When data security is breached, personal details are laid bare and your digital footprint can lead to costly and unforeseen problems
It would be easy to be amused by the digital misfortune of others. If you are, the last few months will have been hilarious. There have been countless examples of supermarket and chain-store credit card and customer data loss, not to mention millions of personnel records of the US government stolen from the Office of Personnel Management.
Most recently there have been the profile details, e-mail addresses and usage data of the wannabe adulterers of the Ashley Madison dating site, stolen and then released by blackmailers. Seemingly every week has brought yet another example of a large organisation being infiltrated by hackers, its systems copied and its data exfiltrated.
Once data has been created and released, it freezes that moment in time – a foolish decision entombed in data can and will mark you for life
Darkly amusing, perhaps. Perhaps even, in the case of Ashley Madison, a curious case of moral schadenfreude, of digital comeuppance. You might be tempted to think it’s all a little too much like science fiction, too cyberpunk, too Silicon Valley to be something you should worry about. You’re probably not, after all, likely to be held to ransom by blackmailing super-criminals or infiltrated by the Chinese secret service any time soon.
But you would be wrong. Even if you’re not signed up to a dating site unbeknownst to your spouse or just been made responsible for your company’s fraud risk, the simple truth is that one of the key, basic life skills we will all need for the 21st century is an understanding of what we mean when we talk about data. Cyber crime is being recognised as a major concern, yes, but we’re yet to comprehend completely how it affects us all.
The journey of data
The story of the internet over the past 20 years has been one of business realising the profound effects of the fundamental nature of data. Data is weird stuff. It costs nothing to copy it and those copies are perfect; it has negligible weight, so moving it is easy; it mixes together with data from other places very nicely; it’s very hard to make go away.
We’ll touch on these in turn, but let’s begin with the mixing. Once you start to record data in one place, it wants to be mixed with data from another. Take an Apple Watch, for example; the one on my wrist takes a measurement of my heart rate at regular moments. My watch also knows where I am, through GPS, and who I have meetings with, through my calendar. Through LinkedIn and other social networks, it can infer a person’s real-life identity.
Now, we know that interactions with deeply frustrating people will raise your heart rate, so when you combine all that data together, alongside the same data from other smartwatch wearers, we can start to build inferences on how annoying someone is by the physiological effects they trigger.
Useful data; a free idea for an app for anyone who wants to build it and not one that requires any new magical technology, merely connections made between stuff already out there. With a lack of walls between databases and some published results appearing in the Google index, and we could be destroying reputations.
And destroying them forever, as the Ashley Madison user-base will find when someone turns that illegally released database into a Google-indexable website (something that might already have happened by the time you read this). Once data has been created and released, it freezes that moment in time. The person you were when the data was created is the person you will always be as far as systems which act on that data are concerned. A foolish decision entombed in data can and will mark you for life. Indeed, that is one of the more subtle arguments against government internet surveillance – it makes it impossible for people to change their minds.
The point here isn’t that law enforcement agencies shouldn’t be allowed these tools at all – almost everything has its specific and limited place, given proper oversight and a democratic conversation beforehand – but that without those limitations and oversight, we end up with databases that are, because they are all, not only fundamentally insecure, but liable to produce, with that insecurity, deeper problems than they solve.
It is, for example, highly likely that the millions of personnel records of US government employees with security clearances that were breached last year will be checked by those who have them against the Ashley Madison database to ease the blackmail. Two sets of bad IT security combine with a lack of the understanding among the general public that databases will be cracked and choices made in private will not remain so. In an era where most choices are made via weakly secured digital systems, privacy cannot be taken for granted.
We need, as a society, to not only demand and utilise better security practices in the companies and organisations which are large in our lives, but to develop a cultural understanding that without those practices, we risk whole new ways of bringing damage to ourselves and each other.
This is only going to get worse before society learns to deal with it. Technology evolves at a pace that far outstrips the evolution of etiquette. I’m wearing a constant heart-rate monitor, yes, but I’ve also inadvertently installed video cameras and microphones in most rooms of my house, not least by my bed, where our phones rest at night. My car downloads firmware updates from the internet and my groceries are delivered because of the choices sent from my phone. The lights in my front room, the stereo on the bookshelf and the robot that feeds the cat are all connected and vulnerable, and liable to betray me in a new and unforeseen way. It won’t be a surprise that they do, only how they do it.
Being paranoid about the security risk and jettisoning modern technology entirely would be foolish. You would be secure from new and baroque security threats, yes, but you would also be removing yourself from modern society. Instead, we need to live within a new metaphor. Cyber security shouldn’t be thought of in terms of walls, fortresses and weaponry to use against an invader. Instead, it should be considered more in the terms of hygiene and health.
We’re going to get sick every so often and sometimes it will be very unpleasant. But if we eat well, wash our hands and don’t eat food off the floor, we’ll be mostly alright. And when we’re not, it is society’s responsibility to help us get over it – and not carry the mark of sickness forever more.