I[di]oT[s] & ToS[sers]

Marc Goodman’s Future Crimes, a book about the frightening vulnerabilities of the internet, privacy violations, and the currency of data (data as a commodity), is an old story with a new digital twist. The book needs competent editing, yet despite its shortcomings, and follies, most of the content can’t be discounted. It’s one more siren alerting us that business as usual is heading the wrong direction. One more warning that complacency is equal in culpability. One more flashing red light indicating an immediate need to put on the brakes.

Goodman recounts for us countless, unendurable real world examples of the power and powerlessness of today’s computer code. The susceptibility of our daily digital activities to fraud is hammered. Showing side by side the good and evil of IT, and sometimes a strange grayness in between, leaves one wanting to run for the hills to become a hermit fool. He projects an image of the internet wildly out of control as the progress of information technology careens towards a terrific, awesome, uncontrollable clash of the data-Titans, with ordinary people getting the butt end of their bludgeons. In blood-curdling narrative after narrative, and frequent reminders and recaps, we are pummeled with fearmongering stories. Goodman also supplies us with his extrapolations into the possibilities yet to be explored by, mostly but not exclusively, foreign criminals. If you can suffer his battering, there are urgent messages to be heeded, the consequences of which are already being felt.

Message : Overexposure. [Anti]social media ostensibly provides us with a valuable service for keeping in touch. Goodman shines a light on its duplicity in the title of chapter two, “You’re not the Customer, You’re the Product.” Everything you post on these sites is public. Those “privacy settings” are superficial restrictions that apply only to other participating products, not to the service providers, nor their customers. But that’s not all! Your information is not secure. It can be broken into by lone pimply faced hackers just for kicks, or by government agencies, corporations, and crime syndicates for various nefarious reasons. (The last three being nearly synonymous.) Google mail is a prime example. Not only do Google computers ‘read’ your email, they collect, store, and analyze every bit in order to leverage its domination; to bolster its information prowess and sell it to other monster corporations. That’s only the tip of the Google-berg.

Facefook is another egregious abuser of your privacy. The subterfuge of its interface and concocted usefulness is bad enough, but its tentacles corkscrew deep into its users, their connections, and their other online activities. They’ve even conducted psychological experiments on their users without user consent. Then, and only after the abuse, they altered the ToS (Terms of Service) to give themselves “your consent” and the “legal permission” to violate you more.

Google and Facefook are not alone in this subterfuge. They are only the top predators in the insatiable collection of data. Dozens of other multinational corporations engage in these manipulative games, all under the guise of “free,” and never with your overt consent. Even if the ToSser agreement allows it, you’re probably not aware that you’ve given up your rights, or more accurately, your rights have been stolen from you. It may be legal to voluntarily give up your rights to be a slave, but it is unconditionally not legal to own a slave. It may be legal to give up your rights by checking “I’ve read and agree to the terms and conditions,” but is it legal to take away those rights? Whenever you’re presented with a “free” app, or “free” service, stop, ask yourself, “How is free possible?” “What am I giving up?” “How much is this going to cost me?” “Is this really beneficial?” “Do I want to be violated?”

Message : Reality warping. Not only is your personal information prone to abuse by the smiley corporations giving you their internet candy; not only is it subject to break-ins and theft, it’s also, and more deviously, subject to alteration, fabrication, and selective filtering. Imagine having your records changed, your credit report damaged, your medical records faked, and the consequences. The reliability of our data, and everything that we access online, is critical. As we depend evermore on a digital life, we need to be able to rely on its accuracy. While we leak parts of our personal lives, scattering it around the internet, storing it in the cloud, and as digital life becomes increasingly insecure, we could find our real lives disrupted in ways we haven’t imagined.

We put trust in friends we’ve never met. We’ve all had connection requests from people we don’t know. Millions, actually hundreds of millions of registered users on the face, the twit, the yelp, etc., are fakes. Yes, you could be friends with one of the over 140 million fraudulent antisocial media entities. We put our trust in online reviews. Fake users are not uncommon or passive. They take active roles when their puppet masters choose. It’s estimated that 25% percent of Yelp reviews are paid. Zoowie! Followers, comments, and “likes,” are readily disseminated by computer programs or paid disinformation workers. Those millions of followers can be bought by virtual zombies whose job is to fabricate an onscreen fantasy. The possible corruption of everything we see on our displays challenges credulity, and prompts paranoia.

Each and every day around the world, display wars are taking place as governments, multinational corporations, criminals, and terrorists battle to shape and control what is seen online. What ensues is a real but covert war on reality, one that is meant to blind us to the truth.

Trending, mass opinion, and popularity can be manufactured in a flash. There’s no way to tell on the surface. In the virtual world everything is equally virtual, virtueless, and viral.

Message : Fraud enabled. A large portion of the book is spent on cybercrime, a multifaceted field. Crime utilizing the internet for the sale of contraban and criminal services; collecting and selling credit card numbers, and identity theft; the development, distribution, and running of crimeware. The last is a particularly insidious group of applications that hijack your computer for fraudulent purposes, running in the background without your knowledge as part of a botnet. In other cases, the malware commandeers your computer, holding it ransom for a fee : cyber-extortion.

The questions are, how rampant is cyber-crime? How much will it accelerate? Is it a minor or major threat? His argument is that it is BIG, and growing as fast as technology. I would caution that, like other businesses, crime is self-limiting. But how far will it go? Why does it seem not as bad as he claims? The big break-ins have hit the news many times—large retail chains and banks infiltrated by hackers who have pilfered millions of credit card numbers. (And another one reported just this morning targeting the IRS.) Well, if this problem were as big as he suggests, we’d be in a heap of trouble. Why haven’t we heard more about this? In large enough quantity, illicit credit card activity could destabilize the entire system. Then, I think about my own experience. I have had suspicious activity on my credit cards on three occasions. Each time quickly assessed, the card suspended even before I was aware, costing me nothing (directly), and with limited cost to the issuer. And a minor incident of identify theft—someone tried to open a credit account at a national hardware retailer using my name and Social Security number—thwarted because the perpetrator, on the other coast, used a local address, thereby raising a red flag. After that incident my credit was on a watch list for a couple of years. One friend has had his credit cards replaced at least four times due to unauthorized activity. A quick survey of other acquaintances confirms that, indeed, this is common. Fortunately, banks have rather good programs in place that monitor suspicious charges, mismatched addresses, and other irregularities that signal alarms, and limit the damage. Nonetheless, the problem is big, and worse, it’s a never ending struggle that costs billions annually.

Message : I[di]oTs are not smart. The Internet of Things (IoT) is underway. Processors are being inserted into the most unlikely products to make them “smart” by connecting them to the internet. Oh, how I need to control my thermostat when away from home. Oh, how I need my refrigerator to tell me the milk is spoiling. Oh, give me a frigging break. Home security systems are being put online. The advantage of this inane “upgrade” is that now security systems can be controlled remotely by anyone with basic computer/internet skills. Not secure. Every new I[di]oT product coming out, or any product labeled “smart,” further adds to the insecurity of the digital world. As more I[di]oT products come online, more of our modern technology is subject to hacking. The implications are that these stupid silicon-chipped and code-controlled things are more vulnerable to catastrophic failure and criminal tampering. Instead of improving the quality of life, I[di]oT enabled products are injecting turmoil to the wired world.

As participants in the inter-netted electroscape, it is impossible not to be exposed. We are being attacked from both sides, the corporate and the criminal. There are techniques to protect ourselves, but no matter how hard a shell we try to put around our electronic lives, there will always be inevitable leaks and exploitable weaknesses, some by design, some by accident. The only full protection is to drop out, disavow, disconnect.

Message : The law is lagging. We can mail a letter and be secure that it will arrive intact and unopened; not so with email. We can go to the library to read without anyone knowing our interests, even if we borrow the book; not so with internet searches and website visits. (Libraries have been under attack to release lending records. To their credit most have refused to comply, but the battle is ongoing.) We can use cash without a trace; not so with plastic. And we can travel by land freely from state to state without being tracked (if we leave our electronic devices at home); not so by air.

Even if the law were to protect our electronic activity, that won’t stop the relentless attacks from those who aim to take over control. This is more than a legal issue. It is a two pronged issue : the law and the computer code. The legal side could be quickly and easily remedied. It’s the starting point for establishing standards of ethics. On the code side, although security stands to be greatly improved, there will always be a way in. For any program to be functional, it can’t be impenetrable. Nevertheless, it is possible, with present capabilities, to greatly improve security.

WordPress sites are under constant attack. This site is barraged by administration login attempts, thousands a month, for the purpose of hijacking the site. There would be hundreds of spam comments, too. To thwart these attacks, registration is required using captcha verification, and IP address lock-out after three wrong password entries. I’ve also permanently blocked over 1200 IP addresses for repeated lock-outs. These are effective tools to keep spammers and hijackers out, but it’s annoying. And I wonder, what is all this fraudulent traffic costing the system? Everyday spam email, spam comments, DDoS, and referrer spam goes out by the millions, all intended to take unfair, unearned, unethical advantage. What’s it going to take to discourage it?

Message : Code is King — Data is Power. As information collection, processing, and data correlation grows ever more pervasive, those without the massive data banks and the knowledge of code will increasingly find their usefulness, bank accounts, and lives shrinking. There wasn’t a chapter in the book that didn’t mention some new tech company, only years old, being sucked up by one of the leviathans, Google, Facefook, Yahoo, Microsoft. This coincides with the continued hoovering up of one corporation after another by a few of the biggest mega-multinational conglomerates. It wasn’t long ago that laws were put in place to break up oversized trusts and monopolies because of the dangers and the abuses engender, but today those laws are being ignored. Here is the single most frightening message from the book, one that is barely mentioned directly, but that emerges inadvertently on every page. The power and wealth held within data and digital technologies are being amassed in ever greater quantities, and controlled by an exceptionally small number of digital elites. The discrepancy between the techno-data haves and have-nots is growing along with the growth of technology. The rise of robotics exacerbates the conditions, widening the gap to the point that even those well educated in any other field besides IT will become redundant.

We have arranged things so that almost no one understands science and technology. This is a prescription for disaster. We might get away with it for a while, but sooner or later this combustible mixture of ignorance and power is going to blow up in our faces.   — Carl Sagan

Future Crimes covers much more than the title indicates. He rambles on about the expected future of technology, some foreseeable, some speculative, some absurd. He repeats, repeats, yet there’s so much he’s trying to cover, and still he leaves the reader wanting, not because the read is so compelling, but because there’s little help offered.

Message : Free is a ripoff. It’s estimated that each antisocial media user generates about $8 in ad revenue—per year. Goodman states, “I’d rather [pay] ten bucks and be left alone.” MIT researcher Ethan Zuckerman calls advertising the web’s original sin, and further declares, “The fallen state of our internet is a direct consequence of choosing advertising as the default model to support online content and services.” I am, without qualification, in agreement. I’d rather pay—pay for search services, email, entertainment, etc.—pay for what I use and be free, completely free, from the unsightly, unethical torment of advertising, tracking, and privacy intrusion. I’d rather pay with dollars than pay with my rights. Paying for commercial-free services negates the incentive to invade privacy through data collection, and removes the distracting sensory pollution of advertising.

He finally offers a few solutions, but only one which you and I can apply. Educate yourself on the basic workings of digital technology. You don’t need to know how to code, just a working knowledge about how the system operates. Number one in this category is passwords—they can’t be words, can’t be short, can’t be easy, and the same one shouldn’t be used everywhere. His other suggestions need to be grappled with by the designers of hardware and the coders of software. 1) Establish two-factor authentication to replace passwords. 2) Fix faulty code. 3) Encrypt everything. Encryption is the fastest, easiest solution that’s being insufficiently applied. The faults in the code are due to the sloppiness inherent in rushing. The hurry, hurry, hurry, faster, faster, faster mantra is not merely flawed, it’s wrong, wrong, wrong. . .  Fast accomplishes one thing exceedingly well : blunders. It’s time to slow down. Computer code, sales, or whatever one does, doesn’t need to be done yesterday; it needs to be done well.

Future Crimes, Marc Goodman, Doubleday, 2015

Read the article “How to Survive Cyberwar,” by Keren Elazari, in the April 2015 issue of Scientific American.
Previous related post [Info-Elitism].

This entry was posted in Book reviews, Discover and tagged , , , , , , , , , . Bookmark the permalink.