It was a pleasure to be invited to give a talk about the Carolan guitar to the The PETRAS National Centre of Excellence for Internet of Things Cybersecurity. In its own words, the centre “exists to ensure that technological advances in the Internet of Things (IoT) are developed and applied in consumer and business contexts, safely and securely”. PETRAS funds projects that bring together academia, industry and government to address the challenges of Privacy, Ethics, Trust, Reliability, Acceptability and Security as the IoT expands into the built environment, smart cities, supply chains and control systems, agritech, health and wellbeing, transport and mobility, and infrastructure. While that’s an impressive and important list, it is notable for omitting to mention guitars (or indeed the creative industries) and so it was a pleasant surprise and an honour to be invited to give a talk.

The key point of connection is of course the Internet of Things, the idea that the Internet is increasingly reaching out into the physical world so that all manner of everyday physical things are increasingly becoming connected to the Internet and are able to compute and share data. The Carolan guitar is an example, albeit an unusual one, of a physical thing that has been connected to the Internet for eight years now and so might provoke some interesting insights or at least questions for PETRAS.

So I decided to title my talk The Internet of Guitars and here it is, recorded as video (one of the advantages of presenting online). Just in case you don’t want to spend 35 minutes of your life watching it, the talk runs through the history of the Carolan guitar from concept, through making, to its life touring through the hands of different musicians, before turning to a discussion of the digital identities of things. I argue that digital identities are important for reasons of provenance, utility and meaning making and propose that guitars should come bundled with digital identity services (see Post 98 for some more writing on this theme)

I somewhat cheekily (given the interests of my hosts) ducked directly raising cybersecurity issues in the talk, but was quite rightly asked about them afterwards. One question concerned whether having digital identities might make guitars more valuable and hence stealable? Famous guitars can certainly become extremely valuable and the guitar world abounds with stories of them being stolen. It seems credible that enhancing the identities of everyday guitars could also make them more valuable and hence stealable, especially given the widespread interest in vintage instruments. On the other hand, having digital provenance available online might make stolen instruments harder to resell, at least on the open market, and might also make it easier to identify them if they were found again (see for example, Carolan’s unique 3D scan from Post 75 that documents its distinctive patina). And of course one can imagine bundling guitars with cybersecurity services that actually set out to make them more secure. Guitars might be physically ‘chipped’ by embedding digital technologies into them. Or perhaps increasingly sophisticated computer vision algorithms could identify them from photos and videos posted on the Internet?

A second security issue concerns the protection of the personal data that makes up a guitar’s digital identity. Carolan records and even publishes data from the players it encounters (with their permission I must stress). But what might happen if all guitars routinely recorded data about where they went and when they were played? Might this data become the focus for cybercrime in and of itself? Could it be used to enable identity theft? So this personal data needs to be managed securely, using the kinds of technologies that PETRAS is looking to develop. My talk also considers the question of what personal data should be handed over when a guitar is passed on from one player to another, and even whether a previous owner might somehow keep track of a guitar that they had once owned, which in turn raise further cybersecurity questions.

So it seems that Carolan certainly does raise questions of cybersecurity, both in terns of the potential vulnerability of the physical instrument, but also in terns of the need to securely manage the personal data that make up its digital identity.