...and give us unreasonable expectations.
Anyone who has an area of expertise will, when watching television shows or movies involving that expertise, occasionally yell at the screen.
I'm no exception. I've certainly said "THAT'S NOT HOW IT WORKS!" at some misrepresentation of technology woven into the latest TV or movie crime drama. (My wife is equally likely to shake her head at medical shows.)
Part of it is me being pedantic -- I get that. But given what I do for a living, I see how it leads to something more harmful: unrealistic expectations.
Become a Patron of Ask Leo! and go ad-free!
Unrealistic expectations based on TV and movies
Television and movie dramas are by definition fiction. That means they take liberty with the technology they portray, often having it do things that are unrealistic or improbably fast. Unfortunately, many viewers take these as examples of what's actually possible rather than the entertainment and storytelling it is. Unless you know otherwise, it's best to approach all technology use in fiction as being fictional itself.
I mean contemporary drama, not sci-fi
This isn't about science fiction. By definition, all rules are suspended in science fiction, and technology can be defined to work however the author wants it to. While the success or failure of the show might hinge somewhat on how believably technology is displayed, it doesn't have to live within our current restrictions. That's kind of the point of sci-fi.
I'm talking about fictional shows set in roughly the present day. Most common examples are police and related dramas. They tell a story set in the current time using current technology.
Technology that they often get so very, very wrong.
Let's look at some examples and where some might have a tendril of accuracy hidden in all the misinformation.
Enhance, Enhance, ENHANCE!
It's an all-too-familiar plot point. The cops capture an image of the bad guy's vehicle on surveillance video, but the video's too blurry, or out of focus, or too far away for the license plate to be legible. The lead investigator asks the computer tech to "enhance" the image. The tech types some random keystrokes, and the image gets better, but not quite enough. So they repeat the process. I think I've seen it repeated up to three times before the plate in question becomes visible.
This might be my biggest pet peeve. It doesn't work like that, and it leads people to expect more out of image technology than can possibly be achieved.
An image has the information it has. You can't add information to the image after the fact. The type of "enhancement" portrayed on screen would require exactly that -- more information -- but the information would have to have been collected at the time the image was captured.
Interestingly enough, there are enhancement technologies available. Artificial intelligence can do a pretty decent job of increasing resolution and sharpness somewhat in certain situations. Essentially, the AI says, "Oh, this looks like hair, I know what hair looks like, so I'll make it look like better hair," or something similar, and at a much more granular level.
We've also heard that blurring text may not be enough to prevent its discovery. The blurred image may contain enough information to reverse the effect and recover the text underneath. But that blurred image started with all the information necessary before it was blurred. Just because we can't visually interpret it doesn't mean software can't.
But an out of focus or too-distant photograph never had that information to begin with. No amount of yelling "Enhance it!" at your subordinates will make it otherwise.
Locating by IP address
It seems that almost every modern police procedural includes this trope: somehow they get the bad guy's IP address, and within a few minutes they bust into his or her home and arrest them.
Do I need say it? It doesn't work like that.
Under the right conditions, an IP address can be used to locate a home. And indeed, police or law enforcement are the only organizations able to make it happen. But here's the catch: it requires a level of coordination, permission, and paperwork that simply can't happen in anything close to real time.
- IP addresses can change, meaning that only the ISP will know which of its customers had been assigned the IP address at that specific time. The ISP will have to spend some time examining their logs, assuming they even have them, to figure this out.
- ISPs don't provide this information without cause.1 A court order of some sort is required. That requires that a judge be involved. That requires that proper cause be presented and signed off on.
So, yes, while it's technically accurate, the ease and speed at which this seems to happen is dramatically off-base. Unfortunately, this often leads to unwarranted expectations when people are being harassed online or otherwise wanting to determine who is at a particular IP address for themselves.
Decryption and data recovery
Another common scenario is when the authorities get hold of the bad guy's hard drive or thumb drive, which turns out to be encrypted. No problem! The drive is handed over to the special person/division/hacker who's able to crack the encryption and expose the contents.
Here it comes again: it doesn't work like that.
Good encryption is exactly that: good. There's no magical expertise on the decrypting side that would make it any different. The only way something properly encrypted would be decrypted in a reasonable amount of time is if the bad guy left the decryption key lying around or used terrible encryption. Otherwise, the police are looking at months or years of decryption effort. That's not something that'll fly in a one-hour television show.
Brute-forcing passwords
Brute-forcing passwords is a very real thing. It's nothing more than trying every possible password until you find the one that works. When done offline, eight-character passwords can be brute-forced in minutes. It's one of the reasons security experts continue to remind us that length is perhaps the most important password characteristic.
But cracking a password is an all-or-nothing thing. You don't get close or incremental results.
You don't get a little bit, then a little bit more, then a little bit more, until the password is revealed in all its glory. And yet, how often do we see some real-time password or keycode cracking happen that displays first one character of the code, then another, then another, as the "cracking" progresses?
You know what I'm going to say, right? It doesn't work like that.
Password-cracking is significantly more difficult than TV and movies would have you believe.
As long as your password is long enough, that is.
Watch the keyboard
This doesn't really set unrealistic expectations, but I notice it nonetheless.
Watch the actors when they're typing. Many do nothing more than wave their fingers over the keyboard. The "keystrokes" and clicking sounds are added later. (If they were trying to be authentic, they'd be typing the backspace key a lot more as well.)
Semi-related: I've never seen -- or rather heard -- a display that makes character-by-character noises as information is displayed. It doesn't work like that.
If you're hearing something as information scrolls by on a screen, it's another sign that what you're seeing isn't accurate.
Invalid IP addresses
While you might not notice, and this doesn't really impact your expectations, this is most definitely a pet peeve that gets me every time.
IPv4 addresses are four numbers from 0 to 255 separated by periods. "4.4.4.4" is the IP address of Google's DNS service. "35.81.190.53" is the current IP address of the server hosting askleo.com.
What's not an IP address? Random numbers thrown together where one is greater than 255. "38.81.345.53" is not an IP address. It's meaningless because it contains a number greater than 255. And yet, I see "IP addresses" like this on TV all the time. My suspension of disbelief takes an immediate hit.
I understand why they do this. People will poke at anything they see on the screen. If a domain name is displayed, someone will try to go there. If there's an email address, someone will send it a message. If there's an IP address, someone will try to connect to it, or worse. The risk of using a real IP address is that it might lead to a real machine on the real internet experiencing a real problem because it was seen in a fictional show.
I also award negative points for shows that use local network IP ranges (10.x.x.x, 172.16.x.x, or 192.168.x.x) as if they were internet-visible. Spoiler: they're not.
An example done well
Aside from non-fiction documentaries, shows that get technology right are few and far between.
One classic that does is the TV series Mr. Robot. While I found it a very interesting and entertaining show, I was impressed by how they tried to portray technology accurately at the screens-and-keyboard level. Some major plot points perhaps sometimes pushed the limit, but when people were interacting with technology directly, it was all relatively believable.
Better technology might exist
Of course, it should be a given that our governments probably have access to the most advanced technology. It's almost a meme that the US's National Security Agency (NSA) has supposed superpowers when it comes to spying or collecting information.
Nonetheless, there are limits. Good encryption, for example, is good encryption no matter who you are, NSA or not. Besides, there are better approaches if you have more time and more reach than a two-hour movie would allow. Spyware-targeting an individual's machine, for example, to capture information before it's encrypted is much, much easier than brute-force decrypting something after the fact.
Conspiracy theorists who believe that government agencies are hooked in so deeply that nothing is safe will call me naïve. Even if that were true, the government wouldn't allow that to be exposed on a weekly crime drama.
What might be more plausible is that criminals aren't necessarily the brightest, and law enforcement might easily capitalize on the mistakes they make, like finding a critical password written on a sticky note in the criminal's lair.
Do this
Remember that TV shows and movies are fiction. Some do a better job of adhering to reality than others, but the bottom line is that as long as their show remains successful, they don't have to. Technology, along with many other disciplines, is ripe for skimping on accuracy, particularly if getting it right would be time-consuming, costly, or would distract from the story being told.
Don't base your understanding of technology on TV and movies.
Instead, seek out sources you know aren't fiction. Hopefully sources like Ask Leo!.
Subscribe to Confident Computing! More facts, less fiction, less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Podcast audio
Footnotes & References
1: All of the scenarios here generally involve US shows and thus US laws.
I don’t see IP addresses like 38.81.345.53,10.x.x.x, 172.16.x.x, or 192.168.x.x etc. as so bad. They are the IP equivalent of phone numbers with a 555 exchange. 555 is used for directory assistance. They are used to avoid lawsuits.
I think a great example of these technologies that don’t exist or are exaggerated is some of the CSI shows especially CSI Miami
Interesting!
Next thing you’ll tell us Leo is that you do not get the full profile of the suspect five minutes after uploading a partial fingerprint.
As a retired dental hygienist my wife often yells at the TV, particularly when said actor / hygienist is assisting the doctor, not doing the job she is trained and qualified to do.
Leo, you wrote:
“…[H]ow often do we see some real-time password or keycode cracking happen that displays first one character of the code, then another, then another, as the “cracking” progresses…?”
Saw this happen in the movie Wargames, and cringed.
(And to make things worse, the “keycode” in this case was a nuclear launch code, that in real life would likely — or at least, so I hope! — be binary rather than something alphanumeric, cryptographically random, and vastly longer than anything that could be displayed onscreen.)
Wargames was the original for IT misinformation, starting with a dial-up connection to the Defense Department computer controlling the nuclear arsenal with a backdoor to bypass security and a computer with an intelligence capable of learning the futility of nuclear war. Many other movies and shows were built on those fallacies.
On the US TV show “Last Man Standing,” Mike ends each episode with recording a vlog, which is posted on the store’s website. Usually Mike’s browser is open and you can see the store’s website. I seem to remember once after watching an episode that I looked up the URL and actually found the website that looked like what was on screen. I thought it was neat that the producers went to that much trouble, knowing that people would certainly try to go to the fictional URL.
Agree … every so often a show’s producer or other staff “gets it”, and makes sure they own the URLs (or whatever) shown, and put something interesting there. I appreciate that effort.
I, for one understand that T.V. shows are works of fiction. When I see accurately demonstrated technology, I appreciate the effort. Most of the time, I ignore the inaccuracies and simply enjoy the plot. The objectives of these shows are to entertain, not teach us about technology. Besides, what harm is there in exaggerating the portrayal of the capabilities of law enforcement in a fictional work?
Just thinking . . .
Ernie
What harm? As the article outlined: it sets unrealistic expectations.
I just saw it again on Law and Order. The surveillance video showed a blurred face. A couple of clicks later, the face was as clear as a closeup photo. One problem with that is some people watching might see that and fall for an ad for software promising enhanced photo resolution.
One of my favorites is when someone has been missing for days or weeks and law enforcement finally searches their home, finds their laptop that obviously has no cord attached, lifts the lid and goes right to work. Where’d they get that super computer? Mine doesn’t quickly awaken from sleep and is unlikely to hold a charge for days or weeks unless plugged in. I guess that is literary license because the viewer wouldn’t wait as long as I do while my PC awakens from sleep!
In your article you state that “4.4.4.4” is the IP address of Google’s DNS service. This is incorrect. Google’s DNS service is provided on IP addresses 8.8.8.8 and 8.8.4.4. Perhaps you were testing us to find a tech mistake in your article?
Don’t forget the other lesson Wargames taught us. If you make a computer think hard enough, it will explode. A least some things we see in movies are true. Like, if you stand close enough to an explosion, you can ride the wave.
I recently saw a Belgian police show where the cop asked the computer forensics woman to enhance the photo. She answered, “I can’t put in pixels that aren’t there.” Finally, someone got it right.