by Wendy M Grossman | posted on 27 December 2013
"Annus horribilis" might be going a bit far for the Internet in 2013. Long-term one hopes it instead proves to be a watershed: the end of complacence.
The most recent scandal unlocked from Edward Snowden's cache of NSA documents raised the question of whether leading cryptography company RSA took a $10 million payoff to weaken the random number generator library on which such products (and therefore we) depend. University of Pennsylvania professor Matt Blaze explains in detail what this means. In short: the weakness is there, it's hard to exploit, and we can't guess how many systems and products it's embedded in. Blaze calls it "the doomsday nuclear option of cryptographic back doors".
My version: terrorists could not have done a more efficient job of creating uncertainty and undermining trust in everyday (online) life.
The good side of 2013's six months of revelations of systemic surveillance and spying is that everywhere there are green shoots of activism as everyone from academics to corporate interests begin the long process of devising alternatives and upgrading infrastructure. Legislators, too: the EU's data protection reform seemed in danger of being derailed by complacency and US lobbying; the directive passed now is likely to be much stronger than it might have been without Snowden's input.
The bad side is obvious: we are, for now, screwed. At least we know; I prefer truth, however unpleasant.
The disturbing thing is that while everyone is thinking how to reclaim the Internet, a different set of folks continue to produce the next tech generation, seemingly without changing their thinking.
Snapchat strikes me as emblematic. Founded on the notion of ephemeral messages, last week, the company announced a replay feature. That's some holiday gift: showing that your business model is based on a claim that can be up-ended at will. Granted, the claim was never completely reliable.
It's a great example of our problems. A company sells technology to solve a social problem - trust. The promise encourages risky behavior, while the company may retrofit its technology to serve changing business needs. By then, the data is out there. Snapchat's motives may be perfectly pure, but there are plenty of precedents for abrupt changes of tack, of which Facebook is just one.
More insidious, though, is the way that electronic analogues of familiar physical objects add sneaky data collection facilities in ways we do not expect.
For example: a few Christmases ago, a male 50-something startled his family and friends by citing the exact number of the page that he, as a teenaged boy reading it for the first time, had found most "interesting" in a 1960s science fiction novel. He got this dreamy, faraway look in his eyes… Today, reading the same book as an ebook, the publisher would be noting his interest in the absurdly vague sex scene that appeared on that page and calculating how to copy it to sell more books. Would that make better books, as the data-selling subscription services - Oyster, Scribd - claim? Do we want customized novels, so that the version a teenaged boy reads is different from the one perused by a woman in her 50s? I doubt it. The main point: the technology they're talking about using for business purposes is the same stuff that would handily enable the thought police.
As against that are the ideas around getting the Internet to forget us. In a small, less familiar, example from 2008, Cornell graduate Kevin Vanginderen sued the university for libel when the official campus newspaper put its archives online, including a 1983 article reporting on a previously sealed incident in which he was charged with petit larceny and burglary. The case was tossed, to become one of many examples of the way electronic records are reviving forgotten pasts. Conversely, in a discussion earlier this week, Slashdot asked what, eventually, will fade out on the Internet over time. The Facebook page belonging to a friend who died in 2010 still pops up occasionally; but Facebook is still an active business. How many of the old Geocities pages still survive? (Granted, the Internet Archive is trying.)
William Gibson has famously said, "The future has already arrived. It's just not evenly distributed." The same can be said about remembering and forgetting: neither is evenly or predictably distributed. Things that were thought to be off-the-record to future investigators have been opened to everyone (especially if you call attention to yourself by suing), while things that people thought were permanent proved to be at best shaky and at worst ephemeral. These trends, together, are giving this a scary, new twist.
Every year for the last few years has been supposed to be the year of the Internet of things. One year soon, perhaps 2014, will be. Yes, some call it marketing hype, but reality is upon us. Assume that everything that is electronic collects data about how you use it. Assume that no matter what the company says, that data will be available in future for use by people whose identity and trustworthiness are currently unknown for purposes that are as yet unstated. Soon, you will have to assume that everything is electronic. Happy new year. P.S. On a personal note, thanks to all net.wars readers.
Technorati tags: 2013 privacy internet of things
Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, follow on Twitter or send email to netwars(at) skeptic.demon.co.uk (but please turn off HTML).