Sunday, November 3, 2013

The Snowden Leaks and the Inevitable Death of On-Line Privacy

Governments are outraged. The press is in an uproar. Some of us, the people out there tapping at our computers and thus adding to the heaps of material being stored by governmental security agencies, foresee a future mirroring the past in which the Nazis and Stalinists used surveillance of ordinary citizens to incarcerate millions. 

It’s not impossible that the future may hold some such horror, made far worse by ever-advancing technology. But most of us, I suspect, may feel little troubled personally as yet if the government not only knows our every connection but reads every word of our innocent meanderings on line. 

The problem, however, is here and now, and for any one of us who happens, however innocently, to offend a capable hacker or someone who has even the most tenuous or unknown link to one. Spyware and password-cracking programs have become available to the computer-savvy for their own personal use.

What is spyware? It can enable a hacker to have his computer screen mirror yours, and allow him to use his computer as if he were you: know your every web and email connection; pose as you on line saying whatever he pleases and have it appear to come from you. What he writes will appear to come from your computer. 

How could such spyware be installed in your computer? Piggybacked onto your most trusted download.
I speak from experience. Last spring I noticed that none of the passwords for web sites I frequently visit were working. I thought it must be due to some technical problem with my computer, and I changed all the passwords to ones that rated “strong” with no thought of fending off a hacker but simply because that seemed to be what the sites wanted.

My Facebook page had been involved, but I thought nothing of it until a few days later I tried to log on and my strong new password wouldn’t work. I went through the procedure to change it again and got the message that I had just changed it three hours earlier. Three hours earlier my computer had been shut off and my husband and I had been eating dinner together. We’re the only people in the house and are on a rural road where anyone stopping near enough to pick up wi-fi would have raised our dogs in loud alarums. 

So no one near my computer had access to change the Facebook password. Nevertheless, the Facebook procedure said the change had been made by a computer at our locale. That this is not a very rare problem is evidenced by the robotic system Facebook has in place to deal with it. 

Assuring the FB system that the change was not made from my computer, I received the message that I should contact the police at once. Facebook’s system knew that I was either dealing with a hacker who had a program that rapidly generates possible passwords until it hits bingo, or a hacker who had installed spyware in my computer. While the password-generator could take up to two weeks to crack the hardest password, spyware would reveal it at once – on the hacker’s screen as if he were doing it himself.
I contacted the police and they sent me to the nearest FBI office. The FBI agent in charge of computer hacking told me that his office alone -- in a small city surrounded by a rural region usually considered rather backward in technology – gets an average of a dozen hacking cases per week. 

His advice was to destroy the infected computer, never bank on line, use passwords that combine numbers, capital and lower case letters and change the passwords at least every two weeks. And he urged that I put black tape over my computer’s camera -- it could be turned on remotely to make a video of me and the hacker could then post the video world-wide with his own commentary.

It should be added  here that there also are technically far simpler risks to communication on line. It doesn’t require spyware, or indeed any capability out of the ordinary, to take a “screen shot,” edit or tamper with it so that it casts the original writer in a negative light, then post it on the internet as a representation of the writer’s own words. The only antidote for this may be skepticism on the part of all readers and disinclination to take action based on what appears to be objectionable.

The point is that anything you communicate anywhere on line may be accessed by others, not only government agencies looking for the next suicide bomber. 

We can none of us feel secure in our privacy, and privacy through media supplied to us by corporations may never be obtainable again. No doubt mankind will learn somehow to live with this and find other means of private communication—like snail mail, which won’t be breached unless someone has a very pressing reason to be snooping on you.

The real surprise is that our governmental leaders have been trusting to the privacy of wireless communications systems. Perhaps they’ll have to go back to the old method of live couriers – but that is terribly slow.

Alan Rusbridger’s article “The Snowden Leaks and the Public” in the New York Review of Books questions the process by which governmental security issues are left in the hands of official committees of elder statesmen who, it’s very doubtful, have an inkling of the capabilities of hackers. 

The Snowden revelations not only are shocking us into awareness that we’re all being spied upon by own governments, but that what our governments amass on us is not itself secured. Anything communicated on line, if not already accessible to any capable hacker, eventually will be. The capacities of able young devotees of hacking regularly outstrip corporations’ abilities to maintain their security – even when they try (which obviously they weren’t doing when channeling our every link to governments.)

Why is this dangerous? Let us set aside history – we may be arrogant in assuming mankind will never bend to another Hitler or Stalin again, but for now let’s keep to the present and the personal.

We’ve been living through a period in which on-line bullying has been in fashion. Fortunately, corporations such as Amazon, Facebook, Goodreads and even Twitter are becoming concerned and taking steps to curb it. Bullying victims range from children to adults, businesses to politicians, authors to actors and sports figures, or just the person next door. The first question that comes to mind regarding on-line bullying is “Why would anyone do this?” 

A lot of possible answers have been floated. Anne R. Allen in her blog suggests a primal “hive” mentality – at the sounding of an alert a primal urge prompts otherwise reasonable people to attack the indicated target. But in the past people didn’t rise en masse to hurl insults and even death threats at a stranger, as they’re doing now.

Could this on-line attack response be a carry-over from violent computer games? An upping of the game by playing it in reality – with the advantages of anonymity and the merely “virtual” nature of the attack? A target “enemy” appears in the game, or on a “tweet”, and the player must instantly launch all his available forces to annihilate this “enemy.” The game mentality neither includes nor allows time for analysis as to whether this really is an enemy. The brain is taught to trigger with unquestioning and absolute response. 

It would take statistical studies to determine if on-line bullies are also players of violent computer games, but it would be well worthwhile if such a link were found. While the ever advancing skills of hackers probably will not be curbed, and many may argue shouldn’t be, the violence of computer games can be – perhaps with an resulting world of more benign on-line behavior --  bringing us random acts of anonymous kindness if we must live without privacy.