National Post (National Edition)
Staying afloat in a leaky cyberworld
The annual Halifax International Security Forum will convene on Nov. 18, bringing together some of the finest military and strategic thinkers in the Western world for a three-day conference. In the run-up to the event, the National Post is presenting some of the essays from the conference, which describe the challenges, and opportunities, facing the West today.
In 1985, Aldrich “Rick” Ames began his infamous career as a mole for the Soviet Union’s KGB. Ames, with 20 years of service in the Central Intelligence Agency, flipped to the other side. He claimed that his primary motivation was money, and in an interview in the mid-1990s, soon after being caught, he surmised that he was operative for so long because he kept things “small.”
In other words, when there are big bureaucracies at play with lots of information, it is easy to slip under the radar if you keep your ambitions in check.
Today, we would do well to remind ourselves of Ames and the role that information has always played. Information is the most valued currency, and being able to manipulate beliefs about information is equally as powerful. This is where our present-day struggle to protect information begins to feel somehow new or different.
The huge “hacks” that dump zettabytes of information into the hands of nefarious actors, the ease with which they seem to do it, and the inability to do much about it, make it feel as if we have collectively failed in keeping our most prized digital possessions secure.
There is some truth here, but I would not say that we have entered a completely new age and are struggling with never- before-seen problems. Rather, the newness is just that adversaries have never before had so many open targets. Ames had to give up names of fellow spies, and he had to be paid for his risk, but now, nefarious adversaries do not have to undertake risk, and they can pull all this information from outside the territory in which they are living.
The volume of information is now astounding. If Ames handed over the or are short-sighted.
Adding all these things together with the reality that we have 3.4 billion Internet users today — with an estimated 1.4 billion more in the next 10 years — connected to 24 billion devices worldwide, the potential attack space appears to present an insurmountable challenge.
However, we ought not to take the present and coming difficulties of data protection as evidence that nothing that is digital is secure. Going back to a pencil and paper is no guarantee of data security either, as Ames proves. Rather, we must think transparent to us as possible. We ought not be afraid that using digital information is an invitation for exploitation. But, we need to think critically about how to design these systems for human users. If we fail to understand the information presented, in our algorithmically determined world, then we cannot know if it is biased, true, or false. This is as dangerous for security experts as it is for the average citizen.
Ultimately, there is a level of risk acceptance in the digital domain. This risk acceptance, however, is not an acceptance that all information is insecure, but that perfect security is an illusion. The technologies we develop to enhance our information security, as well as the strategies for their use, must depend on a delicate balance of “technological realism” and social science. That is, rather than thinking there is an easy technological fix, or that technology saves, we ought to admit its limits. For these limits are uniquely and inherently intertwined with human behaviour and beliefs. The human factor can never be over looked or under-estimated. This means that information “leakage” is always a possibility (and perhaps inevitable), as no one can anticipate the moles or the whistleblowers. Protecting information means being better aware of how we protect ourselves in this new age, and remembering that because we live amid huge data, big bureaucracies, and big business, we are all comparatively “small.”