Surprisingly, most people don’t realize that the popular idiom, “The Devil is in the detail” is actually derived from the more encouraging phrase, “God is in the detail,” i.e. pay attention to the small things as they are important. Both adages are more relevant now than ever, particularly because the average human is now daily agreeing to privacy policies with which, if they were to actually read the fine print, would probably not agree to at all. Such is the case with the numerous policies you are “accepting” when you install apps on your smartphone. What policy acceptance? The one hidden behind a small pop-up that says your data will be shared with other parties to improve your experience, or some other vaguely worded reminder that you are sharing data with a company in exchange for the free (or sometimes paid) use of an app.
What this means for you
“Yeah, yeah, I know, they are watching my every move,” my clients have said to me, “I’ve got nothing to hide.” Or, “It’s a small price to pay for this wonderful app/service/game.” Except most aren’t aware of how much data is being tracked, or what it can used for, aside from advertising. If you’d like a small taste of how this data is being assembled and the level of detail it can offer into everyone’s daily routines, read this article from the NY Times, “Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret” – it’s a very easy read and has some nice interactive visual aids to bring the point home. Despite its approachable tone, the content of the article should be unsettling for everyone. For example, when asked to explain why their prompt to grant access to very precise coordinate data and permission to share with 16 companies was instead presented as a way to “recommend local teams and players that are relevant to you,” a spokesperson for the app responded (emphasis ours):
…the language in the prompt was intended only as a “quick introduction to certain key product features” and that the full uses of the data were described in the app’s privacy policy.
Let’s be honest here: I’m in this business up to my neck, and even I don’t read those privacy policies, but only because I know exactly what I’m trading for the use of a “free” app. You have a much more relatable excuse: “Ain’t nobody got time for ‘dat.” You are not wrong, but in the pursuit of better deals, faster commutes, cheaper gas or just weather updates, we have traded a precious commodity: privacy. And lest you forget, privacy is not about hiding secrets, but about not wanting to share everything about your life with complete strangers who only view you as a profit center. This is yet another glimpse of the elephant on the internet around which everyone is still carefully tip-toeing. Make sure you are paying attention!
Image courtesy of TAW4 at FreeDigitalPhotos.net
I’d like to say I’m busy watching the mid-term results come in, but actually, I’m too tied up reading all the reports of voting machine failures causing delays, confusion and most certainly some disenfranchisement. Despite plenty of media attention on the matter months ago it’s clear nothing was done, causing delays, confusion and doubt across the process in numerous states.
- Voting Machine Meltdowns Are Normal—That’s the Problem – Wired
- Voting Machine Manual Instructed Election Officials to Use Weak Passwords – Motherboard/Vice
- Voting Machine Hell, 2018: A Running List of Election Glitches, Malfunctions, and Screwups – Gizmodo
- Why voting machines malfunctioned on Election Day – Vox
- Voting machine errors already roil Texas and Georgia races – Politico
- Voting machines can be hacked in two minutes, expert warns – Fox News
We’re talking about it, but it’s still being ignored
Sadly, Election Day in the US once again illustrates my point about technology and humans: we are not perfect, nor are the machines we build and use. Despite this reality being clearly demonstrated in the above, we have the hubris to believe that our technology is somehow immune to our own frailties. In many ways, technology clearly allows us to overcome limitations and achieve spectacular things, but it also amplifies our shortcomings, and as we’ve seen numerous times elsewhere it also enables the less virtuous to exploit those shortcomings.
To change things, we need to expect better from our leaders – business, political, and spiritual. They need to understand critical technologies or admit when they do not and hire experts to help shape and implement policy that advances humanity as whole and not just financial interests. It’s OK to admit to not understanding technology, but if it’s an important part of your job or responsibilities, that continued lack of understanding could cause irreparable harm. Change begins with you, and putting in the effort to understand a technology also grants the benefit of being able to spot others who do not, an advantage that is handy in business and politics.
Despite what you might think, the titular pachyderm of this week’s blog isn’t the GOP mascot, but that same elephant I’ve pointed out to you in the past. We, as a civilization, have put into place technologies that have significant impact on our lives seemingly without the requisite care and considerations for our own safety and security. We can now toss onto this rapidly growing pile of hubris one of the most important institutions of this century, if not the entirety of human history – the political election process via the digital voting machine. Over this past weekend at the 26th annual, infamous Defcon gathering in Las Vegas, attendees were invited to hack digital voting machines that are currently in use across the US. One machine, used in 18 states, was hacked in less than 2 minutes. In another demonstration, an 11-year-old hacked a replica of the Florida Secretary of State’s website and changed posted voting results within 10 minutes.
What this means for you
If there is one axiom you can count on to be always true, it’s that any technology built by humans will be flawed, and yet most of us still believe things that are “digital quality”, “machine-built”, “scientifically engineered” are infallible, flawless, or even perfect. Definitely better than humans are capable of, forgetting that while the particular device in your hands or conveying you across town wasn’t made by human hands, it was most certainly designed by humans. Election officials and equipment manufacturers were quick to point out that the situation presented at Defcon doesn’t represent “real-world” implementations of their technology, but the findings of Defcon should at the very minimum raise awareness that, on top of Russia actively and currently seeking to interfere with our elections, we might be our own worst enemies, blindly trusting that technology, implemented by humans, would operate flawlessly and will be impenetrable. If there is anything I know after working for nearly 30 years with technology, there is no such thing as a perfect implementation, or bullet-proof security. If you happen to vote in a state that utilizes digital voting technology, make sure you understand what you can expect in terms of receipts or paper trails. Also understand that all states utilize some form of technology to count ballots, but not all states use technology in the act of voting. In California, some districts do have actual digital voting machines that can provide a paper record of your votes which you should absolutely retain just in case.
Previously I wrote about the Elephant on the Internet, and lately it seems like we can’t stop blundering into the pachyderm that shall not be mentioned. Last week, Medium published a controversial article about a strangely mutated (but inexplicably popular) genre of kids videos on YouTube. For those of us hardened by years of work (and play) in the darkest and weirdest corners of the internet, the article wasn’t surprising, but it was definitely disturbing how bad things had become in this area. If you don’t mind wearing the mental equivalent of hip-waders, James Bridle’s article plays Rod Serling to this Twilight Zone-esque subgenre that evolved to exploit YouTube’s keyword and “Suggested Videos” algorithm. One of my “favorite” videos from this story is entitled, “BURIED ALIVE Outdoor Playground Finger Family Song Nursery Rhymes Animation Education Learning Video”. Rolls right off the tongue, eh?
What this means for you
A few years back, my wife and I made the sad (but not surprising) discovery that YouTube was not something that could be left in a child’s hands unsupervised. At the time, it had yet to grow the strange and mutated mushrooms that crowd the darker corners as described in Bridle’s article, but we encountered too many inappropriate “suggestions” from YouTube’s algorithms and came to the conclusion that (a) nobody was driving this particular bus, and (b) some people would do anything to make a buck, especially if they could do it by exploiting technology. In other words – not family friendly, and definitely not kid safe. A few years after that, Google announced YouTube Kids – a walled-garden subset of age-appropriate content that parents could trust to entertain their progeny, and we had a brief glimmer of hope that someone at Google noticed their space needed some adult supervision.
It’s no secret that children’s content is an evergreen but highly competitive industry. Prior to the internet, media companies would spend millions chasing short attention spans in the hopes of cashing in on an ephemeral merchandising craze, eg. Cabbage Patch Kids, Tickle-me Elmo and Baby Einstein videos. Now, thanks to the popularity of crowd-generated content, YouTube is a top destination for Internet “Gold Rushers” with children’s videos a particularly profitable and exploitable “vein”. The problem is not with the creators of these freaky videos – capitalism and Internet make for some strange, but predictable bedfellows. It’s that YouTube is yet another example of a system that has gotten away from its creators, and despite their attempts and promises to close yet another Pandora’s box, the sheer size and scale of the Internet continues to overwhelm and surprise the companies that laid the groundwork for its current dominance.
To sum up: it should come as no surprise that when the Internet gets ahold of something and everyone’s too busy watching the scenery to drive the bus, we can end up on the wrong side of town with no idea how to get back. Add YouTube to the crowd of monsters (Twitter, Facebook, Equifax, Wikileaks etc.) that have gotten away from their masters in service of agendas outside of their control.
Image courtesy of TAW4 at FreeDigitalPhotos.net
In the days following the Equifax breach announcement I have been talking with many people – clients, family & friends – about what they should be doing to ensure they are prepared for a possibility of their identity being stolen. Across all these conversations one theme became readily apparent: none of the dozens of people I spoke with (myself included) knew much about how the credit agencies operated, despite being highly educated and seemingly well-versed in being both an adult and a working professional. Some of them even work in the finance industry and still had only a rudimentary grasp of the seriousness of the Equifax breach. During one particular conversation, I thoroughly dismayed a colleague by making them aware that with the information stolen in this breach, someone could file a false tax return under their name and that it would take the wronged party quite a bit of effort to undo this fraudulent act. Further alarm was caused by the revelation that this was done through the IRS’s own website, and that this form of identity theft has been around for years.
How many systems do we use that we have no idea how they operate or how to fix them if they break?
To further illustrate this point, key companies and institutions are being hacked, not just because hackers are clever and determined (they are), but also that we, the system users, often don’t understand how things work, and frequently don’t take the time to understand because: (a) it’s hard, and (b) it’s working, so why bother? When this happens, security takes a powder and criminals walk in the door. Case in point: big four firm Deloitte recently announced that it was breached earlier this year. Ironic? Yes, but even more so now that it seems the reason they were breached was because they themselves were lax on security principles presumably espoused by an organization hired to audit security.
Need another example of a big system in wide use but poorly understood, and clearly not secure? Facebook is poised to release data to Congress that illustrates how Russian operators leveraged Facebook’s own advertising engine to exploit the political divisiveness of American culture as well as the ample influence it exerts over the millions of US voters who have been repeatedly bamboozled by fake news and thinly veiled propaganda. Facebook itself has stated numerous times it doesn’t have a good solution to the problem, and even with the integrity of the US democracy at stake, it still doesn’t know the extent of Russian influence in its own advertising space.
What’s my point? There’s an elephant in the room, and in this case, on the internet. We are at the mercy of numerous systems that we have no chance of understanding, and yet we entrust our lives to them. To be fair, we have been doing this for decades: we drive cars we can’t repair, we fly in planes we have no chance of piloting, and we use devices very, very few of us could fix, even with the totality of Google at our fingertips. In advanced civilizations, this is expected and required for us to progress. What we cannot, and must not do is abrogate our responsibility to be at once skeptical and open minded about the things we don’t understand. Even if we can’t comprehend how a system works, we should seek to understand how that system impacts the things that are important to us, and take an active role in ensuring that system won’t harm you or the things you care about. If it seems like too many systems have gone off the rails because not enough people cared or understood them to foresee the danger, it might be because some people are actually starting to talk about the elephant on the internet.
Image courtesy of TAW4 at FreeDigitalPhotos.net
- 1
- 2