Computer insecurity affects us all
We depend on computers to run our world but our current infrastructure for linking our machines is poorly designed and lacks basic protections.
This comes down to three things: • The physical ‘stuff ’ that makes up the internet, including computers, WiFi equipment and all the bits and pieces that your data pass through to get to their destination; • The software that runs the internet; • And, finally, the procedures companies use to handle your information.
All three lack basic protections and there seems to be no incentive to improve the situation.
It all goes back to the original design of the internet, whose purpose was to facilitate communications between computers. At first, security took a second place to getting it to work. I remember when it seemed like a miracle that your computer could communicate one across the country. Those days are long gone but the lack of security remains.
We have technology to track a packet of information from its source to its destination and to identify the origin of the packets. Too often these days, we get information from computers that pretend to be somewhere they are not. Hackers exploit this lack of transparency.
As well, we have technology to encrypt data across a network with strong, secure, military-grade cryptography that scrambles our information so that it cannot be read by eavesdroppers. Yet, standard communications goes unscrambled across the Internet.
Why? The main reason, as far as I can see, is that governments like to eavesdrop on their own citizens under the pretext of fighting terrorism. The revelations by Edward Snowden showed that the government program of covert surveillance in the United States is pervasive. You can be certain that almost every telephone call, e-mail or tweet is recorded in a government computer. The situation is not much different in Canada. If the internet was encrypted, governments would lose this rich source of communications.
A larger threat is the vulnerability of the systems to attack by hackers seeking to steal information or hold the data for ransom. The recent hack of Equifax, a large credit reporting agency, exposed the personal details of millions of people. Sony Pictures had many embarrassing e-mails revealed, as did Hillary Clinton’s election campaign.
We are not even safe when we computerize our homes. Your thermostat, security cameras and even door locks can be routes for hackers to access your system. A U.S. casino recently was hacked through an internet-connected device to monitor the tempera- ture of a fish tank.
And companies are being careless with internet security to the point where there is a real danger that information could be at risk.
How many times have you been asked to supply a security question, such as: “What is your mother’s maiden name?” or “What is the name of the first school you attended?” Answers to such questions are public record. Do a little research on someone and you can probably find the answer to such questions and then be able to gain access to their personal data.
Now, some jurisdictions are allowing people to vote through the internet. If banks allow internet financial transactions, surely online voting is as secure and simple. But banks lose lots of money through fraudulent transactions. They bear this cost because the savings from internet banking are greater than the losses. Not exactly the calculation that should be made when it comes to deciding who our leaders will be.
It is past the time that governments and private companies were held accountable for data breaches that are caused by their lack of security. Massive fines, firings and even jail terms, should be the penalties for not taking seriously digital security. Unfortunately, too many people decide that it is cheaper to deal with a data breach than to spend the money to harden the systems. A first step is to change the protocols used on the internet to require strong encryption and the traceability of data packets so hackers can be tracked back to their lairs.
Until we take computer security seriously, we are all at risk.
Columnist Tim Philp says that much needs to be done to improve internet security.