You know how frustrating it is. You post an incomplete Tweet, or send a Facebook post without that photograph…
or email someone with the attachment left off. It’s happened to everyone. We all need the freedom to check our drafts before pinning them to the public notice boards. We also have the right to NOT broadcast where we are and what we are doing at any point in time.
If you lose your option to review and cannot approve the dissemination of your creative work, location and activity, even if your own lack of vigilance is responsible, you feel as if a chunk of your freedom has been wrenched away. You curse–though not as much as you would if your personally identifiable information (PII) was stolen. As our private data is casually thrown across cyberspace, more and more people are, understandably, resorting to encryption. The Internet is awash with available encryption products, ranging from onion routers such as Tor, to virtual private network (VPN) products such as Anonymizer, and many others.
Everything we do online should be safe, but should it also be secret and anonymous? And if so, can we still be transparent and participate in the sharing economy? The danger of confusing privacy with secrecy, or for that matter, security is that it’s self-defeating. The conundrum is that people want to secure what is private, yet the more they protect their privacy by encryption, the more unsafe they become. Despite the use of encryption tools, we hear every week that private information is stolen, yet people revert to secrecy. They hide. (Others, like Allison in my thriller, THE FACES IN THE RAIN, obfuscate their online presence.) The better people become at hiding themselves, the more they hide those who lurk in their hiding places. Neither can they be found by those who serve to protect them. They don’t ask for help, for fear of revealing their hiding place. And so the Dark Web is born. Honest people are trapped by their need for privacy.
This is a massive problem for law enforcement. FBI director, James Comey, testifiying before the Senate Judiciary Committee hearing on Capitol Hill (July 8, 2015 in Washington, DC), stated: “Our job is to look at a haystack the size of this country to find needles that are increasingly invisible to us because of end-to-end encryption,” He tells how impressionable targets in the US are contacted by ISIS through Twitter, then given an address of an app with download instructions, and when they use the app, they disappear. They cannot be traced. “Justice may be denied because of a locked phone or an encrypted device.” he said.
The corporate world is reeling from cyber war. On June 17, on-line, I attended the FireEye summit, Beyond the Breach: Cyber Defense. The Sr. VP and Global Chief Technology Officer pointed out that, at a recent National Association of Corporate Directors (NACD) event, the entire one-day agenda was devoted to cyber security. It is no longer sufficient that companies avoid the “accountability wrecking ball” by simply exposing non-compliance. They need to work with other (sometimes competitive) companies and government organizations to combat three types of hacker: nation state actors, hacktivists and organized crime. As FireEye’s CEO, Dave DeWalt stated, “the attack surface is getting wider.” The old methods of excluding or re-imaging boxes (servers) no longer works. The company is customizing solutions for industry verticals–utilities, retail, financial, health, and pharmaceuticals. Their capability to constantly monitor the network, and send alerts in real time means they can fix problems in real time, preventing infections from metastasizing. Presently, according to FireEye, the average number of days before intrusions are detected is 205 days! This is all progress, but the price is that even proprietary corporate information must be shared, and our data is, increasingly, is part of that information.
What happened to the public conversation?
The “inter” part of the Internet implies communication. A conversation. As with billions of conversations, over thousands of years, there is a well-documented etiquette at work. Yes, it’s prissy and quaint, but under the manners of conversation, are mutual respect and trust in the discourse. Unfortunately, whether due to the immediacy, or spontaneity, or convenience of our communications, the rules of conversation are being ignored. However, it would be a mistake to think that the Internet is to blame. I don’t know when it became okay to ditch the conversation between the people and their town, state or federal government. Town meetings rarely succeed in engaging the community. Perhaps we’re just on the wrong side of the swinging libertarian/autocratic pendulum. The conversation on the corner of Proper and Sissy Street (it’s a prissy intersection) has disappeared. This has escalated domestic violence across America. When there’s no conversation we get police brutality and crazies who shoot people in churches, malls and theaters. Where is the non-political public conversation about guns and mental health? After the bodies are taken away we hear about the dysfunctional lives, the isolation, the lack of empathy. I sincerely loath people who use the word, kumbaya to accuse someone of being weak. I am no fan of the phrase, with its obsequious boy-scout idealism, but we should never ditch conversation because we fear the scorn of cynics.
The return of trust.
At another leading cyber security company, Palo Alto Networks, CEO Mark McLaughlin, spoke about the necessity for trust on CNBC:
The good news is that the mindset has turned to the community.
Policing, shared medical research and open data about health all benefit when the community is engaged. Technology has given us instant communication and made collaboration effortless. The open-source code culture has spread to Open Data initiatives. Mobile phones with small high-resolution cameras capture violence perpetrated against disenfranchised people, but they also capture personal health data, feeding it, with the patient’s permission, to the healthcare establishment. Viral exposure of incidents or medical breakthroughs make good news that garners high ratings in both social and traditional media.
When government decides to collaborate with citizen groups and create Open Data initiatives, good things begin to happen. We begin to heal.
See this example in New Orleans.
Our best defense is transparency, open data and trust.
The present administration has implemented the PIF program. As the web site states “The Presidential Innovation Fellows (PIF) program brings the principles, values, and practices of the innovation economy into government through the most effective agents of change we know: our people … These teams of government experts and private-sector doers take a user-centric approach to issues at the intersection of people, processes, products, and policy to achieve lasting impact.”
It’s the beginning of a national conversation. I hope it leads to other open initiatives where inclusive citizen groups become a factor for positive change. And it cannot happen if people don’t share some aspects of their privacy. Yes, secure your identifiable information and protect your privacy, but don’t hide. Share what you can. Come and play with the rest of us. Let’s build a better world. Together.
Nice read. You raise some interesting points. I don’t get the “the more they protect their privacy by encryption, the more unsafe they become” argument, though. I share a lot of stuff on Twitter, and I have great conversations there; but some messages are to be read by the intended recipient only. I don’t want Facebook or the NSA (or any party other than the intended recipient) to read certain messages, which is why I don’t use WhatsApp but Threema as mobile instant messenger. In what way am I becoming “unsafe”?
Hi: Thanks for the comment. Your Twitter activities are in no way unsafe and the conversations you have are your right to conduct privately. End-to-end encryption (which you are not doing) prevents law enforcement from protecting its citizens. The point I did not stress hard enough about trust is that the government and it’s citizens needs to build trust, and that happens with Open Data initiatives, etc. We need to trust each other enough to hold a PUBLIC conversation. Here’s an excerpt from the 2015 Cisco Annual Security Report: Some leading technology companies in the United States are hoping that use of end-to-end encryption will be a way to satisfy their customers’ concerns that their data be protected as it traverses the borderless Internet. The U.S. government has raised concerns, however, that such encryption will prevent its ability to protect citizens. The new director of the GCHQ, Britain’s premier signals intelligence organization, similar to the U.S. National Security Agency, even suggested that U.S. social media technology giants are aiding the efforts of terrorists by enabling them to send encrypted communications around the world. Despite these criticisms, technology companies are likely
to continue to pursue the development and adoption of technological measures aimed at restoring customer trust until governments have adopted policies that more effectively reflect the importance of enabling free speech and secure commerce while they protect against threats to public safety and national security.
Trust in technology products, and in the companies that develop them, will go a long way toward countries and their governments and citizens having confidence that they, and their data, are protected. As Mark Chandler, Cisco senior vice president, general counsel, and secretary, noted in a Cisco blog post earlier this year, “A serious effort to address these issues can build confidence, and most importantly, result in the promise of the next generation of the Internet being met, a world in which the connection of people and devices drives greater freedom, prosperity, and opportunity for all the world’s citizens.”