Before my yammering about the newest privacy risks, and everything else fearful and loathsome about modern technologies and communications, indulge my quite public wishes to your and my editor, the wonderful Erin Cox, on her cats’ upcoming birthdays. I’m a cat guy myself, judge ye as you may, and I too celebrate the birthdays of those claw-bearing felines who rule the Zuger roost. Oh … yeah. Also, Erin, Happy Birthday to you today!
I misdirected by suggesting above that the two—a colleague’s birthday and the ongoing security pains of modernity—are separate issues. In fact, my message to you is to be wary of the connections. The connections, that is, about our connections, if I may pose as meta. Something as seemingly innocuous as sharing your birth date in a public forum, whether that’s a newspaper or your Insta-Face-Tik-book-gram, presents some risk. Just last month another colleague at the Times-Tribune shared his own realization that “Living a public life,” as Jarrod Mills, a careful and caring staff writer, entitled his piece about this topic, is part and parcel to this work. Being in this racket—i.e., publishing your thoughts, which goes on in these opinion sections—opens one’s seemingly personal database to public eyes. To me, and by default … meh. What’s there to lose?
Now, when Erin, Jarrod, I, or others steeped in news say that, we actually know better. We research information security breaches all the time and understand that it’s not that one, little factoid that causes risk. It’s more like Gladwell’s “Tipping Point.” Those incremental leaks of personal data add up and eventually a point is reached where they amass into real risk.
I’ve been a party to formal, Project Management Institute-styled risk management events. To boast, that included up to a few post-9/11 weeks working with the White House Critical Infrastructure Protection Board. Two elemental factors are in play when assessing, and hopefully mitigating, risk. There’s the likelihood that a risk even will occur. For example, something now more onerous than a pandemic such as an alien invasion, which some plan for already, might not be part of every company’s risk management plan. Might not. Then secondly you’ve got to consider if that thing, pandemic, space wars, or recession actually occurs, how much damage will it do? The product of likelihood and damage potential results in one objective and useful manner to analyze risk.
We embark on the risk pontoon every time we launch onto the internet’s lake. Millions … yes, millions of viruses, malicious software programs, and ransomware artifacts are, simply, swimming around the lake waiting to attack. Will one flip the vessel? Dunno. If it does, how much damage? Same answer. Just embrace the fact that the only way to truly, wholly protect your personal information and privacy is to stay on dry land, comparatively. But, if perils can’t be avoided altogether, in risk parlance, it’s then time to assess, analyze, and plan to mitigate their potential damage.
The fact of the matter remains: The only way to even hope to avoid the risks associated with communicating online is to not merge into the information superhighway in the first place. I like rural roads. No one who knows me would believe that’s because I like the slower pace. Rather, I like the variegated scenery, the lack of noisy advertising messages, and having been raised surrounded by dairy and feed farms, I like the bucolic setting of a four-digit roadway instead of I-75.
Yet, I’ve ridden the expressways, interstates, and freeways literally hundreds of thousands of miles so I can never go back to only experiencing Route U in Missouri, State Line Road in Indiana, or 1347 right down the road. Same thought process about your online involvement. Even if you vowed to never connect again. Too late. The horse is out of the barn, or the bell cannot be un-rung, or whatever idiom you choose. What’s done is done. Online, that means that once you post that photo, share your birth date, or accidentally expose a password, “perpetuity” is the word to use. This is why viruses and such, the more covered risks of being online, only deserve partial credit when it comes to your awareness of cybersecurity issues.
The more common, frankly, and less newsworthy risks are those that you introduce, yourself. Technology is competent, if not risky. These techie phrases being bandied about in the press and in business circles—“machine learning” or “artificial intelligence”—are signs of superior competence, and heighten the risks. Think about an internet user, a child who begins playing online. She first uses her iPad with supervision, playing games and communicating with family. She’s adding comments to game play. She celebrates family events in social media. Pretty blasé so far, eh? She then escapes to her room and begins holding [seemingly, but not] private convos with friends as she matures. There are new apps installed, some surreptitiously. Others are used to hide those, too. Parents detach more and more. Throughout her schooling years, living online becomes plain living. By the time she heads off to college, only then leaving behind childhood, a spy-like dossier could be built about her life. And, at that point, she’s not even begun to create an online database of directly marketable privacy intelligence: jobs, bank accounts and purchases charged to them, credit cards and bureaus, and medical records. Those connections deploy their own AI to leverage her personal information for advertisement. She’s part of their online communications atop her own.
We cannot stay on rural routes forever. We must utilize the superhighway to get where we’re going, stat! Fine. Me too. Just, before you do read all the signs. Take caution. Or, perhaps, jaded reader, succumb to it, but at least know there is a risk in every one or zero.
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at edzugeresq@gmail.com.
