♦   9   ♦

Security and Privacy in an Era of Ubiquitous Connectivity

In an episode of the popular TV series Homeland, Vice President William Walden is killed by a terrorist who hacked into Walden’s heart pacemaker. The hacker raises Walden’s heart rate, pushing him into a serious, inevitable cardiac arrest. Walden’s pacemaker had been connected to the Internet so that his doctors could monitor his health. That was the fatal mistake. Viewers watched in shock and disbelief, but this assassination plot seemingly out of science fiction was actually not that far-fetched.

These days, many complicated, critically important medical devices include onboard computers and wireless connectivity. Insulin pumps, glucose monitors, and defibrillators have all joined the Internet of Things. Every year at security conferences, hackers are demonstrating new ways to compromise the devices we rely on to keep us alive. Former Vice President Dick Cheney famously asked his doctors to disable the wireless connectivity of the pacemaker embedded in his chest. “It seemed to me to be a bad idea for the vice president to have a device that maybe somebody on a rope line or in the next hotel room or downstairs might be able to get into—hack into,” Cheney’s cardiologist, Jonathan Reiner of George Washington University Hospital in Washington, D.C., told 60 Minutes in an interview in October 2013.⁵⁸

We will live simultaneously in an age of wondrous technical marvels and one of perpetual insecurity, and such threats will become more common. Those individuals and groups who wish to do us harm are more empowered than at any time in the past. Blackmail using purloined personal data will skyrocket. We will begin to understand the disadvantages of having devices always collecting information and companies offering products and services for free. Cybersecurity will move from an abstract threat to an issue of personal safety that will matter to us all.

So be ready for a rough twenty years ahead. But there is some good news. The cybersecurity industry is already responding, and technologies that could mitigate these threats are already under development. The next generation of security experts is stepping up to the challenges and creating innovative solutions. Governments, corporations, and entrepreneurs everywhere understand the benefits of solving these issues and are racing ahead with novel approaches and breakthrough methods. Each advance we make will come with setbacks, but we will work through those as we go. The question is what will we lose in the process?

Citizens Caught in the Cyber Crossfire

The ability to access nearly all of the world’s information from an affordable personal supercomputer in your pocket has unquestionably brought benefits. We can reach loved ones at a moment’s notice, access a rapidly growing list of services instantly, and learn almost anything we want from anywhere. It’s not just the rich who are benefiting; it is arguable that the greatest gains are being made by the global poor, who can now communicate, collaborate, and bypass some of the institutional barriers that have held them back.

As high-speed, ubiquitous connectivity among all manner of devices binds us more tightly to technology and to the Internet, a crucial and frightening mega-trend for the next two decades is that cybersecurity will become a more important domestic-security issue. In 2007, the Stuxnet computer worm sent costly and critically important centrifuges spinning wildly out of control at Natanz, a secret uranium-enrichment facility in Iran.⁵⁹ In a matter of months, American and Israeli security forces were able to remotely destroy 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium. The government program behind the virus, code-named “Olympic Games,” was developed during the Bush and Obama Administrations.

Stuxnet was the first major publicly reported governmental cyberattack on industrial facilities of another nation.

Then, in 2015, American intelligence services suffered their worst defeat in modern history, at the hands of intruders believed to be from China. The Office of Personnel Management, the government agency responsible for vetting and managing employees, suffered a catastrophic data breach that exposed its full records of more 21.5 million employees, dating back almost thirty years.⁶⁰ The stolen data included more than five million sets of fingerprints, which can never be changed. Even worse, the personal details and secrets of more than four million security-clearance holders were also leaked, forever changing the country’s ability to conduct espionage abroad.

In 2016, hackers, allegedly Russian, compromised e-mail servers of Democratic Party officials and tried to use this information to undermine trust in the U.S. electoral process. And in 2017 the NotPetya ransomware, originally written by Russian black-hat hackers, caused damage worth tens of billions of dollars, including most notably a near-total shutdown of the digital operations of one of the world’s largest shipping and logistics companies, A.P. Møller-Maersk.⁶¹ A similar ransomware attack caused weeks of chaos and a near-total shutdown of the city of Atlanta in March 2018.⁶²

The next major geopolitical crisis will involve not only electronic countermeasures against enemy missiles and communication systems but also attacks over IP networks to cripple or destroy civilian infrastructure. Our personal information and security will be collateral damage in the continuing battle between nations for control.

As we rush headlong into the Internet of Things and connect willy-nilly everything that can be connected, we expose the soft underbelly of our technological systems. Identity theft has intensified significantly in the past two decades, but the public remains in the dark about its growth in sophistication behind the scenes. The next two decades will mark a change from inconvenience to real harm. As we read more about thefts of celebrities’ nude photos and exposure of people’s e-mails, hacking will become something all of us worry a lot more about.

Loss of financial identity is one thing. What is coming now is much uglier—and personal. It is far more difficult to recover from a leak such as the attack on Ashley Madison.⁶³ The publication of e-mail addresses of alleged customers of the online adultery-facilitation service exposed millions of people to ridicule and marked them with a virtual scarlet letter. These suspected cheaters are now searchable in a number of databases, forever. It even drove some to suicide. Data breaches don’t take account of nuance; the devastation of their personal and social lives will be unmitigated by whether a couple was going through a rough patch or whether somebody was just looking with no intention to actually commit infidelity.

It’s not just the things we say or do but also the information that is collected about us that makes up our identity and reputation now. On a typical day as you drive home, cameras mounted on top of police cars and road signs are using automated license-plate recognition technology to make a database of virtually all of your car’s movements. Surveillance cameras on buildings and at traffic stops are constantly snapping pictures and recording video of you everywhere you go. As you pull into your driveway, your home automation system makes a record of exactly when you arrived; to deliver the perfect temperature, your Nest thermostat tracks your movements across the house. The cameras and microphones on your Smart TV listen in to all of your conversations, waiting for you to issue the TV with a command. And that’s all before you launch your web browser.

All Your Weaknesses, in One Place

As we move toward a connected system and toward having our lives tied to our cloud services, we create more and more single points of failure that can grind our existence to a halt. When then WIRED magazine reporter (and now BuzzFeed tech editor) Mat Honan had all of his digital belongings deleted, the hackers didn’t use some cutting-edge technology or brute force to make their way in. Instead, they used social engineering to trick Apple and Amazon customer-support personnel into giving control of Honan’s account to a stranger.

Writes Honan, “In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.”⁶⁴

Some of Honan’s lost items were pictures of his young child that he had forgotten to back up. They’re now lost for good.

Honan was targeted because he had a highly coveted three-letter Twitter handle. There will be many, many more Mat Honans in the next few years, as whole Dropboxes, Google Clouds, and iCloud accounts of many people will be wiped out (at least temporarily) by hackers who turn their victims’ lives upside down, spoil their reputations, and extort money or promises from them. Our own unsuspecting behavior on social media offers only additional surface area for attack. We post pictures of the cars we drive, talk about the places we eat at, publicly reveal our work histories and our personal networks, and publish links to articles on publications we subscribe to without giving a second thought to how that information could be later used to hijack our identities.

Centralized databases and stores of personal information can have risks beyond the financial and social. Medical identify theft is growing rapidly, in which someone can use a stolen social-security number to receive health care under your name and pay for it with your insurance. Unfortunately, you may be left paying the doctor’s bill. And as we connect all of our electronic medical records systems and pipe them into larger A.I. systems such as IBM’s Watson, false data about our health becomes harder to expunge from our permanent record.

This tampering could result in poor diagnoses and potentially hazardous treatments or care. Imagine that someone using your insurance fills out a doctor’s office standard form on allergies and claims to have none—and you have a very dangerous drug allergy. If you are in a car accident and that drug is a standard course of treatment for your injury, the latest record might show no allergy. Unconscious and unable to correct the record, you experience a dangerous allergic reaction: tragic, and eminently preventable.

The Race to Make Security Accessible

As it stands today, there are plenty of tools you can deploy to get a very high level of security and protection. The problem is that they are nearly impossible for the average person to use: technically complicated, requiring great expertise, and with awful user interfaces, especially in comparison with their less secure alternatives. Security technologies need to become more user friendly.

There has been some progress in that direction. Secure personal clouds offer a viable alternative to using services like Dropbox, and they can lay the groundwork for a system where we are able to charge for access to our data rather than having it taken from us. Tools are on their way that can help us control our digital footprint and manage who is able to shape it. Companies too are finally implementing default settings that are supportive of how users actually behave, instead of tricking people into sharing more information. Facebook has put in place some of the best systems for blocking social-engineering attacks, by examining whether the hacker asking for your password is likely to be you or someone else, based on a host of key signals such as location, type of computer, time of day, browser version, and more.

On the extreme dark side of the security and privacy discussion for the future is the inevitable decoding of our DNA, the inevitable capture of our biometrics whether we like it or not (facial recognition, voice, gait, fingerprints), and the capture of every moment of our daily lives. We are going to need to think deeply about how much we value our individual privacy.

A Difficult Balance

Transparency, detection, and accountability are the necessary antidotes to security risks. Companies need to build systems with the assumption that they will be hacked. They need to develop technologies that notify us when we’ve been compromised and take automatic actions to block attackers. They must design systems to be distributed and resilient, such as blockchain technology, which can help prevent tampering and information leakage.

With regard to privacy, we have yet to reach a consensus on what is acceptable. We all make choices about what we put online, but much of what is collected about us is out of our control. The actual value of privacy is up to citizens and governments of the world to decide. Perhaps we need a blanket ban on covert capture of facial-recognition identification. Maybe we need to mandate that any system that scans faces in public places must be clearly marked and announced. Perhaps we need to reform liability laws to make developers and manufacturers of our devices take our security more seriously. Or maybe we need an amendment in the Constitution that says we own our data, so that we are finally on a level playing field legally with the technology companies presently able to swipe them from us and use them against us with impunity.

It is the job of governments to enact laws that protect the public, but we must tell our policy makers what we want. As I have said before, laws are codified ethics; our political leaders are supposed to do what we say, to implement policies that we have reached a social consensus on. The Europeans, for example, are tightening regulations on U.S. technology companies by requiring them to adhere to stricter standards and to store data locally rather than across borders. But this is little more than a Band-Aid.

There is another way of forcing technology companies to be more prudent with our data. Insurance companies selling cyber insurance are raising rates; and applicants, in order to receive coverage, often necessary for doing business, must undergo security audits. Putting a higher price on personal privacy and making its breach a more acute financial risk to businesses would probably force companies to think a lot more about how they are securing your data. As the problems of extortion, ID theft, and hacking grow more acute in the short term and as the value of privacy enters the public’s consciousness, it becomes easier to get such measures passed. The most effective time to convince people of the need to take corrective measures is unfortunately right after they have been compromised—when they most clearly understand the consequences of inaction.

So we can expect our identities to be stolen; we can expect extortion attempts; we can expect attempts at scary industrial hacks. But the worst problems of the last generation of technology are often easily solved by the first generations of the next wave of technology—until they create their own issues that need solving.

Do the Benefits Outweigh the Risks?

Increasingly ubiquitous digital-information capture clearly represents a tremendous risk to each and every one of us. These practices are difficult to track: it’s increasingly hard to follow who knows what about us, and where they learned it. The convenience of our digital existences, from online photos to social networks to online document storage, is undeniable and likely irreversible. So do the benefits outweigh the risks?

I have very mixed feelings about whether the risks we face are worth the benefits we receive from putting so much of our data online so unprotected. Because the system governing use of data online is not a system at all but an ad hoc jumble of commercial relationships with thin legal protections and even thinner real-world protections, for me the conveniences of one-click online orders and automated log-ins to websites courtesy of Facebook are thin gruel compared with the larger risks we face. The big problem is that users (meaning you and I) have only two alternatives: opt in, or opt out.

That is a choice we should not have to make. Newer practices of managing sensitive data can put users in charge or, alternatively, collect only the data necessary to perform the task at hand. We need a radical shift in how we think about data collection, centering system design on users’ data management and their privacy rights rather than layering them on as an afterthought. Users will vote with their online presence. Noted futurist and author Kevin Kelly observes in his book The Inevitable that “vanity trumps privacy”—that we are willing to give incredibly revealing details about ourselves in exchange for social validation: “They’ll take transparent personalized sharing. . . . If today’s social media has taught us anything about ourselves as a species, it is that the human impulse to share overwhelms the human impulse for privacy.”

This has been true, in part, because the costs of losing control of our data are hidden and hard to understand. But as identity theft reaches epic proportions and very little of our personal information is left untouched by credit bureaus and malicious online thieves alike, I predict that issues of data security will become far more acute to far more people, making security and privacy unavoidable issues. Then privacy will trump vanity.

In a nutshell, in the present state of affairs, I am not at all convinced that sacrificing our security and privacy for online convenience is worth the price. More accurately, I resent that we are even forced to make such a choice, given the badly structured and poorly policed governing systems for online security and privacy that we presently endure. So far, it’s not worth sharing all your data online and trusting that nothing bad will happen. If you must share them, I’d recommend mitigating your risk by managing and understanding how data are being used. Yes, it’s an almost impossible task right now. And it’s not going to become more straightforward until we push for it, which is why learning about these technologies and their effects is so important.