Even George Orwell Could Not Have Imagined the World We Live in Today
Let’s Start with a Thought Experiment
If you are old enough, think back about 30 years or so – and if you are not, imagine your young self around about 1994. We are at the dawn of the Internet: a new golden age of possibilities promising the democratization of information and economic power to the masses. You are in an auditorium, listening to a noted expert and evangelist tell you about this bright, shiny new future.
“The Internet will be pervasive global network, both wired and wireless, ubiquitously connecting all of us at all times to a massive grid of supercomputing power beyond our present capacity to even understand.
We will carry with us at all times personal computing devices – they will be called tablets, laptops, mobile smartphones. Our residences and offices will have ‘smart home hubs,’ ‘smart speakers’ and ‘smart TVs’. Our bodies will have wearable devices – watches, goggles and more – even embedded devices. When we go outside, cameras and sensors will watch us on every building and street corner – even from our neighbors’ doorbells!
All of these devices will plug into this global network of centralized, supercomputing power so that every action we take and every word we speak will be surveilled, captured and fed into engines of artificial intelligence which continuously optimize their algorithms so that gigantic corporations can control and manipulate us. Governments – even in ‘democratic’ countries – will use this awesome matrix to spy on citizens, and authoritarian regimes will build the perfect tools for surveillance, repression and control.
Every person born into this world will grow up having never experienced or even heard of the concept of privacy. Everyone will think this is normal.”
While some may feel otherwise, our take is: Nobody would have agreed to this!
And yet that is the world we live in today. Like the proverbial frog in the pot of water, year by year over the course of decades, our privacy was taken away degree by degree until now we arrived at the boiling point. And all the while, we smiled happily, bedazzled by our screens and clickbait and the perpetual race to be ever more efficient.
How Did We Get Here?
Like most good stories, it’s both complicated and simple. The through line is that the Internet and telecommunications networks – which we depend upon for everything we do in the digital world and most of what we do outside of it – are insecure and NOT private. There are root causes for this – both by accident and by design.
1. Centralized Architecture and Control
The Internet was designed to be decentralized – a way to connect computing devices directly to other computing devices. Yet, the Internet we use today is completely dependent upon and run by centralized servers, certificate authorities and networks – all of which are controlled by people.
How this happened is the subject of many great blogs, books and even movies, but the situation today can be understood by looking at 3 central pillars that run the Internet.
- Centralized Networks. All of your activities and transactions online run over a small group of Internet Service Providers and Telecommunications companies which are permeated with back doors and gaps exploited by hackers and authoritarian governments in equal measure.
- Centralized Servers. “The Cloud” that we all depend upon brings data and application logic together into enormous data centers with chains of servers controlled by a handful of companies that process and store everything in data lakes, and every device and end user depends on their safeguarding.
- Centralized Certificate Authorities. The entire ‘Chain of Trust’ that is meant to guarantee privacy and security on the Internet depends on Certificate Authorities. These are entities that store, sign, and issue digital certificateswhich are used by parties (Web servers and the applications and devices of end users) to secure all of the connections, transactions and communications between them. But the market for globally trusted TLS/SSL server certificates is largely held by a small number of multinational companies today.
2. Networks and Connections are Visible and Vulnerable
With Internet Protocol, network addresses and traffic are visible, and connections are insecure by default.
You can think of a server – or any device – connected to the Internet like a house, and hackers like robbers on the prowl. But unlike a house, attackers on the Internet can find and study a Web server and its network of connections from anywhere in the world, using automated tools that never sleep. They can observe and study all of the doors, windows and other entries, who enters and leaves, how and where they do that. If the front door is locked, they can go around and test them all, and if one is left open, get in. And thanks to Internet Protocol, they can always test and “knock” until they find an opening, steal the key from legitimate users or any of innumerable other techniques to penetrate their target. It only takes one mistake or gap.
3. Data is Vulnerable
When robbers break into your house, they steal cash and goods. When hackers break in, it is usually data they are after – and our data is vulnerable both on cloud servers and our endpoint devices because it is either not encrypted or someone else has the keys.
“Just Trust Us”
So today you always have to just trust the Privacy Policies and ability of Web platforms, application providers – and yes also VPN companies – and the people in them – to defend their platforms and infrastructure from outside and inside attacks. This is why – to cite just a few examples:
- a 2nd class Massachusetts Air National Guardsman can open and share the Pentagon’s briefings on Ukraine’s War Plans;
- Amazon Ring employees can spy on its customers’ video feeds;
- Chinese spies can hack the master keys to Microsoft’s cloud kingdom;
- and the endless drumbeat of breaches you read about every day keep occurring.
What these examples all have in common is that these are gigantic, centralized organizations with the best security architectures and processes in place. But they can always be compromised easily for the three reasons above.
- Things which are centralized are always run by people – so your security and privacy is only as good as their lowest paid engineer – or any disgruntled insider.
- Even when humans don’t fail, Internet Protocol ensures that there will be a back door waiting to be found.
- When attackers do get in – the data is lying around unencrypted, or the keys are right there up there with it on the Cloud.
So Here We Are – and It’s Getting Even Worse
The result of all this is the world we live in today.
- Surveillance by governments, corporations and the industrial information complex is pervasive.
- No device, data, or digital asset of value is safe from criminals and hackers.
- Everything and anything of value on the Internet can and will be compromised.
And as bad as it now, just wait – it will get much worse thanks to two massive technology revolutions now washing over us.
Artificial Intelligence
Artificial Intelligence is exponentially lowering the costs and increasing the scale and power of surveillance and malicious or criminal cyberattacks. The bad guys used to only go after the big data lakes because – like banks – that’s where the money was. But when you can rob a million users at the same time with AI driven automation and spoofing, that changes the equation.
Is AI also being used to thwart cyberattacks? Of course. But what history tells us is that the attackers are always 3 steps ahead, and so long as the fundamental vulnerabilities of the networking, communications and data in the Cloud are not addressed, they will remain so.
Internet of Things
The Internet of Things is rightly called a major driver of the 4th Industrial Revolution. The possibilities of connecting billions of people and machines, with access to unprecedented amounts of data, storage capacity and processing power are endless. Amongst those are the possibilities for ransomware gangs, nation state actors and others to move on to hacking:
- your Smart Car – while you are in it;
- your smart, connected pacemaker and insulin pumps;
- your Smart Home thermostat; and
- whatever else we dream up to embed into our homes, offices, lives and bodies.
What could go wrong?
What Can We Do About It?
That will be the focus of our next blog – and is the mission to which Faction has dedicated itself. This is not something that we – or any person or company alone – can fix. But it starts with two things.
We have to be aware and care
This blog and news site is our small contribution to that effort, putting a spotlight on the challenges in areas where our technology can make a difference. There are many great journalists, bloggers and privacy organizations doing the real work here, and we will pass you on to them for the in-depth coverage of stories that pique your interest.
We need tools that put each person in control of their own privacy
Our part in this is giving people the ability to truly control the privacy and security of their networking, communications and data to their own devices and within their collaborative groups. Other companies, individuals and groups are attacking other parts of this problem, and we will ally, partner and integrate wherever we can to move the cause of personal digital privacy and security forward.
We need to start now
Back to that frog in the boiling pot of water. There’s no time to lose: opt out now! We can use all these wonderful technologies of the 4th industrial revolution, but we don’t have to be their prisoners. Every journey begins with the first steps. Ours starts here.