others, like Facebook’s Privacy Dinosaur or YouTube’s face-blurring tool. Platforms can also better protect people through design. App developers are ultimately limited by the features provided to them by a platform. Apple could make it easier for apps like Snapchat running on their iOS to disable a phone’s screen-capture feature, which is already an option for enterprise software.

Technological constraints are a defining characteristic of modern social media. Twitter limits posts to 140 characters. Snapchat makes pictures visible for up to 10 seconds. Yik Yak limits who can see posts to those within a 1.5 mile radius. We are beginning to see the same principles in the design of these companies’ privacy protections. Safe and sustainable online communities require a regularly recalibrated balance between choices and constraints. More is not always better. Thus companies, users, and even regulators must all recognize that in mediated environments, a person’s options can be just as important as their actions.

Amazon’s Smart-Home Hub Has Been Here All Along

Amazon Echo is a voice-activated digital concierge for your home. And it can now control some of the smart devices in your house. Amazon

Despite what the recent Apple Watch hype would have you believe, the next great technological frontier isn’t your wrist. It’s your home.

Specifically, it’s getting all of your connected devices—the Wi-Fi equipped lights, outlets, crockpots, whatever—to communicate both with you and with each other. It’s an area that both Apple and Google have poked at from the edges for years without gaining much traction. And one that Amazon just quietly broke into through the back door.

Wednesday, owners of the Amazon Echo—a voice-activated Bluetooth speaker still only available for purchase by invitation—received an email detailing their little black cylinder’s newfound powers. In addition to streaming music from the cloud, telling you the weather, and tapping into Wikipedia to help settle bets, Echo now supports products from WEMO and Philips Hue. In other words, you can now bark at your speaker to dim the lights.

The products Echo now plays nice with include the WeMo Switch and Insight Switch, which you plug into an outlet to give you limited control over your appliances; Light Switch, which does the same for, well, lights; and a stack of smart bulbs from Philips Hue.

Set-up seems fairly simple. As long as your smart home products are on the same Wi-Fi network as your Echo and you’ve identified them appropriately in their respective apps, you simply need to say “Alexa, discover my appliances.” (Alexa is the name of Echo’s AI personality.) Once discovered, they’re at your literal beck and call.

While there are only eight compatible devices listed, keep in mind that two of those WeMo products can be used control anything from coffeemakers to irons to electric fans. Philips Hue, meanwhile, is so at the forefront of smart lighting that it’s close to synonymous. These are major players, and almost certainly just the foundation of Amazon’s sky-high smart home aspirations.

You could obviously already control your WeMo and Philips Hue devices through apps on your phone. You could even, after a bit of digital elbow grease, hack your way to using Siri for smart home voice control. But Echo represents a potentially seamless, one-stop smart home interface. Not bad for an unassuming Bluetooth speaker.

Sneak Attack

It’s not quite fair to call Echo a Trojan Horse. While Amazon keeps sneaking new features in, they’re all either welcome or easily ignorable. Just over the past few weeks, Echo has picked up Pandora, sports scores, and traffic reports to help get a jump on your commute. It’s more like a cornucopia of minor conveniences.

This particular addition, though, seems to have much grander designs than streaming music subscriptions or learning how runs the Padres gave up. While Apple waits for hardware into which it can funnel its HomeKit ambitions, and Google (despite acquiring smart home heroes Nest and Dropcam) continues to stall out on the Android @Home promises of 2011, Amazon has rightly identified the connected home as an afterthought for most people. Here, buy this stereo, it’s saying. And when you’re ready for a 60w bulb that changes colors on command, we’ll be waiting for you.

Echo's new abilities represent Amazon's continued, unobtrusive insinuation into your home.

That makes Echo a device that’s ready for the future while being useful enough in the present, a powerful combination that none of its rivals has so far matched.

We’ll likely see a similar approach from Apple, which has already planted HomeKit seeds for a future generation of Apple TV. However, that’s a few months away at best. The Echo, if you got in on one of the early invite waves, has been ready and waiting for this update since last December.

Combined with the oddball Dash Button, a device that lets you re-order supplies with a single click, Echo’s new abilities represent Amazon’s continued, unobtrusive insinuation into your home. Rather than introducing new confusions, the company so far is committing itself to reducing friction, be it getting lights to dim without digging out your phone, or conjuring up a delivery of Tide without using any higher-level brain functions.

There’s also ample opportunity for Echo to advance that end even further, according to Forrester Research connected home analyst Frank Gillett. “Amazon has the unique advantage that the Amazon Echo can suggest—or eventually be certified to work with—the products they sell on their Home Automation page,” Gillett suggests over email. That page features thousands of items and thousands of items, most of which are potential partners.

Echo won’t be the most capable smart home hub, or likely the most versatile; as Gillett notes, “it seems Amazon Echo only supports connection via Wi-Fi, which may limit options and speed of response for connecting some connected home products.” And while Amazon hasn’t released sales numbers yet, one would imagine that the audience for Echo’s update today is likely very, very small.

That shouldn’t diminish its importance, though. It’s a sign that Amazon has found its way into your living room before its most ambitious competitors have. And before anyone could have realized it.

Uber’s Colossal, But There’s Still Room for Other Ride Apps

Every startup these days would like to position itself as the next Uber. But for other ride-sharing and car-hailing startups, it seems the trick to getting ahead is being able to prove that you’re anything but.

The fact is, the argument about who’s gunning for Uber has been had, and at this point, there’s no denying that with its meteoric growth and (some would say) insane amount of funding, Uber has taken the lion’s share of the on-demand transportation space. It’s unlikely any company can overtake that lead. So the question to be asking now is not who will beat Uber. It’s whether there’s enough space untouched by Uber to allow other—albeit smaller—players to carve out niche markets of their own.

In a way, Uber may have actually smoothed the path for competitors by defining the broader category in the first place, says Thilo Koslowski, an automotive industry analyst at Gartner. In other words, instead of having to explain their services from scratch, newer companies can just say, “We’re like Uber, but….”

“The challenge for any service in this space is to create a unique value proposition that isn’t ‘owned’ by another company yet,” Koslowski says.

That may be why lately, it seems other ride-related startups have given up on trying to race Uber to the top. Instead, they’re starting to seed the fertile pastures that Uber overlooked along the fast lane to growth. The most recent example is Ride, a startup that launched this week with an app that helps co-workers coordinate carpools to work and defray the cost of commuting. It distances itself from Uber by focusing on commuting and by marketing its service directly to employers instead of consumers.

More Than One Winner

But what may be most interesting about Ride is the fact that it was co-founded by Uber’s founding chief technology officer, Oscar Salazar, and is owned by TPG Growth, an early investor in Uber. This move suggests that although many people believe ride-sharing is a zero sum game, there are plenty of others with deep knowledge of Uber’s business who are willing to bet that it’s not.

“We’ve started a complimentary service, rather than a competitor,” Salazar says, of Uber. “They could do a lot of things, but this is not their focus.”

That’s lucky for Ride, since the commuting market is, itself, a rather large one, with the Census Bureau estimating that 8.1 percent of the American population commutes an hour or more to work everyday. And while Uber has taken hold with the business travel set, it would be a completely unaffordable option for daily commuters. Ride seeks to fill in that gap, helping users save what the company claims is an average of 40 percent on their commuting costs.

“Most of the competitors are in the dispatching space. They change the way you call a taxi or a town car, which is wonderful, but those things happen in large metro markets where black Lincoln towncars and taxis exist,” says Ann Fandozzi, CEO of Ride. “The reason we consider ourselves complimentary is we’re a service for people where that option just doesn’t exist.”

Room for Difference

Ride isn’t the only company trying to compete by differentiating itself from Uber. There’s also FlyWheel, an app that helps connect passengers with traditional taxis, which has taken to marketing itself as the “non-asshole” alternative to Uber. That’s partly because it has sworn off surge pricing and artly because it works with the existing taxi industry, instead of against it.

And then, of course, there’s Lyft, often considered Uber’s most direct competitor. (Its public scuffles with the car-hailing giant are so well-known that there’s now an entire website dedicated to documenting them.) But even Lyft, which still has substantial traction in the industry, has begun to emphasize the parts of its business that are least like Uber, which is to say, the softer side of Lyft.

“We attract the kind of driver who is someone you want to talk to and with whom you’d want to sit in the front seat,” says Lyft’s chief marketing officer Kira Wampler. “These are the kind of drivers for whom this is not being about someone’s chauffeur.”

Lately, that kind of touchy-feely positioning has been at the core of the company’s new products, like Lyft Line, its carpooling service, and Lyft Profiles, which are intended to help drivers and riders get to know each other better. It’s branding, of course, and yet, given Uber’s not-so-friendly reputation, a little branding can go a long way toward for those seeking a less utilitarian experience. “Think about flying between San Francisco and New York,” Wampler offers. “There are many choices, but a lot of us prefer to fly Virgin.”

According to Rajeev Chand, managing director and head of research at Rutberg & Co, there is ample evidence that smaller competitors can thrive even after a market leader has been defined. He believes that’s the likely outcome for the ride-app space. “There will be one major winner which is clear now is Uber, but I think there will be other winners, too,” he says. The challenge for these other players is finding a niche that matters to consumers when Uber’s existing service already works for so many applications.

“I do think it’s possible for some of these apps to survive, but it’s also easy to see there’s going to be a shakeout,” he says. “Then, the question will be: is the psychology of the niche segment different enough from the main car-sharing service that a niche is warranted?”

Ex Machina Has a Serious Fembot Problem

The Turing test detects if a machine can truly think like a human. The Bechdel Test detects gender bias in fiction. If you were to mash the two together to create a particularly messy Venn diagram, the overlap shall henceforth be known as the Ex Machina Zone.

In writer/director Alex Garland’s thought-provoking new film—out Friday—we meet Ava (Alicia Vikander), an artificially-intelligent robot. Ava’s creator, genius tech billionaire Nathan (Oscar Isaac), has asked his employee Caleb (Domhnall Gleeson) to determine whether Ava’s thinking is indistinguishable from a human’s. Until she meets Caleb, Ava has only ever met her maker and one other woman. (Hence the failing of the Bechdel Test, which stipulates that a movie must feature two female characters who talk to each other about something other than a man.) Her existence, and her ability to learn how to interact, is a fascinating study of what makes us human.

It’s also a compelling, if problematic, look at the interactions between men and women—or at least that’s what I thought.

While interviewing Garland for a magazine piece, I asked him about the roles of men and women in his film; his response was that Ava is “not a woman, she is literally genderless.” Despite using female pronouns, he said, “the things that would define gender in a man and a woman, she lacks them, except in external terms. … I’m not even sure consciousness itself has a gender.”

In a way, Garland is right; pure intelligence wouldn’t have a gender any more than it would have a race. But to say that and then place that consciousness into a body that it will immediately recognize its likeness as female negates that point. If Ava has truly been educated about the human race, then she knows her face and form appeal to certain segments of the population. But even thornier is the fact that Ava falls squarely into so many of the tropes of women in film. She’s a femme fatale, a seductress posing as a damsel in distress, using her wiles to get Caleb to save her from Nathan and his Dr.-Frankenstein-with-tech-money quest to build a perfect woman. (Women: So much better when you can construct them out of bespoke parts and switch them off if they’re not working properly, amirite?)

Chappie Didn’t Have to Put Up With This Crap

According to Garland, these tropes are intentionally front-and-center. He believes his movie is a commentary on the “constructs we’ve made around girls in their early 20s and the way we condition them culturally” and why Caleb would feel the need to save her from her maker. “You’re supposed to think it’s creepy,” he says. “You’re not supposed to warm to [Nathan] over that stuff, you’re supposed to feel unnerved, and therefore that she needs to be rescued.”

Yet, in the pursuit of that commentary, the movie ends up re-enacting those same patterns. Ava does prove to be the smartest creature on the screen, but the message we’re left with at the end of Ex Machina is still that the best way for a miraculously intelligent creature to get what she wants is to flirt manipulatively. (And why wouldn’t she? All of her information about human interaction comes from her creepy creator and the Internet.) Why doesn’t Chappie have to put up with this bullshit?

Ava’s predicament really isn’t that different from many female AIs who have come before her, from Metropolis’ Maria to Her’s Samantha to Blade Runner’s Pris. She is an android in female form, and thus she simply reflects how Hollywood has been depicting women—robotic or otherwise—for decades. In Blade Runner, the male replicants Roy Batty and Leon are struggling to change their short lifespans, while “basic pleasure model” Pris helps the cause by draping herself on J.F. Sebastian. In Prometheus, David is intellectually curious, but never sexualized. (Yet when Idris Elba’s Janek accuses Charlize Theron’s Meredith Vickers of being a robot, she responds with “My room. Ten minutes.” Because sex is the easiest way to prove you’re a real woman.) Sentient male androids want to conquer or explore or seek intellectual enlightenment; female droids may have the same goals, but they always do it with a little bit of sex appeal, or at least in a sexy package. (Still have doubts? Ex Machina’s marketing campaign at South by Southwest involved Ava showing up on Tinder.)

This tendency to give female AIs the most basic and stereotypical feminine characteristics is, according to Kathleen Richardson, a senior research fellow in the ethics of robotics at De Montfort University in the UK, probably a reflection of “what some men think about women—that they’re not fully human beings.” To put a finer point on it, she told Live Science recently, “what’s necessary about them can be replicated, but when it comes to more sophisticated robots, they have to be male.”

When I spoke to Richardson, author of An Anthropology of Robots and AI: Annihilation Anxiety and Machines , she also noted this leads to female robot characters becoming just pieces of full people—a beautiful body, a caretaking nature—but not ones with full intelligence. This is largely true in Ex Machina—and not just because Nathan has a lab full of body parts—but also in a lot of movies where the artificial intelligence has to be packaged in a certain way if the robot is perceived to be female. (She also notes the real robotics world suffers from the same problems as a lot of AI fiction, but that “many robotic scientists are open to a conversation about this.”)

Women, whatever their qualities—intelligent, vulnerable, strong—are always presented in an attractive form, as if the package is the only way to deliver these qualities. Kathleen Richardson

“Sometimes the female robots have ‘violent’ characteristics (as Terminator 3’s T-X character), but it’s always presented in a beautiful form,” Richardson says. “Women, whatever their qualities—intelligent, vulnerable, strong—are always presented in an attractive form, as if the package is the only way to deliver these qualities. Male intelligence, strength, vulnerabilities, etc. can be delivered in a multiple and varied kind of outer packaging.”

Think of it this way: Ava demonstrates her consciousness/intelligence in a form and with a sensuality that David in Prometheus never had to. Short Circuit’s Number 5/Johnny Five was cute, but he never had to employ it for survival the way Pris did in Blade Runner. Even AIs with no physical form at all seem to get sexualized based simply on their voices. It’s not like HAL 9000 ever sparked up a relationship with Dave in 2001: A Space Odyssey the way Samantha did in Her. “Her is playing on the fact that the audience knows what [Scarlett Johansson] looks like,” Richardson says. “No one really needs to know who the voice of HAL was, because HAL was an intelligent machine. We need to know about the disembodied voices of our AI avatars if they’re female so that males can buy into the ideas of the sexualized person behind the representation.”

If this argument about the roles women get in movies versus the roles men get is starting to sound familiar, it should. Ever since Laura Mulvey’s 1975 essay “Visual Pleasure and Narrative Cinema” film critics and fans have been monitoring the ways that women are represented and seen onscreen. (If you’ve heard the term “the male gaze,” this is why.) This ongoing discourse is the reason thing like the Bechdel Test, which started out just as a comic trip referencing Alien , struck a nerve and stuck around. The thrust of Mulvey’s argument is that the bulk of films are seen from a male perspective—that a woman in a film is often “tied to her place as bearer of meaning, not maker of meaning.” Yes, Ava learns to use seduction as manipulation, and the audience might learn how screwed up that is because it’s more blatant when even a robot can pull it off, but Ex Machina doesn’t go any further in deconstructing the problem than that. She’s a bearer, not a maker.

Gender in the Turing Test

To be fair, not all of this is Ex Machina’s fault—or the fault of any AI film. Often, social constructs mandate that we gender most things, whether they’re intended to be gendered or not. Interstellar’s TARS looks like a Mies van der Rohe Kit-Kat bar, yet we refer to TARS as “him.” Is that because of the machine’s deep(ish) voice or because narrative constructs lead us to believe robots with scientific intellectual aims are masculine?

It’s nearly be impossible to tease the two apart, and that knottiness is baked into British computer scientist Alan Turing’s original test in a way that can never be removed. If the goal is for a machine can convince a human that it’s human, then the machine has to assume some kind of gender because we see all humans as having a gender. Even if, in the Turing test model, a judge is just looking at the output of a chatbot, he or she would ascribe gender to the output without even thinking about it. (Note the chatbot that convinced judges that it was real last year did so by convincing them it was a 13-year-old boy named Eugene.)

Ex Machina sidesteps this a bit by making Eva visible; Caleb he knows he’s talking to a robot, and knows what that robot looks like. Nathan just wants to “show you that she’s a robot and then see if you still feel she has consciousness.” What Nathan actually wants Caleb to do is something more akin to Blade Runner’s Voight-Kampff test, where the subject can flirt Sean Young-style but you know she’s a replicant. But if that’s the case, why does so much of Ex Machina focus on her proving that consciousness through flirtatious interactions and not, say, a discussion of the horrors of war? Johnny Five discovered mortality by crushing a grasshopper leading to a fear of being switched off, and we felt his plight all the same, why not Ava? (Don’t answer that.)

The thing is, Alan Turing himself actually might have wanted AI to be something akin to what Caleb wants: actual companionship. When WIRED spoke to screenwriter Graham Moore about The Imitation Game back in November he noted that much of Turing’s work in AI was about “bringing Christopher [Morcom, Turing’s first love] back.” But while Turing, if he would’ve ever been able to rebuild Morcom, would’ve been making someone he could talk to and share ideas with, the female representations of Turing’s dream in movies often personify it through far less intellectual pursuits. Think of David in Prometheus; his primary goal was assisting on the mission, not seducing Vickers. As a “male” AI in a film he was given an intellectual pursuit, not a romantic one. Is it possible Ava could’ve convinced Caleb she passed the test with fewer pleading glances and more analysis of world affairs? What would Ava have done to pass if she was a he?

Obviously, wanting affection is part of what makes us human; by showing that, Ava is showing a highly-evolved part of herself. But by only showing that, and her highly manipulative nature, she is left as a less-than-whole character. She’s almost the colder, darker side of Her’s Samantha, who served as a Manic Pixie Dream Operating System. Like Her, Ex Machina is a smart, beautiful film. But when the only female lead in your movie is one whose function is to turn the male lead on while being in a position to be turned off, that says a lot about what you think of the value of women in films. Saying it’s the result of your protagonist being “creepy,” as Garland does, doesn’t really absolve you of that.

Modern Games Are Easily Patched. So How Can We Review Them?

Something weird happened to me last year, when I wrote about a game called Rollers of the Realm . It was a fairly positive review of a unique pinball-role playing game hybrid, with a few caveats, like an impossibly difficult final boss battle.

Towards the end of the review, I noted a funny typo buried in the game’s menu (a character was said to be highly skilled in “marital arts”), and pointed out that it would probably disappear after the game’s first patch or update. It’s a reflection of the reality of today’s constantly updated games that what you play on launch day might not be the same experience months or even days later.

What I did not expect was the game’s developer, a small Canadian outfit called Phantom Compass, would respond thusly on Twitter: “Hey Chris, thanks for the review and feedback! … Should we nerf the final battle a bit?”

My fingers froze above my keyboard. I’ve reviewed a lot of videogames. This was the first time I’d ever had a developer write back to ask if they should make a major change to the gameplay that would impact players’ experiences.

“For me to say would be too much power to invest in one man,” I replied. “But maybe.”

This was a profoundly strange situation to find oneself in. Prior to this I’d considered a game review to be more or less a postmortem. But in the case of Rollers of the Realm, it was clear that the developers were taking the initial batch of reactions as something of a beginning. And why not, when games are so malleable today after they launch?

So, where does this leave the “game review?”

In general, gaming enthusiast sites that publish reviews day in and day out have had to think about this quite a bit over the last few years, as the nature of a typical “game launch” has changed from a complete product being pressed to discs and sent to stores to an incomplete game being rolled out in stages onto online servers.

When Vox Media launched Polygon in 2012, it said that it would not leave its reviews untouched, as a static archive of how the game performed on the day the review went live. It would not hesitate, it said, to update a review and alter the score if it felt that the game’s quality had improved—or declined—after the review embargo was lifted.

In an extreme case like Electronic Arts’ SimCity, which was excellent when reviewers played it prior to the game’s launch on private servers but utterly failed to function once it was available at retail, it lowered the review score, from a 9.5 (out of 10) to a 4.

Electronic Arts

Earlier this year, Polygon went even further; after a holiday season of similar broken games including Halo: The Master Chief Collection, which worked fine prior to launch but collapsed upon release, it said it would introduce “provisional reviews.” It will still score the games, but the review will not appear on the Metacritic aggregation website until after the game’s release.

Other websites have not gone so far as to formalize the policy, but other sites have begun to publish more “reviews in progress”—stories that evaluate the game when the review embargo goes up, but refrain from rendering a final judgment until the writer has had more time with the final product.

These sorts of moves are more to ensure that a publication doesn’t end up with egg on its face if the final product ends up differing significantly from what was provided for review. But as my experience with Rollers of the Realm shows, the nature of reviews is changing even if the review is perfectly in sync with the final product—because the “final” product isn’t what people buy on day one.

I was reminded of this recently because Nintendo just released a patch for its recent Nintendo 3DS game Code Name S.T.E.A.M.. It’s a turn-based strategy game that got mixed reviews, but one point that almost every review, positive or negative, had in common was that it took far too long and was far too boring to wait for the enemy characters to take their turns.

Waiting around for aliens to make their decisions and scurry around the battlefield was a big pain in the ass and probably ended up lowering the game’s aggregate score, just by itself. Now, Nintendo was introducing a patch that would eliminate that problem.

Phantom Compass

It’s especially interesting that Nintendo, the most conservative, insular company in the whole game industry, would make such a major change to its design post-release, based on feedback. That, more than anything, tells me that these sort of post-launch changes can happen to any game, anytime, in today’s world.

What, then, should writers do? It’s likely that this is a big enough change to the game that Polygon, which hammered on this as a major issue and scored S.T.E.A.M. a 3.5, would go back and issue a review update. Other writers may also see fit to do this.

I would never suggest that it is incumbent upon everyone who wrote about the game to revise their reviews, as that introduces a precedent that is absolutely impossible to maintain; I already would never, ever envy anyone that has to run the reviews section of a gaming enthusiast website, as it involves insane work hours just to keep up with all the major releases, let alone go back and update each one as the game is tweaked. (Moreover, an online publication is an archive, a record of what happened on that day, and not a wiki that must be endlessly updated.)

How this really changes reviews is how it will affect a writer who sits down to pen one (or a YouTuber who sits in front of their camera). The era of review-as-postmortem is giving way to the era of review-as-wishlist; less a discussion of the strengths and weaknesses of a product that’s finished, and more of a discussion of concrete improvements we’d like to see in the first patch. The fact that even brick-wall Nintendo is responding so quickly in the case of S.T.E.A.M. is an indication that it is actually possible to get fixes implemented in a relatively short time.

As for Rollers of the Realm, I checked today and it turns out they did make the final boss battle easier, just one week later. I’d already moved on to other games by then.

Drug Pump’s Security Flaw Lets Hackers Raise Dose Limits

When Billy Rios needed emergency surgery last summer after cerebral spinal fluid began leaking through his nose, he was only partly focused on his life-threatening condition. That’s because Rios was distracted by the computerized drug-infusion pumps Stanford Medical Center used to administer medication to him and other patients. As a security researcher, Rios realized he’d purchased the same models of pumps months earlier on eBay in order to examine them for security flaws. As he watched the pump dose him with meds, all he could think about were the holes he’d found in one of the brands that made it susceptible to hacking.

The brand in question was the popular LifeCare PCA drug infusion pump sold by Hospira—an Illinois firm with more than 55,000 of the intravenous drug pumps in hospitals around the world. The pumps are touted for having extra safety measures that reduce medication errors and prevent patient harm and deaths.

But Rios found that the Hospira systems don’t use authentication for their internal drug libraries, which help set upper and lower boundaries for the dosages of various intravenous drugs that a pump can safely administer. As a result, anyone on the hospital’s network—including a patient in the hospital or a hacker accessing the pumps over the internet—can load a new drug library to the pumps that alters the limits, thereby potentially allowing the delivery of a deadly dosage. Rios did not find that a hacker could alter an actual drug dosage, but rather that they could change the allowable upper limit for a given drug, meaning that someone could then accidentally (or otherwise) set the pump to give too high or too low a dose. And according to Rios, additional research could yet uncover other vulnerabilities. Researchers examining different drug infusion pumps last year, for example, found that those pumps had a web interface that would allow attackers to access and alter dosages.

Dr. Robert Wachter, associate chair of UC San Francisco’s Department of Medicine, says the issue is less concerning than if the flaws Rios found allowed someone to alter drug dosages. But because the dosage boundaries in drug libraries are designed to prevent deaths and overdoses, which happen more often than patients think, raising the limit in a pump’s library means a hospital could fail to catch a dosage mistake and cause serious harm to patients.

“The risk from changing the bumpers—the high and low permissible doses—doesn’t seem to be very high,” Wachter says. “It’s probably not going to kill someone today. But in a big institution giving 100,000 medications over the course of a month, screwing around with those bumpers is going to cause harm at some point. That worries me. Anything like this at some point will kill someone.”

Wachter should know; his recently published book, Digital Doctor , focuses on the ways digital medical systems can go wrong. One excerpt published last week by Medium described an overdose scenario in which a nurse accidentally administered pills to a teenager that were 38 times his proper dosage, triggering a grand mal seizure.

The Hospira Pumps

The Hospira LifeCare pumps have been on the market since 2002 and, according to the company’s web site, are “designed specifically to help prevent medication errors that commonly arise” by offering features that “enhance safe delivery” of drugs. One way it does this is to integrate drug libraries into its pumps. Such libraries exist for every medication to set parameters for their safe use. Drug limits, for example, differ for infants, children and adults. For infants and children, dosages are often based on weight, and in adults can vary depending on gender. The libraries setting these limits are loaded to the pumps, so that if a medical practitioner attempts to administer a dosage that exceeds the safe limit, the pump will generate an alert.

The Hospira pumps also use barcodes to reference the correct drug library. A medical practitioner scans the barcode on the intravenous drug package, and a serial number in the barcode tells the pump which drug library to consult to ensure that the dosage entered into the machine by the practitioner doesn’t exceed the acceptable limit coded into that drug’s library. If a nurse enters the wrong dosage, the pump is supposed to issue an alert.

“This novel technology decreased the dangers of inadvertent human error and significantly reduced the risks associated with under-/over-medication dosing, due to wrong concentration,” the company notes in a press release.

Billy RiosThe pumps communicate with MedNet “safety software,” a Windows-based operating system designed by Hospira that gets installed on a hospital server to send drug library updates to the pumps. The updates are processed by a communication module built into each pump. The pumps operate in listening mode so that new drug libraries and updates to existing ones can be pushed out to them as needed. To achieve this, the pumps listen through four ports—port 23 (for telnet communication), port 80 (for normal http traffic), port 443 (for https traffic) and port 5000 (for UPnP). The pumps also can use their own WiFi connection for communication.

Rios found several security problems with the MedNet software itself that hospitals use to communicate with the Hospira pumps. MedNet servers not only monitor the pumps in a hospital and send them drug libraries and updates, they’re also used to make configuration changes to the pumps and issue firmware updates and patches. Rios found four critical vulnerabilities in this management software that would allow hackers to install malware on them and use them to distribute unauthorized drug libraries to pumps or alter their configurations.

Among the vulnerabilities are a plaintext password that Hospira hardcoded into its software, which an unskilled attacker could use to exploit a SQL database in the system and gain administrative control over the MedNet server. Additionally, the system has hardcoded cryptographic keys that can be captured by an attacker and used to decrypt communication between the server and the pumps. The system also stores usernames and passwords in plaintext. All of these, along with another vulnerability Rios found in the MedNet system would allow an attacker to run malicious code on the server and take control of it to distribute rogue drug libraries to the pumps or alter their configurations.

But, it turns out, an attacker doesn’t actually have to take control of the server to send a rogue library to a pump. Because the pumps themselves don’t bother to check whether the system sending them updates is the MedNet system, any system on the hospital’s network can access the pumps to install a new library or anyone can reach out to them over the internet through one of their internet-facing ports, and do the same.

Hospira pumps do use validation IDs that are embedded in the header of drug library updates and in the libraries themselves to help ensure that data in a library hasn’t been corrupted or altered in transit— which is similar to how checksums verify that software hasn’t been altered after it was compiled. Each drug library has a different validation ID.

But the IDs don’t help the pump determine that an update is legitimate or came from a trusted source. And both of these IDs—the one in the header and in the library—can be easily spoofed. Rios was able to reverse-engineer the system to determine how the validation IDs are generated and write a Java applet to do it automatically. “The way you generate those codes is the same for every single deployment [of the Hospira pump] in the world,” he says.

This, combined with the fact that updates can simply be pushed out to a pump instead of the pump being required to contact a trusted server, is a surprisingly poor design for a critical system. Rios points out that even Apple iPhones have a more secure system for getting updates. When a user wants to install an update to an iPhone, the phone has to download it from Apple’s server and verify its integrity by checking the update’s digital signature.

“At no time can arbitrary users on the same network ‘push’ an application to your iPhone,” Rios notes. “We have to go some place and pull that application. The pumps should [also] be pulling drug libraries from a place that they know is trusted. That way you just have to secure that one place. But the way [Hospira] architected their pumps is that anything on the network can push any update to any pump.”

Hospira did not respond to a request for comment.

Rios says there’s currently no way for someone to verify that data in a pump’s drug library is correct. The pump can display a version number for the library, but not what’s in the library. As such, there’s no way to see the maximum dosage that’s configured into a particular drug library on a particular pump. “If you suspected the pump did something bad, you wouldn’t be able to inspect the contents of the library on the pump. You’d have to take the pump and pull the library out of the memory,” he notes.

Rios suspects that other pumps made by Hospira have the same vulnerabilities.

Rios reported the vulnerabilities last year to the Department of Homeland Security’s ICS-CERT, which maintains a program for uncovering and patching holes in industrial control systems. ICS-CERT notified Hospira and the Food and Drug Administration, which oversees the certification of medical equipment. According to Rios, Hospira initially refused to fix the vulnerabilities and stated that it had no interest in determining whether other infusion pumps in its product line possessed the same vulnerabilities. But last week DHS issued an alert, at the same time that Hospira released a new version of its MedNet software containing patches for the vulnerabilities Rios found.

The patched version, however, addresses only the security issues in the MedNet server software, not the vulnerabilities in the firmware installed on the pumps. The pumps are currently undergoing re-certification by the FDA, according to Rios, because the fix requires a core change to the firmware’s design to ensure that only legitimate drug libraries from a trusted source can be installed on them. Hospira has advised customers to install the MedNet software patch. But it’s not known when a firmware patch for the pumps will be available to customers.